diff options
| author | Carlos Martín Nieto <cmn@dwim.me> | 2014-04-26 14:36:32 +0200 |
|---|---|---|
| committer | Carlos Martín Nieto <cmn@dwim.me> | 2014-04-26 17:27:43 +0200 |
| commit | 783555d8e11516fdc01b66da0f873f5854b9bff6 (patch) | |
| tree | 50d21403fb27f9d3f74199f974a149c4f2dc5a04 | |
| parent | 51d3f6f5f2f9dc6c9f9dd64d3ccbd0afdcf6fb6e (diff) | |
| download | libgit2-cmn/match-host-tests.tar.gz | |
netops: catch the server not sending a certificatecmn/match-host-tests
It's possible for an encrypted connection not have a certificate. In
this case, SSL_get_verify_result() will return OK because no error
happened (as it never even tried to validate anything).
SSL_get_peer_certificate() will return NULL in this case so we need to
catch that. On the upside, the current code would segfault in this
situation instead of letting it through as a valid cert.
| -rw-r--r-- | src/netops.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/netops.c b/src/netops.c index 1e1832112..24092c17f 100644 --- a/src/netops.c +++ b/src/netops.c @@ -287,6 +287,10 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host) cert = SSL_get_peer_certificate(ssl->ssl); + if (!cert) { + giterr_set(GITERR_SSL, "the server did not provide a certificate"); + return -1; + } /* Check the alternative names */ alts = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); |