Make sure that cert is never NULL

Also removes for it being NULL Reviewed-by: Matt Caswell <matt@openssl.org>
author: Kurt Roeckx <kurt@roeckx.be> 2015-03-18 19:02:50 +0100
committer: Kurt Roeckx <kurt@roeckx.be> 2015-03-23 21:08:20 +0100
commit: 24a0d3933d24059942a3cf99695d486c8fadd576 (patch)
tree: 657755901b3f87302215f2b714c2a9bb30c9e20b /ssl
parent: 06e6aa47de1b4da912069eef2e3458952ac79335 (diff)
3 files changed, 19 insertions, 36 deletions
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 24361ae5df..b89c369768 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -199,10 +199,6 @@ int dtls1_accept(SSL *s)
              s->in_handshake, NULL);
 #endif
 
-    if (s->cert == NULL) {
-        SSLerr(SSL_F_DTLS1_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
-        return (-1);
-    }
 #ifndef OPENSSL_NO_HEARTBEATS
     /*
      * If we're awaiting a HeartbeatResponse, pretend we already got and
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index ccccd54102..0efe3ddc6d 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -231,10 +231,6 @@ int ssl3_accept(SSL *s)
             return -1;
     }
 
-    if (s->cert == NULL) {
-        SSLerr(SSL_F_SSL3_ACCEPT, SSL_R_NO_CERTIFICATE_SET);
-        return (-1);
-    }
 #ifndef OPENSSL_NO_HEARTBEATS
     /*
      * If we're awaiting a HeartbeatResponse, pretend we already got and
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 0c9f4f7006..54974df17e 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -883,8 +883,6 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
  */
 void SSL_copy_session_id(SSL *t, const SSL *f)
 {
-    CERT *tmp;
-
     /* Do we need to to SSL locking? */
     if(!SSL_set_session(t, SSL_get_session(f))) {
         /* How do we handle this!! void function */
@@ -900,14 +898,9 @@ void SSL_copy_session_id(SSL *t, const SSL *f)
         t->method->ssl_new(t);  /* setup new */
     }
 
-    tmp = t->cert;
-    if (f->cert != NULL) {
-        CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
-        t->cert = f->cert;
-    } else
-        t->cert = NULL;
-    if (tmp != NULL)
-        ssl_cert_free(tmp);
+    CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
+    ssl_cert_free(t->cert);
+    t->cert = f->cert;
     if(!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length)) {
         /* Really should do something about this..but void function - ignore */
         ;
@@ -918,7 +911,7 @@ void SSL_copy_session_id(SSL *t, const SSL *f)
 int SSL_CTX_check_private_key(const SSL_CTX *ctx)
 {
     if ((ctx == NULL) ||
-        (ctx->cert == NULL) || (ctx->cert->key->x509 == NULL)) {
+        (ctx->cert->key->x509 == NULL)) {
         SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,
                SSL_R_NO_CERTIFICATE_ASSIGNED);
         return (0);
@@ -939,10 +932,6 @@ int SSL_check_private_key(const SSL *ssl)
         SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
         return (0);
     }
-    if (ssl->cert == NULL) {
-        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
-        return 0;
-    }
     if (ssl->cert->key->x509 == NULL) {
         SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
         return (0);
@@ -3055,26 +3044,28 @@ SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
 
 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
 {
-    CERT *ocert = ssl->cert;
+    CERT *new_cert;
     if (ssl->ctx == ctx)
         return ssl->ctx;
 #ifndef OPENSSL_NO_TLSEXT
     if (ctx == NULL)
         ctx = ssl->initial_ctx;
 #endif
-    ssl->cert = ssl_cert_dup(ctx->cert);
-    if (ocert) {
-        /* Preserve any already negotiated parameters */
-        if (ssl->server) {
-            ssl->cert->peer_sigalgs = ocert->peer_sigalgs;
-            ssl->cert->peer_sigalgslen = ocert->peer_sigalgslen;
-            ocert->peer_sigalgs = NULL;
-            ssl->cert->ciphers_raw = ocert->ciphers_raw;
-            ssl->cert->ciphers_rawlen = ocert->ciphers_rawlen;
-            ocert->ciphers_raw = NULL;
-        }
-        ssl_cert_free(ocert);
+    new_cert = ssl_cert_dup(ctx->cert);
+    if (new_cert == NULL) {
+        return NULL;
     }
+    /* Preserve any already negotiated parameters */
+    if (ssl->server) {
+        new_cert->peer_sigalgs = ssl->cert->peer_sigalgs;
+        new_cert->peer_sigalgslen = ssl->cert->peer_sigalgslen;
+        ssl->cert->peer_sigalgs = NULL;
+        new_cert->ciphers_raw = ssl->cert->ciphers_raw;
+        new_cert->ciphers_rawlen = ssl->cert->ciphers_rawlen;
+        ssl->cert->ciphers_raw = NULL;
+    }
+    ssl_cert_free(ssl->cert);
+    ssl->cert = new_cert;
 
     /*
      * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
author	Kurt Roeckx <kurt@roeckx.be>	2015-03-18 19:02:50 +0100
committer	Kurt Roeckx <kurt@roeckx.be>	2015-03-23 21:08:20 +0100
commit	24a0d3933d24059942a3cf99695d486c8fadd576 (patch)
tree	657755901b3f87302215f2b714c2a9bb30c9e20b /ssl
parent	06e6aa47de1b4da912069eef2e3458952ac79335 (diff)