Re: [openssl-users] X509_verify_cert cannot be called twice

On 3/25/16, 17:17 , "openssl-users on behalf of Viktor Dukhovni" wrote: >>If I ask “is your passport valid”, I expect to be able to repeat this >> question and (as long as this all is within a reasonably short time) get

Re: [openssl-users] X509_verify_cert cannot be called twice

On Fri, Mar 25, 2016 at 08:56:32PM +, Blumenthal, Uri - 0553 - MITLL wrote: > If I ask “if your passport valid”, I expect to be able to repeat this > question and (as long as this all is within a reasonably short time) get > exactly the same answer. The result of X509_verify_cert() is not

Re: [openssl-users] X509_verify_cert cannot be called twice

On 3/25/16, 16:10 , "openssl-users on behalf of Michael Wojcik" wrote: >>I'm sure I'm missing something obvious, but why isn't the operation >> XXX_verify_xxx() idempotent? It seems very weird that two subsequent >>

Re: [openssl-users] X509_verify_cert cannot be called twice

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Blumenthal, Uri - 0553 - MITLL > Sent: Thursday, March 24, 2016 16:37 > > I'm sure I'm missing something obvious, but why isn't the operation > XXX_verify_xxx() idempotent? It seems very weird that two subsequent >

Re: [openssl-users] X509_verify_cert cannot be called twice

  From: Szilárd Pfeiffer Sent: Thursday, March 24, 2016 16:21 To: openssl-users@openssl.org Reply To: openssl-users@openssl.org Subject: Re: [openssl-users] X509_verify_cert cannot be called twice On 2016-03-24 19:12, Viktor Dukhovni wrote: >> On Mar 24, 2016, at 2:02 PM, DEXTER <mydexte...@

Re: [openssl-users] X509_verify_cert cannot be called twice

On 2016-03-24 19:12, Viktor Dukhovni wrote: On Mar 24, 2016, at 2:02 PM, DEXTER wrote: So let me get this straight. If someone had a software where they called X509_verify_cert from SSL_CTX_set_cert_verify_callback callback twice (to verify first with crls, and maybe

Re: [openssl-users] X509_verify_cert cannot be called twice

> On Mar 24, 2016, at 2:02 PM, DEXTER wrote: > > So let me get this straight. > If someone had a software where they called X509_verify_cert from > SSL_CTX_set_cert_verify_callback callback twice (to verify first with > crls, and maybe verify again without crls) and it

Re: [openssl-users] X509_verify_cert cannot be called twice

So let me get this straight. If someone had a software where they called X509_verify_cert from SSL_CTX_set_cert_verify_callback callback twice (to verify first with crls, and maybe verify again without crls) and it worked as expected, after this patch their software is broken. Am I right? And

Re: [openssl-users] X509_verify_cert cannot be called twice

> On Mar 24, 2016, at 1:09 PM, Szilárd Pfeiffer > wrote: > > I am afraid the patch causes a serious compatibility break. In practice, > after an OS upgrade (which upgrades OpenSSL to the patched version) each > and every application, which calls the

Re: [openssl-users] X509_verify_cert cannot be called twice

On 2016-03-24 16:17, openssl-users at dukhovni.org (Viktor Dukhovni) wrote: >> On Mar 24, 2016, at 4:21 AM, DEXTER wrote: >> >> So this patch: >> https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3b1eb5735c5b3d566a9fc3bf745bf716a29afa0 >> >> magically made itself into ubuntu trusty's

Re: [openssl-users] X509_verify_cert cannot be called twice

> On Mar 24, 2016, at 4:21 AM, DEXTER wrote: > > So this patch: > https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3b1eb5735c5b3d566a9fc3bf745bf716a29afa0 > > magically made itself into ubuntu trusty's version of openssl in a > security update. > > My question

[openssl-users] X509_verify_cert cannot be called twice

Hi! So this patch: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b3b1eb5735c5b3d566a9fc3bf745bf716a29afa0 magically made itself into ubuntu trusty's version of openssl in a security update. My question is: What is the recommended way now to call X509_verify_cert twice or unlimited