From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 18 Dec 2015 02:18:39 +0000 (+1300)
Subject: Fix segfault after rev.14439
X-Git-Tag: SQUID_4_0_4~35
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=332c979d0522f7d4aa68b952188d4249a2c10dc7;p=thirdparty%2Fsquid.git

Fix segfault after rev.14439
---

diff --git a/src/ssl/support.cc b/src/ssl/support.cc
index eb4ae35d78..2e6fc99f3f 100644
--- a/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@ -646,34 +646,36 @@ sslCreateClientContext(Security::PeerOptions &peer, long options, long fl)
         }
     }
 
-    // TODO: support loading multiple cert/key pairs
-    auto &keys = peer.certs.front();
-    if (!keys.certFile.isEmpty()) {
-        debugs(83, DBG_IMPORTANT, "Using certificate in " << keys.certFile);
-
-        const char *certfile = keys.certFile.c_str();
-        if (!SSL_CTX_use_certificate_chain_file(sslContext, certfile)) {
-            const int ssl_error = ERR_get_error();
-            fatalf("Failed to acquire SSL certificate '%s': %s\n",
-                   certfile, ERR_error_string(ssl_error, NULL));
-        }
+    if (!peer.certs.empty()) {
+        // TODO: support loading multiple cert/key pairs
+        auto &keys = peer.certs.front();
+        if (!keys.certFile.isEmpty()) {
+            debugs(83, DBG_IMPORTANT, "Using certificate in " << keys.certFile);
+
+            const char *certfile = keys.certFile.c_str();
+            if (!SSL_CTX_use_certificate_chain_file(sslContext, certfile)) {
+                const int ssl_error = ERR_get_error();
+                fatalf("Failed to acquire SSL certificate '%s': %s\n",
+                       certfile, ERR_error_string(ssl_error, NULL));
+            }
 
-        debugs(83, DBG_IMPORTANT, "Using private key in " << keys.privateKeyFile);
-        const char *keyfile = keys.privateKeyFile.c_str();
-        ssl_ask_password(sslContext, keyfile);
+            debugs(83, DBG_IMPORTANT, "Using private key in " << keys.privateKeyFile);
+            const char *keyfile = keys.privateKeyFile.c_str();
+            ssl_ask_password(sslContext, keyfile);
 
-        if (!SSL_CTX_use_PrivateKey_file(sslContext, keyfile, SSL_FILETYPE_PEM)) {
-            const int ssl_error = ERR_get_error();
-            fatalf("Failed to acquire SSL private key '%s': %s\n",
-                   keyfile, ERR_error_string(ssl_error, NULL));
-        }
+            if (!SSL_CTX_use_PrivateKey_file(sslContext, keyfile, SSL_FILETYPE_PEM)) {
+                const int ssl_error = ERR_get_error();
+                fatalf("Failed to acquire SSL private key '%s': %s\n",
+                       keyfile, ERR_error_string(ssl_error, NULL));
+            }
 
-        debugs(83, 5, "Comparing private and public SSL keys.");
+            debugs(83, 5, "Comparing private and public SSL keys.");
 
-        if (!SSL_CTX_check_private_key(sslContext)) {
-            const int ssl_error = ERR_get_error();
-            fatalf("SSL private key '%s' does not match public key '%s': %s\n",
-                   certfile, keyfile, ERR_error_string(ssl_error, NULL));
+            if (!SSL_CTX_check_private_key(sslContext)) {
+                const int ssl_error = ERR_get_error();
+                fatalf("SSL private key '%s' does not match public key '%s': %s\n",
+                       certfile, keyfile, ERR_error_string(ssl_error, NULL));
+            }
         }
     }