[openssl-dev] [openssl.org #3923] PKCS12_parse leaks meaningless error from X509_check_private_key
Tomasz Sawicki via RT
rt at openssl.org
Tue Jun 23 09:27:28 UTC 2015
Hi,
PKCS12_parse uses X509_check_private_key to distinguish the certificate
which matches the private key from extra certificates. When extra
certificates are checked first, X509_check_private_key puts
X509_R_KEY_VALUES_MISMATCH error on error stack which is not cleared by
PKCS12_parse and can trigger weird behaviour in libraries using
PKCS12_parse.
Bad effect seen in PHP bug #69882[1].
[1] https://bugs.php.net/bug.php?id=69882
--
Tomasz Sawicki
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list