Skip to content

Improvements for EVP_PKEY support #1700

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
andrey-kashcheev merged 1 commit into from
Jun 10, 2026
+12 −6
Merged

Improvements for EVP_PKEY support #1700

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion olp-cpp-sdk-core/include/olp/core/http/CertificateSettings.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,12 @@ struct CORE_API CertificateSettings {

#ifdef OLP_SDK_ENABLE_ENVELOPE_PKEY
/**
* @brief The ENV_PKEY handle as a pointer.
* @brief The EVP_PKEY handle as a pointer.
*
* @note The caller is responsible for the lifetime of the EVP_PKEY handle and
* must ensure it remains valid until the network request is completed. The
* handle should be properly freed by the caller after use to avoid memory
* leaks.
*/
EVP_PKEY* pkey_handle = nullptr;
#endif
Expand Down
11 changes: 6 additions & 5 deletions olp-cpp-sdk-core/src/http/curl/NetworkCurl.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1510,15 +1510,15 @@ CURLcode NetworkCurl::InjectEnvelopeKey(CURL*, SSL_CTX* ssl_ctx,
if (!cert) {
OLP_SDK_LOG_ERROR(kLogTag,
"InjectEnvelopeKey: PEM_read_bio_X509 failed, error="
<< ERR_lib_error_string(ERR_get_error()));
<< ERR_error_string(ERR_get_error(), nullptr));
return CURLE_SSL_CERTPROBLEM;
}
int rc = SSL_CTX_use_certificate(ssl_ctx, cert);
X509_free(cert);
if (rc != 1) {
OLP_SDK_LOG_ERROR(
kLogTag, "InjectEnvelopeKey: SSL_CTX_use_certificate failed, error="
<< ERR_lib_error_string(ERR_get_error()));
<< ERR_error_string(ERR_get_error(), nullptr));
return CURLE_SSL_CERTPROBLEM;
}
}
Expand All @@ -1540,9 +1540,9 @@ CURLcode NetworkCurl::InjectEnvelopeKey(CURL*, SSL_CTX* ssl_ctx,
nullptr) {
if (store) {
X509_STORE_add_cert(store, ca);
++ca_count;
}
X509_free(ca);
++ca_count;
}
BIO_free(bio);
// Clear EOF / "cert already in hash table" errors left by the loop
Expand All @@ -1564,8 +1564,9 @@ CURLcode NetworkCurl::InjectEnvelopeKey(CURL*, SSL_CTX* ssl_ctx,
ERR_clear_error();
if (SSL_CTX_use_PrivateKey(ssl_ctx,
self->certificate_settings_.pkey_handle) != 1) {
OLP_SDK_LOG_ERROR(kLogTag, "Failed to use provided EVP_PKEY, error="
<< ERR_lib_error_string(ERR_get_error()));
OLP_SDK_LOG_ERROR(
kLogTag, "Failed to use provided EVP_PKEY, error=" << ERR_error_string(
ERR_get_error(), nullptr));
return CURLE_SSL_CERTPROBLEM;
}

Expand Down
Loading