diff --git a/src/tls.c b/src/tls.c index d3b19d9e1..829e4ad89 100755 --- a/src/tls.c +++ b/src/tls.c @@ -951,6 +951,7 @@ static INLINE word16 TLSX_ToSemaphore(word16 type) (!(((semaphore)[(light) / 8] & (byte) (0x01 << ((light) % 8))))) /** Turn on a specific light (tls extension) in the semaphore. */ +/* the semaphore marks the extensions already written to the message */ #define TURN_ON(semaphore, light) \ ((semaphore)[(light) / 8] |= (byte) (0x01 << ((light) % 8))) @@ -7769,6 +7770,14 @@ word16 TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType) #endif } #endif + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (!ssl->ctx->cm->ocspStaplingEnabled) { + /* mark already sent, so it won't send it */ + TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); + TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2)); + } + #endif } #ifdef WOLFSSL_TLS13 #ifndef NO_CERTS @@ -7842,6 +7851,14 @@ word16 TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType) TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); #endif #endif + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + /* mark already sent, so it won't send it */ + if (!ssl->ctx->cm->ocspStaplingEnabled) { + TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST)); + TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_STATUS_REQUEST_V2)); + } + #endif } #ifdef WOLFSSL_TLS13 #ifndef NO_CERT diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 52d315fa0..2de43a5be 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1047,7 +1047,7 @@ WOLFSSL_API void wolfSSL_ERR_dump_errors_fp(FILE* fp); #define SSL_ERROR_NONE WOLFSSL_ERROR_NONE #define SSL_FAILURE WOLFSSL_FAILURE #define SSL_SUCCESS WOLFSSL_SUCCESS - #define SSL_SHUTDOWN_NOT_DONE WOLF_WOLFSSL_SHUTDOWN_NOT_DONE + #define SSL_SHUTDOWN_NOT_DONE WOLFSSL_SHUTDOWN_NOT_DONE #define SSL_ALPN_NOT_FOUND WOLFSSL_ALPN_NOT_FOUND #define SSL_BAD_CERTTYPE WOLFSSL_BAD_CERTTYPE