tls: always report protocol and suite

Author: beck <beck>
Date:   Wed Oct 7 23:25:45 2015 +0000

    Allow us to get cipher and version even if there is not a peer certificate.
    ok doug@

usual/tls/tls.c

@@ -482,10 +482,11 @@ tls_handshake(struct tls *ctx)
 	else if ((ctx->flags & TLS_SERVER_CONN) != 0)
 		rv = tls_handshake_server(ctx);
 
-	if (rv == 0 &&
-	    (ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn)) &&
-	    (tls_get_conninfo(ctx) == -1))
-		rv = -1;
+	if (rv == 0) {
+		ctx->ssl_peer_cert =  SSL_get_peer_certificate(ctx->ssl_conn);
+		if (tls_get_conninfo(ctx) == -1)
+		    rv = -1;
+	}
  out:
 	/* Prevent callers from performing incorrect error handling */
 	errno = 0;

usual/tls/tls_conninfo.c

@@ -126,7 +126,7 @@ tls_get_peer_cert_subject(struct tls *ctx, char **subject)
 
 int
 tls_get_conninfo(struct tls *ctx) {
-	int rv = -1;
+	const char * tmp;
 	if (ctx->ssl_peer_cert != NULL) {
 		if (tls_get_peer_cert_hash(ctx, &ctx->conninfo->hash) == -1)
 			goto err;
@@ -135,16 +135,21 @@ tls_get_conninfo(struct tls *ctx) {
 			goto err;
 		if (tls_get_peer_cert_issuer(ctx, &ctx->conninfo->issuer) == -1)
 			goto err;
-		ctx->conninfo->version = strdup(SSL_get_version(ctx->ssl_conn));
-		if (ctx->conninfo->version == NULL)
-			goto err;
-		ctx->conninfo->cipher = strdup(SSL_get_cipher(ctx->ssl_conn));
-		if (ctx->conninfo->cipher == NULL)
-			goto err;
 	}
-	rv = 0;
+	if ((tmp = SSL_get_version(ctx->ssl_conn)) == NULL)
+		goto err;
+	ctx->conninfo->version = strdup(tmp);
+	if (ctx->conninfo->version == NULL)
+		goto err;
+	if ((tmp = SSL_get_cipher(ctx->ssl_conn)) == NULL)
+		goto err;
+	ctx->conninfo->cipher = strdup(tmp);
+	if (ctx->conninfo->cipher == NULL)
+		goto err;
+	return (0);
 err:
-	return (rv);
+	tls_free_conninfo(ctx->conninfo);
+	return (-1);
 }
 
 void