ubuntu@resolute:~$ cargo audit bin /usr/bin/ls
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 1107 security advisories (from /home/ubuntu/.cargo/advisory-db)
Updating crates.io index
error: No dependency information found in /usr/bin/ls! Is it a Rust program built with cargo?
error: parse error: No dependency information found! Is this a Rust executable built with cargo?
ubuntu@resolute:~$ ls -lah /usr/bin/ls
lrwxrwxrwx 1 root root 29 Mar 30 16:50 /usr/bin/ls -> ../lib/cargo/bin/coreutils/ls
ubuntu@resolute:~$
Still, this is a nice feature to have.
Calling ERR_clear_error before operations is widely recommended: https://github.com/openssl/openssl/discussions/23025
which matches the blog author's point.
How widespread is this OpenSSL error discarding practice? It might explain a lot of security vulnerabilities.