Do not crash when sending %ssl::cert_subject to external ACL w/o certificate.

An ACL check in ConnStateData::postHttpsAccept (e.g., when dealing with an
intercepted SSL connection) uses an HttpRequest object that is not yet linked
with the ConnStateData object. Do not blindly dereference the pointer to the
latter.

This is a Measurement Factory project

diff --git a/src/external_acl.cc b/src/external_acl.cc
index 6cfb9bec73e9f7257ca731b75f2a827459565c1e..9d4d8890426db36f1158236b9ddac01e89e711de 100644 (file)
--- a/src/external_acl.cc
+++ b/src/external_acl.cc
@@ -1073,7 +1073,7 @@ makeExternalAclKey(ACLFilledChecklist * ch, external_acl_data * acl_data)
             X509 *serverCert = NULL;
             if (ch->serverCert.get())
                 serverCert = ch->serverCert.get();
-            else if (ch->conn()->serverBump())
+            else if (ch->conn() && ch->conn()->serverBump())
                 serverCert = ch->conn()->serverBump()->serverCert.get();
 
             if (serverCert) {