Merge pull request #9587 from kareem-wolfssl/zd20850

Add duplicate entry error to distinguish cases where a duplicate CRL is rejected.
2026-01-22 15:07:19 -08:00
parent 62ca34497c 832bcd7f4b
commit a17f68f036
5 changed files with 7 additions and 2 deletions
--- a/src/crl.c
+++ b/src/crl.c
@@ -694,7 +694,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, CRL_Entry* crle,
            if (ret == MP_LT || ret == MP_EQ) {
                WOLFSSL_MSG("Same or newer CRL entry already exists");
                wc_UnLockRwLock(&crl->crlLock);
-                return BAD_FUNC_ARG;
+                return DUPE_ENTRY_E;
            }
            else if (ret < 0) {
                WOLFSSL_MSG("Error comparing CRL Numbers");
--- a/src/internal.c
+++ b/src/internal.c
@@ -26853,6 +26853,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
    case PSK_KEY_ERROR:
        return "psk key callback error";

+    case DUPE_ENTRY_E:
+        return "duplicate entry error";
+
    case GETTIME_ERROR:
        return "gettimeofday() error";

--- a/src/ssl_certman.c
+++ b/src/ssl_certman.c
@@ -1795,6 +1795,7 @@ int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm)
 *                     WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM.
 * @return  WOLFSSL_SUCCESS on success.
 * @return  BAD_FUNC_ARG when cm or buff is NULL or sz is negative or zero.
+ * @return  DUPE_ENTRY_E if the same or a newer CRL already exists in the cm.
 * @return  WOLFSSL_FATAL_ERROR when creating CRL object fails.
 */
 int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,