Allow us to get cipher and version even if there is not a peer certificate.

ok doug@
author: beck <> 2015-10-07 23:25:45 +0000
committer: beck <> 2015-10-07 23:25:45 +0000
commit: 545a111ef6b8cf1b16a35cc82a9a9015dc28c7fb (patch)
tree: 9d3ca70891c3d147b6cdc93a8c9ebe69014bc2be /src/lib/libtls/tls.c
parent: bfd70ae63728d21687be518d937ae9403f9f490c (diff)
download: openbsd-545a111ef6b8cf1b16a35cc82a9a9015dc28c7fb.tar.gz
openbsd-545a111ef6b8cf1b16a35cc82a9a9015dc28c7fb.tar.bz2
openbsd-545a111ef6b8cf1b16a35cc82a9a9015dc28c7fb.zip
1 files changed, 6 insertions, 5 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index f841271754..0a7c958369 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.33 2015/09/29 10:17:04 deraadt Exp $ */
+/* $OpenBSD: tls.c,v 1.34 2015/10/07 23:25:45 beck Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -400,10 +400,11 @@ tls_handshake(struct tls *ctx)
        else if ((ctx->flags & TLS_SERVER_CONN) != 0)
                rv = tls_handshake_server(ctx);
-        if (rv == 0 &&
+        if (rv == 0) {
-            (ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn)) &&
+                ctx->ssl_peer_cert =  SSL_get_peer_certificate(ctx->ssl_conn);
-            (tls_get_conninfo(ctx) == -1))
+                if (tls_get_conninfo(ctx) == -1)
-                rv = -1;
+                    rv = -1;
+        }
 out:
        /* Prevent callers from performing incorrect error handling */
        errno = 0;
author	beck <>	2015-10-07 23:25:45 +0000
committer	beck <>	2015-10-07 23:25:45 +0000
commit	545a111ef6b8cf1b16a35cc82a9a9015dc28c7fb (patch)
tree	9d3ca70891c3d147b6cdc93a8c9ebe69014bc2be /src/lib/libtls/tls.c
parent	bfd70ae63728d21687be518d937ae9403f9f490c (diff)
download	openbsd-545a111ef6b8cf1b16a35cc82a9a9015dc28c7fb.tar.gz openbsd-545a111ef6b8cf1b16a35cc82a9a9015dc28c7fb.tar.bz2 openbsd-545a111ef6b8cf1b16a35cc82a9a9015dc28c7fb.zip