Some dude named Tavis Ormandy reported a bug which has gone unfixed.

Some dude named Tavis Ormandy reported a bug which has gone unfixed.
http://marc.info/?l=openssl-users&m=138014120223264&w=2
Arguably a doc bug, but we argue not. If you parse a new cert into memory
occupied by a previously verified cert, the new cert will inherit that
state, bypassing future verification checks. To avoid this, we will always
start fresh with a new object.

grudging ok from guenther, after i threatened to make him read the code yet
again. "that ok was way more painful and tiring then it should have been"