From 64e54bf5c6657bf423d3ba463f31095d598d94e7 Mon Sep 17 00:00:00 2001
From: Pauli <paul.dale@oracle.com>
Date: Mon, 27 Apr 2020 09:32:14 +1000
Subject: [PATCH] coverity 1462581 Dereference after null check

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11651)
---
 ssl/ssl_cert.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 51bfa439f0..408404958e 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -872,7 +872,10 @@ int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
             untrusted = cpk->chain;
     }
 
-    xs_ctx = X509_STORE_CTX_new_with_libctx(s->ctx->libctx, s->ctx->propq);
+    if (s == NULL)
+        xs_ctx = X509_STORE_CTX_new_with_libctx(ctx->libctx, ctx->propq);
+    else
+        xs_ctx = X509_STORE_CTX_new_with_libctx(s->ctx->libctx, s->ctx->propq);
     if (xs_ctx == NULL) {
         SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
         goto err;
-- 
2.25.1