interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Only equip with peer cert when transport is TLS

This commit is contained in:
Willem Toorop 2017-03-25 21:26:05 +01:00
parent a2efd8f6c1
commit 5f6e47d091
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/stub.c
View File

@ -1673,13 +1673,15 @@ upstream_write_cb(void *userarg)
return; return;
default: default:
cert = SSL_get_peer_certificate(netreq->upstream->tls_obj); if (netreq->upstream->tls_obj &&
(cert = SSL_get_peer_certificate(netreq->upstream->tls_obj))) {
assert(netreq->debug_tls_peer_cert.data == NULL); assert(netreq->debug_tls_peer_cert.data == NULL);
/* Need this because auth status is reset on connection close */
netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;
netreq->debug_tls_peer_cert.size = i2d_X509( netreq->debug_tls_peer_cert.size = i2d_X509(
cert, &netreq->debug_tls_peer_cert.data); cert, &netreq->debug_tls_peer_cert.data);
}
/* Need this because auth status is reset on connection close */
netreq->debug_tls_auth_status = netreq->upstream->tls_auth_state;
upstream->queries_sent++; upstream->queries_sent++;
netreq->query_id = (uint16_t) q; netreq->query_id = (uint16_t) q;
/* Unqueue the netreq from the write_queue */ /* Unqueue the netreq from the write_queue */