PKCS12_parse leaks meaningless error from X509_check_private_key
Tomasz Sawicki
falundir at gmail.com
Tue Jun 23 07:29:28 UTC 2015
Hi,
PKCS12_parse uses X509_check_private_key to distinguish the certificate
which matches the private key from extra certificates. When extra
certificates are checked first, X509_check_private_key puts
X509_R_KEY_VALUES_MISMATCH error on error stack which is not cleared by
PKCS12_parse and can trigger weird behaviour in libraries using
PKCS12_parse.
Bad effect seen in PHP bug #69882[1].
[1] https://bugs.php.net/bug.php?id=69882
--
Tomasz Sawicki
More information about the openssl-bugs-mod
mailing list