From 680245cd39647c49e75199ea5c45f936d2a2c3d5 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Menil <jpmenil@gmail.com>
Date: Thu, 10 Mar 2022 21:32:18 +0100
Subject: [PATCH] openssl: check SSL_get_peer_cert_chain return value

Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>
Closes #8579
---
 lib/vtls/openssl.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 2e54ede86f..1c309905a0 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1927,6 +1927,11 @@ static CURLcode verifystatus(struct Curl_easy *data,
   }
 
   ch = SSL_get_peer_cert_chain(backend->handle);
+  if(!ch) {
+    failf(data, "Could not get peer certificate chain");
+    result = CURLE_SSL_INVALIDCERTSTATUS;
+    goto end;
+  }
   st = SSL_CTX_get_cert_store(backend->ctx);
 
 #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \
-- 
2.47.3