[PATCH] ignore duplicate OpenSSL client cert and private key addition
Sun Jan 13 08:43:21 PST 2008
On Sun, Jan 13, 2008 at 01:43:55AM -0500, Dan Williams wrote:
> Ignore duplicate certificate addition errors for client certificates and
> private keys too, as is done for CA certs. Applies to both 0.6.x and
How can you trigger this? CA certificates are added to SSL_CTX which is
maintained over connections, but client certificates and private keys
are added to SSL which is re-initialized for every connection (apart
from session resumption, but that does not load the key/cert anyway).
There's one exception to this in PKCS#12 handling where additional
certificates are added to the chain. Those are added to the SSL_CTX
since I'm not aware of OpenSSL functionality to add them into SSL. This
could show the cert already known errors. However, the patch here did
not touch that functionality.
Jouni Malinen PGP id EFC895FA
More information about the Hostap