Merge pull request #9587 from kareem-wolfssl/zd20850

dgarske · web-flow · commit a17f68f03640 · 2026-01-22T15:07:19.000-08:00
Add duplicate entry error to distinguish cases where a duplicate CRL is rejected.
diff --git a/src/crl.c b/src/crl.c
@@ -694,7 +694,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, CRL_Entry* crle,
             if (ret == MP_LT || ret == MP_EQ) {
                 WOLFSSL_MSG("Same or newer CRL entry already exists");
                 wc_UnLockRwLock(&crl->crlLock);
-                return BAD_FUNC_ARG;
+                return DUPE_ENTRY_E;
             }
             else if (ret < 0) {
                 WOLFSSL_MSG("Error comparing CRL Numbers");
diff --git a/src/internal.c b/src/internal.c
@@ -26853,6 +26853,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case PSK_KEY_ERROR:
         return "psk key callback error";
 
+    case DUPE_ENTRY_E:
+        return "duplicate entry error";
+
     case GETTIME_ERROR:
         return "gettimeofday() error";
 
diff --git a/src/ssl_certman.c b/src/ssl_certman.c
@@ -1795,6 +1795,7 @@ int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm)
  *                     WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM.
  * @return  WOLFSSL_SUCCESS on success.
  * @return  BAD_FUNC_ARG when cm or buff is NULL or sz is negative or zero.
+ * @return  DUPE_ENTRY_E if the same or a newer CRL already exists in the cm.
  * @return  WOLFSSL_FATAL_ERROR when creating CRL object fails.
  */
 int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
diff --git a/tests/api.c b/tests/api.c
@@ -24621,7 +24621,7 @@ static int error_test(void)
         { -124, -124 },
         { -167, -169 },
         { -300, -300 },
-        { -334, -336 },
+        { -335, -336 },
         { -346, -349 },
         { -356, -356 },
         { -358, -358 },
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
@@ -82,6 +82,7 @@ enum wolfSSL_ErrorCodes {
     CLIENT_ID_ERROR              = -331,   /* psk client identity error  */
     SERVER_HINT_ERROR            = -332,   /* psk server hint error  */
     PSK_KEY_ERROR                = -333,   /* psk key error  */
+    DUPE_ENTRY_E                 = -334,   /* duplicate entry error */
 
     GETTIME_ERROR                = -337,   /* gettimeofday failed ??? */
     GETITIMER_ERROR              = -338,   /* getitimer failed ??? */

Original file line number	Diff line number	Diff line change
`@@ -694,7 +694,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, CRL_Entry* crle,`
`694`	`694`	`if (ret == MP_LT \|\| ret == MP_EQ) {`
`695`	`695`	`WOLFSSL_MSG("Same or newer CRL entry already exists");`
`696`	`696`	`wc_UnLockRwLock(&crl->crlLock);`
`697`		`- return BAD_FUNC_ARG;`
	`697`	`+ return DUPE_ENTRY_E;`
`698`	`698`	`}`
`699`	`699`	`else if (ret < 0) {`
`700`	`700`	`WOLFSSL_MSG("Error comparing CRL Numbers");`