diff -ruN openssh-5.1p1+x509-6.1.1/auth2-pubkey.c openssh-5.1p1+x509-6.2/auth2-pubkey.c
--- openssh-5.1p1+x509-6.1.1/auth2-pubkey.c	2008-07-22 21:06:01.000000000 +0300
+++ openssh-5.1p1+x509-6.2/auth2-pubkey.c	2009-02-16 23:06:01.000000000 +0200
@@ -32,6 +32,7 @@
 #include <pwd.h>
 #include <stdio.h>
 #include <stdarg.h>
+#include <string.h>
 #include <unistd.h>
 
 #include "xmalloc.h"
diff -ruN openssh-5.1p1+x509-6.1.1/authfile.c openssh-5.1p1+x509-6.2/authfile.c
--- openssh-5.1p1+x509-6.1.1/authfile.c	2008-07-22 21:06:01.000000000 +0300
+++ openssh-5.1p1+x509-6.2/authfile.c	2009-02-16 23:06:01.000000000 +0200
@@ -518,7 +518,9 @@
 		    "unknown EVP_PKEY save_type %d", pk->save_type);
 	}
 	if (prv) {
-		lseek(fd, (off_t) 0, SEEK_SET);         /* rewind */
+		debug("read X.509 certificate begin");
+		/* if we use lseek on some gnu libc versions stream will be not synchronized */
+		fseek(fp, (off_t) 0, SEEK_SET);         /* rewind */
 		x509key_load_cert(prv, fp);
 		if (prv->x509 != NULL) {
 			if (!X509_check_private_key(prv->x509, pk)) {
diff -ruN openssh-5.1p1+x509-6.1.1/x509store.c openssh-5.1p1+x509-6.2/x509store.c
--- openssh-5.1p1+x509-6.1.1/x509store.c	2007-10-24 00:15:30.000000000 +0300
+++ openssh-5.1p1+x509-6.2/x509store.c	2009-01-21 23:04:07.000000000 +0200
@@ -103,7 +103,11 @@
 	X509_STORE_CTX ctx;
 	int ret;
 
-	X509_STORE_CTX_init(&ctx, store, NULL, NULL);
+	if (X509_STORE_CTX_init(&ctx, store, NULL, NULL) <= 0) {
+		/*memory allocation error*/
+		error("ssh_x509store_lookup: cannot initialize x509store context");
+		return(-1);
+	}
 	ret = X509_STORE_get_by_subject(&ctx, type, name, xobj);
 	X509_STORE_CTX_cleanup(&ctx);
 
@@ -502,7 +506,12 @@
 
 static int
 ssh_verify_cert(X509_STORE_CTX *_csc, X509 *_cert) {
-	X509_STORE_CTX_init(_csc, x509store, _cert, NULL);
+	int flag;
+	if (X509_STORE_CTX_init(_csc, x509store, _cert, NULL) <= 0) {
+		/*memory allocation error*/
+		error("ssh_verify_cert: cannot initialize x509store context");
+		return(-1);
+	}
 
 	if (ssh_x509flags.allowedcertpurpose >= 0) {
 		int def_purpose =  ( ssh_x509flags.is_server
@@ -510,7 +519,7 @@
 			: X509_PURPOSE_SSL_SERVER
 		);
 		X509_PURPOSE *xptmp = X509_PURPOSE_get0(ssh_x509flags.allowedcertpurpose);
-		int purpose, flag;
+		int purpose;
 		if (xptmp == NULL) {
 			fatal("ssh_verify_cert: cannot get purpose from index");
 			return(-1); /* ;-) */
@@ -556,7 +565,17 @@
 		X509_STORE_CTX_set_flags(_csc, X509_V_FLAG_CB_ISSUER_CHECK);
 	*/
 
-	if (X509_verify_cert(_csc) == 0) {
+	flag = X509_verify_cert(_csc);
+	if (flag < 0) {
+		/* NOTE: negative result is returned only if certificate to check
+		 * is not set in context. This function is called if _cert is non
+		 * NULL, i.e. certificate has to be set in context!
+		 * Lets log (posible in future) cases with negative value.
+		 */
+		logit("ssh_verify_cert: X509_verify_cert return unexpected negative value: '%d'", flag);
+		return(-1);
+	}
+	if (flag == 0) {
 		int ecode = X509_STORE_CTX_get_error(_csc);
 		error("ssh_verify_cert: verify error, code=%d, msg='%.200s'"
 			, ecode
@@ -579,6 +598,12 @@
 #endif /*def SSH_X509STORE_DISABLED*/
 
 #ifndef SSH_X509STORE_DISABLED
+	if (_cert == NULL) {
+		/*already checked but ...*/
+		error("ssh_x509cert_check: cert is NULL");
+		ret = -1;
+		goto done;
+	}
 	if (x509store == NULL) {
 		error("ssh_x509cert_check: context is NULL");
 		ret = -1;