[PATCH] ignore duplicate OpenSSL client cert and private key addition
Dan Williams
dcbw
Thu Jan 17 13:57:51 PST 2008
On Sun, 2008-01-13 at 08:43 -0800, Jouni Malinen wrote:
> On Sun, Jan 13, 2008 at 01:43:55AM -0500, Dan Williams wrote:
> > Ignore duplicate certificate addition errors for client certificates and
> > private keys too, as is done for CA certs. Applies to both 0.6.x and
> > 0.5.x.
>
> How can you trigger this? CA certificates are added to SSL_CTX which is
> maintained over connections, but client certificates and private keys
> are added to SSL which is re-initialized for every connection (apart
> from session resumption, but that does not load the key/cert anyway).
> There's one exception to this in PKCS#12 handling where additional
> certificates are added to the chain. Those are added to the SSL_CTX
> since I'm not aware of OpenSSL functionality to add them into SSL. This
> could show the cert already known errors. However, the patch here did
> not touch that functionality.
Ignore this patch for now; I cannot seem to reproduce the issue any
more.
Thanks,
Dan
More information about the Hostap
mailing list