> On Mar 24, 2016, at 1:09 PM, Szilárd Pfeiffer <szilard.pfeif...@balasys.hu> > wrote: > > I am afraid the patch causes a serious compatibility break. In practice, > after an OS upgrade (which upgrades OpenSSL to the patched version) each > and every application, which calls the X509_verify_cert function > multiple times without reinitialization, gets an error > (ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED) which may or may not be handled > properly. It leads to undefined behavior of the application.
No the patch catches undefined behaviour, and returns an error. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users