From 1ef41f4eb668bb2c79f05ccf76be79444332d8a1 Mon Sep 17 00:00:00 2001
From: Florian Zeitz <florob@babelmonkeys.de>
Date: Mon, 17 Sep 2012 16:48:49 +0200
Subject: [PATCH] Fix uninitialized access (random error message) in
 certificate verification

---
 src/SSLSocket.m | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/SSLSocket.m b/src/SSLSocket.m
index 1a7d909..181ceaf 100644
--- a/src/SSLSocket.m
+++ b/src/SSLSocket.m
@@ -389,13 +389,17 @@ ssl_locking_callback(int mode, int n, const char *file, int line)
 {
 	unsigned long ret;
 
-	if ((SSL_get_peer_certificate(ssl) == NULL) ||
-	    ((ret = SSL_get_verify_result(ssl)) != X509_V_OK)) {
-		const char *reason = X509_verify_cert_error_string(ret);
+	if (SSL_get_peer_certificate(ssl) != NULL) {
+		if ((ret = SSL_get_verify_result(ssl)) != X509_V_OK) {
+			const char *tmp = X509_verify_cert_error_string(ret);
+			OFString *reason = [OFString stringWithUTF8String: tmp];
+			@throw [SSLInvalidCertificateException
+				exceptionWithClass: [self class]
+					    reason: reason];
+		}
+	} else
 		@throw [SSLInvalidCertificateException
 			exceptionWithClass: [self class]
-				    reason: [OFString
-						stringWithUTF8String: reason]];
-	}
+				    reason: @"No certificate"];
 }
 @end