X509Store.add_cert no longer raises an error on duplicate cert (#787)

* X509Store.add_cert no longer raises an error on duplicate cert * move changelog entry
author: Paul Kehrer <paul.l.kehrer@gmail.com> 2018-08-23 10:52:15 -0500
committer: Alex Gaynor <alex.gaynor@gmail.com> 2018-08-23 11:52:15 -0400
commit: 0e6c553bc57587dc644430b7336e6bf4d90180a6 (patch)
tree: 2ecb2255edf05f6ddc7b082454aab4e6a35c3ea2 /src
parent: 178d04da82bab78bf36a85b2a728dbfaa44fb3de (diff)
download: pyopenssl-git-0e6c553bc57587dc644430b7336e6bf4d90180a6.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index d40f23c..ea7b354 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -1607,7 +1607,16 @@ class X509Store(object):
         if not isinstance(cert, X509):
             raise TypeError()
 
-        _openssl_assert(_lib.X509_STORE_add_cert(self._store, cert._x509) != 0)
+        # As of OpenSSL 1.1.0i adding the same cert to the store more than
+        # once doesn't cause an error. Accordingly, this code now silences
+        # the error for OpenSSL < 1.1.0i as well.
+        if _lib.X509_STORE_add_cert(self._store, cert._x509) == 0:
+            code = _lib.ERR_peek_error()
+            err_reason = _lib.ERR_GET_REASON(code)
+            _openssl_assert(
+                err_reason == _lib.X509_R_CERT_ALREADY_IN_HASH_TABLE
+            )
+            _lib.ERR_clear_error()
 
     def add_crl(self, crl):
         """
author	Paul Kehrer <paul.l.kehrer@gmail.com>	2018-08-23 10:52:15 -0500
committer	Alex Gaynor <alex.gaynor@gmail.com>	2018-08-23 11:52:15 -0400
commit	0e6c553bc57587dc644430b7336e6bf4d90180a6 (patch)
tree	2ecb2255edf05f6ddc7b082454aab4e6a35c3ea2 /src
parent	178d04da82bab78bf36a85b2a728dbfaa44fb3de (diff)
download	pyopenssl-git-0e6c553bc57587dc644430b7336e6bf4d90180a6.tar.gz