[openssl-users] OpenSSL 1.1 X509_STORE sharing
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Sep 18 17:04:55 UTC 2018
> On Sep 18, 2018, at 12:30 PM, Maxwell Dreytser <admin at mdtech.us> wrote:
>
>> X509_STORE_free() decrements a reference count, and frees the object only
>> when the count reaches zero.
>>
> Was this behavior the same in older versions?
Yes.
> If so, then there is no reason to clear cert_store even in older version, right?
That depends on whether setting the cert_store element was done properly (in a way
that incremented the reference count) or not. See the documentation of:
SSL_CTX_set1_cert_store(3)
SSL_CTX_set_cert_store(3)
the latter does not facilitate sharing the store across multiple SSL_CTX instances.
--
Viktor.
More information about the openssl-users
mailing list