> On Mar 24, 2016, at 1:09 PM, Szil?rd Pfeiffer <szilard.pfeiffer at balasys.hu> wrote: > > I am afraid the patch causes a serious compatibility break. In practice, > after an OS upgrade (which upgrades OpenSSL to the patched version) each > and every application, which calls the X509_verify_cert function > multiple times without reinitialization, gets an error > (ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED) which may or may not be handled > properly. It leads to undefined behavior of the application. No the patch catches undefined behaviour, and returns an error. -- Viktor.
