1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MDEV-23740 - X509_R_CERT_ALREADY_IN_HASH_TABLE when establishing SSL connection

Browse Source 
connection.

Ignore harmless X509_R_CERT_ALREADY_IN_HASH_TABLE, similar to how Curl or
other projects treat it.
This commit is contained in:
Vladislav Vaintroub 2020-10-12 21:15:24 +02:00
parent 30dea4599e
commit 987cfa227d
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
vio/viossl.c
View File

@ -109,6 +109,21 @@ static my_bool ssl_should_retry(Vio *vio, int ret, enum enum_vio_io_event *event
SSL *ssl= vio->ssl_arg; SSL *ssl= vio->ssl_arg;
my_bool should_retry= TRUE; my_bool should_retry= TRUE;
#if defined(ERR_LIB_X509) && defined(X509_R_CERT_ALREADY_IN_HASH_TABLE)
/*
Ignore error X509_R_CERT_ALREADY_IN_HASH_TABLE.
This is a workaround for an OpenSSL bug in an older (< 1.1.1)
OpenSSL version.
*/
unsigned long err = ERR_peek_error();
if (ERR_GET_LIB(err) == ERR_LIB_X509 &&
ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE)
{
ERR_clear_error();
return TRUE;
}
#endif
/* Retrieve the result for the SSL I/O operation. */ /* Retrieve the result for the SSL I/O operation. */
ssl_error= SSL_get_error(ssl, ret); ssl_error= SSL_get_error(ssl, ret);