From 0b50778c33fc7552794e46e12677a0581e6f7b02 Mon Sep 17 00:00:00 2001
From: Richard Aas <richard@db.org>
Date: Tue, 6 Sep 2011 11:49:19 +0000
Subject: [PATCH] tls_verify_cert(): check arguments and return value

---
 src/tls/openssl/tls.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/tls/openssl/tls.c b/src/tls/openssl/tls.c
index 4e35f9c..a40dbfc 100644
--- a/src/tls/openssl/tls.c
+++ b/src/tls/openssl/tls.c
@@ -167,16 +167,20 @@ int tls_verify_cert(struct tls_conn *tc, char *cn, size_t cn_size)
 {
 	X509 *peer;
 
-	if (!tc)
+	if (!tc || !cn || !cn_size)
 		return EINVAL;
 
 	/* Check the cert chain. The chain length
 	   is automatically checked by OpenSSL when
 	   we set the verify depth in the ctx */
 
-	/* Get the common name */
 	peer = SSL_get_peer_certificate(tc->ssl);
-	/* todo: check return value */
+	if (!peer) {
+		DEBUG_WARNING("Unable to get peer certificate\n");
+		return EPROTO;
+	}
+
+	/* Get the common name */
 	X509_NAME_get_text_by_NID(X509_get_subject_name(peer),
 				  NID_commonName, cn, (int)cn_size);