Hi, PKCS12_parse uses X509_check_private_key to distinguish the certificate which matches the private key from extra certificates. When extra certificates are checked first, X509_check_private_key puts X509_R_KEY_VALUES_MISMATCH error on error stack which is not cleared by PKCS12_parse and can trigger weird behaviour in libraries using PKCS12_parse.
Bad effect seen in PHP bug #69882[1]. [1] https://bugs.php.net/bug.php?id=69882 -- Tomasz Sawicki _______________________________________________ openssl-bugs-mod mailing list [email protected] https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
