From: Alex Snast <alexsn@meta.com>
Date: Wed, 7 Aug 2024 14:22:22 +0000 (+0300)
Subject: wolfssl: avoid taking cached x509 store ref if sslctx already using it
X-Git-Tag: curl-8_10_0~331
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=63e9e06794407bf2d4da197374a2acd1c6adcfa6;p=thirdparty%2Fcurl.git

wolfssl: avoid taking cached x509 store ref if sslctx already using it

Closes #14442
---

diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index e14a6da319..dbe5bb3520 100644
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -596,7 +596,10 @@ CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf,
     !ssl_config->native_ca_store;
 
   cached_store = cache_criteria_met ? get_cached_x509_store(cf, data) : NULL;
-  if(cached_store && wolfSSL_X509_STORE_up_ref(cached_store)) {
+  if(cached_store && wolfSSL_CTX_get_cert_store(wssl->ctx) == cached_store) {
+    /* The cached store is already in use, do nothing. */
+  }
+  else if(cached_store && wolfSSL_X509_STORE_up_ref(cached_store)) {
     wolfSSL_CTX_set_cert_store(wssl->ctx, cached_store);
   }
   else if(cache_criteria_met) {