Only send ocsp staples if the client asked for ocsp certificate status.

noticed by dlg@ on www.openbsd.org with curl. ok dlg@
author: beck <> 2020-05-19 02:16:16 +0000
committer: beck <> 2020-05-19 02:16:16 +0000
commit: 703cde656ae315f4314348b60e9b2fc02a42f0dc (patch)
tree: 596ec9607ba98d0f64b4dab9692386a8e542708f
parent: 0286c965db48149ae18c03e50dcc7965dfa5887e (diff)
download: openbsd-703cde656ae315f4314348b60e9b2fc02a42f0dc.tar.gz
openbsd-703cde656ae315f4314348b60e9b2fc02a42f0dc.tar.bz2
openbsd-703cde656ae315f4314348b60e9b2fc02a42f0dc.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 1ec8ac00ef..8949dc3a26 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.69 2020/05/19 01:30:34 beck Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.70 2020/05/19 02:16:16 beck Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -910,6 +910,7 @@ int
 tlsext_ocsp_server_needs(SSL *s)
 {
        if (s->version >= TLS1_3_VERSION &&
+            s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
            s->ctx->internal->tlsext_status_cb != NULL) {
                s->internal->tlsext_status_expected = 0;
                if (s->ctx->internal->tlsext_status_cb(s,
author	beck <>	2020-05-19 02:16:16 +0000
committer	beck <>	2020-05-19 02:16:16 +0000
commit	703cde656ae315f4314348b60e9b2fc02a42f0dc (patch)
tree	596ec9607ba98d0f64b4dab9692386a8e542708f
parent	0286c965db48149ae18c03e50dcc7965dfa5887e (diff)
download	openbsd-703cde656ae315f4314348b60e9b2fc02a42f0dc.tar.gz openbsd-703cde656ae315f4314348b60e9b2fc02a42f0dc.tar.bz2 openbsd-703cde656ae315f4314348b60e9b2fc02a42f0dc.zip