From: Alex Snast <alexsn@meta.com>
Date: Tue, 30 Jul 2024 05:12:26 +0000 (+0300)
Subject: wolfssl: avoid calling get_cached_x509_store if store is uncachable
X-Git-Tag: curl-8_9_1~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f87a958e9ef186023cdc7b99623e4cb7d8805f34;p=thirdparty%2Fcurl.git

wolfssl: avoid calling get_cached_x509_store if store is uncachable

There's no need for get_cached_x509_store call if the return value won't
be used for caching anyway.

Closes #14306
---

diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c
index 29728ae8e1..2b467c9350 100644
--- a/lib/vtls/wolfssl.c
+++ b/lib/vtls/wolfssl.c
@@ -571,7 +571,7 @@ CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf,
   bool cache_criteria_met;
 
   /* Consider the X509 store cacheable if it comes exclusively from a CAfile,
-     or no source is provided and we are falling back to OpenSSL's built-in
+     or no source is provided and we are falling back to wolfSSL's built-in
      default. */
   cache_criteria_met = (data->set.general_ssl.ca_cache_timeout != 0) &&
     conn_config->verifypeer &&
@@ -580,9 +580,8 @@ CURLcode Curl_wssl_setup_x509_store(struct Curl_cfilter *cf,
     !ssl_config->primary.CRLfile &&
     !ssl_config->native_ca_store;
 
-  cached_store = get_cached_x509_store(cf, data);
-  if(cached_store && cache_criteria_met
-     && wolfSSL_X509_STORE_up_ref(cached_store)) {
+  cached_store = cache_criteria_met ? get_cached_x509_store(cf, data) : NULL;
+  if(cached_store && wolfSSL_X509_STORE_up_ref(cached_store)) {
     wolfSSL_CTX_set_cert_store(wssl->ctx, cached_store);
   }
   else if(cache_criteria_met) {