From d0c2609ebb8a4f5f2b5107940a8cb828b94addeb Mon Sep 17 00:00:00 2001
From: John Bland <john.bland@wolfssl.com>
Date: Mon, 11 Sep 2023 01:56:58 -0400
Subject: [PATCH] stop ProcessPeerCerts from reseting the cert chain

count when an async error was returned
---
 src/internal.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 2324598c5..e724126d3 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -15237,11 +15237,18 @@ static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     WOLFSSL_ENTER("DoCertificate");
 
 #ifdef SESSION_CERTS
-    /* Reset the session cert chain count in case the session resume failed. */
-    ssl->session->chain.count = 0;
-    #ifdef WOLFSSL_ALT_CERT_CHAINS
+    /* Reset the session cert chain count in case the session resume failed,
+    do not reset if we are resuming after an async wait */
+#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
+    if (((ProcPeerCertArgs*)(ssl->async->args))->lastErr != OCSP_WANT_READ &&
+        ((ProcPeerCertArgs*)(ssl->async->args))->lastErr != WC_PENDING_E)
+#endif
+    {
+        ssl->session->chain.count = 0;
+#ifdef WOLFSSL_ALT_CERT_CHAINS
         ssl->session->altChain.count = 0;
-    #endif
+#endif
+    }
 #endif /* SESSION_CERTS */
 
     ret = ProcessPeerCerts(ssl, input, inOutIdx, size);