s3 is never NULL since s2 (formerly used for SSLv2) does not exist, so there is

no need to check for it. Fixes COV-165788, identified with help from Alex Bumstead. ok jsing@
author: bcook <bcook@openbsd.org> 2019-05-15 09:13:16 +0000
committer: bcook <bcook@openbsd.org> 2019-05-15 09:13:16 +0000
commit: 370b96472bf45a8174524306b33a55fc5f360bbc (patch)
tree: 4a6e1732f6e27f25f2df1f6ef5c74df36073fc21 /lib/libssl/ssl_cert.c
parent: Cleanup: (diff)
download: wireguard-openbsd-370b96472bf45a8174524306b33a55fc5f360bbc.tar.xz
wireguard-openbsd-370b96472bf45a8174524306b33a55fc5f360bbc.zip
1 files changed, 2 insertions, 3 deletions
diff --git a/lib/libssl/ssl_cert.c b/lib/libssl/ssl_cert.c
index 4641ac92d08..af8ef329b4b 100644
--- a/lib/libssl/ssl_cert.c
+++ b/lib/libssl/ssl_cert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_cert.c,v 1.75 2019/04/13 18:04:05 tb Exp $ */
+/* $OpenBSD: ssl_cert.c,v 1.76 2019/05/15 09:13:16 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -508,8 +508,7 @@ SSL_get_client_CA_list(const SSL *s)
 {
 	if (s->internal->type == SSL_ST_CONNECT) {
 		/* We are in the client. */
-		if (((s->version >> 8) == SSL3_VERSION_MAJOR) &&
-		    (s->s3 != NULL))
+		if ((s->version >> 8) == SSL3_VERSION_MAJOR)
 			return (S3I(s)->tmp.ca_names);
 		else
 			return (NULL);
author	bcook <bcook@openbsd.org>	2019-05-15 09:13:16 +0000
committer	bcook <bcook@openbsd.org>	2019-05-15 09:13:16 +0000
commit	370b96472bf45a8174524306b33a55fc5f360bbc (patch)
tree	4a6e1732f6e27f25f2df1f6ef5c74df36073fc21 /lib/libssl/ssl_cert.c
parent	Cleanup: (diff)
download	wireguard-openbsd-370b96472bf45a8174524306b33a55fc5f360bbc.tar.xz wireguard-openbsd-370b96472bf45a8174524306b33a55fc5f360bbc.zip