http://bugs.winehq.org/show_bug.cgi?id=27168
--- Comment #29 from Juan Lang juan_lang@yahoo.com 2011-09-18 12:41:46 CDT --- (In reply to comment #28)
CertEnumCertificatesInStore actually returns not data context, but link context (or at least that's what I'm seeing). On the other hand, data context doesn't know that it has a link to it which is stored in some store - only link does. When we perform CertFreeCertificateContext on a link (and what we're getting from Enum and Query are both links) we have to catch the fact that it is the only pointer to temporary store before we descend to actual data context below it. linkContextFree would perform actions needed to remove the context from stores it belongs to. And in case of temporary store remove the store itself.
I still think you have to solve this more generally: MSDN documents (see especially CertCloseStore) how certificate contexts increment a reference count of stores, and a little about how this should behave. I didn't do it this way because I didn't need it when I started, and so far I hadn't found an app that depended on it. Now it appears we do have one.