safer way to extract certificate from stream

src/pkg-tls.c

@@ -115,7 +115,11 @@ set_dhparams (void)
 	  time_stamp(), file);
     } else {
 	dhparams = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
-	if (dhparams != NULL) return MY_TRUE;
+	if (dhparams != NULL) {
+	    debug_message("%s TLS got DHparams from \"%s\".\n",
+	      time_stamp(), file);
+	    return MY_TRUE;
+	}
     }
     debug_message("%s Generating DH parameters with %d bits. Please wait.\n",
       time_stamp(), DH_BITS);
@@ -533,8 +537,7 @@ tls_global_init (void)
 			      , time_stamp());
 		goto ssl_init_err;
 	} else {
-		debug_message("%s: TLS: using ECDHE, yai\n"
+		debug_message("%s TLS using ECDHE.\n", time_stamp());
-			      , time_stamp());
 	}
 	SSL_CTX_set_tmp_ecdh(context,ecdh);
 	EC_KEY_free(ecdh);
@@ -1349,17 +1352,16 @@ f_tls_check_certificate(svalue_t *sp)
 	if (more >= 2) 
 	{
 	    BIO *bio = BIO_new(BIO_s_mem());
-	    char *tmp;
+            if (PEM_write_bio_X509(bio, peer)) {
-	    long l;
+		char *tmp;
-//	    int l2;
+                long l = BIO_get_mem_data(bio, &tmp);
-//	    l2 = PEM_write_bio_X509(bio, peer);
+                if (l > 0) {
-	    l = BIO_get_mem_data(bio, &tmp);
+		    tmp[l] = 0;
-	    tmp[l] = 0;
+		    put_c_n_string(&(v->item[3]), tmp, l);
-	    if (l > 0)
+                } else
-		put_c_n_string(&(v->item[3]), tmp, l);
+                  put_number(&(v->item[3]), 0);
-	    else 
+            }
-		put_number(&(v->item[3]), 0);
+            BIO_free(bio);
-	    BIO_free(bio);
 	}
         X509_free(peer);
     }

src/version.sh

@@ -17,7 +17,7 @@ version_longtype="stable"
 # A timestamp, to be used by bumpversion and other scripts.
 # It can be used, for example, to 'touch' this file on every build, thus
 # forcing revision control systems to add it on every checkin automatically.
-version_stamp="Wed Mar  1 17:44:57 CET 2017"
+version_stamp="Wed Mar  1 18:42:11 CET 2017"
 
 # Okay, LDMUD is using 3.x.x so to avoid conflicts let's just use 4.x.x
 version_major=4