diff options
author | Vladislav Vaintroub <wlad@mariadb.com> | 2020-10-12 21:15:24 +0200 |
---|---|---|
committer | Vladislav Vaintroub <wlad@mariadb.com> | 2021-03-15 19:37:40 +0100 |
commit | 987cfa227d740ae07ca0c092ebefeb425c8af957 (patch) | |
tree | 19eae9f20f88f845338c65d7ca30b709425b735f | |
parent | 30dea4599e44e3008fb9bc5fe79ab5747841f21f (diff) | |
download | mariadb-git-987cfa227d740ae07ca0c092ebefeb425c8af957.tar.gz |
MDEV-23740 - X509_R_CERT_ALREADY_IN_HASH_TABLE when establishing SSL connection
connection.
Ignore harmless X509_R_CERT_ALREADY_IN_HASH_TABLE, similar to how Curl or
other projects treat it.
-rw-r--r-- | vio/viossl.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/vio/viossl.c b/vio/viossl.c index 30946d3261c..8fdc8a3d68c 100644 --- a/vio/viossl.c +++ b/vio/viossl.c @@ -109,6 +109,21 @@ static my_bool ssl_should_retry(Vio *vio, int ret, enum enum_vio_io_event *event SSL *ssl= vio->ssl_arg; my_bool should_retry= TRUE; +#if defined(ERR_LIB_X509) && defined(X509_R_CERT_ALREADY_IN_HASH_TABLE) + /* + Ignore error X509_R_CERT_ALREADY_IN_HASH_TABLE. + This is a workaround for an OpenSSL bug in an older (< 1.1.1) + OpenSSL version. + */ + unsigned long err = ERR_peek_error(); + if (ERR_GET_LIB(err) == ERR_LIB_X509 && + ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) + { + ERR_clear_error(); + return TRUE; + } +#endif + /* Retrieve the result for the SSL I/O operation. */ ssl_error= SSL_get_error(ssl, ret); |