SSL_get_peer_cert_chain() does not work after a resumption After a resumption it is documented that SSL_get_peer_cert_chain() will return NULL. In BoringSSL it still returns the chain. We don't support that so we should update the shim to call SSL_get_peer_certificate() instead when checking whether a peer certificate is available. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2942)

commit: 162e120711490cbd26f8608bf268a906c42e2027 [log] [tgz]
author: Matt Caswell <matt@openssl.org> Tue Mar 14 17:27:46 2017 +0000
committer: Matt Caswell <matt@openssl.org> Tue Mar 14 23:15:21 2017 +0000
tree: b8fe6dae02829245db108ba4f2a0a8e662176b01
parent: e29d7cea332e58678640aaa84c6ddfaa0adce74f [diff]
diff --git a/test/ossl_shim/ossl_shim.cc b/test/ossl_shim/ossl_shim.cc
index be589e3..9607e52 100644
--- a/test/ossl_shim/ossl_shim.cc
+++ b/test/ossl_shim/ossl_shim.cc

@@ -857,7 +857,7 @@
       return false;
     }
   } else if (!config->is_server || config->require_any_client_certificate) {
-    if (SSL_get_peer_cert_chain(ssl) == nullptr) {
+    if (SSL_get_peer_certificate(ssl) == nullptr) {
       fprintf(stderr, "Received no peer certificate but expected one.\n");
       return false;
     }
commit	162e120711490cbd26f8608bf268a906c42e2027	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Tue Mar 14 17:27:46 2017 +0000
committer	Matt Caswell <matt@openssl.org>	Tue Mar 14 23:15:21 2017 +0000
tree	b8fe6dae02829245db108ba4f2a0a8e662176b01
parent	e29d7cea332e58678640aaa84c6ddfaa0adce74f [diff]