From bed73623cdfc21c3fb9742f47935598705860254 Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Mon, 5 Dec 2005 04:00:00 +0000
Subject: [PATCH] Fixed segfault that occurred if remote_cert_eku is undefined
 and no server certificate verification method was enabled. Don't declare
 pkcs11 variables in struct options unless pkcs11 support is enabled.

git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@833 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 init.c    | 2 +-
 options.h | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/init.c b/init.c
index 20b6d8bba..b4ff6cd48 100644
--- a/init.c
+++ b/init.c
@@ -1671,7 +1671,7 @@ do_option_warnings (struct context *c)
       && !o->tls_verify
       && !o->tls_remote
       && !(o->ns_cert_type & NS_SSL_SERVER)
-      && !o->remote_cert_eku[0])
+      && (o->remote_cert_eku == NULL || !o->remote_cert_eku[0]))
     msg (M_WARN, "WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.");
 #endif
 #endif
diff --git a/options.h b/options.h
index 32e511c68..3c3c202b5 100644
--- a/options.h
+++ b/options.h
@@ -396,6 +396,8 @@ struct options
   int ns_cert_type; /* set to 0, NS_SSL_SERVER, or NS_SSL_CLIENT */
   unsigned remote_cert_ku[MAX_PARMS];
   const char *remote_cert_eku;
+
+#ifdef ENABLE_PKCS11
   const char *pkcs11_providers[MAX_PARMS];
   const char *pkcs11_sign_mode[MAX_PARMS];
   const char *pkcs11_slot_type;
@@ -405,6 +407,8 @@ struct options
   int pkcs11_pin_cache_period;
   bool pkcs11_protected_authentication;
   bool pkcs11_cert_private;
+#endif
+
 #ifdef WIN32
   const char *cryptoapi_cert;
 #endif
-- 
2.47.3