From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Thu, 22 Dec 2022 19:03:19 +0000 (+0200)
Subject: lib-ssl-iostream: Return NULL from ssl_iostream_get_security_string when not handshaked
X-Git-Tag: 2.4.0~3251
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=15318bc04954cab47f1dd51733425c696fe6c94d;p=thirdparty%2Fdovecot%2Fcore.git

lib-ssl-iostream: Return NULL from ssl_iostream_get_security_string when not handshaked
---

diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
index 60b78241f6..fa9afb22f7 100644
--- a/src/lib-ssl-iostream/iostream-openssl.c
+++ b/src/lib-ssl-iostream/iostream-openssl.c
@@ -860,7 +860,7 @@ openssl_iostream_get_security_string(struct ssl_iostream *ssl_io)
 	int bits, alg_bits;
 
 	if (!ssl_io->handshaked)
-		return "";
+		return NULL;
 
 	cipher = SSL_get_current_cipher(ssl_io->ssl);
 	bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
diff --git a/src/lib-ssl-iostream/iostream-ssl.h b/src/lib-ssl-iostream/iostream-ssl.h
index d0a860d1f7..cf0e0737de 100644
--- a/src/lib-ssl-iostream/iostream-ssl.h
+++ b/src/lib-ssl-iostream/iostream-ssl.h
@@ -131,6 +131,8 @@ const char *ssl_iostream_get_compression(struct ssl_iostream *ssl_io);
    provided.
  */
 const char *ssl_iostream_get_server_name(struct ssl_iostream *ssl_io);
+/* Returns textual representation of the security parameters for the connection,
+   or NULL if handshake has not been done. */
 const char *ssl_iostream_get_security_string(struct ssl_iostream *ssl_io);
 
 /* Returns ClientHello based JA3 string. Will return NULL