diff --git a/src/tls/openssl/tls.c b/src/tls/openssl/tls.c index 4e35f9c..a40dbfc 100644 --- a/src/tls/openssl/tls.c +++ b/src/tls/openssl/tls.c @@ -167,16 +167,20 @@ int tls_verify_cert(struct tls_conn *tc, char *cn, size_t cn_size) { X509 *peer; - if (!tc) + if (!tc || !cn || !cn_size) return EINVAL; /* Check the cert chain. The chain length is automatically checked by OpenSSL when we set the verify depth in the ctx */ - /* Get the common name */ peer = SSL_get_peer_certificate(tc->ssl); - /* todo: check return value */ + if (!peer) { + DEBUG_WARNING("Unable to get peer certificate\n"); + return EPROTO; + } + + /* Get the common name */ X509_NAME_get_text_by_NID(X509_get_subject_name(peer), NID_commonName, cn, (int)cn_size);