Move no status notification to ssl_check_serverhello_tlsext() to ensure

no status is notified even if no server extensions are present.
2007-09-28 17:45:11 +00:00 · 2007-09-28 17:45:11 +00:00 · 04e2ab2c02
commit 04e2ab2c02
parent b7fcc08976
1 changed files with 29 additions and 29 deletions
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@ -992,35 +992,6 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 			}
 		}

-	/* If we've requested certificate status and we wont get one
- 	 * tell the callback
- 	 */
-	if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
-			&& s->ctx->tlsext_status_cb)
-		{
-		int r;
-		/* Set resp to NULL, resplen to -1 so callback knows
- 		 * there is no response.
- 		 */
-		if (s->tlsext_ocsp_resp)
-			{
-			OPENSSL_free(s->tlsext_ocsp_resp);
-			s->tlsext_ocsp_resp = NULL;
-			}
-		s->tlsext_ocsp_resplen = -1;
-		r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-		if (r == 0)
-			{
-			*al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
-			return 0;
-			}
-		if (r < 0)
-			{
-			*al = SSL_AD_INTERNAL_ERROR;
-			return 0;
-			}
-		}
-
 	*p = data;
 	return 1;
 	}
@ -1340,6 +1311,35 @@ int ssl_check_serverhello_tlsext(SSL *s)
 		}
 #endif

+	/* If we've requested certificate status and we wont get one
+ 	 * tell the callback
+ 	 */
+	if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
+			&& s->ctx->tlsext_status_cb)
+		{
+		int r;
+		/* Set resp to NULL, resplen to -1 so callback knows
+ 		 * there is no response.
+ 		 */
+		if (s->tlsext_ocsp_resp)
+			{
+			OPENSSL_free(s->tlsext_ocsp_resp);
+			s->tlsext_ocsp_resp = NULL;
+			}
+		s->tlsext_ocsp_resplen = -1;
+		r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+		if (r == 0)
+			{
+			al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+			ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+			}
+		if (r < 0)
+			{
+			al = SSL_AD_INTERNAL_ERROR;
+			ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+			}
+		}
+
 	switch (ret)
 		{
 		case SSL_TLSEXT_ERR_ALERT_FATAL: