commit 0e6c553bc57587dc644430b7336e6bf4d90180a6
author Paul Kehrer <paul.l.kehrer@gmail.com> Thu Aug 23 10:52:15 2018 -0500
committer Alex Gaynor <alex.gaynor@gmail.com> Thu Aug 23 11:52:15 2018 -0400
tree 2ecb2255edf05f6ddc7b082454aab4e6a35c3ea2
parent 178d04da82bab78bf36a85b2a728dbfaa44fb3de

X509Store.add_cert no longer raises an error on duplicate cert (#787)

* X509Store.add_cert no longer raises an error on duplicate cert

* move changelog entry

src/OpenSSL/crypto.py

diff --git a/src/OpenSSL/crypto.py b/src/OpenSSL/crypto.py
index d40f23c..ea7b354 100644
--- a/src/OpenSSL/crypto.py
+++ b/src/OpenSSL/crypto.py
@@ -1607,7 +1607,16 @@
         if not isinstance(cert, X509):
             raise TypeError()
 
-        _openssl_assert(_lib.X509_STORE_add_cert(self._store, cert._x509) != 0)
+        # As of OpenSSL 1.1.0i adding the same cert to the store more than
+        # once doesn't cause an error. Accordingly, this code now silences
+        # the error for OpenSSL < 1.1.0i as well.
+        if _lib.X509_STORE_add_cert(self._store, cert._x509) == 0:
+            code = _lib.ERR_peek_error()
+            err_reason = _lib.ERR_GET_REASON(code)
+            _openssl_assert(
+                err_reason == _lib.X509_R_CERT_ALREADY_IN_HASH_TABLE
+            )
+            _lib.ERR_clear_error()
 
     def add_crl(self, crl):
         """