The pandemic of incomplete OpenSSL error handling (blog.jak-linux.org) 1 points by teddyh 11d ago ↗ HN
[–] thesuperbigfrog 11d ago ↗ Recklessly discarding OpenSSL errors is really bad and could lead to security vulnerabilities.Calling ERR_clear_error before operations is widely recommended: https://github.com/openssl/openssl/discussions/23025which matches the blog author's point.How widespread is this OpenSSL error discarding practice? It might explain a lot of security vulnerabilities.
1 comment
[ 2.9 ms ] story [ 8.8 ms ] threadCalling ERR_clear_error before operations is widely recommended: https://github.com/openssl/openssl/discussions/23025
which matches the blog author's point.
How widespread is this OpenSSL error discarding practice? It might explain a lot of security vulnerabilities.