From 36cbf12ad3fea2d875a1c3d83cfbcf4fad113667 Mon Sep 17 00:00:00 2001 From: Bob Beck Date: Wed, 7 Oct 2015 23:25:46 +0000 Subject: Allow us to get cipher and version even if there is not a peer certificate. ok doug@ --- lib/libtls/tls_conninfo.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) (limited to 'lib/libtls/tls_conninfo.c') diff --git a/lib/libtls/tls_conninfo.c b/lib/libtls/tls_conninfo.c index 86fca2337d2..48bb89fe635 100644 --- a/lib/libtls/tls_conninfo.c +++ b/lib/libtls/tls_conninfo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_conninfo.c,v 1.3 2015/09/28 15:18:08 jsing Exp $ */ +/* $OpenBSD: tls_conninfo.c,v 1.4 2015/10/07 23:25:45 beck Exp $ */ /* * Copyright (c) 2015 Joel Sing * Copyright (c) 2015 Bob Beck @@ -121,7 +121,7 @@ tls_get_peer_cert_subject(struct tls *ctx, char **subject) int tls_get_conninfo(struct tls *ctx) { - int rv = -1; + const char * tmp; if (ctx->ssl_peer_cert != NULL) { if (tls_get_peer_cert_hash(ctx, &ctx->conninfo->hash) == -1) goto err; @@ -130,16 +130,21 @@ tls_get_conninfo(struct tls *ctx) { goto err; if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1) goto err; - ctx->conninfo->version = strdup(SSL_get_version(ctx->ssl_conn)); - if (ctx->conninfo->version == NULL) - goto err; - ctx->conninfo->cipher = strdup(SSL_get_cipher(ctx->ssl_conn)); - if (ctx->conninfo->cipher == NULL) - goto err; } - rv = 0; + if ((tmp = SSL_get_version(ctx->ssl_conn)) == NULL) + goto err; + ctx->conninfo->version = strdup(tmp); + if (ctx->conninfo->version == NULL) + goto err; + if ((tmp = SSL_get_cipher(ctx->ssl_conn)) == NULL) + goto err; + ctx->conninfo->cipher = strdup(tmp); + if (ctx->conninfo->cipher == NULL) + goto err; + return (0); err: - return (rv); + tls_free_conninfo(ctx->conninfo); + return (-1); } void -- cgit v1.2.3