From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 22 Oct 2025 22:53:09 +0000 (+0200)
Subject: openssl: only try engine/provider if a certificate file/name is provided
X-Git-Tag: rc-8_17_0-3~56
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9e15b0763809bf6f43b1862d561be0c58a69365a;p=thirdparty%2Fcurl.git

openssl: only try engine/provider if a certificate file/name is provided

Bug: https://issues.oss-fuzz.com/issues/435278402

Closes #19197
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index f62f99cc86..336902b951 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1721,12 +1721,12 @@ static CURLcode client_cert(struct Curl_easy *data,
       break;
 
     case SSL_FILETYPE_ENGINE:
-      if(!engineload(data, ctx, cert_file))
+      if(!cert_file || !engineload(data, ctx, cert_file))
         return CURLE_SSL_CERTPROBLEM;
       break;
 
     case SSL_FILETYPE_PROVIDER:
-      if(!providerload(data, ctx, cert_file))
+      if(!cert_file || !providerload(data, ctx, cert_file))
         return CURLE_SSL_CERTPROBLEM;
       break;