simonmichal commented on this pull request.
> @@ -1045,6 +1045,7 @@ int XrdCryptosslX509SignProxyReq(XrdCryptoX509 *xcpi, XrdCryptoRSA *kcpi,
// Notify what we added
int crit = X509_EXTENSION_get_critical(xpiextdup);
DEBUG("added extension '"<<s<<"', critical: " << crit);
+ X509_EXTENSION_free( xpiextdup );
My reasoning here was following:
- X509_add_ext() is just a wrapper around X509v3_add_ext() (https://www.openssl.org/docs/man1.1.0/crypto/X509_add_ext.html)
- from X509v3_add_ext() man:
> X509v3_add_ext() adds extension ex to stack *x at position loc. If loc is -1 the new extension is added to the end. If *x is NULL a new stack will be allocated. The passed extension ex is duplicated internally so it must be freed after use.
(https://www.openssl.org/docs/man1.1.0/crypto/X509v3_add_ext.html)
- I also checked the source code of X509v3_add_ext() and indeed it does duplicate the extension
Question: maybe in this case it does not make sense to duplicate the object with X509_EXTENSION_dup on our side? (line 1040)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/pull/862#discussion_r234915828
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
