From 80bc547853163e26d839697700ff4328551dac20 Mon Sep 17 00:00:00 2001
From: John Bland <john.bland@wolfssl.com>
Date: Tue, 18 Jul 2023 13:00:53 -0400
Subject: [PATCH] in the event of a OCSP_WANT_READ, set the ssl->error

so that the re-run of DoHandShakeMsgType knows not to hash the certificate twice and won't send an alert to the server as it was when OCSP_WANT_READ instead of setting ret to 0
---
 src/internal.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 73fbc6626..ce8f2b909 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -16332,6 +16332,11 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
     }
 
 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
+    /* make sure async error is cleared */
+    if (ret == 0 && (ssl->error == WC_PENDING_E || ssl->error == OCSP_WANT_READ)) {
+        ssl->error = 0;
+    }
+
     /* if async, offset index so this msg will be processed again */
     if ((ret == WC_PENDING_E || ret == OCSP_WANT_READ) && *inOutIdx > 0) {
         *inOutIdx -= HANDSHAKE_HEADER_SZ;
@@ -16340,11 +16345,10 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
             *inOutIdx -= DTLS_HANDSHAKE_EXTRA;
         }
     #endif
-    }
 
-    /* make sure async error is cleared */
-    if (ret == 0 && (ssl->error == WC_PENDING_E || ssl->error == OCSP_WANT_READ)) {
-        ssl->error = 0;
+        /* set the async error so the re-run will work and won't send alert */
+        ssl->error = ret;
+        ret = 0;
     }
 #endif /* WOLFSSL_ASYNC_CRYPT || WOLFSSL_NONBLOCK_OCSP */