lib-ssl-iostream: Return NULL from ssl_iostream_get_security_string when not handshaked

diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index 60b78241f62725b693f3640c33fbfc415b5f4909..fa9afb22f7da257ac1fe6bcef7809476542bcba7 100644 (file)
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -860,7 +860,7 @@ openssl_iostream_get_security_string(struct ssl_iostream *ssl_io)
        int bits, alg_bits;
 
        if (!ssl_io->handshaked)
-               return "";
+               return NULL;
 
        cipher = SSL_get_current_cipher(ssl_io->ssl);
        bits = SSL_CIPHER_get_bits(cipher, &alg_bits);

diff --git a/src/lib-ssl-iostream/iostream-ssl.h b/src/lib-ssl-iostream/iostream-ssl.h
index d0a860d1f7003037bde2cc567402f9b9f92a6afe..cf0e0737de441aead3d9dbb803f7675a58047170 100644 (file)
--- a/src/lib-ssl-iostream/iostream-ssl.h
+++ b/src/lib-ssl-iostream/iostream-ssl.h
@@ -131,6 +131,8 @@ const char *ssl_iostream_get_compression(struct ssl_iostream *ssl_io);
    provided.
  */
 const char *ssl_iostream_get_server_name(struct ssl_iostream *ssl_io);
+/* Returns textual representation of the security parameters for the connection,
+   or NULL if handshake has not been done. */
 const char *ssl_iostream_get_security_string(struct ssl_iostream *ssl_io);
 
 /* Returns ClientHello based JA3 string. Will return NULL