From 5784889fb907485978919b91c2c7f6bf0c4843e3 Mon Sep 17 00:00:00 2001
From: Maxim Dounin <mdounin@mdounin.ru>
Date: Mon, 15 Apr 2019 19:13:09 +0300
Subject: OCSP stapling: fixed segfault with dynamic certificate loading.

If OCSP stapling was enabled with dynamic certificate loading, with some
OpenSSL versions (1.0.2o and older, 1.1.0h and older; fixed in 1.0.2p,
1.1.0i, 1.1.1) a segmentation fault might happen.

The reason is that during an abbreviated handshake the certificate
callback is not called, but the certificate status callback was called
(https://github.com/openssl/openssl/issues/1662), leading to NULL being
returned from SSL_get_certificate().

Fix is to explicitly check SSL_get_certificate() result.
---
 src/event/ngx_event_openssl_stapling.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src')

diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c
index 7d0a1701f..c832aa0a2 100644
--- a/src/event/ngx_event_openssl_stapling.c
+++ b/src/event/ngx_event_openssl_stapling.c
@@ -511,6 +511,11 @@ ngx_ssl_certificate_status_callback(ngx_ssl_conn_t *ssl_conn, void *data)
     rc = SSL_TLSEXT_ERR_NOACK;
 
     cert = SSL_get_certificate(ssl_conn);
+
+    if (cert == NULL) {
+        return rc;
+    }
+
     staple = X509_get_ex_data(cert, ngx_ssl_stapling_index);
 
     if (staple == NULL) {
-- 
cgit