jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

OpenSSL: Make openssl_debug_dump_certificate() more robust

Browse source 
SSL_CTX_get0_certificate() returns NULL if no certificate is installed.
While this should not be the case here due to the loop in
openssl_debug_dump_certificate_chains() proceeding only if the
SSL_CTX_set_current_cert() returns success, it is safer to make
openssl_debug_dump_certificate() explicitly check against NULL before
trying to dump details about the certificate.

Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>
This commit is contained in:
Pooventhiran G 2020-10-18 21:00:09 +05:30 committed by Jouni Malinen
parent d68c0dd4d4
commit e364a34c69
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/crypto/tls_openssl.c
View file

@ -5323,6 +5323,9 @@ static void openssl_debug_dump_certificate(int i, X509 *cert)
ASN1_INTEGER *ser;
char serial_num[128];
if (!cert)
return;
X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
ser = X509_get_serialNumber(cert);