Check for issuer only if we actually got a CRL

2010-12-23 11:44:36 +01:00 · 2010-12-23 11:44:36 +01:00 · d3a18dade1
parent 06e6535151
commit d3a18dade1
1 changed files with 7 additions and 7 deletions
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@ -457,15 +457,15 @@ static cert_validation_t find_crl(x509_t *subject, identification_t *issuer,
 		{
 			*uri_found = TRUE;
 			current = fetch_crl(uri);
-			if (!current->has_issuer(current, issuer))
-			{
-				DBG1(DBG_CFG, "issuer of fetched CRL '%Y' does not match CRL "
-					 "issuer '%Y'", current->get_issuer(current), issuer);
-				current->destroy(current);
-				continue;
-			}
 			if (current)
 			{
+				if (!current->has_issuer(current, issuer))
+				{
+					DBG1(DBG_CFG, "issuer of fetched CRL '%Y' does not match CRL "
+						 "issuer '%Y'", current->get_issuer(current), issuer);
+					current->destroy(current);
+					continue;
+				}
 				*best = get_better_crl(current, *best, subject,
 									   &valid, auth, TRUE);
 				if (*best && valid != VALIDATION_STALE)