Revert "feat(x509): Implement `Clone` for `X509Store` (#339)" (#353)

* Revert "feat(x509): Implement `Clone` for `X509Store` (#339)"

This reverts commit 49a8d0906a.

See <https://github.com/cloudflare/boring/pull/120>.

* Ensure Clone is not added to X509Store

* Add comment about why X509Store must not implement Clone

---------

Co-authored-by: Kornel <kornel@cloudflare.com>

boring/src/x509/store.rs

@@ -125,23 +125,6 @@ foreign_type_and_impl_send_sync! {
     pub struct X509Store;
 }
 
-impl Clone for X509Store {
-    fn clone(&self) -> Self {
-        (**self).to_owned()
-    }
-}
-
-impl ToOwned for X509StoreRef {
-    type Owned = X509Store;
-
-    fn to_owned(&self) -> Self::Owned {
-        unsafe {
-            ffi::X509_STORE_up_ref(self.as_ptr());
-            X509Store::from_ptr(self.as_ptr())
-        }
-    }
-}
-
 impl X509StoreRef {
     /// **Warning: this method is unsound**
     ///
@@ -164,3 +147,14 @@ impl X509StoreRef {
         self.objects().len()
     }
 }
+
+#[test]
+#[allow(dead_code)]
+// X509Store must not implement Clone because `SslContextBuilder::cert_store_mut` lets
+// you get a mutable reference to a store that could have been cloned before being
+// passed to `SslContextBuilder::set_cert_store`.
+fn no_clone_for_x509store() {
+    trait MustNotImplementClone {}
+    impl<T: Clone> MustNotImplementClone for T {}
+    impl MustNotImplementClone for X509Store {}
+}