diff --git a/src/crl.c b/src/crl.c
index cb99ec1c7..148ea5796 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -367,6 +367,11 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
     !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+    /* if not find entry in the CRL list, it looks at the folder that sets  */
+    /* by LOOKUP_ctrl because user would want to use hash_dir.              */
+    /* Loading <issuer-hash>.rN form CRL file if find at the folder,        */
+    /* and try again checking Cert in the CRL list.                         */
+    /* When not set the folder or not use hash_dir, do nothing.             */
     if (foundEntry == 0) {
         if (crl->cm->x509_store_p != NULL) {
             ret = LoadCertByIssuer(crl->cm->x509_store_p, 
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index e24ebdb39..1d55b3afe 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -2083,7 +2083,9 @@ struct WOLFSSL_CERT_MANAGER {
     short           minEccKeySz;         /* minimum allowed ECC key size */
 #endif
 #if defined(OPENSSL_EXTRA)
-    WOLFSSL_X509_STORE  *x509_store_p;   /* pointer back to x509 store */
+    WOLFSSL_X509_STORE  *x509_store_p;  /* a pointer back to CTX x509 store  */
+                                        /* CTX has ownership and free this   */
+                                        /* with CTX free.                    */
 #endif
     wolfSSL_Mutex   refMutex;   /* reference count mutex */
     int             refCount;         /* reference count */