Ensure we don't call the OCSP callback if resuming a session

It makes no sense to call the OCSP status callback if we are resuming a session because no certificates will be sent. Reviewed-by: N Viktor Dukhovni <viktor@openssl.org>

Ensure we don't call the OCSP callback if resuming a session
It makes no sense to call the OCSP status callback if we are resuming a session because no certificates will be sent. Reviewed-by: N Viktor Dukhovni <viktor@openssl.org>
80e339fd · Matt Caswell · bb1aaab4 · 80e339fd
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

ssl/t1_lib.c ssl/t1_lib.c +1 -1

未找到文件。
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2855,7 +2855,7 @@ int ssl_check_serverhello_tlsext(SSL *s)
     * callback
     */
    if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
-        && s->ctx && s->ctx->tlsext_status_cb) {
+        && !(s->hit) && s->ctx && s->ctx->tlsext_status_cb) {
        int r;
        /*
         * Call callback with resp == NULL and resplen == -1 so callback