On Tue, 2019-10-15 at 19:34 +0200, Laszlo Ersek wrote: > Ehh, I failed to ask the actual question. > > Is it OK to call X509_VERIFY_PARAM_set1*() multiple times -- basically, > every time just before we call X509_verify_cert()? > > My concern is not with the crypto functionality, but whether we could be > leaking memory allocations.
You had to ask yourself that before approving the original version of TlsSetVerifyHost(), didn't you? Because the TlsLib API hasn't imposed any restriction on calling TlsSetVerifyHost() more than once... The answer is yes, btw — it's fine. Note also my observation that we should insist on TlsSetVerifyHost being called at *least* once, or the connection should fail. -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#49085): https://edk2.groups.io/g/devel/message/49085 Mute This Topic: https://groups.io/mt/34307578/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
smime.p7s
Description: S/MIME cryptographic signature
