From 368e6420e77469250b5554ea6465fff7a3378ee8 Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Thu, 1 Sep 2016 15:33:45 -0400
Subject: [PATCH] issuer_cert may be retrieved, but not exist

---
 src/main/tls.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/main/tls.c b/src/main/tls.c
index 21c276e..4f36a06 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -2195,7 +2195,8 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 #ifdef HAVE_OPENSSL_OCSP_H
 		if (my_ok && conf->ocsp_enable){
 			RDEBUG2("Starting OCSP Request");
-			if (X509_STORE_CTX_get1_issuer(&issuer_cert, ctx, client_cert) != 1) {
+			if ((X509_STORE_CTX_get1_issuer(&issuer_cert, ctx, client_cert) != 1) ||
+			    !issuer_cert) {
 				RERROR("Couldn't get issuer_cert for %s", common_name);
 			} else {
 				my_ok = ocsp_check(request, ocsp_store, issuer_cert, client_cert, conf);
-- 
2.1.4