[Help-gnutls] Re: Order of freing various structures

[Simon Josefsson]

Einar Karttunen <ekarttun at cs.helsinki.fi> writes:

> Hello
>
> I am writing a wrapper of GnuTLS in Haskell

Hello Einar.  Wonderful, Haskell is my favorite functional
language. :) Do you have an URL for your project?  I may add it to
gnutls.org, if you want.

> and the order of freing
> structures seems quite important. Is one allowed to first free
> credentials and then deinit a session they were associated with? Or
> must the credentials be valid when deinit is called on the session?
>
> i.e. is the following sequence legal:
> gnutls_credentials_set(session, cred, ...);
> gnutls_<something>_credentials_free(cred);
> gnutls_deinit(session);

It is OK assuming nothing happens between the credentials_free and
deinit call, however, if something happens in the session that require
access to the certificates (e.g., a re-handshake initiated by the
other side?), things will break.

I recommend to free the credentials after the session in which they
are used is completely finished and deallocated.  It is a better
separation of things.

> or must deinit allways be called first?

Not necessarily.

> May they be called concurrently 
> if gcry_control has been properly initialized for multithreaded operation?

Currently yes, but I could only tell by looking at the code.  The
gnutls_deinit function doesn't access the certificates.

If you have suggestions how to better document this to explain things
better, please share.

Regards,
Simon