4 files changed, 27 insertions, 11 deletions

diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c
index 6dd3141f0..80239f654 100644
--- a/src/libcharon/encoding/payloads/cert_payload.c
+++ b/src/libcharon/encoding/payloads/cert_payload.c
@@ -320,7 +320,12 @@ cert_payload_t *cert_payload_create_from_cert(certificate_t *cert)
 			free(this);
 			return NULL;
 	}
-	this->data = cert->get_encoding(cert);
+	if (!cert->get_encoding(cert, CERT_ASN1_DER, &this->data))
+	{
+		DBG1(DBG_ENC, "encoding certificate for cert payload failed");
+		free(this);
+		return NULL;
+	}
 	this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->data.len;
 	return &this->public;
 }
diff --git a/src/libcharon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c
index b1cf5b2b5..9a3ae0ab9 100644
--- a/src/libcharon/plugins/stroke/stroke_ca.c
+++ b/src/libcharon/plugins/stroke/stroke_ca.c
@@ -357,12 +357,16 @@ static void check_for_hash_and_url(private_stroke_ca_t *this, certificate_t* cer
 	{
 		if (section->certuribase && cert->issued_by(cert, section->cert))
 		{
-			chunk_t hash, encoded = cert->get_encoding(cert);
-			hasher->allocate_hash(hasher, encoded, &hash);
-			section->hashes->insert_last(section->hashes,
-					identification_create_from_encoding(ID_KEY_ID, hash));
-			chunk_free(&hash);
-			chunk_free(&encoded);
+			chunk_t hash, encoded;
+
+			if (cert->get_encoding(cert, CERT_ASN1_DER, &encoded))
+			{
+				hasher->allocate_hash(hasher, encoded, &hash);
+				section->hashes->insert_last(section->hashes,
+						identification_create_from_encoding(ID_KEY_ID, hash));
+				chunk_free(&hash);
+				chunk_free(&encoded);
+			}
 			break;
 		}
 	}
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c
index 68703d128..2816b9bb2 100644
--- a/src/libcharon/plugins/stroke/stroke_cred.c
+++ b/src/libcharon/plugins/stroke/stroke_cred.c
@@ -587,9 +587,11 @@ static void cache_cert(private_stroke_cred_t *this, certificate_t *cert)
 			snprintf(buf, sizeof(buf), "%s/%s.crl", CRL_DIR, hex);
 			free(hex.ptr);
 
-			chunk = cert->get_encoding(cert);
-			chunk_write(chunk, buf, "crl", 022, TRUE);
-			free(chunk.ptr);
+			if (cert->get_encoding(cert, CERT_ASN1_DER, &chunk))
+			{
+				chunk_write(chunk, buf, "crl", 022, TRUE);
+				free(chunk.ptr);
+			}
 		}
 	}
 }
diff --git a/src/libcharon/sa/tasks/ike_cert_post.c b/src/libcharon/sa/tasks/ike_cert_post.c
index b28739df2..cc810a49a 100644
--- a/src/libcharon/sa/tasks/ike_cert_post.c
+++ b/src/libcharon/sa/tasks/ike_cert_post.c
@@ -72,7 +72,12 @@ static cert_payload_t *build_cert_payload(private_ike_cert_post_t *this,
 		return cert_payload_create_from_cert(cert);
 	}
 
-	encoded = cert->get_encoding(cert);
+	if (!cert->get_encoding(cert, CERT_ASN1_DER, &encoded))
+	{
+		DBG1(DBG_IKE, "encoding certificate for cert payload failed");
+		hasher->destroy(hasher);
+		return NULL;
+	}
 	hasher->allocate_hash(hasher, encoded, &hash);
 	chunk_free(&encoded);
 	hasher->destroy(hasher);