From: Subhani Shaik <subhanis@qca.qualcomm.com>
Date: Tue, 17 Feb 2015 19:29:06 +0000 (-0800)
Subject: HTTP: Fix OCSP error path
X-Git-Tag: hostap_2_4~126
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bd7bb43784c5baa3d9220c88f3f51d18023a183b;p=thirdparty%2Fhostap.git

HTTP: Fix OCSP error path

If addition of a peer issuer certificate fails, the certs pointer would
be NULL when being passed to sk_X509_push() for peer issuer's issuer.
Fix this by skipping addition of issuer's issue if issuer addition
fails.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
---

diff --git a/src/utils/http_curl.c b/src/utils/http_curl.c
index 0c18269da..3a042f932 100644
--- a/src/utils/http_curl.c
+++ b/src/utils/http_curl.c
@@ -1098,7 +1098,7 @@ static int ocsp_resp_cb(SSL *s, void *arg)
 				sk_X509_free(certs);
 				certs = NULL;
 			}
-			if (ctx->peer_issuer_issuer) {
+			if (certs && ctx->peer_issuer_issuer) {
 				cert = X509_dup(ctx->peer_issuer_issuer);
 				if (cert && !sk_X509_push(certs, cert)) {
 					tls_show_errors(