From: Pooventhiran G <pooventh@codeaurora.org>
Date: Sun, 18 Oct 2020 15:30:09 +0000 (+0530)
Subject: OpenSSL: Make openssl_debug_dump_certificate() more robust
X-Git-Tag: hostap_2_10~810
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e364a34c69fdd0ca3985af29dade24f5176564c6;p=thirdparty%2Fhostap.git

OpenSSL: Make openssl_debug_dump_certificate() more robust

SSL_CTX_get0_certificate() returns NULL if no certificate is installed.
While this should not be the case here due to the loop in
openssl_debug_dump_certificate_chains() proceeding only if the
SSL_CTX_set_current_cert() returns success, it is safer to make
openssl_debug_dump_certificate() explicitly check against NULL before
trying to dump details about the certificate.

Signed-off-by: Pooventhiran G <pooventh@codeaurora.org>
---

diff --git a/src/crypto/tls_openssl.c b/src/crypto/tls_openssl.c
index f7dfecbbf..ef872c50e 100644
--- a/src/crypto/tls_openssl.c
+++ b/src/crypto/tls_openssl.c
@@ -5323,6 +5323,9 @@ static void openssl_debug_dump_certificate(int i, X509 *cert)
 	ASN1_INTEGER *ser;
 	char serial_num[128];
 
+	if (!cert)
+		return;
+
 	X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf));
 
 	ser = X509_get_serialNumber(cert);