openssl: check SSL_get_peer_cert_chain return value

Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>
Closes #8579

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 2e54ede86f954e8c97a5e8a490b9b90459383761..1c309905a09612f74dac43915898aab33ed26ca5 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1927,6 +1927,11 @@ static CURLcode verifystatus(struct Curl_easy *data,
   }
 
   ch = SSL_get_peer_cert_chain(backend->handle);
+  if(!ch) {
+    failf(data, "Could not get peer certificate chain");
+    result = CURLE_SSL_INVALIDCERTSTATUS;
+    goto end;
+  }
   st = SSL_CTX_get_cert_store(backend->ctx);
 
 #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \