From e364a34c69fdd0ca3985af29dade24f5176564c6 Mon Sep 17 00:00:00 2001 From: Pooventhiran G Date: Sun, 18 Oct 2020 21:00:09 +0530 Subject: [PATCH] OpenSSL: Make openssl_debug_dump_certificate() more robust SSL_CTX_get0_certificate() returns NULL if no certificate is installed. While this should not be the case here due to the loop in openssl_debug_dump_certificate_chains() proceeding only if the SSL_CTX_set_current_cert() returns success, it is safer to make openssl_debug_dump_certificate() explicitly check against NULL before trying to dump details about the certificate. Signed-off-by: Pooventhiran G --- src/crypto/tls_openssl.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index f7dfecbbf..ef872c50e 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -5323,6 +5323,9 @@ static void openssl_debug_dump_certificate(int i, X509 *cert) ASN1_INTEGER *ser; char serial_num[128]; + if (!cert) + return; + X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)); ser = X509_get_serialNumber(cert);