Deal with anonymous SSL giving us no peer certificate.

[exim.git] / src / src / tls-openssl.c

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 02db7cd526675c62c97e5c20b49cffb4eba25279..78b28f5e84cabb9fe6210c92e68f235d4458d0d0 100644 (file)
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/tls-openssl.c,v 1.25 2010/06/05 09:36:11 pdp Exp $ */
+/* $Cambridge: exim/src/src/tls-openssl.c,v 1.26 2010/06/05 10:34:29 pdp Exp $ */

 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *


@@ -833,10 +833,16 @@ if (rc <= 0)
 
 DEBUG(D_tls) debug_printf("SSL_connect succeeded\n");
 
 
 DEBUG(D_tls) debug_printf("SSL_connect succeeded\n");
 

+/* Beware anonymous ciphers which lead to server_cert being NULL */

 server_cert = SSL_get_peer_certificate (ssl);
 server_cert = SSL_get_peer_certificate (ssl);

-tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
-  CS txt, sizeof(txt));
-tls_peerdn = txt;
+if (server_cert)
+  {
+  tls_peerdn = US X509_NAME_oneline(X509_get_subject_name(server_cert),
+    CS txt, sizeof(txt));
+  tls_peerdn = txt;
+  }
+else
+  tls_peerdn = NULL;

 
 construct_cipher_name(ssl);   /* Sets tls_cipher */
 
 
 construct_cipher_name(ssl);   /* Sets tls_cipher */