From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Sat, 20 Jan 2024 01:17:36 +0000 (-0600)
Subject: Don't print out certificate messages if there are no certificates
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b8603b6c3d90c5f883d18faac38db8244b4d4ed6;p=thirdparty%2Ffreeradius-server.git

Don't print out certificate messages if there are no certificates
---

diff --git a/src/lib/curl/base.c b/src/lib/curl/base.c
index d8d27abaa9c..a8767303181 100644
--- a/src/lib/curl/base.c
+++ b/src/lib/curl/base.c
@@ -117,6 +117,7 @@ int fr_curl_response_certinfo(request_t *request, fr_curl_io_request_t *randle)
 	char		 	buffer[265];
 	char			*p , *q;
 	fr_pair_list_t		cert_vps;
+
 	/*
 	 *	Examples and documentation show cert_info being
 	 *	a struct curl_certinfo *, but CPP checks require
@@ -139,6 +140,13 @@ int fr_curl_response_certinfo(request_t *request, fr_curl_io_request_t *randle)
 		return -1;
 	}
 
+	/*
+	 *	There doesn't seem to be any way to determine if
+	 *	the session uses ssl or not, so if no certs are
+	 *	returned, we assume it's not an ssl session.
+	 */
+	if (ptr.to_certinfo->num_of_certs == 0) return 0;
+
 	RDEBUG2("Chain has %i certificate(s)", ptr.to_certinfo->num_of_certs);
 	for (i = 0; i < ptr.to_certinfo->num_of_certs; i++) {
 		struct curl_slist *cert_attrs;