Merge pull request #31566 from Faless/ssl/fix_custom_cert

Fix StreamPeerSSL connect_to_stream w/ custom cert.

1 files changed, 8 insertions, 5 deletions

diff --git a/modules/mbedtls/ssl_context_mbedtls.cpp b/modules/mbedtls/ssl_context_mbedtls.cpp
index 014a201f9c..97b5e23f58 100644
--- a/modules/mbedtls/ssl_context_mbedtls.cpp
+++ b/modules/mbedtls/ssl_context_mbedtls.cpp
@@ -94,9 +94,12 @@ Error SSLContextMbedTLS::init_server(int p_transport, int p_authmode, Ref<Crypto
 }
 
 Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509CertificateMbedTLS> p_valid_cas) {
+	Error err = _setup(MBEDTLS_SSL_IS_CLIENT, p_transport, p_authmode);
+	ERR_FAIL_COND_V(err != OK, err);
+
 	X509CertificateMbedTLS *cas = NULL;
 
-	if (certs.is_valid()) {
+	if (p_valid_cas.is_valid()) {
 		// Locking CA certificates
 		certs = p_valid_cas;
 		certs->lock();
@@ -104,12 +107,12 @@ Error SSLContextMbedTLS::init_client(int p_transport, int p_authmode, Ref<X509Ce
 	} else {
 		// Fall back to default certificates (no need to lock those).
 		cas = CryptoMbedTLS::get_default_certificates();
-		ERR_FAIL_COND_V(cas == NULL, ERR_UNCONFIGURED);
+		if (cas == NULL) {
+			clear();
+			ERR_FAIL_V_MSG(ERR_UNCONFIGURED, "SSL module failed to initialize!");
+		}
 	}
 
-	Error err = _setup(MBEDTLS_SSL_IS_CLIENT, p_transport, p_authmode);
-	ERR_FAIL_COND_V(err != OK, err);
-
 	// Set valid CAs
 	mbedtls_ssl_conf_ca_chain(&conf, &(cas->cert), NULL);
 	mbedtls_ssl_setup(&ssl, &conf);