The CTX needs to be there for the whole time that the SSL is. Matt On 06/03/2020 11:17, Hyer Low wrote: > Noted. Renegotiation has been disable. > > Is there anyway to clean the CTX while let SSL object itself serving the > tunnel ? Or I can only depend on the CTX ref after the SSL is delete? > > Regards, > Hyer Low > > >> On Mar 6, 2020 at 7:00 PM, <Matt Caswell <mailto:matt@xxxxxxxxxxx>> wrote: >> >> One other thing does occur: if you allow renegotiation then you might >> need access to the cert-store after the initial handshake has completed. >> >> Matt >> >> >> On 06/03/2020 10:57, Hyer Low wrote: >> > All configs can have different cert being setup as well, hence each CTX cert >> > store might also different and not to be share. >> > >> > Thanks. I'll try and see any possible side effect. >> > >> > >> > >> > -- >> > Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html >> > >>