static unsigned int record_minus(record_t *buf, void *ptr,
unsigned int size);
-#ifdef PSK_MAX_IDENTITY_LEN
-static bool identity_is_safe(const char *identity)
-{
- char c;
-
- if (!identity) return true;
-
- while ((c = *(identity++)) != '\0') {
- if (isalpha((int) c) || isdigit((int) c) || isspace((int) c) ||
- (c == '@') || (c == '-') || (c == '_') || (c == '.')) {
- continue;
- }
-
- return false;
- }
-
- return true;
-}
-
DIAG_OFF(format-nonliteral)
/** Print errors in the TLS thread local error stack
*
return 1;
}
+#ifdef PSK_MAX_IDENTITY_LEN
+static bool identity_is_safe(const char *identity)
+{
+ char c;
+
+ if (!identity) return true;
+
+ while ((c = *(identity++)) != '\0') {
+ if (isalpha((int) c) || isdigit((int) c) || isspace((int) c) ||
+ (c == '@') || (c == '-') || (c == '_') || (c == '.')) {
+ continue;
+ }
+
+ return false;
+ }
+
+ return true;
+}
+
/*
* When a client uses TLS-PSK to talk to a server, this callback
* is used by the server to determine the PSK to use.
identity = (char **)SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_IDENTITY);
#ifdef HAVE_OPENSSL_OCSP_H
- ocsp_store = (X509_STORE *)SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_STORE);
+ ocsp_store = conf->ocsp_store;
#endif
talloc_ctx = SSL_get_ex_data(ssl, FR_TLS_EX_INDEX_TALLOC);
#ifdef HAVE_OPENSSL_OCSP_H
if (my_ok && conf->ocsp_enable){
RDEBUG2("Starting OCSP Request");
- if (X509_STORE_CTX_get1_issuer(&issuer_cert, ctx, client_cert) != 1) {
+ if ((X509_STORE_CTX_get1_issuer(&issuer_cert, ctx, client_cert) != 1) ||
+ !issuer_cert) {
RERROR("Couldn't get issuer_cert for %s", common_name);
} else {
my_ok = ocsp_check(request, ocsp_store, issuer_cert, client_cert, conf);