OpenSSL: Use consistent SSL_get_app_data validation in tls_verify_cb
The returned value cannot really be NULL, but better keep this function consistent on whether the returned value is checked or not.
This commit is contained in:
parent
066608f3ff
commit
0bdaa741cd
1 changed files with 4 additions and 2 deletions
|
@ -1183,8 +1183,10 @@ static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
|
||||||
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
|
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf));
|
||||||
|
|
||||||
conn = SSL_get_app_data(ssl);
|
conn = SSL_get_app_data(ssl);
|
||||||
match = conn ? conn->subject_match : NULL;
|
if (conn == NULL)
|
||||||
altmatch = conn ? conn->altsubject_match : NULL;
|
return 0;
|
||||||
|
match = conn->subject_match;
|
||||||
|
altmatch = conn->altsubject_match;
|
||||||
|
|
||||||
if (!preverify_ok && !conn->ca_cert_verify)
|
if (!preverify_ok && !conn->ca_cert_verify)
|
||||||
preverify_ok = 1;
|
preverify_ok = 1;
|
||||||
|
|
Loading…
Reference in a new issue