wolfssl: avoid taking cached x509 store ref if sslctx already using it

author Alex Snast <alexsn@meta.com>

Wed, 7 Aug 2024 14:22:22 +0000 (17:22 +0300)

committer Daniel Stenberg <daniel@haxx.se>

Wed, 7 Aug 2024 21:14:20 +0000 (23:14 +0200)
author Alex Snast <alexsn@meta.com>
Wed, 7 Aug 2024 14:22:22 +0000 (17:22 +0300)
committer Daniel Stenberg <daniel@haxx.se>
Wed, 7 Aug 2024 21:14:20 +0000 (23:14 +0200)
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c

index e14a6da319af10b124d6782a85ebd48e13db0247..dbe5bb3520bf0a20c2372191acd1daf3a7974c09 100644 (file)
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -596,7 +596,10 @@ CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf,
      !ssl_config->native_ca_store;
  
    cached_store = cache_criteria_met ? get_cached_x509_store(cf, data) : NULL;
-  if(cached_store && wolfSSL_X509_STORE_up_ref(cached_store)) {
+  if(cached_store && wolfSSL_CTX_get_cert_store(wssl->ctx) == cached_store) {
+    /* The cached store is already in use, do nothing. */
+  }
+  else if(cached_store && wolfSSL_X509_STORE_up_ref(cached_store)) {
      wolfSSL_CTX_set_cert_store(wssl->ctx, cached_store);
    }
    else if(cache_criteria_met) {
author	Alex Snast <alexsn@meta.com>
	Wed, 7 Aug 2024 14:22:22 +0000 (17:22 +0300)
committer	Daniel Stenberg <daniel@haxx.se>
	Wed, 7 Aug 2024 21:14:20 +0000 (23:14 +0200)