OCSP stapling: fixed segfault with dynamic certificate loading.

If OCSP stapling was enabled with dynamic certificate loading, with some OpenSSL versions (1.0.2o and older, 1.1.0h and older; fixed in 1.0.2p, 1.1.0i, 1.1.1) a segmentation fault might happen. The reason is that during an abbreviated handshake the certificate callback is not called, but the certificate status callback was called (https://github.com/openssl/openssl/issues/1662), leading to NULL being returned from SSL_get_certificate(). Fix is to explicitly check SSL_get_certificate() result.
author: Maxim Dounin <mdounin@mdounin.ru> 2019-04-15 19:13:09 +0300
committer: Maxim Dounin <mdounin@mdounin.ru> 2019-04-15 19:13:09 +0300
commit: 5784889fb907485978919b91c2c7f6bf0c4843e3 (patch)
tree: 3cf7fcf23556b14a7c351ed9bc62d70e9742ec0c
parent: aaa1a5706033bd0e33de7beb237e52e2a19a3245 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c
index 7d0a1701f..c832aa0a2 100644
--- a/src/event/ngx_event_openssl_stapling.c
+++ b/src/event/ngx_event_openssl_stapling.c
@@ -511,6 +511,11 @@ ngx_ssl_certificate_status_callback(ngx_ssl_conn_t *ssl_conn, void *data)
     rc = SSL_TLSEXT_ERR_NOACK;
 
     cert = SSL_get_certificate(ssl_conn);
+
+    if (cert == NULL) {
+        return rc;
+    }
+
     staple = X509_get_ex_data(cert, ngx_ssl_stapling_index);
 
     if (staple == NULL) {
author	Maxim Dounin <mdounin@mdounin.ru>	2019-04-15 19:13:09 +0300
committer	Maxim Dounin <mdounin@mdounin.ru>	2019-04-15 19:13:09 +0300
commit	5784889fb907485978919b91c2c7f6bf0c4843e3 (patch)
tree	3cf7fcf23556b14a7c351ed9bc62d70e9742ec0c
parent	aaa1a5706033bd0e33de7beb237e52e2a19a3245 (diff)