openssl: check SSL_get_peer_cert_chain return value

Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com> Closes #8579
2025-02-23 15:10:03 +08:00 · 2022-03-10 21:32:18 +01:00 · 2022-03-10 21:32:18 +01:00 · 680245cd39
commit 680245cd39
parent e87c53d7ea
1 changed files with 5 additions and 0 deletions
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@ -1927,6 +1927,11 @@ static CURLcode verifystatus(struct Curl_easy *data,
  }

  ch = SSL_get_peer_cert_chain(backend->handle);
+  if(!ch) {
+    failf(data, "Could not get peer certificate chain");
+    result = CURLE_SSL_INVALIDCERTSTATUS;
+    goto end;
+  }
  st = SSL_CTX_get_cert_store(backend->ctx);

 #if ((OPENSSL_VERSION_NUMBER <= 0x1000201fL) /* Fixed after 1.0.2a */ || \