doc: OPENSSL_CORE_CTX should never be cast to OSSL_LIB_CTX

[openssl.git] / doc / man7 / provider-base.pod

diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod
index 5af35bf4dcd39416def81fc4d9efa1eb5baeb8cf..881854a3afc74bf262a27c0f70e10293c75ebcac 100644 (file)
--- a/doc/man7/provider-base.pod
+++ b/doc/man7/provider-base.pod
@@ -220,10 +220,14 @@ the thread that is stopping and gets passed the provider context as an
 argument. This may be useful to perform thread specific clean up such as
 freeing thread local variables.
 
-core_get_libctx() retrieves the library context in which the library
+core_get_libctx() retrieves the core context in which the library
 object for the current provider is stored, accessible through the I<handle>.
-This may sometimes be useful if the provider wishes to store a
-reference to its context in the same library context.
+This function is useful only for built-in providers such as the default
+provider. Never cast this to OSSL_LIB_CTX in a provider that is not
+built-in as the OSSL_LIB_CTX of the library loading the provider might be
+a completely different structure than the OSSL_LIB_CTX of the library the
+provider is linked to. Use  L<OSSL_LIB_CTX_new_child(3)> instead to obtain
+a proper library context that is linked to the application library context.
 
 core_new_error(), core_set_error_debug() and core_vset_error() are
 building blocks for reporting an error back to the core, with