From 63e9e06794407bf2d4da197374a2acd1c6adcfa6 Mon Sep 17 00:00:00 2001
From: Alex Snast <alexsn@meta.com>
Date: Wed, 7 Aug 2024 17:22:22 +0300
Subject: [PATCH] wolfssl: avoid taking cached x509 store ref if sslctx already
 using it

Closes #14442
---
 lib/vtls/wolfssl.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index e14a6da319..dbe5bb3520 100644
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -596,7 +596,10 @@ CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf,
     !ssl_config->native_ca_store;
 
   cached_store = cache_criteria_met ? get_cached_x509_store(cf, data) : NULL;
-  if(cached_store && wolfSSL_X509_STORE_up_ref(cached_store)) {
+  if(cached_store && wolfSSL_CTX_get_cert_store(wssl->ctx) == cached_store) {
+    /* The cached store is already in use, do nothing. */
+  }
+  else if(cached_store && wolfSSL_X509_STORE_up_ref(cached_store)) {
     wolfSSL_CTX_set_cert_store(wssl->ctx, cached_store);
   }
   else if(cache_criteria_met) {