Add duplicate entry error to distinguish cases where a duplicate CRL is rejected.

2026-01-27 04:52:20 +01:00 · 2025-12-26 12:02:35 -07:00
parent e70e7cb144
commit d09b5ee1f1
5 changed files with 7 additions and 2 deletions
--- a/src/crl.c
+++ b/src/crl.c
@@ -707,7 +707,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff,
                WOLFSSL_MSG("Same or newer CRL entry already exists");
                CRL_Entry_free(crle, crl->heap);
                wc_UnLockRwLock(&crl->crlLock);
-                return BAD_FUNC_ARG;
+                return DUPE_ENTRY_E;
            }
            else if (ret < 0) {
                WOLFSSL_MSG("Error comparing CRL Numbers");
--- a/src/internal.c
+++ b/src/internal.c
@@ -26748,6 +26748,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
    case PSK_KEY_ERROR:
        return "psk key callback error";

+    case DUPE_ENTRY_E:
+        return "duplicate entry error";
+
    case GETTIME_ERROR:
        return "gettimeofday() error";

--- a/src/ssl_certman.c
+++ b/src/ssl_certman.c
@@ -1795,6 +1795,7 @@ int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm)
 *                     WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM.
 * @return  WOLFSSL_SUCCESS on success.
 * @return  BAD_FUNC_ARG when cm or buff is NULL or sz is negative or zero.
+ * @return  DUPE_ENTRY_E if the same or a newer CRL already exists in the cm.
 * @return  WOLFSSL_FATAL_ERROR when creating CRL object fails.
 */
 int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
--- a/tests/api.c
+++ b/tests/api.c
@@ -34759,7 +34759,7 @@ static int error_test(void)
        { -124, -124 },
        { -167, -169 },
        { -300, -300 },
-        { -334, -336 },
+        { -335, -336 },
        { -346, -349 },
        { -356, -356 },
        { -358, -358 },
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -82,6 +82,7 @@ enum wolfSSL_ErrorCodes {
    CLIENT_ID_ERROR              = -331,   /* psk client identity error  */
    SERVER_HINT_ERROR            = -332,   /* psk server hint error  */
    PSK_KEY_ERROR                = -333,   /* psk key error  */
+    DUPE_ENTRY_E                 = -334,   /* duplicate entry error */

    GETTIME_ERROR                = -337,   /* gettimeofday failed ??? */
    GETITIMER_ERROR              = -338,   /* getitimer failed ??? */