Fix nullptr dereference on QUIC connection (#9642)

* Fix nullptr dereference on QUIC connection

* Add validation for null before calling the TLSCertSwitchSupport

---------

Co-authored-by: Damian Meden <dmeden@apache.org>

Author: maskit

iocore/net/SSLUtils.cc

@@ -375,13 +375,15 @@ ssl_cert_callback(SSL *ssl, void *arg)
   int retval = 1;
 
   // If we are in tunnel mode, don't select a cert.  Pause!
-  NetVConnection *netvc = reinterpret_cast<NetVConnection *>(sslnetvc);
-  if (HttpProxyPort::TRANSPORT_BLIND_TUNNEL == netvc->attributes) {
+  if (sslnetvc) {
+    NetVConnection *netvc = reinterpret_cast<NetVConnection *>(sslnetvc);
+    if (HttpProxyPort::TRANSPORT_BLIND_TUNNEL == netvc->attributes) {
 #ifdef OPENSSL_IS_BORINGSSL
-    return -2; // Retry
+      return -2; // Retry
 #else
-    return -1; // Pause
+      return -1; // Pause
 #endif
+    }
   }
 
   SSLCertContextType ctxType = SSLCertContextType::GENERIC;
@@ -411,7 +413,7 @@ ssl_cert_callback(SSL *ssl, void *arg)
       retval = -1; // Pause
     }
   } else {
-    if (tcss->selectCertificate(ssl, ctxType) == 1) {
+    if (tcss && tcss->selectCertificate(ssl, ctxType) == 1) {
       retval = 1;
     } else {
       retval = 0;