issuer_cert may be NULL

diff --git a/src/modules/rlm_eap/libeap/mppe_keys.c b/src/modules/rlm_eap/libeap/mppe_keys.c
index a53bf8d..2fe03e3 100644 (file)
--- a/src/modules/rlm_eap/libeap/mppe_keys.c
+++ b/src/modules/rlm_eap/libeap/mppe_keys.c
@@ -62,6 +62,8 @@ static void P_hash(const EVP_MD *evp_md,
 
        HMAC_CTX_init(&ctx_a);
        HMAC_CTX_init(&ctx_out);
+       HMAC_CTX_set_flags(&ctx_a, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+       HMAC_CTX_set_flags(&ctx_out, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
        HMAC_Init_ex(&ctx_a, secret, secret_len, evp_md, NULL);
        HMAC_Init_ex(&ctx_out, secret, secret_len, evp_md, NULL);
 

diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
index d68e745..d5338b6 100644 (file)
--- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
+++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
@@ -862,6 +862,8 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx)
                        RDEBUG2("--> Starting OCSP Request");
                        if (X509_STORE_CTX_get1_issuer(&issuer_cert, ctx, client_cert) != 1) {
                                radlog(L_ERR, "Error: Couldn't get issuer_cert for %s", common_name);
+                       } else if (!issuer_cert && !subject[0]) {
+                               radlog(L_ERR, "Error: Missing issuer_cert and subject for %s", common_name);
                        } else {
                                my_ok = ocsp_check(ocsp_store, issuer_cert, client_cert, conf);
                        }