RT2560: missing NULL check in ocsp_req_find_signer

If we don't find a signer in the internal list, then fall
through and look at the internal list; don't just return NULL.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit b2aa38a980e9fbf158aafe487fb729c492b241fb)

diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 276718304dd211d4be989fb750d8c95ff792feff..fc0d4cc0f5f785f688a1242ab12c9202532d298b 100644 (file)
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -436,8 +436,11 @@ static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm
        if(!(flags & OCSP_NOINTERN))
                {
                signer = X509_find_by_subject(req->optionalSignature->certs, nm);
-               *psigner = signer;
-               return 1;
+               if (signer)
+                       {
+                       *psigner = signer;
+                       return 1;
+                       }
                }
 
        signer = X509_find_by_subject(certs, nm);