> On Sep 18, 2018, at 1:04 PM, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote: > > That depends on whether setting the cert_store element was done properly (in a way > that incremented the reference count) or not. See the documentation of: > > SSL_CTX_set1_cert_store(3) > SSL_CTX_set_cert_store(3) > > the latter does not facilitate sharing the store across multiple SSL_CTX instances. Note that SSL_CTX_set1_cert_store(3) is new with OpenSSL 1.1.x. In OpenSSL 1.0.2, the caller would have to increment the reference count prior to calling SSL_CTX_cert_store(). The caller typically owns a primary copy of the store to use when configuring various SSL_CTX objects. In that case the primary copy can be freed once the application no longer intends to use the store to configuring any more SSL_CTX objects. In OpenSSL 1.1.x there is an X509_STORE_up_ref() function. In OpenSSL 1.0.2, you can do that directly via: CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE); Bottom line, you need to figure out the life-cycle of the object, and ensure that reference counts are properly maintained. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
