From: Jouni Malinen <jouni.malinen@atheros.com>
Date: Wed, 13 Apr 2011 23:50:52 +0000 (+0300)
Subject: OpenSSL: Use consistent SSL_get_app_data validation in tls_verify_cb
X-Git-Tag: hostap-1-bp~409
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0bdaa741cd252b34a51aa8780ff3f793c1cb35dd;p=thirdparty%2Fhostap.git

OpenSSL: Use consistent SSL_get_app_data validation in tls_verify_cb

The returned value cannot really be NULL, but better keep this
function consistent on whether the returned value is checked or not.
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index 490c912d7..bf92a1133 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -1183,8 +1183,10 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
 	X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
 
 	conn = SSL_get_app_data(ssl);
-	match = conn ? conn->subject_match : NULL;
-	altmatch = conn ? conn->altsubject_match : NULL;
+	if (conn == NULL)
+		return 0;
+	match = conn->subject_match;
+	altmatch = conn->altsubject_match;
 
 	if (!preverify_ok && !conn->ca_cert_verify)
 		preverify_ok = 1;