Make X509_verify_cert_error_string thread-safe. If the error is unknown, we should not return a static buffer. See also c0a445a9f279d8c4a519b58e52a50112f2341070 from upstream. Change-Id: I23e1a3b9e29b34ab3dff41b8a58155683bbb9bd2 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35684 Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Adam Langley <agl@google.com>

commit: e55c64fdd3f47413e17eaa8e4f4d2a62622a01eb [log] [tgz]
author: David Benjamin <davidben@google.com> Thu Apr 18 13:42:30 2019 -0500
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Thu Apr 18 18:58:03 2019 +0000
tree: b373aa283dbaff5634d1cd78f80fe86da4bbd625
parent: d86eb1bbb32c622490241032fae4e24782aeff91 [diff]
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 753e720..99f83c6 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c

@@ -54,13 +54,10 @@
  * copied and put under another distribution licence
  * [including the GNU Public Licence.] */
 
-#include <openssl/mem.h>
 #include <openssl/x509.h>
 
 const char *X509_verify_cert_error_string(long n)
 {
-    static char buf[100];
-
     switch ((int)n) {
     case X509_V_OK:
         return ("ok");
@@ -199,7 +196,6 @@
         return ("Issuer certificate lookup error");
 
     default:
-        BIO_snprintf(buf, sizeof buf, "error number %ld", n);
-        return (buf);
+        return "unknown certificate verification error";
     }
 }
commit	e55c64fdd3f47413e17eaa8e4f4d2a62622a01eb	[log] [tgz]
author	David Benjamin <davidben@google.com>	Thu Apr 18 13:42:30 2019 -0500
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Thu Apr 18 18:58:03 2019 +0000
tree	b373aa283dbaff5634d1cd78f80fe86da4bbd625
parent	d86eb1bbb32c622490241032fae4e24782aeff91 [diff]