From 9dc386fe8d7ac2697cc414a93f9a77f1fc9f2475 Mon Sep 17 00:00:00 2001
From: Masakazu Kitajo <maskit@apache.org>
Date: Tue, 25 Apr 2023 12:55:26 -0600
Subject: [PATCH 1/2] Fix nullptr dereference on QUIC connection

---
 iocore/net/SSLUtils.cc | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index ea8e57a8878..8bb46e75605 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -375,13 +375,15 @@ ssl_cert_callback(SSL *ssl, void *arg)
   int retval = 1;
 
   // If we are in tunnel mode, don't select a cert.  Pause!
-  NetVConnection *netvc = reinterpret_cast<NetVConnection *>(sslnetvc);
-  if (HttpProxyPort::TRANSPORT_BLIND_TUNNEL == netvc->attributes) {
+  if (sslnetvc) {
+    NetVConnection *netvc = reinterpret_cast<NetVConnection *>(sslnetvc);
+    if (HttpProxyPort::TRANSPORT_BLIND_TUNNEL == netvc->attributes) {
 #ifdef OPENSSL_IS_BORINGSSL
-    return -2; // Retry
+      return -2; // Retry
 #else
-    return -1; // Pause
+      return -1; // Pause
 #endif
+    }
   }
 
   SSLCertContextType ctxType = SSLCertContextType::GENERIC;

From 8ae0f580bfba4c6a4048137a9278ad143df5882f Mon Sep 17 00:00:00 2001
From: Damian Meden <dmeden@apache.org>
Date: Fri, 28 Apr 2023 13:51:13 +0100
Subject: [PATCH 2/2] Add validation for null before calling the
 TLSCertSwitchSupport

---
 iocore/net/SSLUtils.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 8bb46e75605..3b4f8667dc9 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -413,7 +413,7 @@ ssl_cert_callback(SSL *ssl, void *arg)
       retval = -1; // Pause
     }
   } else {
-    if (tcss->selectCertificate(ssl, ctxType) == 1) {
+    if (tcss && tcss->selectCertificate(ssl, ctxType) == 1) {
       retval = 1;
     } else {
       retval = 0;