Checkout return value of dtls1_output_cert_chain

Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 9beb948c0dae6056caddf46a9aa099e18905d184)
2014-12-03 11:15:40 +00:00 · 2014-12-03 11:15:40 +00:00 · 9d410579a7
commit 9d410579a7
parent 4f90ef0c5b
2 changed files with 11 additions and 0 deletions
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@ -1548,6 +1548,12 @@ int dtls1_send_client_certificate(SSL *s)
 		s->state=SSL3_ST_CW_CERT_D;
 		l=dtls1_output_cert_chain(s,
 			(s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
+		if (!l)
+			{
+			SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+			return 0;
+			}
 		s->init_num=(int)l;
 		s->init_off=0;

--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@ -1446,6 +1446,11 @@ int dtls1_send_server_certificate(SSL *s)
 			}

 		l=dtls1_output_cert_chain(s,x);
+		if (!l)
+			{
+			SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+			return(0);
+			}
 		s->state=SSL3_ST_SW_CERT_B;
 		s->init_num=(int)l;
 		s->init_off=0;