Tomáš Mráz
Tomáš Mráz
Once the default provider is loaded into the context, it will stay loaded even if the config file is later loaded. It can be loaded implicitly by some call that...
Then the question is why do we have any other OPENSSL_init_crypto() calls than those with OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG) at all inside libcrypto. Because apart from some non-crypto manipulation functions such as ASN1...
This would be eligible for CLA: trivial. See https://www.openssl.org/policies/cla.html
> Should I create a new PR for it ? Not necessary if the patch applies cleanly there.
I do not think it is worth it to complicate the signature checks by checking whether we have the private key available and then do more checks on e. As...
I am really not sure here, whether this is a bug fix eligible for merging to 3.0 or not.
Hmm, it is questionable whether this is something we would want to "fix" in 3.0 branch. It can be seen as a (mis)feature.
A partial fix might make sense - when loading the config with NULL libctx set global default values. When loading a config with non-NULL libctx set values in libctx. Then,...
IMO if implemented this way it would be acceptable as bug fix for backport.
**OTC: There should be a global SSL config default set when loading a config file into the global default libctx and per-libctx SSL config default which would be set when...