a508fd04ad
* openssl-1.1.0i.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyOpenSSL?expand=0&rev=48
62 lines
2.3 KiB
Diff
62 lines
2.3 KiB
Diff
From 0e6c553bc57587dc644430b7336e6bf4d90180a6 Mon Sep 17 00:00:00 2001
|
|
From: Paul Kehrer <paul.l.kehrer@gmail.com>
|
|
Date: Thu, 23 Aug 2018 10:52:15 -0500
|
|
Subject: [PATCH] X509Store.add_cert no longer raises an error on duplicate
|
|
cert (#787)
|
|
|
|
* X509Store.add_cert no longer raises an error on duplicate cert
|
|
|
|
---
|
|
src/OpenSSL/crypto.py | 11 ++++++++++-
|
|
tests/test_crypto.py | 9 ++++-----
|
|
3 files changed, 16 insertions(+), 7 deletions(-)
|
|
|
|
Deprecations:
|
|
diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
|
|
index d40f23c2..ea7b354b 100644
|
|
--- a/src/OpenSSL/crypto.py
|
|
+++ b/src/OpenSSL/crypto.py
|
|
@@ -1607,7 +1607,16 @@ def add_cert(self, cert):
|
|
if not isinstance(cert, X509):
|
|
raise TypeError()
|
|
|
|
- _openssl_assert(_lib.X509_STORE_add_cert(self._store, cert._x509) != 0)
|
|
+ # As of OpenSSL 1.1.0i adding the same cert to the store more than
|
|
+ # once doesn't cause an error. Accordingly, this code now silences
|
|
+ # the error for OpenSSL < 1.1.0i as well.
|
|
+ if _lib.X509_STORE_add_cert(self._store, cert._x509) == 0:
|
|
+ code = _lib.ERR_peek_error()
|
|
+ err_reason = _lib.ERR_GET_REASON(code)
|
|
+ _openssl_assert(
|
|
+ err_reason == _lib.X509_R_CERT_ALREADY_IN_HASH_TABLE
|
|
+ )
|
|
+ _lib.ERR_clear_error()
|
|
|
|
def add_crl(self, crl):
|
|
"""
|
|
diff --git a/tests/test_crypto.py b/tests/test_crypto.py
|
|
index d1c261b8..eb4590d0 100644
|
|
--- a/tests/test_crypto.py
|
|
+++ b/tests/test_crypto.py
|
|
@@ -2016,16 +2016,15 @@ def test_add_cert_wrong_args(self, cert):
|
|
with pytest.raises(TypeError):
|
|
store.add_cert(cert)
|
|
|
|
- def test_add_cert_rejects_duplicate(self):
|
|
+ def test_add_cert_accepts_duplicate(self):
|
|
"""
|
|
- `X509Store.add_cert` raises `OpenSSL.crypto.Error` if an attempt is
|
|
- made to add the same certificate to the store more than once.
|
|
+ `X509Store.add_cert` doesn't raise `OpenSSL.crypto.Error` if an attempt
|
|
+ is made to add the same certificate to the store more than once.
|
|
"""
|
|
cert = load_certificate(FILETYPE_PEM, cleartextCertificatePEM)
|
|
store = X509Store()
|
|
store.add_cert(cert)
|
|
- with pytest.raises(Error):
|
|
- store.add_cert(cert)
|
|
+ store.add_cert(cert)
|
|
|
|
|
|
class TestPKCS12(object):
|