Merge github.com:istio-ecosystem/authservice into release-0.5

.github/workflows/release.yaml

@@ -64,18 +64,19 @@ jobs:
       - name: Setup clang
         if: matrix.mode == 'clang' || matrix.mode == 'clang-fips'
         # This downloads the required clang tooling when it is not downloaded yet.
+        # GITHUB_REF: refs/tags/0.5.1-rc1, resulted VERSION: "0.5.1".
         run: |
           make clang.bazelrc
           echo "BAZEL_FLAGS=--config=libc++" >> $GITHUB_ENV
+          echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
 
       # Set BAZEL_FLAGS to FIPS mode only when it is required.
       - name: Setup FIPS mode
         if: matrix.mode == 'clang-fips'
         run: echo "BAZEL_FLAGS=--config=libc++ --define=boringssl=fips" >> $GITHUB_ENV
 
       - name: Create artifacts
-        # GITHUB_REF: refs/tags/0.5.1-rc1, resulted VERSION: "0.5.1".
-        run: VERSION=${GITHUB_REF#refs/tags/} MODE=${{ matrix.mode }} make dist
+        run: MODE=${{ matrix.mode }} make dist
 
       - name: Require static binary
         if: runner.os == 'Linux' && matrix.mode == 'clang'

src/common/http/http.cc

@@ -424,7 +424,13 @@ response_t HttpImpl::Post(
           boost::asio::buffer(options.ca_cert_.data(), options.ca_cert_.size()),
           ca_ec);
       if (ca_ec) {
-        throw boost::system::system_error{ca_ec};
+        auto err = ERR_get_error();
+        // We can ignore this error. Reference:
+        // https://github.com/facebook/folly/blob/d3354e2282303402e70d829d19bfecce051a5850/folly/ssl/OpenSSLCertUtils.cpp#L367-L368.
+        if (ERR_GET_LIB(err) != ERR_LIB_X509 ||
+            ERR_GET_REASON(err) != X509_R_CERT_ALREADY_IN_HASH_TABLE) {
+          throw boost::system::system_error{ca_ec};
+        }
       }
     }