Some dude named Tavis Ormandy reported a bug which has gone unfixed. - openbsd - A mirror of https://github.com/libressl/openbsd.git

diff options

author	tedu <>	2014-04-18 15:03:20 +0000
committer	tedu <>	2014-04-18 15:03:20 +0000
commit	8d7a155e827dd96b3fcf47a54551caa3e14fa961 (patch)
tree	72378c252e3573a08e5cdf77a046b709ae6a57b8 /src/lib/libcrypto/uid.c
parent	e3edc2bce08ee456837990d810fd78efd4cf1ac5 (diff)
download	openbsd-8d7a155e827dd96b3fcf47a54551caa3e14fa961.tar.gz openbsd-8d7a155e827dd96b3fcf47a54551caa3e14fa961.tar.bz2 openbsd-8d7a155e827dd96b3fcf47a54551caa3e14fa961.zip

Some dude named Tavis Ormandy reported a bug which has gone unfixed.

http://marc.info/?l=openssl-users&m=138014120223264&w=2 Arguably a doc bug, but we argue not. If you parse a new cert into memory occupied by a previously verified cert, the new cert will inherit that state, bypassing future verification checks. To avoid this, we will always start fresh with a new object. grudging ok from guenther, after i threatened to make him read the code yet again. "that ok was way more painful and tiring then it should have been"

Diffstat (limited to 'src/lib/libcrypto/uid.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: