CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2014/04/18 09:03:20
Modified files:
lib/libssl/src/crypto/asn1: tasn_dec.c
Log message:
Some dude named Tavis Ormandy reported a bug which has gone unfixed.
http://marc.info/?l=openssl-users&m=138014120223264&w=2
Arguably a doc bug, but we argue not. If you parse a new cert into memory
occupied by a previously verified cert, the new cert will inherit that
state, bypassing future verification checks. To avoid this, we will always
start fresh with a new object.
grudging ok from guenther, after i threatened to make him read the code yet
again. "that ok was way more painful and tiring then it should have been"
