diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-10-17 09:59:53 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-19 15:29:36 +0100 |
commit | 4c1b177ce1c78d20d7efdab74c9bd0b48e4d19c3 (patch) | |
tree | cb7e706cb8567cd43003035bd7ae9e688f638390 /lib | |
parent | e4e81da862e90920f70cfb4a5cd49883a6848452 (diff) | |
download | gnutls-4c1b177ce1c78d20d7efdab74c9bd0b48e4d19c3.tar.gz |
gnutls_ocsp_status_request_get2: allow operation under TLS1.3 for server side
Under TLS1.3 it is possible for both client and server to send the
status request extension in certificate message.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/ext/status_request.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c index 8b16ac0478..e8dbaa1827 100644 --- a/lib/ext/status_request.c +++ b/lib/ext/status_request.c @@ -345,10 +345,11 @@ gnutls_ocsp_status_request_get2(gnutls_session_t session, unsigned idx, gnutls_datum_t * response) { + const version_entry_st *ver = get_version(session); cert_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE); - if (session->security_parameters.entity == GNUTLS_SERVER) - return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + if (!ver->tls13_sem && session->security_parameters.entity == GNUTLS_SERVER) + return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); if (info == NULL || info->raw_ocsp_list == NULL || idx >= info->nocsp || info->raw_ocsp_list[idx].size == 0) |