wolfSSH_SetCertManager() uses WOLFSSH_CTX* but this header does not declare/forward-declare WOLFSSH_CTX (and it doesn’t include <wolfssh/ssh.h>). Any translation unit including wolfssh/certman.h without including wolfssh/ssh.h first will fail to compile. Add a forward declaration (typedef struct WOLFSSH_CTX WOLFSSH_CTX;) or include the appropriate header before using the type here.

When reusing an existing private-key slot (same publicKeyFmt), this cleanup only runs if the existing slot already had useCertStore=1. If the slot previously held a file-based key/cert, its key (and possibly cert) buffers are never freed/zeroed before being overwritten, causing leaks and leaving stale key material attached to the slot. Consider mirroring SetHostPrivateKey() cleanup: free/ForceZero any existing key/keySz, free any existing cert/certSz, and clear related pointers regardless of useCertStore before assigning the cert-store-backed key.

The code comments say it will "Try finding by thumbprint" when subject lookup fails, but the implementation returns immediately without attempting any thumbprint-based search (e.g., CERT_FIND_HASH). This is misleading for callers and future maintenance; either implement the thumbprint lookup or remove/adjust the comment to match actual behavior.

MultiByteToWideChar() return values are not checked before being used as allocation sizes. If conversion fails, it can return 0, leading to zero-sized allocations and subsequent calls that will fail (or worse, write into undersized buffers). Also, if one of WMALLOC allocations succeeds and the other fails, the successful allocation is leaked. Please validate storeNameLen/subjectNameLen > 0, handle GetLastError()/conversion failures, and free any partially allocated wide strings on error paths.

These setters assign a newly allocated string via CreateString() without freeing any previously set value, which leaks memory if the config option is specified more than once (or if config structs are reused). Consider freeing conf->winUserStores first (e.g., FreeString) or using the existing SetFileString() helper which handles replacement safely.

This public header introduces wchar_t and DWORD in the API but does not include headers that define DWORD (and may not reliably provide wchar_t in C builds). This will fail to compile for consumers that enable WOLFSSH_WINDOWS_CERT_STORE without having included <windows.h> first. Consider adding a guarded include (e.g., under #if defined(_WIN32) && defined(WOLFSSH_WINDOWS_CERT_STORE)) for <windows.h> (or <windef.h>), and include <wchar.h>/<stddef.h> for wchar_t, or change the API to use wolfSSH-owned typedefs (e.g., word32 for flags) to avoid Windows types in public headers.

DWORD appears in an internal header without any guarantee that Windows headers are included prior to this header. If WOLFSSH_WINDOWS_CERT_STORE is defined and this header is included in a non-Windows translation unit (or before <windows.h>), builds will break. Consider either including <windows.h> inside this #ifdef (and guarding it with _WIN32) or replacing DWORD with a project type (e.g., word32) inside the struct to avoid depending on Windows typedefs in headers.

This code uses wcslen/wcsncmp but the file’s Windows include block adds <string.h> (narrow-string) and does not include <wchar.h>, which is the correct header for wide-string functions. This can cause implicit declaration warnings/errors depending on the compiler settings. Add #include <wchar.h> under #ifdef WOLFSSH_WINDOWS_CERT_STORE.

SignWithCertStoreKey() claims to support a legacy CryptoAPI signing path (dwKeySpec != CERT_NCRYPT_KEY_SPEC), but CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG prevents acquiring CAPI provider handles. That makes the legacy branch effectively unreachable and will also fail for certificates backed by legacy providers. If legacy support is intended, acquire without CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG (or attempt NCRYPT first and fall back to non-NCRYPT flags on failure).

This ECDSA cert-store path assumes sigSz is even and equal to 2 * keySizeBytes, but it does not validate that sigSz is non-zero, even, and within the bounds of the rs buffer before splitting and copying. If NCryptSignHash returns an unexpected size, this can cause buffer overreads/writes. Add explicit checks (e.g., sigSz % 2 == 0, halfSz <= sizeof(rs)/2) before the WMEMCPYs and return an error otherwise.

MultiByteToWideChar() can return 0 on failure. In that case, storeNameLen/subjectNameLen will be 0 and the subsequent WMALLOC(0) + MultiByteToWideChar(..., cchWideChar=0) calls are invalid and may crash or silently misbehave. Mirror the error handling used in wolfSSH_ParseCertStoreSpec() (check lengths for 0 and fail early with a log + error code).

The configure-time flag enables compilation (-DWOLFSSH_WINDOWS_CERT_STORE) but does not add the required Windows crypto libraries to the link step for autotools builds (e.g., -lcrypt32 -lncrypt). This can lead to link failures in MinGW/MSYS2 environments. Consider extending configure logic to conditionally append these libs to LIBS when building on Windows targets and the feature is enabled.

RefreshPublicKeyAlgo was changed from static to a global definition, but the declaration in wolfssh/internal.h uses WOLFSSH_LOCAL which may enforce internal linkage/hidden visibility depending on platform. To avoid linkage/visibility mismatches, align the definition with the header (e.g., use WOLFSSH_LOCAL void RefreshPublicKeyAlgo(...) in the definition if that’s the intended visibility), or adjust the header to match the new exported/non-static intent.