From fae36f108eef40fb99bcce894c22b08047b1ef37 Mon Sep 17 00:00:00 2001
From: Hideki Miyazaki <hide@wolfssl.com>
Date: Sat, 20 Mar 2021 12:29:42 +0900
Subject: [PATCH] adressed review comments part 5

---
 src/crl.c          | 5 +++++
 wolfssl/internal.h | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/crl.c b/src/crl.c
index cb99ec1c7..148ea5796 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -367,6 +367,11 @@ int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert)
 #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \
     (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \
     !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
+    /* if not find entry in the CRL list, it looks at the folder that sets  */
+    /* by LOOKUP_ctrl because user would want to use hash_dir.              */
+    /* Loading <issuer-hash>.rN form CRL file if find at the folder,        */
+    /* and try again checking Cert in the CRL list.                         */
+    /* When not set the folder or not use hash_dir, do nothing.             */
     if (foundEntry == 0) {
         if (crl->cm->x509_store_p != NULL) {
             ret = LoadCertByIssuer(crl->cm->x509_store_p, 
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index e24ebdb39..1d55b3afe 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -2083,7 +2083,9 @@ struct WOLFSSL_CERT_MANAGER {
     short           minEccKeySz;         /* minimum allowed ECC key size */
 #endif
 #if defined(OPENSSL_EXTRA)
-    WOLFSSL_X509_STORE  *x509_store_p;   /* pointer back to x509 store */
+    WOLFSSL_X509_STORE  *x509_store_p;  /* a pointer back to CTX x509 store  */
+                                        /* CTX has ownership and free this   */
+                                        /* with CTX free.                    */
 #endif
     wolfSSL_Mutex   refMutex;   /* reference count mutex */
     int             refCount;         /* reference count */