Permit multiple certs with same common name

This is needed to support Cloudflare interop.
2025-01-31 11:37:35 +00:00 · 2022-09-27 18:07:21 -07:00 · 2022-09-27 18:07:21 -07:00 · b46f763ee7
commit b46f763ee7
parent 87708c5d6e
4 changed files with 2 additions and 13 deletions
--- a/libc/sock/accept.c
+++ b/libc/sock/accept.c
@ -17,6 +17,7 @@
 │ PERFORMANCE OF THIS SOFTWARE.                                                │
 ╚─────────────────────────────────────────────────────────────────────────────*/
 #include "libc/sock/sock.h"
 #include "libc/sock/struct/sockaddr.h"
 /**
 * Creates client socket file descriptor for incoming connection.
--- a/libc/sock/sock.h
+++ b/libc/sock/sock.h
@ -1,6 +1,5 @@
 #ifndef COSMOPOLITAN_LIBC_SOCK_SOCK_H_
 #define COSMOPOLITAN_LIBC_SOCK_SOCK_H_
 #include "libc/sock/struct/sockaddr.h"
 #if !(__ASSEMBLER__ + __LINKER__ + 0)
 COSMOPOLITAN_C_START_
 /*───────────────────────────────────────────────────────────────────────────│─╗
@ -30,7 +29,6 @@ uint32_t *GetHostIps(void);
 int nointernet(void);
 int socket(int, int, int);
 int accept(int, struct sockaddr *, uint32_t *);
 int accept4(int, void *, uint32_t *, int);
 int bind(int, const void *, uint32_t);
 int connect(int, const void *, uint32_t);
--- a/libc/sock/struct/sockaddr.h
+++ b/libc/sock/struct/sockaddr.h
@ -35,6 +35,7 @@ struct sockaddr_storage {
 int inet_aton(const char *, struct in_addr *);
 char *inet_ntoa(struct in_addr);
 int accept(int, struct sockaddr *, uint32_t *);
 COSMOPOLITAN_C_END_
 #endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */
--- a/tool/net/redbean.c
+++ b/tool/net/redbean.c
@ -686,17 +686,6 @@ static void InternCertificate(mbedtls_x509_crt *cert, mbedtls_x509_crt *prev) {
    WARNF("(ssl) certificate %`'s is from the future",
          _gc(FormatX509Name(&cert->subject)));
  }
  for (i = 0; i < certs.n; ++i) {
    if (!certs.p[i].cert) continue;
    if (mbedtls_pk_get_type(&cert->pk) ==
            mbedtls_pk_get_type(&certs.p[i].cert->pk) &&
        !mbedtls_x509_name_cmp(&cert->subject, &certs.p[i].cert->subject)) {
      VERBOSEF("(ssl) %s %`'s is already loaded",
               mbedtls_pk_get_name(&cert->pk),
               _gc(FormatX509Name(&cert->subject)));
      return;
    }
  }
  for (i = 0; i < certs.n; ++i) {
    if (!certs.p[i].cert && certs.p[i].key &&
        !mbedtls_pk_check_pair(&cert->pk, certs.p[i].key)) {