[PATCH] ignore duplicate OpenSSL client cert and private key addition
Jouni Malinen
j
Sun Jan 13 08:43:21 PST 2008
On Sun, Jan 13, 2008 at 01:43:55AM -0500, Dan Williams wrote:
> Ignore duplicate certificate addition errors for client certificates and
> private keys too, as is done for CA certs. Applies to both 0.6.x and
> 0.5.x.
How can you trigger this? CA certificates are added to SSL_CTX which is
maintained over connections, but client certificates and private keys
are added to SSL which is re-initialized for every connection (apart
from session resumption, but that does not load the key/cert anyway).
There's one exception to this in PKCS#12 handling where additional
certificates are added to the chain. Those are added to the SSL_CTX
since I'm not aware of OpenSSL functionality to add them into SSL. This
could show the cert already known errors. However, the patch here did
not touch that functionality.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list