Menu
▾
▴
Re: [Opensc-devel] ECDSA, engine_pkcs11, libp11 and OpenSSL
|
From: Petr P. <pet...@at...> - 2013-09-24 16:51:31
|
On Tue, Sep 24, 2013 at 11:25:12AM -0500, Douglas E. Engert wrote: > > When an engine returns a key or cert to the caller is is not > clear who should free it, the engine of the application. > I also did not find any documentation who should be reponsible for the memory management. There are a few paragraphs about reference counting in engine(3) manual page, but I'm not much clever after reading them. I want just to point out, that current engine_pkcs11 and other engines delivered with the OpenSSL return a copy of X509, but they do not duplicate returned EVP_PKEY. I guess this is because certificates are expected to be exportable whereas private keys are not. -- Petr |
