File X509_STORE_add_cert.patch of Package python-pyOpenSSL.9057

From c048600d2ec470e7fdcf644a2aeb6b0e1ef4e245 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Thu, 23 Aug 2018 10:04:29 -0500
Subject: [PATCH] X509Store.add_cert no longer raises an error on duplicate
 cert

---
 CHANGELOG.rst         |  3 ++-
 src/OpenSSL/crypto.py | 11 ++++++++++-
 tests/test_crypto.py  |  9 ++++-----
 3 files changed, 16 insertions(+), 7 deletions(-)

Index: pyOpenSSL-17.5.0/CHANGELOG.rst
===================================================================
--- pyOpenSSL-17.5.0.orig/CHANGELOG.rst	2017-12-01 03:16:17.000000000 +0100
+++ pyOpenSSL-17.5.0/CHANGELOG.rst	2018-10-05 16:29:54.424093635 +0200
@@ -17,7 +17,8 @@ Backward-incompatible changes:
 Deprecations:
 ^^^^^^^^^^^^^
 
-*none*
+- ``X509Store.add_cert`` no longer raises an error if you add a duplicate cert.
+  `#787 <https://github.com/pyca/pyopenssl/pull/787>`_
 
 
 Changes:
Index: pyOpenSSL-17.5.0/src/OpenSSL/crypto.py
===================================================================
--- pyOpenSSL-17.5.0.orig/src/OpenSSL/crypto.py	2017-12-01 03:16:17.000000000 +0100
+++ pyOpenSSL-17.5.0/src/OpenSSL/crypto.py	2018-10-05 16:29:54.428093661 +0200
@@ -1607,7 +1607,16 @@ class X509Store(object):
         if not isinstance(cert, X509):
             raise TypeError()
 
-        _openssl_assert(_lib.X509_STORE_add_cert(self._store, cert._x509) != 0)
+        # As of OpenSSL 1.1.0i adding the same cert to the store more than
+        # once doesn't cause an error. Accordingly, this code now silences
+        # the error for OpenSSL < 1.1.0i as well.
+        if _lib.X509_STORE_add_cert(self._store, cert._x509) == 0:
+            code = _lib.ERR_peek_error()
+            err_reason = _lib.ERR_GET_REASON(code)
+            _openssl_assert(
+                err_reason == _lib.X509_R_CERT_ALREADY_IN_HASH_TABLE
+            )
+            _lib.ERR_clear_error()
 
     def add_crl(self, crl):
         """
Index: pyOpenSSL-17.5.0/tests/test_crypto.py
===================================================================
--- pyOpenSSL-17.5.0.orig/tests/test_crypto.py	2018-10-05 16:29:54.380093325 +0200
+++ pyOpenSSL-17.5.0/tests/test_crypto.py	2018-10-05 16:29:54.428093661 +0200
@@ -2016,16 +2016,15 @@ class TestX509Store(object):
         with pytest.raises(TypeError):
             store.add_cert(cert)
 
-    def test_add_cert_rejects_duplicate(self):
+    def test_add_cert_accepts_duplicate(self):
         """
-        `X509Store.add_cert` raises `OpenSSL.crypto.Error` if an attempt is
-        made to add the same certificate to the store more than once.
+        `X509Store.add_cert` doesn't raise `OpenSSL.crypto.Error` if an attempt
+        is made to add the same certificate to the store more than once.
         """
         cert = load_certificate(FILETYPE_PEM, cleartextCertificatePEM)
         store = X509Store()
         store.add_cert(cert)
-        with pytest.raises(Error):
-            store.add_cert(cert)
+        store.add_cert(cert)
 
 
 class TestPKCS12(object):