From 6ebe5695a626c6cd254b249bbebf9846bcb936c0 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Sep 25 2018 13:08:48 +0000
Subject: Only de-duplicate certificates within the same token


certmonger may not have read/write access to tokens other than
the one it is examining so don't try to de-duplicate certificates
on other tokens.

---

diff --git a/src/certsave-n.c b/src/certsave-n.c
index 193309c..d0152ca 100644
--- a/src/certsave-n.c
+++ b/src/certsave-n.c
@@ -391,8 +391,9 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 						     !CERT_LIST_EMPTY(certlist) &&
 						     !CERT_LIST_END(node, certlist);
 						     node = CERT_LIST_NEXT(node)) {
-							if (!SECITEM_ItemsAreEqual(&subject,
-										   &node->cert->derSubject)) {
+							if ((!SECITEM_ItemsAreEqual(&subject,
+									   &node->cert->derSubject)) &&
+										(sle->slot == node->cert->slot)) {
 								cm_log(3, "Found a "
 								       "certificate "
 								       "with the same "
@@ -441,7 +442,8 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 					     node = CERT_LIST_NEXT(node)) {
 						if ((node->cert->nickname != NULL) &&
 						    (strcmp(entry->cm_cert_nickname,
-							    node->cert->nickname) != 0))
+							    node->cert->nickname) != 0) &&
+								(sle->slot == node->cert->slot))
 						{
 							i++;
 							cm_log(3, "Found a "