Taken from the source code in x509vfy.h:
X509_STORE contains tables, etc. for verification. When verifying a single certificate, X509_STORE_CTX is used. X509_STORE has X509_LOOKUP for certificate searches. Then X509_STORE calls the function to actually validate the certificate chain.
X509_STORE is a more or less global certificate verification setting that stores intermediate certificates and CRLs. The repository can be used several times, while you configured X509_STORE_CTX only to perform one check, after which you drop / release it.
Think of the X509_STORE as your configuration, and the X509_STORE_CTX as a one-shot object.
If you want to see for yourself, I recommend downloading the sources and looking at the / verify.c application.
emboss
source share