There's no real need to do this in openconnect_obtain_cookie(). It doesn't
really matter if we do it for other connections, since any connections we
make *after* obtaining the cookie will be to the same server anyway.
This moves another OpenSSL-specific snippet out of what should be generic
code.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
if (result < 0)
return result;
- /* Remember the peer's SSL certificate; it may disconnect during
- the response and then we wouldn't be able to find it */
- if (vpninfo->peer_cert)
- X509_free(vpninfo->peer_cert);
- vpninfo->peer_cert = SSL_get_peer_certificate(vpninfo->https_ssl);
-
buflen = process_http_response(vpninfo, &result, NULL, &form_buf);
if (buflen < 0) {
/* We'll already have complained about whatever offended us */
if (vpninfo->https_ssl)
return 0;
+ if (vpninfo->peer_cert) {
+ X509_free(vpninfo->peer_cert);
+ vpninfo->peer_cert = NULL;
+ }
+
if (!vpninfo->port)
vpninfo->port = 443;
vpninfo->ssl_fd = ssl_sock;
vpninfo->https_ssl = https_ssl;
+ /* Stash this now, because it might not be available later if the
+ server has disconnected. */
+ vpninfo->peer_cert = SSL_get_peer_certificate(vpninfo->https_ssl);
+
vpn_progress(vpninfo, PRG_INFO, _("Connected to HTTPS on %s\n"),
vpninfo->hostname);