From: Jouni Malinen Date: Thu, 19 Feb 2015 11:32:05 +0000 (+0200) Subject: OpenSSL: Fix OCSP error path X-Git-Tag: hostap_2_4~125 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=710dfb4e3289e2ca433ebfc07d2e86c9705866d5;p=thirdparty%2Fhostap.git OpenSSL: Fix OCSP error path If addition of a peer issuer certificate fails, the certs pointer would be NULL when being passed to sk_X509_push() for peer issuer's issuer. Fix this by skipping addition of issuer's issue if issuer addition fails. Signed-off-by: Jouni Malinen --- diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c index d8c8c56b5..a4c71dc06 100644 --- a/src/crypto/tls_openssl.c +++ b/src/crypto/tls_openssl.c @@ -3167,7 +3167,7 @@ static int ocsp_resp_cb(SSL *s, void *arg) sk_X509_free(certs); certs = NULL; } - if (conn->peer_issuer_issuer) { + if (certs && conn->peer_issuer_issuer) { cert = X509_dup(conn->peer_issuer_issuer); if (cert && !sk_X509_push(certs, cert)) { tls_show_errors(