OCSP stapling: fixed segfault with dynamic certificate loading.

If OCSP stapling was enabled with dynamic certificate loading, with some
OpenSSL versions (1.0.2o and older, 1.1.0h and older; fixed in 1.0.2p,
1.1.0i, 1.1.1) a segmentation fault might happen.

The reason is that during an abbreviated handshake the certificate
callback is not called, but the certificate status callback was called
(https://github.com/openssl/openssl/issues/1662), leading to NULL being
returned from SSL_get_certificate().

Fix is to explicitly check SSL_get_certificate() result.

diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c
index 7d0a1701f22c90a4e540c81ef48a16f8adc04b12..c832aa0a2cbb045a55f2057d074c3101db86d011 100644 (file)
--- a/src/event/ngx_event_openssl_stapling.c
+++ b/src/event/ngx_event_openssl_stapling.c
@@ -511,6 +511,11 @@ ngx_ssl_certificate_status_callback(ngx_ssl_conn_t *ssl_conn, void *data)
     rc = SSL_TLSEXT_ERR_NOACK;
 
     cert = SSL_get_certificate(ssl_conn);
+
+    if (cert == NULL) {
+        return rc;
+    }
+
     staple = X509_get_ex_data(cert, ngx_ssl_stapling_index);
 
     if (staple == NULL) {