From 5ad58666552a4fe27411d3356c59904856890aec Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Thu, 1 Sep 2016 15:26:10 -0400 Subject: [PATCH] issuer_cert may be NULL --- src/modules/rlm_eap/libeap/mppe_keys.c | 2 ++ src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/modules/rlm_eap/libeap/mppe_keys.c b/src/modules/rlm_eap/libeap/mppe_keys.c index a53bf8d..2fe03e3 100644 --- a/src/modules/rlm_eap/libeap/mppe_keys.c +++ b/src/modules/rlm_eap/libeap/mppe_keys.c @@ -62,6 +62,8 @@ static void P_hash(const EVP_MD *evp_md, HMAC_CTX_init(&ctx_a); HMAC_CTX_init(&ctx_out); + HMAC_CTX_set_flags(&ctx_a, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); + HMAC_CTX_set_flags(&ctx_out, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); HMAC_Init_ex(&ctx_a, secret, secret_len, evp_md, NULL); HMAC_Init_ex(&ctx_out, secret, secret_len, evp_md, NULL); diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c index d68e745..d5338b6 100644 --- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c +++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c @@ -862,6 +862,8 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx) RDEBUG2("--> Starting OCSP Request"); if (X509_STORE_CTX_get1_issuer(&issuer_cert, ctx, client_cert) != 1) { radlog(L_ERR, "Error: Couldn't get issuer_cert for %s", common_name); + } else if (!issuer_cert && !subject[0]) { + radlog(L_ERR, "Error: Missing issuer_cert and subject for %s", common_name); } else { my_ok = ocsp_check(ocsp_store, issuer_cert, client_cert, conf); } -- 2.1.4