romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-21 05:12:12 +03:00
Code Issues Projects Releases Packages Wiki Activity

openssl: better return code checks when logging cert data

Browse source 
Pointed out by ZeroPath

Closes #19094
This commit is contained in:
Daniel Stenberg 2025-10-17 11:18:49 +02:00
parent c4db9eb491
commit e2a4de8a60
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
lib/vtls/openssl.c
View file

@ -4845,6 +4845,8 @@ static void infof_certstack(struct Curl_easy *data, const SSL *ssl)
certstack = SSL_get_peer_cert_chain(ssl);
else
certstack = SSL_get0_verified_chain(ssl);
if(!certstack)
return;
num_cert_levels = sk_X509_num(certstack);
for(cert_level = 0; cert_level < num_cert_levels; cert_level++) {
@ -4860,12 +4862,17 @@ static void infof_certstack(struct Curl_easy *data, const SSL *ssl)
const char *type_name;
current_cert = sk_X509_value(certstack, cert_level);
if(!current_cert)
continue;
current_pkey = X509_get0_pubkey(current_cert);
if(!current_pkey)
continue;
X509_get0_signature(NULL, &palg_cert, current_cert);
X509_ALGOR_get0(&paobj_cert, NULL, NULL, palg_cert);
OBJ_obj2txt(cert_algorithm, sizeof(cert_algorithm), paobj_cert, 0);
current_pkey = X509_get0_pubkey(current_cert);
key_bits = EVP_PKEY_bits(current_pkey);
#ifndef HAVE_OPENSSL3
#define EVP_PKEY_get_security_bits EVP_PKEY_security_bits