[PATCH] ignore duplicate OpenSSL client cert and private key addition

Jouni Malinen j
Sun Jan 13 08:43:21 PST 2008

On Sun, Jan 13, 2008 at 01:43:55AM -0500, Dan Williams wrote:
> Ignore duplicate certificate addition errors for client certificates and
> private keys too, as is done for CA certs.  Applies to both 0.6.x and
> 0.5.x.

How can you trigger this? CA certificates are added to SSL_CTX which is
maintained over connections, but client certificates and private keys
are added to SSL which is re-initialized for every connection (apart
from session resumption, but that does not load the key/cert anyway).
There's one exception to this in PKCS#12 handling where additional
certificates are added to the chain. Those are added to the SSL_CTX
since I'm not aware of OpenSSL functionality to add them into SSL. This
could show the cert already known errors. However, the patch here did
not touch that functionality.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list