Deal with anonymous SSL giving us no peer certificate.

author: Phil Pennock <pdp@exim.org> 2010-06-05 10:34:29 +0000
committer: Phil Pennock <pdp@exim.org> 2010-06-05 10:34:29 +0000
commit: 453a6645ece01ed49ff175d43d660daef435d301 (patch)
tree: 2b3f66e0190c4f087507ef4f0974e33ed0f6dd59 /src
parent: 55c75993b43ac91069a5fbe9cc7a8d48cda84ee0 (diff)
1 files changed, 10 insertions, 4 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 02db7cd52..78b28f5e8 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/tls-openssl.c,v 1.25 2010/06/05 09:36:11 pdp Exp $ */
+/* $Cambridge: exim/src/src/tls-openssl.c,v 1.26 2010/06/05 10:34:29 pdp Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -833,10 +833,16 @@ if (rc <= 0)
 
 DEBUG(D_tls) debug_printf("SSL_connect succeeded\n");
 
+/* Beware anonymous ciphers which lead to server_cert being NULL */
 server_cert = SSL_get_peer_certificate (ssl);
-tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
-  CS txt, sizeof(txt));
-tls_peerdn = txt;
+if (server_cert)
+  {
+  tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
+    CS txt, sizeof(txt));
+  tls_peerdn = txt;
+  }
+else
+  tls_peerdn = NULL;
 
 construct_cipher_name(ssl);   /* Sets tls_cipher */
author	Phil Pennock <pdp@exim.org>	2010-06-05 10:34:29 +0000
committer	Phil Pennock <pdp@exim.org>	2010-06-05 10:34:29 +0000
commit	453a6645ece01ed49ff175d43d660daef435d301 (patch)
tree	2b3f66e0190c4f087507ef4f0974e33ed0f6dd59 /src
parent	55c75993b43ac91069a5fbe9cc7a8d48cda84ee0 (diff)