SSL_get0_verified_chain sometimes returns null if the peer did not supply a certificate or if the SSL context somehow got reset. We store the output of this into a UniqueStackOfX509 object, which is simply a unique_ptr that wraps around the stack_st_X509 pointer returned by the OpenSSL call. However, we pass that raw pointer directly into X509_chain_up_ref before returning the unique_ptr. This should be preceded by a nullptr check to ensure that SSL_get0_verified_chain did not return null.