SecureTransport: handle NULL trust on successcmn/copypeertrust-null

The `SSLCopyPeerTrust` call can succeed but fail to return a trust object if it can't load the certificate chain and thus cannot check the validity of a certificate. This can lead to us calling `CFRelease` on a `NULL` trust object, causing a crash. Handle this by returning ECERTIFICATE.
author: Carlos Martín Nieto <cmn@dwim.me> 2016-08-05 18:40:37 +0200
committer: Carlos Martín Nieto <cmn@dwim.me> 2016-08-05 18:40:37 +0200
commit: 9884dd613ede9946c512803c4caf438eb10e2d36 (patch)
tree: 0030d9b2354eef2dba4624e6bb78ace9d3c97ba1
parent: cba60b9b0ef90ab2b69e5015627c7daa613dfda3 (diff)
download: libgit2-9884dd613ede9946c512803c4caf438eb10e2d36.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/src/stransport_stream.c b/src/stransport_stream.c
index 66be58a21..008bdfb3c 100644
--- a/src/stransport_stream.c
+++ b/src/stransport_stream.c
@@ -67,6 +67,9 @@ int stransport_connect(git_stream *stream)
 	if ((ret = SSLCopyPeerTrust(st->ctx, &trust)) != noErr)
 		goto on_error;
 
+	if (!trust)
+		return GIT_ECERTIFICATE;
+
 	if ((ret = SecTrustEvaluate(trust, &sec_res)) != noErr)
 		goto on_error;
author	Carlos Martín Nieto <cmn@dwim.me>	2016-08-05 18:40:37 +0200
committer	Carlos Martín Nieto <cmn@dwim.me>	2016-08-05 18:40:37 +0200
commit	9884dd613ede9946c512803c4caf438eb10e2d36 (patch)
tree	0030d9b2354eef2dba4624e6bb78ace9d3c97ba1
parent	cba60b9b0ef90ab2b69e5015627c7daa613dfda3 (diff)
download	libgit2-9884dd613ede9946c512803c4caf438eb10e2d36.tar.gz