From 3e6246af590b27dfca981b5d4c841e67d99c482d Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Mon, 8 Jul 2019 13:50:05 -0600
Subject: [PATCH] Honor the status from peer and do not do internal OCSP lookup
 regardless

Item 2) Suggestion from Sean implemented: "Limit the message types"

Item 3) Removed a hard tab
---
 src/tls.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/tls.c b/src/tls.c
index 918ea3801..651f54280 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -10360,10 +10360,14 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
             case TLSX_STATUS_REQUEST:
                 WOLFSSL_MSG("Certificate Status Request extension received");
 
-#ifdef WOLFSSL_TLS13
-                if (IsAtLeastTLSv1_3(ssl->version))
-                    break;
-#endif
+ #ifdef WOLFSSL_TLS13
+                if (IsAtLeastTLSv1_3(ssl->version) &&
+                        msgType != client_hello &&
+                        msgType != certificate_request &&
+                        msgType != certificate) {
+                     break;
+                }
+ #endif
                 ret = CSR_PARSE(ssl, input + offset, size, isRequest);
                 break;