BUG/MINOR; ssl: Don't assume we have a ssl_bind_conf because a SNI is matched.
We only have a ssl_bind_conf if crt-list is used, however we can still
match a certificate SNI, so don't assume we have a ssl_bind_conf.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 597a479..628f4ca 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2267,11 +2267,13 @@
/* switch ctx */
struct ssl_bind_conf *conf = container_of(node, struct sni_ctx, name)->conf;
ssl_sock_switchctx_set(ssl, container_of(node, struct sni_ctx, name)->ctx);
- methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
- methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
- if (conf->early_data)
- allow_early = 1;
- goto allow_early;
+ if (conf) {
+ methodVersions[conf->ssl_methods.min].ssl_set_version(ssl, SET_MIN);
+ methodVersions[conf->ssl_methods.max].ssl_set_version(ssl, SET_MAX);
+ if (conf->early_data)
+ allow_early = 1;
+ }
+ goto allow_early;
}
#if (!defined SSL_NO_GENERATE_CERTIFICATES)
if (s->generate_certs && ssl_sock_generate_certificate(trash.str, s, ssl)) {