kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow duplicate certs in ssl_build_cert_chain

Browse Source 
(Imported from upstream's 662239183da08d687dc939211ac09d0a5c3a5b93)
This commit is contained in:
Adam Langley 2014-06-20 12:00:00 -07:00
parent 33685b82ec
commit dff7b9e11b
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
ssl/ssl_cert.c
View File

@ -1338,6 +1338,7 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
STACK_OF(X509) *chain = NULL, *untrusted = NULL;
X509 *x;
int i, rv = 0;
unsigned long error;
if (!cpk->x509)
{
@ -1354,11 +1355,23 @@ int ssl_build_cert_chain(CERT *c, X509_STORE *chain_store, int flags)
{
x = sk_X509_value(cpk->chain, i);
if (!X509_STORE_add_cert(chain_store, x))
goto err;
{
error = ERR_peek_last_error();
if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
goto err;
ERR_clear_error();
}
}
/* Add EE cert too: it might be self signed */
if (!X509_STORE_add_cert(chain_store, cpk->x509))
goto err;
{
error = ERR_peek_last_error();
if (ERR_GET_LIB(error) != ERR_LIB_X509 ||
ERR_GET_REASON(error) != X509_R_CERT_ALREADY_IN_HASH_TABLE)
goto err;
ERR_clear_error();
}
}
else
{