On 2016-03-24 19:12, Viktor Dukhovni wrote:
On Mar 24, 2016, at 2:02 PM, DEXTER wrote:
So let me get this straight.
If someone had a software where they called X509_verify_cert from
SSL_CTX_set_cert_verify_callback callback twice (to verify first with
crls, and maybe
releases change the last number (e.g. 1.0.2)
and can contain new features that retain binary compatibility."
IMHO the patch in question breaks the API implicitly, as it causes a
restriction which didn't exist at the time of development. Please
consider retaining the compatibility in version 1.0 t