diff options
| author | Dmitry Belyavskiy <beldmit@gmail.com> | 2022-07-14 21:41:48 +0200 |
|---|---|---|
| committer | Hugo Landau <hlandau@openssl.org> | 2022-07-20 07:38:22 +0100 |
| commit | cc90ba66062afc27e31e403613711dba5a7475a8 (patch) | |
| tree | f7acc07c79c5b8479221d9578adc42280ad6d18a /apps | |
| parent | ddb81a94ac8af145750940c20999ac952165bf10 (diff) | |
Fix verify_callback in the openssl s_client/s_server app
We need to check that error cert is available before printing its data
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18805)
(cherry picked from commit fad0f80eff188ef938fed614245a56ed56110deb)
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/lib/s_cb.c | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/apps/lib/s_cb.c b/apps/lib/s_cb.c index 4257190a14..d45b294a77 100644 --- a/apps/lib/s_cb.c +++ b/apps/lib/s_cb.c @@ -76,22 +76,28 @@ int verify_callback(int ok, X509_STORE_CTX *ctx) } switch (err) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - BIO_puts(bio_err, "issuer= "); - X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), - 0, get_nameopt()); - BIO_puts(bio_err, "\n"); + if (err_cert != NULL) { + BIO_puts(bio_err, "issuer= "); + X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), + 0, get_nameopt()); + BIO_puts(bio_err, "\n"); + } break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - BIO_printf(bio_err, "notBefore="); - ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert)); - BIO_printf(bio_err, "\n"); + if (err_cert != NULL) { + BIO_printf(bio_err, "notBefore="); + ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert)); + BIO_printf(bio_err, "\n"); + } break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - BIO_printf(bio_err, "notAfter="); - ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert)); - BIO_printf(bio_err, "\n"); + if (err_cert != NULL) { + BIO_printf(bio_err, "notAfter="); + ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert)); + BIO_printf(bio_err, "\n"); + } break; case X509_V_ERR_NO_EXPLICIT_POLICY: if (!verify_args.quiet) |