From ded4a83d31f8271e5a74e6fbf357f9975d4878ec Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 6 Apr 2018 14:53:05 +0100
Subject: Ignore the status_request extension in a resumption handshake

We cannot provide a certificate status on a resumption so we should
ignore this extension in that case.

Fixes #1662

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5896)
---
 ssl/statem/extensions_srvr.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'ssl')

diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 90142eb505..adf63d80bf 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -324,6 +324,10 @@ int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context,
 {
     PACKET responder_id_list, exts;
 
+    /* We ignore this in a resumption handshake */
+    if (s->hit)
+        return 1;
+
     /* Not defined if we get one of these in a client Certificate */
     if (x != NULL)
         return 1;
-- 
cgit v1.2.3