From 9e15b0763809bf6f43b1862d561be0c58a69365a Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 23 Oct 2025 00:53:09 +0200
Subject: [PATCH] openssl: only try engine/provider if a certificate file/name
 is provided

Bug: https://issues.oss-fuzz.com/issues/435278402

Closes #19197
---
 lib/vtls/openssl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index f62f99cc86..336902b951 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1721,12 +1721,12 @@ static CURLcode client_cert(struct Curl_easy *data,
       break;
 
     case SSL_FILETYPE_ENGINE:
-      if(!engineload(data, ctx, cert_file))
+      if(!cert_file || !engineload(data, ctx, cert_file))
         return CURLE_SSL_CERTPROBLEM;
       break;
 
     case SSL_FILETYPE_PROVIDER:
-      if(!providerload(data, ctx, cert_file))
+      if(!cert_file || !providerload(data, ctx, cert_file))
         return CURLE_SSL_CERTPROBLEM;
       break;
 
-- 
2.47.3