|
From: | Sam Varshavchik |
Subject: | Change in gnutls_certificate_set_x509_key() API from 2.10 to 2.12 |
Date: | Sat, 19 Nov 2011 22:38:07 -0500 |
Looking at gnutls 2.10 source, gnutls_certificate_set_x509_key() calls an internal function, _gnutls_x509_privkey_to_gkey() to essentially make a copy of the contents of the gnutls_x509_privkey_t parameter. So, in 2.10, the caller to gnutls_certificate_set_x509_key() maintains exclusive ownership of the gnutls_x509_privkey_t. The caller can destroy the gnutls_x509_privkey_t as soon as gnutls_certificate_set_x509_key() returns, without affecting the credentials object. That's what I am doing.
In gnutls 2.12, gnutls_certificate_set_x509_key() is completely different. It looks to me like in 2.12, the gnutls_certificate_credentials_t object saves a pointer to the gnutls_x509_privkey_t structure, essentially, so it /cannot/ be destroyed, and must remain in existence as long as gnutls_certificate_credentials_t exists, correct? I was destroying gnutls_x509_privkey_t immediately after gnutls_certificate_set_x509_key(), I no longer needed it. This works in 2.10, but doesn't appear to work in 2.12.
pgpUZiAIy6elY.pgp
Description: PGP signature
[Prev in Thread] | Current Thread | [Next in Thread] |