summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2018-08-23 10:52:15 -0500
committerAlex Gaynor <alex.gaynor@gmail.com>2018-08-23 11:52:15 -0400
commit0e6c553bc57587dc644430b7336e6bf4d90180a6 (patch)
tree2ecb2255edf05f6ddc7b082454aab4e6a35c3ea2 /src
parent178d04da82bab78bf36a85b2a728dbfaa44fb3de (diff)
downloadpyopenssl-git-0e6c553bc57587dc644430b7336e6bf4d90180a6.tar.gz
X509Store.add_cert no longer raises an error on duplicate cert (#787)
* X509Store.add_cert no longer raises an error on duplicate cert * move changelog entry
Diffstat (limited to 'src')
-rw-r--r--src/OpenSSL/crypto.py11
1 files changed, 10 insertions, 1 deletions
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index d40f23c..ea7b354 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -1607,7 +1607,16 @@ class X509Store(object):
if not isinstance(cert, X509):
raise TypeError()
- _openssl_assert(_lib.X509_STORE_add_cert(self._store, cert._x509) != 0)
+ # As of OpenSSL 1.1.0i adding the same cert to the store more than
+ # once doesn't cause an error. Accordingly, this code now silences
+ # the error for OpenSSL < 1.1.0i as well.
+ if _lib.X509_STORE_add_cert(self._store, cert._x509) == 0:
+ code = _lib.ERR_peek_error()
+ err_reason = _lib.ERR_GET_REASON(code)
+ _openssl_assert(
+ err_reason == _lib.X509_R_CERT_ALREADY_IN_HASH_TABLE
+ )
+ _lib.ERR_clear_error()
def add_crl(self, crl):
"""