vendor/openssl/1.0.1r

author: Jung-uk Kim <jkim@FreeBSD.org> 2016-01-28 18:44:11 +0000
committer: Jung-uk Kim <jkim@FreeBSD.org> 2016-01-28 18:44:11 +0000
commit: e271e41d66a94d7d10e9170f9157b2a8a90d3bd5 (patch)
tree: 378b6fe22936d6aa558ad8c6697f1a768a352389 /ssl/t1_lib.c
parent: 7f3b396bf01ae727af21c432a52afb8e8ff5781b (diff)
1 files changed, 6 insertions, 8 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 27f1216c5761..2e9b65b3fdce 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2081,22 +2081,20 @@ int ssl_check_serverhello_tlsext(SSL *s)
     }
 # endif
 
+    OPENSSL_free(s->tlsext_ocsp_resp);
+    s->tlsext_ocsp_resp = NULL;
+    s->tlsext_ocsp_resplen = -1;
     /*
      * If we've requested certificate status and we wont get one tell the
      * callback
      */
     if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
-        && s->ctx && s->ctx->tlsext_status_cb) {
+        && !(s->hit) && s->ctx && s->ctx->tlsext_status_cb) {
         int r;
         /*
-         * Set resp to NULL, resplen to -1 so callback knows there is no
-         * response.
+         * Call callback with resp == NULL and resplen == -1 so callback
+         * knows there is no response
          */
-        if (s->tlsext_ocsp_resp) {
-            OPENSSL_free(s->tlsext_ocsp_resp);
-            s->tlsext_ocsp_resp = NULL;
-        }
-        s->tlsext_ocsp_resplen = -1;
         r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
         if (r == 0) {
             al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
author	Jung-uk Kim <jkim@FreeBSD.org>	2016-01-28 18:44:11 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2016-01-28 18:44:11 +0000
commit	e271e41d66a94d7d10e9170f9157b2a8a90d3bd5 (patch)
tree	378b6fe22936d6aa558ad8c6697f1a768a352389 /ssl/t1_lib.c
parent	7f3b396bf01ae727af21c432a52afb8e8ff5781b (diff)