From 662239183da08d687dc939211ac09d0a5c3a5b93 Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Mon, 24 Mar 2014 12:33:54 +0100 Subject: [PATCH] Allow duplicate certs in ssl_build_cert_chain --- ssl/ssl_cert.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index 6ccf755f7a..2965a44ff5 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -1483,6 +1483,7 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags) STACK_OF(X509) *chain = NULL, *untrusted = NULL; X509 *x; int i, rv = 0; + unsigned long error; if (!cpk->x509) { @@ -1499,11 +1500,23 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags) { x = sk_X509_value(cpk->chain, i); if (!X509_STORE_add_cert(chain_store, x)) - goto err; + { + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) != ERR_LIB_X509 || + ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) + goto err; + ERR_clear_error(); + } } /* Add EE cert too: it might be self signed */ if (!X509_STORE_add_cert(chain_store, cpk->x509)) - goto err; + { + error = ERR_peek_last_error(); + if (ERR_GET_LIB(error) != ERR_LIB_X509 || + ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE) + goto err; + ERR_clear_error(); + } } else { -- 2.40.0