[openssl-users] X509_verify_cert cannot be called twice

Szilárd Pfeiffer szilard.pfeiffer at balasys.hu
Thu Mar 24 17:09:17 UTC 2016

On 2016-03-24 16:17, openssl-users at dukhovni.org (Viktor Dukhovni) wrote:
>> On Mar 24, 2016, at 4:21 AM, DEXTER <mydexterid at gmail.com> wrote:
>> So this patch:
>> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3b1eb5735c5b3d566a9fc3bf745bf716a29afa0
>> magically made itself into ubuntu trusty's version of openssl in a
>> security update.
>> My question is:
>> What is the recommended way now to call X509_verify_cert twice or
>> unlimited times from SSL_CTX_set_cert_verify_callback callback.
>> (This is where the ctx is already initialized by openssl and not by the user)
> I'm afraid multiple calls are not supported.
> I'll consider updating the 1.1.0 code to make that possible,
> but that won't help you with 1.0.[12]...

I am afraid the patch causes a serious compatibility break. In practice,
after an OS upgrade (which upgrades OpenSSL to the patched version) each
and every application, which calls the X509_verify_cert function
multiple times without reinitialization, gets an error
(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED) which may or may not be handled
properly. It leads to undefined behavior of the application.

According to the OpenSSL versioning scheme, a minor release should not
break the binary compatibility.

"After the release of OpenSSL 1.0.0 the versioning scheme changed.
Letter releases (e.g. 1.0.1a) can only contain bug and security fixes
and no new features. Minor releases change the last number (e.g. 1.0.2)
and can contain new features that retain binary compatibility."

IMHO the patch in question breaks the API implicitly, as it causes a
restriction which didn't exist at the time of development. Please
consider retaining the compatibility in version 1.0 to avoid the
possible problems mentioned above.

Best regards,
Szilárd Pfeiffer

More information about the openssl-users mailing list