From 1b2fcd3af52f5a520a8173eb1ed9bfece5963551 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Wed, 7 Oct 2015 23:25:45 +0000
Subject: Allow us to get cipher and version even if there is not a peer
 certificate. ok doug@

---
 src/lib/libtls/tls.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'src/lib/libtls/tls.c')

diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c
index f841271754..0a7c958369 100644
--- a/src/lib/libtls/tls.c
+++ b/src/lib/libtls/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.33 2015/09/29 10:17:04 deraadt Exp $ */
+/* $OpenBSD: tls.c,v 1.34 2015/10/07 23:25:45 beck Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -400,10 +400,11 @@ tls_handshake(struct tls *ctx)
 	else if ((ctx->flags & TLS_SERVER_CONN) != 0)
 		rv = tls_handshake_server(ctx);
 
-	if (rv == 0 &&
-	    (ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn)) &&
-	    (tls_get_conninfo(ctx) == -1))
-		rv = -1;
+	if (rv == 0) {
+		ctx->ssl_peer_cert =  SSL_get_peer_certificate(ctx->ssl_conn);
+		if (tls_get_conninfo(ctx) == -1)
+		    rv = -1;
+	}
  out:
 	/* Prevent callers from performing incorrect error handling */
 	errno = 0;
-- 
cgit v1.2.3-55-g6feb