OpenSSL: Make openssl_debug_dump_certificate() more robust

SSL_CTX_get0_certificate() returns NULL if no certificate is installed.
While this should not be the case here due to the loop in
openssl_debug_dump_certificate_chains() proceeding only if the
SSL_CTX_set_current_cert() returns success, it is safer to make
openssl_debug_dump_certificate() explicitly check against NULL before
trying to dump details about the certificate.

Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index f7dfecbbfa3be55a0043bba8f35d619953dde659..ef872c50e53d9926780c07b68e06c5fe296cf4bb 100644 (file)
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -5323,6 +5323,9 @@ static void openssl_debug_dump_certificate(int i, X509 *cert)
        ASN1_INTEGER *ser;
        char serial_num[128];
 
+       if (!cert)
+               return;
+
        X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
 
        ser = X509_get_serialNumber(cert);