Honor the status from peer and do not do internal OCSP lookup regardless

Item 2) Suggestion from Sean implemented: "Limit the message types" Item 3) Removed a hard tab
2019-07-08 13:50:05 -06:00
parent 964dac96a7
commit 3e6246af59
1 changed files with 8 additions and 4 deletions
--- a/src/tls.c
+++ b/src/tls.c
@ -10360,10 +10360,14 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
            case TLSX_STATUS_REQUEST:
                WOLFSSL_MSG("Certificate Status Request extension received");

-#ifdef WOLFSSL_TLS13
-                if (IsAtLeastTLSv1_3(ssl->version))
-                    break;
-#endif
+ #ifdef WOLFSSL_TLS13
+                if (IsAtLeastTLSv1_3(ssl->version) &&
+                        msgType != client_hello &&
+                        msgType != certificate_request &&
+                        msgType != certificate) {
+                     break;
+                }
+ #endif
                ret = CSR_PARSE(ssl, input + offset, size, isRequest);
                break;