OpenSSL has a modified bit that it can set on on X509_NAME objects. If this bit is set then the object is not thread-safe even when it appears the code is not modifying the value.
modified
X509_NAME
Thanks to David Benjamin (Google) for reporting this issue.
{ "affects": { "os": [], "functions": [ "openssl::x509::X509NameBuilder::build" ], "arch": [] } }
{ "cvss": null, "informational": null, "categories": [ "thread-safety" ] }