[openssl-users] OpenSSL 1.1 X509_STORE sharing

Viktor Dukhovni openssl-users at dukhovni.org
Tue Sep 18 17:04:55 UTC 2018


> On Sep 18, 2018, at 12:30 PM, Maxwell Dreytser <admin at mdtech.us> wrote:
> 
>> X509_STORE_free() decrements a reference count, and frees the object only
>> when the count reaches zero.
>> 
> Was this behavior the same in older versions?

Yes.

> If so, then there is no reason to clear cert_store even in older version, right?

That depends on whether setting the cert_store element was done properly (in a way
that incremented the reference count) or not.  See the documentation of:

	SSL_CTX_set1_cert_store(3)
	SSL_CTX_set_cert_store(3)

the latter does not facilitate sharing the store across multiple SSL_CTX instances.

-- 
	Viktor.



More information about the openssl-users mailing list