BUG/MINOR; ssl: Don't assume we have a ssl_bind_conf because a SNI is matched.

We only have a ssl_bind_conf if crt-list is used, however we can still
match a certificate SNI, so don't assume we have a ssl_bind_conf.

diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 597a47971d2bf39f57f3368d0cba3d30d721d8f6..628f4caf0c6f5c65fdd167e917ba471be0faeaa3 100644 (file)
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2267,11 +2267,13 @@ static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
                /* switch ctx */
                struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
                ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
-               methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
-               methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
-               if (conf->early_data)
-                       allow_early = 1;
-               goto allow_early;
+                       if (conf) {
+                               methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
+                               methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
+                               if (conf->early_data)
+                                       allow_early = 1;
+                       }
+                       goto allow_early;
        }
 #if (!defined SSL_NO_GENERATE_CERTIFICATES)
        if (s->generate_certs && ssl_sock_generate_certificate(trash.str, s, ssl)) {