netops: catch the server not sending a certificate

It's possible for an encrypted connection not have a certificate. In this case, SSL_get_verify_result() will return OK because no error happened (as it never even tried to validate anything). SSL_get_peer_certificate() will return NULL in this case so we need to catch that. On the upside, the current code would segfault in this situation instead of letting it through as a valid cert.

netops: catch the server not sending a certificate
It's possible for an encrypted connection not have a certificate. In this case, SSL_get_verify_result() will return OK because no error happened (as it never even tried to validate anything). SSL_get_peer_certificate() will return NULL in this case so we need to catch that. On the upside, the current code would segfault in this situation instead of letting it through as a valid cert.
783555d8 · Carlos Martín Nieto · 51d3f6f5 · 783555d8
Commit 783555d8 authored Apr 26, 2014 by Carlos Martín Nieto
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

src/netops.c
+4 -0

No files found.
--- a/src/netops.c
+++ b/src/netops.c
@@ -287,6 +287,10 @@ static int verify_server_cert(gitno_ssl *ssl, const char *host)


 	cert = SSL_get_peer_certificate(ssl->ssl);
+	if (!cert) {
+		giterr_set(GITERR_SSL, "the server did not provide a certificate");
+		return -1;
+	}

 	/* Check the alternative names */
 	alts = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);