RT2560: missing NULL check in ocsp_req_find_signer

If we don't find a signer in the internal list, then fall through and look at the internal list; don't just return NULL. Reviewed-by: Dr. Stephen Henson <steve@openssl.org> (cherry picked from commit b2aa38a980e9fbf158aafe487fb729c492b241fb)
2014-09-10 11:43:45 -04:00 · 2014-09-10 11:43:45 -04:00 · bea9a17726
commit bea9a17726
parent b537ea9ce4
1 changed files with 5 additions and 2 deletions
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@ -436,9 +436,12 @@ static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm
 	if(!(flags & OCSP_NOINTERN))
 		{
 		signer = X509_find_by_subject(req->optionalSignature->certs, nm);
+		if (signer)
+			{
 			*psigner = signer;
 			return 1;
 			}
+		}

 	signer = X509_find_by_subject(certs, nm);
 	if (signer)