Changeset b1c2b01 in mod_gnutls for src/gnutls_hooks.c

Timestamp:

Jan 29, 2013, 11:00:15 PM (7 years ago)

Author:

Daniel Kahn Gillmor <dkg@…>

Branches:

debian/master, debian/stretch-backports, jessie-backports, master, msva, upstream

Children:

6f76e16

Parents:

834d926

Message:

avoid a segfault if no X.509 certificates are present during vhost_cb

File:

• src/gnutls_hooks.c (modified) (2 diffs)

src/gnutls_hooks.c

@@ -554 +554 @@
     mgs_srvconf_rec *tsc;
     vhost_cb_rec *x = baton;
+    int ret;
     
     _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
@@ -563 +564 @@
     }
    
-        int ret = gnutls_x509_crt_check_hostname(tsc->certs_x509_chain[0], s->server_hostname);
-    if (0 == ret)
+    if (tsc->certs_x509_chain_num > 0) {
+        /* why are we doing this check? */
+        ret = gnutls_x509_crt_check_hostname(tsc->certs_x509_chain[0], s->server_hostname);
+        if (0 == ret)
+            ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+                         "GnuTLS: Error checking certificate for hostname "
+                         "'%s'", s->server_hostname);
+    } else {
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
-                     "GnuTLS: Error checking certificate for hostname "
-                     "'%s'", s->server_hostname);
+                     "GnuTLS: SNI request for '%s' but no X.509 certs available at all",
+                     s->server_hostname);
+    }
         return check_server_aliases(x, s, tsc);
 }