Allow duplicate certs in ssl_build_cert_chain

author: Emilia Kasper <ekasper@google.com> 2014-03-24 12:33:54 +0100
committer: Ben Laurie <ben@links.org> 2014-03-25 17:28:04 +0000
commit: 662239183da08d687dc939211ac09d0a5c3a5b93 (patch)
tree: f6fd7d32b6e780b720b17f00ee9bd7803b65691a
parent: 66243398bbb3d8ad0f77532905955a9a564f2d4f (diff)
download: openssl-new-662239183da08d687dc939211ac09d0a5c3a5b93.tar.gz
1 files changed, 15 insertions, 2 deletions
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 6ccf755f7a..2965a44ff5 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1483,6 +1483,7 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
 	STACK_OF(X509) *chain = NULL, *untrusted = NULL;
 	X509 *x;
 	int i, rv = 0;
+	unsigned long error;
 
 	if (!cpk->x509)
 		{
@@ -1499,11 +1500,23 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
 			{
 			x = sk_X509_value(cpk->chain, i);
 			if (!X509_STORE_add_cert(chain_store, x))
-				goto err;
+				{
+				error = ERR_peek_last_error();
+				if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
+				    ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
+					goto err;
+				ERR_clear_error();
+				}
 			}
 		/* Add EE cert too: it might be self signed */
 		if (!X509_STORE_add_cert(chain_store, cpk->x509))
-			goto err;
+			{
+			error = ERR_peek_last_error();
+			if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
+			    ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
+				goto err;
+			ERR_clear_error();
+			}
 		}
 	else
 		{
author	Emilia Kasper <ekasper@google.com>	2014-03-24 12:33:54 +0100
committer	Ben Laurie <ben@links.org>	2014-03-25 17:28:04 +0000
commit	662239183da08d687dc939211ac09d0a5c3a5b93 (patch)
tree	f6fd7d32b6e780b720b17f00ee9bd7803b65691a
parent	66243398bbb3d8ad0f77532905955a9a564f2d4f (diff)
download	openssl-new-662239183da08d687dc939211ac09d0a5c3a5b93.tar.gz