From 5f6e47d091a15af0f4c5f7aa592ca4abff5b89be Mon Sep 17 00:00:00 2001
From: Willem Toorop <willem@nlnetlabs.nl>
Date: Sat, 25 Mar 2017 21:26:05 +0100
Subject: [PATCH] Only equip with peer cert when transport is TLS

---
 src/stub.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/stub.c b/src/stub.c
index 17b7e1d6..068eeb72 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -1673,13 +1673,15 @@ upstream_write_cb(void *userarg)
 		return;
 
 	default:
-		cert = SSL_get_peer_certificate(netreq->upstream->tls_obj);
-		assert(netreq->debug_tls_peer_cert.data == NULL);
+		if (netreq->upstream->tls_obj &&
+		    (cert = SSL_get_peer_certificate(netreq->upstream->tls_obj))) {
+			assert(netreq->debug_tls_peer_cert.data == NULL);
 
+			netreq->debug_tls_peer_cert.size = i2d_X509(
+			    cert, &netreq->debug_tls_peer_cert.data);
+		}
 		/* Need this because auth status is reset on connection close */
 		netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;
-		netreq->debug_tls_peer_cert.size = i2d_X509(
-		    cert, &netreq->debug_tls_peer_cert.data);
 		upstream->queries_sent++;
 		netreq->query_id = (uint16_t) q;
 		/* Unqueue the netreq from the write_queue */