X509_verify_cert cannot be called twice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



So let me get this straight.
If someone had a software where they called X509_verify_cert from
SSL_CTX_set_cert_verify_callback callback twice (to verify first with
crls, and maybe verify again without crls) and it worked as expected,
after this patch their software is broken.

Am I right?

And there is no solution to this after the patch for 1.0.[12]

Am I right?

On 2016.03.24. 16:17, Viktor Dukhovni wrote:
> 
>> On Mar 24, 2016, at 4:21 AM, DEXTER <mydexterid at gmail.com> wrote:
>>
>> So this patch:
>> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3b1eb5735c5b3d566a9fc3bf745bf716a29afa0
>>
>> magically made itself into ubuntu trusty's version of openssl in a
>> security update.
>>
>> My question is:
>>
>> What is the recommended way now to call X509_verify_cert twice or
>> unlimited times from SSL_CTX_set_cert_verify_callback callback.
>> (This is where the ctx is already initialized by openssl and not by the user)
> 
> I'm afraid multiple calls are not supported.
> I'll consider updating the 1.1.0 code to make that possible,
> but that won't help you with 1.0.[12]...
> 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux