)]}'
{
  "commit": "9d476175d777c4da1a1b4f218d14b54ef4ba7505",
  "tree": "86dc9c59e4926e7ecbe9d093f5bc9764d8b11252",
  "parents": [
    "3989ab04c6061d62382fb7d4b03ec6ed7601160e"
  ],
  "author": {
    "name": "Jakub Zelenka",
    "email": "jakub.zelenka@openssl.foundation",
    "time": "Wed Jun 17 17:59:40 2026 +0200"
  },
  "committer": {
    "name": "Neil Horman",
    "email": "nhorman@openssl.org",
    "time": "Thu Jun 18 14:02:13 2026 -0400"
  },
  "message": "property: do not overwrite the NULL-provider cache entry on set\n\nossl_method_store_cache_set inserts two entries per method: one keyed\non (nid, prop_query, prov) and one keyed on (nid, prop_query) with a\nNULL provider, used to match \"any provider\" lookups.\n\nPreviously the set path always replaced the NULL-provider entry. When a\nsecond provider cached the same nid, its method became the result for\n\"any provider\" lookups, even though an earlier provider was already\ncached. A shared nid could then resolve to the wrong provider: a\ncertificate\u0027s SPKI would decode through that provider\u0027s keymgmt and\nX509_check_private_key would fail with a key value mismatch.\n\nOnly insert the NULL-provider entry when one does not already exist, so\nthe first provider to cache the nid owns it, matching the order\nossl_method_store_fetch would select.\n\nAssisted-by: Claude:claude-opus-4-8\n\nReviewed-by: Neil Horman \u003cnhorman@openssl.org\u003e\nReviewed-by: Bob Beck \u003cbeck@openssl.org\u003e\nReviewed-by: Simo Sorce \u003csimo@redhat.com\u003e\nMergeDate: Thu Jun 18 18:02:32 2026\n(Merged from https://github.com/openssl/openssl/pull/31568)\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "59238bfcd2ff7542f38e1d648954e543f14f2f9c",
      "old_mode": 33188,
      "old_path": "crypto/property/property.c",
      "new_id": "e807f06995be707d7d91f9b47f75548b22184828",
      "new_mode": 33188,
      "new_path": "crypto/property/property.c"
    }
  ]
}
