Thank You! That is exactly what I needed.

-----Original Message-----
From: Geoff Thorpe []
Sent: Tuesday, March 25, 2008 10:02 AM
Cc: Amit Sharma
Subject: Re: Question regarding use of SSL_get_ex_new_index

On Mon, 2008-03-24 at 17:38 -0400, Amit Sharma wrote:
> I have an application that creates a bunch of SSL connections during
> its life. For each of these connections, I have to store application
> data in an SSL object (in my case this is SSL_client object). The
> trouble is that the memory allocated in the SSL_get_ex_new_index is
> never freed until the end of the application. I am tracking this
> through valgrind and can create a simple test case if that would help,
> but I think my problem is simply misusing the API.

> My question is how can I use SSL_get_ex_new_index such that I can free
> memory once the SSL connection closes? Should I be re-using the index
> returned instead of calling the function multiple times after all I
> have a new SSL_client object each time?

> I have tried setting the function pointers in the
> SSL_get_ex_new_index, but for some reason the callbacks are never
> called. Moreover the memory leaked is not an allocation that I have
> made and thus am unable to free it even if they were called. I have
> made sure that I am calling all the SSL freeing routines .. SSL_close,
> SSL_free etc.

I think maybe you're misunderstanding the API. SSL_get_ex_new_index() is
to register a new *type* of per-SSL application data. This is why that
API has no SSL parameter! :-) Once you've registered your new type of
SSL-association data (which includes arbitrary long and pointer values,
and callbacks for new, dup, and free), then every time an SSL object is
created, duplicated, or destroyed, your callbacks will get invoked.
Moreover, your callbacks are passed the long and ptr values associated
with this data type, as well as the type's "index" that was returned
from SSL_get_ex_new_index() (so the same callbacks and state could
implement multiple types of associated data via different index values).
To actually set a value in a new SSL object, you use SSL_set_ex_data()
(eg. called from within your "new" callback). In your "free" callback,
you probably want to use SSL_get_ex_data() for cleanup.

Hope that helps,

__________________________________________________ ____________________
OpenSSL Project
User Support Mailing List
Automated List Manager