diff options
author | Gilles Chehade <gilles@poolp.org> | 2013-09-12 19:29:32 +0200 |
---|---|---|
committer | Gilles Chehade <gilles@poolp.org> | 2013-09-12 19:29:32 +0200 |
commit | 3af5fc8fc045ef6ee256e4f31ded4edcb5f27581 (patch) | |
tree | 2fc89809f5bae8b98c066ca05c9ddc3d2af512d7 | |
parent | Merge branch 'master' of ssh.poolp.org:/git/opensmtpd (diff) | |
download | OpenSMTPD-3af5fc8fc045ef6ee256e4f31ded4edcb5f27581.tar.xz OpenSMTPD-3af5fc8fc045ef6ee256e4f31ded4edcb5f27581.zip |
do not dereference x509 information in a mta session if we don't have a client certopensmtpd-201309121930
-rw-r--r-- | smtpd/ssl_smtpd.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/smtpd/ssl_smtpd.c b/smtpd/ssl_smtpd.c index a30a6f10..194e0a63 100644 --- a/smtpd/ssl_smtpd.c +++ b/smtpd/ssl_smtpd.c @@ -69,16 +69,18 @@ ssl_mta_init(char *cert, off_t cert_len, char *key, off_t key_len) if (!SSL_set_ssl_method(ssl, SSLv23_client_method())) goto err; - x509 = SSL_get_certificate(ssl); - now = time(NULL); - notBefore = X509_get_notBefore(x509); - notAfter = X509_get_notAfter(x509); + if (cert != NULL) { + x509 = SSL_get_certificate(ssl); + now = time(NULL); + notBefore = X509_get_notBefore(x509); + notAfter = X509_get_notAfter(x509); - if (notBefore && X509_cmp_time(notBefore, &now) < 0) - log_warnx("smtp-out: certificate is not valid yet"); + if (notBefore && X509_cmp_time(notBefore, &now) < 0) + log_warnx("smtp-out: certificate is not valid yet"); - if (notAfter && X509_cmp_time(notAfter, &now) < 0) - log_warnx("smtp-out: certificate has expired"); + if (notAfter && X509_cmp_time(notAfter, &now) < 0) + log_warnx("smtp-out: certificate has expired"); + } return (void *)(ssl); |