projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
3a98f9c
)
Allow duplicate certs in ssl_build_cert_chain
author
Emilia Kasper
<ekasper@google.com>
Mon, 24 Mar 2014 11:33:54 +0000
(12:33 +0100)
committer
Emilia Kasper
<ekasper@google.com>
Mon, 24 Mar 2014 11:33:54 +0000
(12:33 +0100)
ssl/ssl_cert.c
patch
|
blob
|
history
diff --git
a/ssl/ssl_cert.c
b/ssl/ssl_cert.c
index fd59158128cfc44a43c04e3e290ce43b6cae41e0..09ea611d8a9abcf44f4dff0565bf44fab8b825c7 100644
(file)
--- a/
ssl/ssl_cert.c
+++ b/
ssl/ssl_cert.c
@@
-1192,6
+1192,7
@@
int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
STACK_OF(X509) *chain = NULL, *untrusted = NULL;
X509 *x;
int i, rv = 0;
STACK_OF(X509) *chain = NULL, *untrusted = NULL;
X509 *x;
int i, rv = 0;
+ unsigned long error;
if (!cpk->x509)
{
if (!cpk->x509)
{
@@
-1208,11
+1209,23
@@
int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
{
x = sk_X509_value(cpk->chain, i);
if (!X509_STORE_add_cert(chain_store, x))
{
x = sk_X509_value(cpk->chain, i);
if (!X509_STORE_add_cert(chain_store, x))
- goto err;
+ {
+ error = ERR_peek_last_error();
+ if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
+ ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
+ goto err;
+ ERR_clear_error();
+ }
}
/* Add EE cert too: it might be self signed */
if (!X509_STORE_add_cert(chain_store, cpk->x509))
}
/* Add EE cert too: it might be self signed */
if (!X509_STORE_add_cert(chain_store, cpk->x509))
- goto err;
+ {
+ error = ERR_peek_last_error();
+ if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
+ ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
+ goto err;
+ ERR_clear_error();
+ }
}
else
{
}
else
{