From 934ce95782b4bd2661634178fa37d7d852cec066 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Wed, 2 Nov 2016 17:35:10 +0000
Subject: Ensure handshake is complete before processing an ocsp response for a
 ctx ok jsing@

---
 src/lib/libtls/tls_ocsp.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src')

diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c
index 113ab0dd3d..0a3d50759f 100644
--- a/src/lib/libtls/tls_ocsp.c
+++ b/src/lib/libtls/tls_ocsp.c
@@ -386,6 +386,9 @@ tls_ocsp_process_response(struct tls *ctx, const unsigned char *response,
 	int ret;
 	OCSP_RESPONSE *resp;
 
+	if ((ctx->state & TLS_HANDSHAKE_COMPLETE) == 0)
+		return -1;
+
 	resp = d2i_OCSP_RESPONSE(NULL, &response, size);
 	if (resp == NULL) {
 		tls_ocsp_ctx_free(ctx->ocsp_ctx);
-- 
cgit v1.2.3-55-g6feb