From fe080c0d3de677da9ac7a6831429e51c373a7b30 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Sat, 16 Aug 2025 23:06:56 +0200
Subject: [PATCH] global-functions: $CertificateAvailable: properly handle
 duplicate CN
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

There are CA certificates with identical CommonName out there... 🤪
Let's handle these.

    [admin@MikroTik] > /certificate/print proplist=common-name,skid where common-name="GlobalSign";
    Flags: T - TRUSTED
    Columns: COMMON-NAME, SKID
    #   COMMON-NAME  SKID
    0 T GlobalSign   8FF04B7FA82E4524AE4D50FA639A8BDEE2DD1BBC
    1 T GlobalSign   3DE629489BEA07CA21444A26DE6EDED283D09F59
    2 T GlobalSign   AE6C05A39313E2A2E7E2D71CD6C7F07FC86753A0
    3 T GlobalSign   54B07BAD45B8E2407FFB0A6EFBBE33C93CA384D5
---
 global-functions.rsc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/global-functions.rsc b/global-functions.rsc
index 40c3817..10d1b41 100644
--- a/global-functions.rsc
+++ b/global-functions.rsc
@@ -133,6 +133,11 @@
     }
   }
 
+  :if ([ :len [ /certificate/find where common-name=$CommonName ] ] > 1) do={
+    $LogPrint info $0 ("There are " . $CertCount . " Certificates with CommonName '" . $CommonName . "'. Should be ok.");
+    :return true;
+  }
+
   :local CertVal [ /certificate/get [ find where common-name=$CommonName ] ];
   :while (($CertVal->"akid") != "" && ($CertVal->"akid") != ($CertVal->"skid")) do={
     :if ([ :len [ /certificate/find where skid=($CertVal->"akid") ] ] = 0) do={