Fixed segfault that occurred if remote_cert_eku is undefined and no

server certificate verification method was enabled.
Don't declare pkcs11 variables in struct options unless pkcs11
support is enabled.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@833 e7ae566f-a301-0410-adde-c780ea21d3b5

diff --git a/init.c b/init.c
index 20b6d8bbad235998c7a2a93f1c0b17f757cca4ae..b4ff6cd48bc95694caa94abe2267c329acea552e 100644 (file)
--- a/init.c
+++ b/init.c
@@ -1671,7 +1671,7 @@ do_option_warnings (struct context *c)
       && !o->tls_verify
       && !o->tls_remote
       && !(o->ns_cert_type & NS_SSL_SERVER)
-      && !o->remote_cert_eku[0])
+      && (o->remote_cert_eku == NULL || !o->remote_cert_eku[0]))
     msg (M_WARN, "WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.");
 #endif
 #endif

diff --git a/options.h b/options.h
index 32e511c68c2c4d26b1d9f58ef34cb2fdee8e36d5..3c3c202b5b526ad89024d3b95a65587bd912150c 100644 (file)
--- a/options.h
+++ b/options.h
@@ -396,6 +396,8 @@ struct options
   int ns_cert_type; /* set to 0, NS_SSL_SERVER, or NS_SSL_CLIENT */
   unsigned remote_cert_ku[MAX_PARMS];
   const char *remote_cert_eku;
+
+#ifdef ENABLE_PKCS11
   const char *pkcs11_providers[MAX_PARMS];
   const char *pkcs11_sign_mode[MAX_PARMS];
   const char *pkcs11_slot_type;
@@ -405,6 +407,8 @@ struct options
   int pkcs11_pin_cache_period;
   bool pkcs11_protected_authentication;
   bool pkcs11_cert_private;
+#endif
+
 #ifdef WIN32
   const char *cryptoapi_cert;
 #endif