From 8225d3642b75ff97a85e2367e723368f80a8e519 Mon Sep 17 00:00:00 2001
From: JacobBarthelmeh <jacob@wolfssl.com>
Date: Thu, 3 Nov 2022 22:39:47 -0700
Subject: [PATCH] save next status with OCSP response verify

---
 src/ocsp.c  |  2 +-
 tests/api.c | 23 +++++++++++++++++++++--
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/src/ocsp.c b/src/ocsp.c
index 0245c05f6..78f23e81c 100644
--- a/src/ocsp.c
+++ b/src/ocsp.c
@@ -362,7 +362,7 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz,
         }
 
         /* Replace existing certificate entry with updated */
-        newSingle->status->next = status->next;
+        ocspResponse->single->status->next = status->next;
         XMEMCPY(status, ocspResponse->single->status, sizeof(CertStatus));
     }
     else {
diff --git a/tests/api.c b/tests/api.c
index b89fc1e5f..cf1e7fff8 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -1726,9 +1726,10 @@ static int test_wolfSSL_CheckOCSPResponse(void)
     {
         WOLFSSL_CERT_MANAGER* cm = NULL;
         OcspEntry *entry;
-        CertStatus status[1];
+        CertStatus* status;
         OcspRequest* request;
 
+        byte serial1[] = {0x01};
         byte serial[] = {0x02};
 
         byte issuerHash[] = {
@@ -1746,6 +1747,10 @@ static int test_wolfSSL_CheckOCSPResponse(void)
              DYNAMIC_TYPE_OPENSSL);
         AssertNotNull(entry);
 
+        status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
+             DYNAMIC_TYPE_OPENSSL);
+        AssertNotNull(status);
+
         XMEMSET(entry, 0, sizeof(OcspEntry));
         XMEMSET(status, 0, sizeof(CertStatus));
 
@@ -1774,9 +1779,23 @@ static int test_wolfSSL_CheckOCSPResponse(void)
             dataSz, NULL, status, entry, request), WOLFSSL_SUCCESS);
         AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data,
             dataSz, NULL, entry->status, entry, request), WOLFSSL_SUCCESS);
+        AssertNotNull(entry->status);
+
+        XMEMCPY(request->serial, serial1, sizeof(serial1));
+        AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data,
+            dataSz, NULL, status, entry, request), WOLFSSL_SUCCESS);
+
+        /* store both status's in the entry to check that "next" is not
+         * overwritten */
+        status->next  = entry->status;
+        entry->status = status;
+
+        XMEMCPY(request->serial, serial, sizeof(serial));
+        AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data,
+            dataSz, NULL, entry->status, entry, request), WOLFSSL_SUCCESS);
+        AssertNotNull(entry->status->next);
 
         /* compare the status found */
-        AssertNotNull(entry->status);
         AssertIntEQ(status->serialSz, entry->status->serialSz);
         AssertIntEQ(XMEMCMP(status->serial, entry->status->serial,
             status->serialSz), 0);