From 35d7405d38e9cd69c2519757d10d045d684d8da6 Mon Sep 17 00:00:00 2001
From: Andrea Ceccanti <andrea.ceccanti@gmail.com>
Date: Fri, 2 Aug 2019 19:33:36 +0200
Subject: [PATCH] Be paranoid about certs extracted from the chain

---
 src/ngx_http_voms_module.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ngx_http_voms_module.cpp b/src/ngx_http_voms_module.cpp
index d0ee276..29ae6a9 100644
--- a/src/ngx_http_voms_module.cpp
+++ b/src/ngx_http_voms_module.cpp
@@ -544,7 +544,7 @@ static X509* get_ee_cert(ngx_http_request_t* r)
     // find first non-proxy and non-ca cert
     for (int i = 0; i != sk_X509_num(chain); ++i) {
       auto cert = sk_X509_value(chain, i);
-      if (is_ca(cert)) {
+      if (cert && is_ca(cert)) {
         break;
       }
       if (cert && !is_proxy(cert)) {
-- 
GitLab