Ensure we don't call the OCSP callback if resuming a session

It makes no sense to call the OCSP status callback if we are resuming a session because no certificates will be sent. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2015-11-30 13:29:41 +00:00 · 2015-11-30 13:29:41 +00:00 · 0ac6239955
commit 0ac6239955
parent 905943af3b
1 changed files with 1 additions and 1 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -3165,7 +3165,7 @@ int ssl_check_serverhello_tlsext(SSL *s)
     * callback
     */
    if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
-        && s->ctx && s->ctx->tlsext_status_cb) {
+        && !(s->hit) && s->ctx && s->ctx->tlsext_status_cb) {
        int r;
        /*
         * Call callback with resp == NULL and resplen == -1 so callback