From 4c1b177ce1c78d20d7efdab74c9bd0b48e4d19c3 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 17 Oct 2017 09:59:53 +0200
Subject: gnutls_ocsp_status_request_get2: allow operation under TLS1.3 for
 server side

Under TLS1.3 it is possible for both client and server to send the
status request extension in certificate message.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/ext/status_request.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index 8b16ac0478..e8dbaa1827 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -345,10 +345,11 @@ gnutls_ocsp_status_request_get2(gnutls_session_t session,
 			        unsigned idx,
 			        gnutls_datum_t * response)
 {
+	const version_entry_st *ver = get_version(session);
 	cert_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
 
-	if (session->security_parameters.entity == GNUTLS_SERVER)
-		return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+	if (!ver->tls13_sem && session->security_parameters.entity == GNUTLS_SERVER)
+		return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
 
 	if (info == NULL || info->raw_ocsp_list == NULL ||
 	    idx >= info->nocsp || info->raw_ocsp_list[idx].size == 0)
-- 
cgit v1.2.1