Hi, The existing SSL_CTX implementation associates a new certificate store with each SSL_CTX. However, assuming the certificate store is static, i.e. after reading the certificates (for example from a PEM file) it doesn't change, there is at least conceptually a room for sharing it among multiple SSL_CTX. My question is whether it makes sense doing so, or are there some hidden pitfalls along the way?
My application uses libcurl+openssl (7.16.0) for HTTP and HTTPS communication. The libcurl implementation uses multiple SSL_CTX objects, each with its own certificate store which are always loaded from the same PEM file. In my case this PEM file is of medium size (>100 certificates,
700 KB) so the loading process is not negligible. If indeed one can share
the certificate stores, I will change the curl implementation to support this. Cheers, Shmul