Removed unnecessary error condition in TLS Lib that that would report an
error if a certificate is being added to the X509_STORE more than once.
This causes HTTPS to fail on second attempt with the same certificate.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Samer El-Haj-Mahmoud <el...@hpe.com>
Signed-off-by: Thomas Palmer <thomas.pal...@hpe.com>
---
CryptoPkg/Library/TlsLib/TlsLib.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
diff --git a/CryptoPkg/Library/TlsLib/TlsLib.c
b/CryptoPkg/Library/TlsLib/TlsLib.c
index e661375..0818653 100644
--- a/CryptoPkg/Library/TlsLib/TlsLib.c
+++ b/CryptoPkg/Library/TlsLib/TlsLib.c
@@ -2,6 +2,7 @@
SSL/TLS Library Wrapper Implementation over OpenSSL.
Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+(C) Copyright 2016 Hewlett Packard Enterprise Development LP<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -16,6 +17,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER
EXPRESS OR IMPLIED.
#include <openssl/ssl.h>
#include <openssl/bio.h>
+#include <openssl/err.h>
#define MAX_BUFFER_SIZE 32768
@@ -1429,6 +1431,7 @@ TlsSetCaCertificate (
EFI_STATUS Status;
TLS_CONNECTION *TlsConn;
INTN Ret;
+ unsigned long ErrorCode;
BioCert = NULL;
Cert = NULL;
@@ -1481,8 +1484,16 @@ TlsSetCaCertificate (
Ret = X509_STORE_add_cert (X509Store, Cert);
if (Ret != 1) {
- Status = EFI_ABORTED;
- goto ON_EXIT;
+ ErrorCode = ERR_peek_last_error ();
+ //
+ // Ignore "already in table" errors
+ //
+ if (!(ERR_GET_FUNC (ErrorCode) == X509_F_X509_STORE_ADD_CERT &&
+ ERR_GET_REASON (ErrorCode) == X509_R_CERT_ALREADY_IN_HASH_TABLE)) {
+ Status = EFI_ABORTED;
+ goto ON_EXIT;
+ }
+
}
X509_STORE_set_flags (
--
2.6.3.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
