The pandemic of incomplete OpenSSL error handling5tteddyh about 5 hours ago 1 commentsRead Article on blog.jak-linux.org DE version is available. Content is displayed in original English for accuracy.
Discussion (1 Comments)Read Original on HackerNews
Calling ERR_clear_error before operations is widely recommended: https://github.com/openssl/openssl/discussions/23025
which matches the blog author's point.
How widespread is this OpenSSL error discarding practice? It might explain a lot of security vulnerabilities.