From 710dfb4e3289e2ca433ebfc07d2e86c9705866d5 Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Thu, 19 Feb 2015 13:32:05 +0200
Subject: [PATCH] OpenSSL: Fix OCSP error path

If addition of a peer issuer certificate fails, the certs pointer would
be NULL when being passed to sk_X509_push() for peer issuer's issuer.
Fix this by skipping addition of issuer's issue if issuer addition
fails.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---
 src/crypto/tls_openssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index d8c8c56b5..a4c71dc06 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -3167,7 +3167,7 @@ static int ocsp_resp_cb(SSL *s, void *arg)
 				sk_X509_free(certs);
 				certs = NULL;
 			}
-			if (conn->peer_issuer_issuer) {
+			if (certs && conn->peer_issuer_issuer) {
 				cert = X509_dup(conn->peer_issuer_issuer);
 				if (cert && !sk_X509_push(certs, cert)) {
 					tls_show_errors(