From 783555d8e11516fdc01b66da0f873f5854b9bff6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Mart=C3=ADn=20Nieto?= Date: Sat, 26 Apr 2014 14:36:32 +0200 Subject: [PATCH] netops: catch the server not sending a certificate It's possible for an encrypted connection not have a certificate. In this case, SSL_get_verify_result() will return OK because no error happened (as it never even tried to validate anything). SSL_get_peer_certificate() will return NULL in this case so we need to catch that. On the upside, the current code would segfault in this situation instead of letting it through as a valid cert. --- src/netops.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/netops.c b/src/netops.c index 1e1832112..24092c17f 100644 --- a/src/netops.c +++ b/src/netops.c @@ -287,6 +287,10 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host) cert = SSL_get_peer_certificate(ssl->ssl); + if (!cert) { + giterr_set(GITERR_SSL, "the server did not provide a certificate"); + return -1; + } /* Check the alternative names */ alts = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);