From: Jean-Philippe Menil <jpmenil@gmail.com>
Date: Thu, 10 Mar 2022 20:32:18 +0000 (+0100)
Subject: openssl: check SSL_get_peer_cert_chain return value
X-Git-Tag: curl-7_83_0~158
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=680245cd39647c49e75199ea5c45f936d2a2c3d5;p=thirdparty%2Fcurl.git

openssl: check SSL_get_peer_cert_chain return value

Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>
Closes #8579
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 2e54ede86f..1c309905a0 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1927,6 +1927,11 @@ static CURLcode verifystatus(struct Curl_easy *data,
   }
 
   ch = SSL_get_peer_cert_chain(backend->handle);
+  if(!ch) {
+    failf(data, "Could not get peer certificate chain");
+    result = CURLE_SSL_INVALIDCERTSTATUS;
+    goto end;
+  }
   st = SSL_CTX_get_cert_store(backend->ctx);
 
 #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \