[openssl-users] X509_verify_cert cannot be called twice
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Mar 24 17:22:04 UTC 2016
> On Mar 24, 2016, at 1:09 PM, Szilárd Pfeiffer <szilard.pfeiffer at balasys.hu> wrote:
>
> I am afraid the patch causes a serious compatibility break. In practice,
> after an OS upgrade (which upgrades OpenSSL to the patched version) each
> and every application, which calls the X509_verify_cert function
> multiple times without reinitialization, gets an error
> (ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED) which may or may not be handled
> properly. It leads to undefined behavior of the application.
No the patch catches undefined behaviour, and returns an error.
--
Viktor.
More information about the openssl-users
mailing list