On 08/10/2016 11:00 AM, Jakob Bohm wrote: > On 08/08/2016 16:51, Benjamin Kaduk wrote: >> What Rich said, and also note that it's perfectly valid usage of the >> PEM routines to read one type from a BIO and then go on to read >> another (potentially different) type from the same BIO, as would >> happen if they were in the same file concatenated after each other. >> So, attempting to peek and see if there was other stuff after the >> read PEM object would be a strange special case. >> > Maybe there should be a general > check-no-more-data-in-file(BIO*,bool*bIsPEM) > routine called from the functions that take a file name as > argument, open it as a BIO, loads some PEM data and closes > the BIO, thus giving the caller no opportunity to use (or > check for) any extra PEM blocks (or DER blocks for DER > input). That level of foot-shooting-protection seems overkill to me, though my opinion doesn't really matter since I'm not on the dev team. -Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160810/3ef774eb/attachment.html>
