This week I fixed a few more issues for the upcoming 1.3.6 release. Everything is in the 1.3.6 branch in SVN. There are a few more bugs that need to be fixed before we can release. One that’s particulary nasty is #2864380. The memory leak only occurs if client or server certificate validation is performed (Context::VERIFY_RELAXED or Context::VERIFY_STRICT). Now the strange thing is that the NetSSL code does nothing special in this case, it just affects the call to SSL_CTX_set_verify() in the Context constructor. So either the leak is in OpenSSL (which I don’t really believe), or we’re using OpenSSL in an inappropriate way. If anyone could take a look at this issue, this would be highly appreciated.
Update 2009-11-16: I found and fixed the NetSSL memory issue.