tls openssl: added pointer guards and error messages

- avoid to dereference null-pointers in openssl_ctx_ and openssl_

core/src/lib/tls_openssl_private.cc

@@ -76,6 +76,11 @@ TlsOpenSslPrivate::~TlsOpenSslPrivate()
 
 bool TlsOpenSslPrivate::init()
 {
+  if (!openssl_ctx_) {
+    OpensslPostErrors(M_FATAL, _("Error initializing TlsOpenSsl (no SSL_CTX)\n"));
+    return false;
+  }
+
   if (cipherlist_.empty()) {
     cipherlist_ = tls_default_ciphers_;
   }
@@ -189,9 +194,9 @@ bool TlsOpenSslPrivate::init()
 /*
  * report any errors that occured
  */
-int TlsOpenSslPrivate::OpensslVerifyPeer(int ok, X509_STORE_CTX *store)
+int TlsOpenSslPrivate::OpensslVerifyPeer(int preverify_ok, X509_STORE_CTX *store)
 { /* static */
-  if (!ok) {
+  if (!preverify_ok) {
     X509 *cert = X509_STORE_CTX_get_current_cert(store);
     int depth  = X509_STORE_CTX_get_error_depth(store);
     int err    = X509_STORE_CTX_get_error(store);
@@ -207,7 +212,7 @@ int TlsOpenSslPrivate::OpensslVerifyPeer(int ok, X509_STORE_CTX *store)
           depth, issuer, subject, err, X509_verify_cert_error_string(err));
   }
 
-  return ok;
+  return preverify_ok;
 }
 
 int TlsOpenSslPrivate::OpensslBsockReadwrite(BareosSocket *bsock, char *ptr, int nbytes, bool write)
@@ -403,9 +408,15 @@ unsigned int TlsOpenSslPrivate::psk_client_cb(SSL *ssl,
 {
   const SSL_CTX *openssl_ctx = SSL_get_SSL_CTX(ssl);
 
-  if (openssl_ctx) {
-    if (psk_client_credentials_.find(openssl_ctx) != psk_client_credentials_.end()) {
-      const PskCredentials &credentials = TlsOpenSslPrivate::psk_client_credentials_.at(openssl_ctx);
+  if (!openssl_ctx) {
+      Dmsg0(100, "Psk Client Callback: No SSL_CTX\n");
+      return 0;
+  }
+
+  if (psk_client_credentials_.find(openssl_ctx) == psk_client_credentials_.end()) {
+    Dmsg0(100, "Error, TLS-PSK CALLBACK not set because SSL_CTX is not registered.\n");
+  } else {
+    const PskCredentials &credentials = TlsOpenSslPrivate::psk_client_credentials_.at(openssl_ctx);
       int ret = Bsnprintf(identity, max_identity_len, "%s", credentials.get_identity().c_str());
 
       if (ret < 0 || (unsigned int)ret > max_identity_len) {
@@ -422,13 +433,7 @@ unsigned int TlsOpenSslPrivate::psk_client_cb(SSL *ssl,
       Dmsg1(100, "psk_client_cb. psk: %s.\n", psk);
 
       return ret;
-    } else {
-      Dmsg0(100, "Error, TLS-PSK CALLBACK not set.\n");
-      return 0;
     }
-  }
-
-  Dmsg0(100, "Error, SSL_CTX not set.\n");
   return 0;
 }