lib-ssl-iostream: Return NULL from ssl_iostream_get_security_string when not handshaked

cmouse · cmouse · commit 15318bc04954 · 2022-12-23T12:04:31.000+02:00
diff --git a/src/lib-ssl-iostream/iostream-openssl.c b/src/lib-ssl-iostream/iostream-openssl.c
@@ -860,7 +860,7 @@ openssl_iostream_get_security_string(struct ssl_iostream *ssl_io)
 	int bits, alg_bits;
 
 	if (!ssl_io->handshaked)
-		return "";
+		return NULL;
 
 	cipher = SSL_get_current_cipher(ssl_io->ssl);
 	bits = SSL_CIPHER_get_bits(cipher, &alg_bits);
diff --git a/src/lib-ssl-iostream/iostream-ssl.h b/src/lib-ssl-iostream/iostream-ssl.h
@@ -131,6 +131,8 @@ const char *ssl_iostream_get_compression(struct ssl_iostream *ssl_io);
    provided.
  */
 const char *ssl_iostream_get_server_name(struct ssl_iostream *ssl_io);
+/* Returns textual representation of the security parameters for the connection,
+   or NULL if handshake has not been done. */
 const char *ssl_iostream_get_security_string(struct ssl_iostream *ssl_io);
 
 /* Returns ClientHello based JA3 string. Will return NULL
