wolfssl: avoid calling get_cached_x509_store if store is uncachable

author Alex Snast <alexsn@meta.com>

Tue, 30 Jul 2024 05:12:26 +0000 (08:12 +0300)

committer Daniel Stenberg <daniel@haxx.se>

Tue, 30 Jul 2024 11:02:17 +0000 (13:02 +0200)
author Alex Snast <alexsn@meta.com>
Tue, 30 Jul 2024 05:12:26 +0000 (08:12 +0300)
committer Daniel Stenberg <daniel@haxx.se>
Tue, 30 Jul 2024 11:02:17 +0000 (13:02 +0200)
diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c

index 29728ae8e17e297bc6ddc9db9cf60bbea8439bcc..2b467c9350d3d20afe657032d01df23190c3a340 100644 (file)
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -571,7 +571,7 @@ CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf,
    bool cache_criteria_met;
  
    /* Consider the X509 store cacheable if it comes exclusively from a CAfile,
-     or no source is provided and we are falling back to OpenSSL's built-in
+     or no source is provided and we are falling back to wolfSSL's built-in
       default. */
    cache_criteria_met = (data->set.general_ssl.ca_cache_timeout != 0) &&
      conn_config->verifypeer &&
@@ -580,9 +580,8 @@ CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf,
      !ssl_config->primary.CRLfile &&
      !ssl_config->native_ca_store;
  
-  cached_store = get_cached_x509_store(cf, data);
-  if(cached_store && cache_criteria_met
-     && wolfSSL_X509_STORE_up_ref(cached_store)) {
+  cached_store = cache_criteria_met ? get_cached_x509_store(cf, data) : NULL;
+  if(cached_store && wolfSSL_X509_STORE_up_ref(cached_store)) {
      wolfSSL_CTX_set_cert_store(wssl->ctx, cached_store);
    }
    else if(cache_criteria_met) {
author	Alex Snast <alexsn@meta.com>
	Tue, 30 Jul 2024 05:12:26 +0000 (08:12 +0300)
committer	Daniel Stenberg <daniel@haxx.se>
	Tue, 30 Jul 2024 11:02:17 +0000 (13:02 +0200)