The pandemic of incomplete OpenSSL error handling

(blog.jak-linux.org)

7 points | by teddyh 10 hours ago ago

1 comments

  • thesuperbigfrog 9 hours ago

    Recklessly discarding OpenSSL errors is really bad and could lead to security vulnerabilities.

    Calling ERR_clear_error before operations is widely recommended: https://github.com/openssl/openssl/discussions/23025

    which matches the blog author's point.

    How widespread is this OpenSSL error discarding practice? It might explain a lot of security vulnerabilities.