From af948b498a390b31f1d043d97c255fff653cd3ab Mon Sep 17 00:00:00 2001
From: Richard Fuchs <rfuchs@sipwise.com>
Date: Thu, 21 Apr 2022 11:36:21 -0400
Subject: [PATCH] TT#172650 don't segfault if no DTLS cert is available

Change-Id: Ic567b2f585aaa199766168c250f019183036f314
---
 daemon/call.c |  3 ++-
 daemon/dtls.c | 10 +++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/daemon/call.c b/daemon/call.c
index 4840511ee..22d7f0729 100644
--- a/daemon/call.c
+++ b/daemon/call.c
@@ -3621,7 +3621,8 @@ static void __call_free(void *p) {
 
 	//ilog(LOG_DEBUG, "freeing main call struct");
 
-	obj_put(c->dtls_cert);
+	if (c->dtls_cert)
+		obj_put(c->dtls_cert);
 	mqtt_timer_stop(&c->mqtt_timer);
 
 	while (c->monologues.head) {
diff --git a/daemon/dtls.c b/daemon/dtls.c
index df3399480..546abbf69 100644
--- a/daemon/dtls.c
+++ b/daemon/dtls.c
@@ -345,6 +345,9 @@ static void __dtls_timer(void *p) {
 	long int left;
 
 	c = dtls_cert();
+	if (!c)
+		return;
+
 	left = c->expires - rtpe_now.tv_sec;
 	if (left > CERT_EXPIRY_TIME/2)
 		goto out;
@@ -397,7 +400,7 @@ struct dtls_cert *dtls_cert() {
 	struct dtls_cert *ret;
 
 	rwlock_lock_r(&__dtls_cert_lock);
-	ret = obj_get(__dtls_cert);
+	ret = __dtls_cert ? obj_get(__dtls_cert) : NULL;
 	rwlock_unlock_r(&__dtls_cert_lock);
 
 	return ret;
@@ -517,6 +520,11 @@ static int try_connect(struct dtls_connection *d) {
 int dtls_connection_init(struct dtls_connection *d, struct packet_stream *ps, int active,
 		struct dtls_cert *cert)
 {
+	if (!cert) {
+		ilogs(crypto, LOG_ERR, "Cannot establish DTLS: no certificate available");
+		return -1;
+	}
+
 	unsigned long err;
 
 	if (d->init) {