Regression from refactor of X509_load_cert_file_ex in 3.2.0

[AlexanderOMara]

I've found what I believe to be a regression caused by the refactoring of X509_load_cert_file_ex in commit ae29622 (from pull request #21545). Specifically, the removal of these 2 lines:

            X509_free(x);
            x = NULL;

With an upgrade to 3.2.0 (which I first noticed when Homebrew's updated to the latest version) osslsigncode verify some-signed-pe-file.exe started to fail for what should be valid signed binaries (like Firefox Setup 115.5.0esr.exe).

Downstream bug reports:

• Compatibility issue with openssl@3.2.0 mtrojnar/osslsigncode#325
• openssl@3.2.0 update makes osslsigncode verify fail Homebrew/homebrew-core#155744

Error message seen with openssl 3.2.0, but not 3.1.4:

CMS_verify error
C0CFAEB0827F0000:error:17000064:CMS routines:cms_signerinfo_verify_cert:certificate verify error:crypto/cms/cms_smime.c:289:Verify error: self-signed certificate in certificate chain
Timestamp Server Signature verification: failed

PKCS7_verify error
C0CFAEB0827F0000:error:10800075:PKCS7 routines:PKCS7_verify:certificate verify error:crypto/pkcs7/pk7_smime.c:296:Verify error: self-signed certificate in certificate chain
Signature verification: failed

The source of the regression was not at-all obvious, but through a binary search testing 3.2.0's commit history I found the commit where it broke and the minimal amount of changes from that commit needed to reproduce the issue. Adding those lines back into 3.2.0 also restored the prior behavior.

I'm not an expert on openssl's internals and can't say exactly why this subtle logic change makes openssl behave differently than it used to, but I'm guessing that the X509 pointer is not reusable between loop iterations.

P.S. I don't know what the full impact radius of this logic change is, but worry it may be substantial.