[openssl-users] X509_verify_cert cannot be called twice

Viktor Dukhovni openssl-users at dukhovni.org
Fri Mar 25 21:17:17 UTC 2016

On Fri, Mar 25, 2016 at 08:56:32PM +0000, Blumenthal, Uri - 0553 - MITLL wrote:

> If I ask “if your passport valid”, I expect to be able to repeat this
> question and (as long as this all is within a reasonably short time) get
> exactly the same answer.

The result of X509_verify_cert() is not just a single error value.

    1.  It constructs the verified chain.
    2.  It determines a verified peername.
    3.  In master with DANE it determines the matching TLSA record and
	chain certificate.
    4.  It computes the policy tree and makes policy callbacks.
    5.  It calls application verify callbacks that may have side effects.

It you call X509_verify_cert() twice, and the first call succeeds,
but the second fails, the side-effects seen by the application
(especially the TLS layer) will not match the final outcome.  If
the second pass is always the valid one, what's the point of the

Whatever is motivating the desire to call X509_verify_cert() twice
is likely some deficiency (whether actual or perceived) in the
current functionality, and we should probably address the underlying
problem and the not the superficial symptoms.

> Although once the current state of the API is explained, I’m happy enough
> to just use all the three steps if/when cert verification is needed.
> Documentation seems reasonably clear:

If you're doing this in the context of SSL, the SSL layer configures
the X509_STORE_CTX with various parameters beyond just
X509_STORE_CTX_init(), and using your own fresh context will not
work well.


More information about the openssl-users mailing list