Make X509_verify_cert_error_string thread-safe.
If the error is unknown, we should not return a static buffer. See also
c0a445a9f279d8c4a519b58e52a50112f2341070 from upstream.
Change-Id: I23e1a3b9e29b34ab3dff41b8a58155683bbb9bd2
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/35684
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/x509/x509_txt.c b/crypto/x509/x509_txt.c
index 753e720..99f83c6 100644
--- a/crypto/x509/x509_txt.c
+++ b/crypto/x509/x509_txt.c
@@ -54,13 +54,10 @@
* copied and put under another distribution licence
* [including the GNU Public Licence.] */
-#include <openssl/mem.h>
#include <openssl/x509.h>
const char *X509_verify_cert_error_string(long n)
{
- static char buf[100];
-
switch ((int)n) {
case X509_V_OK:
return ("ok");
@@ -199,7 +196,6 @@
return ("Issuer certificate lookup error");
default:
- BIO_snprintf(buf, sizeof buf, "error number %ld", n);
- return (buf);
+ return "unknown certificate verification error";
}
}