Spark should not offer to add CA certs that it already has in the truststore

Description

When Spark does not validate a certificate chain for another reason than not recognizing the CA (for example, because of OCSP or CRL failure), then it currently prompts the user, asking if the CA cert should be added to the truststore.

This is not quite correct: this prompt is only appropriate when Spark does not already have the certificate in that store.

Environment

None
Fixed

Priority

Medium

Assignee

Guus der Kinderen

Reporter

Guus der Kinderen