workaround crash caused by openssl/SSL_get_peer_certificate on invali…

…d cert
janbar · Sep 17, 2024 · 148a046 · 148a046
1 parent 741183c
commit 148a046
Showing 1 changed file with 14 additions and 10 deletions.
diff --git a/noson/src/private/securesocket.cpp b/noson/src/private/securesocket.cpp
@@ -24,6 +24,7 @@
 #include "cppdef.h"
 
 #include <errno.h>
+#include <cassert>
 
 #ifdef __WINDOWS__
 #include <WinSock2.h>
@@ -302,17 +303,20 @@ bool SecureSocket::IsValid() const
 
 bool SecureSocket::IsCertificateValid(std::string& str)
 {
-  if (m_cert)
-    X509_free(static_cast<X509*>(m_cert));
-  m_cert = SSL_get_peer_certificate(static_cast<SSL*>(m_ssl));
-  if (m_cert)
+  if (SSL_get_verify_result(static_cast<SSL*>(m_ssl)) == X509_V_OK)
   {
-    char buf[80];
-    // X509_get_subject_name() returns the subject name of certificate x.
-    // The returned value is an internal pointer which MUST NOT be freed.
-    X509_NAME* name = X509_get_subject_name(static_cast<X509*>(m_cert));
-    str.assign(X509_NAME_oneline(name, buf, sizeof(buf) - 1));
-    return true;
+    if (m_cert)
+      X509_free(static_cast<X509*>(m_cert));
+    m_cert = SSL_get_peer_certificate(static_cast<SSL*>(m_ssl));
+    if (m_cert)
+    {
+      char buf[80];
+      // X509_get_subject_name() returns the subject name of certificate x.
+      // The returned value is an internal pointer which MUST NOT be freed.
+      X509_NAME* name = X509_get_subject_name(static_cast<X509*>(m_cert));
+      str.assign(X509_NAME_oneline(name, buf, sizeof(buf) - 1));
+      return true;
+    }
   }
   return false;
 }