OpenSSL: Use consistent SSL_get_app_data validation in tls_verify_cb

The returned value cannot really be NULL, but better keep this
function consistent on whether the returned value is checked or not.

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 490c912d74d8b8b0ffab6c4ab949858a8b5a74a5..bf92a1133d862d67558416312cf6dc49d021d2a0 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1183,8 +1183,10 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
        X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
 
        conn = SSL_get_app_data(ssl);
-       match = conn ? conn->subject_match : NULL;
-       altmatch = conn ? conn->altsubject_match : NULL;
+       if (conn == NULL)
+               return 0;
+       match = conn->subject_match;
+       altmatch = conn->altsubject_match;
 
        if (!preverify_ok && !conn->ca_cert_verify)
                preverify_ok = 1;