[PATCH] ignore duplicate OpenSSL client cert and private key addition

Jouni Malinen j at w1.fi
Sun Jan 13 11:43:21 EST 2008


On Sun, Jan 13, 2008 at 01:43:55AM -0500, Dan Williams wrote:
> Ignore duplicate certificate addition errors for client certificates and
> private keys too, as is done for CA certs.  Applies to both 0.6.x and
> 0.5.x.

How can you trigger this? CA certificates are added to SSL_CTX which is
maintained over connections, but client certificates and private keys
are added to SSL which is re-initialized for every connection (apart
from session resumption, but that does not load the key/cert anyway).
There's one exception to this in PKCS#12 handling where additional
certificates are added to the chain. Those are added to the SSL_CTX
since I'm not aware of OpenSSL functionality to add them into SSL. This
could show the cert already known errors. However, the patch here did
not touch that functionality.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list