Skip to content

Commit f723858

Browse files
Improvements for EVP_PKEY support (#1700)
Improved documentation and error handling Relates-To: HERESUP-72189 Signed-off-by: Andrey Kashcheev <ext-andrey.kashcheev@here.com>
1 parent d1a0b9b commit f723858

2 files changed

Lines changed: 12 additions & 6 deletions

File tree

olp-cpp-sdk-core/include/olp/core/http/CertificateSettings.h

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,12 @@ struct CORE_API CertificateSettings {
5353

5454
#ifdef OLP_SDK_ENABLE_ENVELOPE_PKEY
5555
/**
56-
* @brief The ENV_PKEY handle as a pointer.
56+
* @brief The EVP_PKEY handle as a pointer.
57+
*
58+
* @note The caller is responsible for the lifetime of the EVP_PKEY handle and
59+
* must ensure it remains valid until the network request is completed. The
60+
* handle should be properly freed by the caller after use to avoid memory
61+
* leaks.
5762
*/
5863
EVP_PKEY* pkey_handle = nullptr;
5964
#endif

olp-cpp-sdk-core/src/http/curl/NetworkCurl.cpp

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1510,15 +1510,15 @@ CURLcode NetworkCurl::InjectEnvelopeKey(CURL*, SSL_CTX* ssl_ctx,
15101510
if (!cert) {
15111511
OLP_SDK_LOG_ERROR(kLogTag,
15121512
"InjectEnvelopeKey: PEM_read_bio_X509 failed, error="
1513-
<< ERR_lib_error_string(ERR_get_error()));
1513+
<< ERR_error_string(ERR_get_error(), nullptr));
15141514
return CURLE_SSL_CERTPROBLEM;
15151515
}
15161516
int rc = SSL_CTX_use_certificate(ssl_ctx, cert);
15171517
X509_free(cert);
15181518
if (rc != 1) {
15191519
OLP_SDK_LOG_ERROR(
15201520
kLogTag, "InjectEnvelopeKey: SSL_CTX_use_certificate failed, error="
1521-
<< ERR_lib_error_string(ERR_get_error()));
1521+
<< ERR_error_string(ERR_get_error(), nullptr));
15221522
return CURLE_SSL_CERTPROBLEM;
15231523
}
15241524
}
@@ -1540,9 +1540,9 @@ CURLcode NetworkCurl::InjectEnvelopeKey(CURL*, SSL_CTX* ssl_ctx,
15401540
nullptr) {
15411541
if (store) {
15421542
X509_STORE_add_cert(store, ca);
1543+
++ca_count;
15431544
}
15441545
X509_free(ca);
1545-
++ca_count;
15461546
}
15471547
BIO_free(bio);
15481548
// Clear EOF / "cert already in hash table" errors left by the loop
@@ -1564,8 +1564,9 @@ CURLcode NetworkCurl::InjectEnvelopeKey(CURL*, SSL_CTX* ssl_ctx,
15641564
ERR_clear_error();
15651565
if (SSL_CTX_use_PrivateKey(ssl_ctx,
15661566
self->certificate_settings_.pkey_handle) != 1) {
1567-
OLP_SDK_LOG_ERROR(kLogTag, "Failed to use provided EVP_PKEY, error="
1568-
<< ERR_lib_error_string(ERR_get_error()));
1567+
OLP_SDK_LOG_ERROR(
1568+
kLogTag, "Failed to use provided EVP_PKEY, error=" << ERR_error_string(
1569+
ERR_get_error(), nullptr));
15691570
return CURLE_SSL_CERTPROBLEM;
15701571
}
15711572

0 commit comments

Comments
 (0)