Checkout return value of dtls1_output_cert_chain

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 9beb948c0dae6056caddf46a9aa099e18905d184)

diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index d8cf92686c47bbd79ccd66869643c29e2df9b729..0fea8659ac7f880a5ad48912f778b40e9c726075 100644 (file)
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -1548,6 +1548,12 @@ int dtls1_send_client_certificate(SSL *s)
                s->state=SSL3_ST_CW_CERT_D;
                l=dtls1_output_cert_chain(s,
                        (s->s3->tmp.cert_req == 2)?NULL:s->cert->key->x509);
+               if (!l)
+                       {
+                       SSLerr(SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+                       ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+                       return 0;
+                       }
                s->init_num=(int)l;
                s->init_off=0;
 

diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index a14fb43138b1997662a41022a70990dbbaaef9f3..f52c735a5b26bd6d6755403d41c13f11b71f38fc 100644 (file)
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -1446,6 +1446,11 @@ int dtls1_send_server_certificate(SSL *s)
                        }
 
                l=dtls1_output_cert_chain(s,x);
+               if (!l)
+                       {
+                       SSLerr(SSL_F_DTLS1_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR);
+                       return(0);
+                       }
                s->state=SSL3_ST_SW_CERT_B;
                s->init_num=(int)l;
                s->init_off=0;