[openssl-users] X509_verify_cert cannot be called twice

Viktor Dukhovni openssl-users at dukhovni.org
Thu Mar 24 17:22:04 UTC 2016


> On Mar 24, 2016, at 1:09 PM, Szilárd Pfeiffer <szilard.pfeiffer at balasys.hu> wrote:
> 
> I am afraid the patch causes a serious compatibility break. In practice,
> after an OS upgrade (which upgrades OpenSSL to the patched version) each
> and every application, which calls the X509_verify_cert function
> multiple times without reinitialization, gets an error
> (ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED) which may or may not be handled
> properly. It leads to undefined behavior of the application.

No the patch catches undefined behaviour, and returns an error.

-- 
	Viktor.



More information about the openssl-users mailing list