git.ipfire.org Git - thirdparty/openssl.git/commit

author	Herman Malik <herman77malik@gmail.com>
	Wed, 11 Mar 2026 21:49:18 +0000 (14:49 -0700)
committer	Tomas Mraz <tomas@openssl.foundation>
	Fri, 3 Apr 2026 15:01:03 +0000 (17:01 +0200)
commit	bbc58bca1cd55d669c36d8498570216d77850e8c
tree	7ecb836354ff90bd0b4411b91e86c5a1cd90b4b4	tree \| snapshot
parent	8c9e0909d832cb4bb93bf097870e9020d6d28a62	commit \| diff

doc: clarify X509_STORE thread safety and lifetime contract

Improve the description of X509_STORE_lock() in X509_STORE_new.pod to
emphasize it acquires an exclusive write lock.

Add a NOTES section to X509_STORE_new.pod covering which operations are
internally thread-safe and which are not, as well as documentation on
lifetime management and reference counting.

Add a NOTES section to X509_STORE_CTX_get_by_subject.pod explaining
that the store's internal lock is released before the found object's
reference count is incremented, so the caller must ensure the store
outlives the lookup.

Clarify the reference counting and the caller's responsibilities.
Remove internal details for conciseness.

Related to #30310

Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
MergeDate: Fri Apr 3 15:00:55 2026
(Merged from https://github.com/openssl/openssl/pull/30382)

(cherry picked from commit eef0729ff9100816ace87c2823c8560e935239ee)

doc/man3/X509_STORE_CTX_get_by_subject.pod		diff \| blob \| blame \| history
doc/man3/X509_STORE_new.pod		diff \| blob \| blame \| history