[openssl-users] OpenSSL 1.1 X509_STORE sharing

Viktor Dukhovni openssl-users at dukhovni.org
Tue Sep 18 16:28:16 UTC 2018

> On Sep 18, 2018, at 12:12 PM, admin at mdtech.us wrote:
> I have some legacy code that I am updating for 1.1 and there they set SSL_CTX::cert_store to NULL before `SSL_CTX_free`. Is this neccessary for the X509_STORE to be shared between contexts?
> Note that this still has to be buildable on 1.0 with the same result.
> In the docs it says "X509_STORE_free() frees up a single X509_STORE object." Does it just decrease the reference count or does it really delete the whole thing and break other contexts?

X509_STORE_free() decrements a reference count, and frees the object only
when the count reaches zero.


More information about the openssl-users mailing list