From cc684f859317d507d7cd4d9f884ed41bffca555a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moise=CC=81s=20Guimara=CC=83es?= <moises@wolfssl.com>
Date: Sat, 14 Nov 2015 22:28:52 -0300
Subject: [PATCH] fixes OCSP nonce extension size estimation at client hello
 message;

---
 src/tls.c               | 2 +-
 wolfssl/wolfcrypt/asn.h | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/tls.c b/src/tls.c
index 77e3694d3..619f96856 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -1921,7 +1921,7 @@ static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest)
                 size += ENUM_LEN + 2 * OPAQUE16_LEN;
 
                 if (csr->request.ocsp.nonceSz)
-                    size += MAX_OCSP_EXT_SZ;
+                    size += OCSP_NONCE_EXT_SZ;
         }
     }
 #endif
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index b1a132514..339680ca2 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -187,6 +187,7 @@ enum Misc_ASN {
     MAX_CERTPOL_NB      = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */
     MAX_CERTPOL_SZ      = CTC_MAX_CERTPOL_SZ,
 #endif
+    OCSP_NONCE_EXT_SZ   = 37,      /* OCSP Nonce Extension size */
     MAX_OCSP_EXT_SZ     = 58,      /* Max OCSP Extension length */
     MAX_OCSP_NONCE_SZ   = 16,      /* OCSP Nonce size           */
     EIGHTK_BUF          = 8192,    /* Tmp buffer size           */