diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-08-23 10:52:15 -0500 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-08-23 11:52:15 -0400 |
| commit | 0e6c553bc57587dc644430b7336e6bf4d90180a6 (patch) | |
| tree | 2ecb2255edf05f6ddc7b082454aab4e6a35c3ea2 | |
| parent | 178d04da82bab78bf36a85b2a728dbfaa44fb3de (diff) | |
| download | pyopenssl-git-0e6c553bc57587dc644430b7336e6bf4d90180a6.tar.gz | |
X509Store.add_cert no longer raises an error on duplicate cert (#787)
* X509Store.add_cert no longer raises an error on duplicate cert
* move changelog entry
| -rw-r--r-- | CHANGELOG.rst | 3 | ||||
| -rw-r--r-- | src/OpenSSL/crypto.py | 11 | ||||
| -rw-r--r-- | tests/test_crypto.py | 9 |
3 files changed, 16 insertions, 7 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a2da758..5cfb683 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -11,7 +11,8 @@ The third digit is only for regressions. Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -*none* +- ``X509Store.add_cert`` no longer raises an error if you add a duplicate cert. + `#787 <https://github.com/pyca/pyopenssl/pull/787>`_ Deprecations: diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py index d40f23c..ea7b354 100644 --- a/src/OpenSSL/crypto.py +++ b/src/OpenSSL/crypto.py @@ -1607,7 +1607,16 @@ class X509Store(object): if not isinstance(cert, X509): raise TypeError() - _openssl_assert(_lib.X509_STORE_add_cert(self._store, cert._x509) != 0) + # As of OpenSSL 1.1.0i adding the same cert to the store more than + # once doesn't cause an error. Accordingly, this code now silences + # the error for OpenSSL < 1.1.0i as well. + if _lib.X509_STORE_add_cert(self._store, cert._x509) == 0: + code = _lib.ERR_peek_error() + err_reason = _lib.ERR_GET_REASON(code) + _openssl_assert( + err_reason == _lib.X509_R_CERT_ALREADY_IN_HASH_TABLE + ) + _lib.ERR_clear_error() def add_crl(self, crl): """ diff --git a/tests/test_crypto.py b/tests/test_crypto.py index d1c261b..eb4590d 100644 --- a/tests/test_crypto.py +++ b/tests/test_crypto.py @@ -2016,16 +2016,15 @@ class TestX509Store(object): with pytest.raises(TypeError): store.add_cert(cert) - def test_add_cert_rejects_duplicate(self): + def test_add_cert_accepts_duplicate(self): """ - `X509Store.add_cert` raises `OpenSSL.crypto.Error` if an attempt is - made to add the same certificate to the store more than once. + `X509Store.add_cert` doesn't raise `OpenSSL.crypto.Error` if an attempt + is made to add the same certificate to the store more than once. """ cert = load_certificate(FILETYPE_PEM, cleartextCertificatePEM) store = X509Store() store.add_cert(cert) - with pytest.raises(Error): - store.add_cert(cert) + store.add_cert(cert) class TestPKCS12(object): |