From 1eb46c697f064802f10c110cc19d741dc1343933 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 28 Feb 2019 16:15:47 -0800
Subject: [PATCH] 1. In the loop in TCA parse, when checking the list of IDs
 that the server has keys for, change the polarity of the comparison. If the
 current ID is in the list, set the response flag and break out of the loop.

---
 src/tls.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index 0abad816a..8c048cf90 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -2559,11 +2559,13 @@ static int TLSX_TCA_Parse(WOLFSSL* ssl, const byte* input, word16 length,
                 return TCA_INVALID_ID_TYPE;
         }
 
+        /* Find the type/ID in the TCA list. */
         tca = TLSX_TCA_Find((TCA*)extension->data, type, id, idSz);
-        if (!tca)
-            continue;
-
-        TLSX_SetResponse(ssl, TLSX_TRUSTED_CA_KEYS);
+        if (tca != NULL) {
+            /* Found it. Set the response flag and break out of the loop. */
+            TLSX_SetResponse(ssl, TLSX_TRUSTED_CA_KEYS);
+            break;
+        }
     }
 #else
     (void)input;
@@ -2572,6 +2574,7 @@ static int TLSX_TCA_Parse(WOLFSSL* ssl, const byte* input, word16 length,
     return 0;
 }
 
+/* Checks to see if the server sent a response for the TCA. */
 static int TLSX_TCA_VerifyParse(WOLFSSL* ssl, byte isRequest)
 {
     (void)ssl;