From d3a18dade133a782fc64c502c51ded050e357133 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Thu, 23 Dec 2010 11:44:36 +0100
Subject: [PATCH] Check for issuer only if we actually got a CRL

---
 .../plugins/revocation/revocation_validator.c      | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c
index be6d3a9a63..0aeea41cab 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@@ -457,15 +457,15 @@ static cert_validation_t find_crl(x509_t *subject, identification_t *issuer,
 		{
 			*uri_found = TRUE;
 			current = fetch_crl(uri);
-			if (!current->has_issuer(current, issuer))
-			{
-				DBG1(DBG_CFG, "issuer of fetched CRL '%Y' does not match CRL "
-					 "issuer '%Y'", current->get_issuer(current), issuer);
-				current->destroy(current);
-				continue;
-			}
 			if (current)
 			{
+				if (!current->has_issuer(current, issuer))
+				{
+					DBG1(DBG_CFG, "issuer of fetched CRL '%Y' does not match CRL "
+						 "issuer '%Y'", current->get_issuer(current), issuer);
+					current->destroy(current);
+					continue;
+				}
 				*best = get_better_crl(current, *best, subject,
 									   &valid, auth, TRUE);
 				if (*best && valid != VALIDATION_STALE)
-- 
2.47.2