diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index b8c455113..6a2362ef6 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -1016,6 +1016,8 @@ void InitDecodedCert(DecodedCert* cert, byte* source, word32 inSz, void* heap) cert->signature = 0; cert->subjectCN = 0; cert->subjectCNLen = 0; + cert->issuer[0] = '\0'; + cert->subject[0] = '\0'; cert->source = source; /* don't own */ cert->srcIdx = 0; cert->maxIdx = inSz; /* can't go over this index */ diff --git a/src/internal.c b/src/internal.c index 30ce12e55..3dc5d592e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1624,21 +1624,15 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx) } } - if (fatal) { - FreeDecodedCert(&dCert); - ssl->error = ret; - return ret; - } - ssl->options.havePeerCert = 1; - /* set X509 format */ #ifdef OPENSSL_EXTRA + /* set X509 format for peer cert even if fatal */ XSTRNCPY(ssl->peerCert.issuer.name, dCert.issuer, ASN_NAME_MAX); ssl->peerCert.issuer.name[ASN_NAME_MAX - 1] = '\0'; - ssl->peerCert.issuer.sz = (int)XSTRLEN(dCert.issuer) + 1; + ssl->peerCert.issuer.sz = (int)XSTRLEN(ssl->peerCert.issuer.name) + 1; XSTRNCPY(ssl->peerCert.subject.name, dCert.subject, ASN_NAME_MAX); ssl->peerCert.subject.name[ASN_NAME_MAX - 1] = '\0'; - ssl->peerCert.subject.sz = (int)XSTRLEN(dCert.subject) + 1; + ssl->peerCert.subject.sz = (int)XSTRLEN(ssl->peerCert.subject.name) + 1; XMEMCPY(ssl->peerCert.serial, dCert.serial, EXTERNAL_SERIAL_SIZE); ssl->peerCert.serialSz = dCert.serialSz; @@ -1658,6 +1652,13 @@ static int DoCertificate(CYASSL* ssl, byte* input, word32* inOutIdx) ssl->peerCert.derCert.length = myCert.length; #endif + if (fatal) { + FreeDecodedCert(&dCert); + ssl->error = ret; + return ret; + } + ssl->options.havePeerCert = 1; + /* store for callback use */ if (dCert.subjectCNLen < ASN_NAME_MAX) { XMEMCPY(domain, dCert.subjectCN, dCert.subjectCNLen);