BUG/MAJOR: ssl: missing tests in ACL fetch functions

Baptiste Assmann observed a crash of 1.5-dev12 occuring when the ssl_sni
fetch was used with no SNI on the input connection and without a prior
has_sni check. A code review revealed several issues :
   1) it was possible to call the has_sni and ssl_sni fetch functions with
      a NULL data_ctx if the handshake fails or if the connection is aborted
      during the handshake.
   2) when no SNI is present, strlen() was called with a NULL parameter in
      smp_fetch_ssl_sni().
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 91e7fee..4198339 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -782,6 +782,7 @@
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 	smp->type = SMP_T_BOOL;
 	smp->data.uint = (l4->si[0].conn.data == &ssl_sock) &&
+		l4->si[0].conn.data_ctx &&
 		SSL_get_servername(l4->si[0].conn.data_ctx, TLSEXT_NAMETYPE_host_name) != NULL;
 	return 1;
 #else
@@ -797,11 +798,13 @@
 	smp->flags = 0;
 	smp->type = SMP_T_CSTR;
 
-	if (!l4 || l4->si[0].conn.data != &ssl_sock)
+	if (!l4 || !l4->si[0].conn.data_ctx || l4->si[0].conn.data != &ssl_sock)
 		return 0;
 
-	/* data points to cookie value */
 	smp->data.str.str = (char *)SSL_get_servername(l4->si[0].conn.data_ctx, TLSEXT_NAMETYPE_host_name);
+	if (!smp->data.str.str)
+		return 0;
+
 	smp->data.str.len = strlen(smp->data.str.str);
 	return 1;
 #else