add handling for nil possible on some platforms

Spotted by an audit-tool I was using at the time. (Belated commit)
PennockTech · Jan 5, 2024 · d796a47 · d796a47
1 parent 3745851
commit d796a47
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/dane.go b/dane.go
@@ -131,7 +131,12 @@ func (vc *validationContext) chainValid(eeCert, anchorCert *x509.Certificate, ca
 		vOpts.DNSName = tryHostname
 		chains, err := eeCert.Verify(vOpts)
 		if err != nil {
-			vc.Wafflef("no valid TA chains for hostname %q", tryHostname)
+			vc.Wafflef("no valid TA chains for hostname %q [%v]", tryHostname, err)
+			continue
+		}
+		// On some non-Unix platforms, the system verifier can be called, and there's a mode where that returns nil,nil
+		if chains == nil {
+			vc.Wafflef("when asking for TA chains for hostname %q we got a nil response without error", tryHostname)
 			continue
 		}