aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/t1_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssl/t1_lib.c')
-rw-r--r--ssl/t1_lib.c14
1 files changed, 6 insertions, 8 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 27f1216c5761..2e9b65b3fdce 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -2081,22 +2081,20 @@ int ssl_check_serverhello_tlsext(SSL *s)
}
# endif
+ OPENSSL_free(s->tlsext_ocsp_resp);
+ s->tlsext_ocsp_resp = NULL;
+ s->tlsext_ocsp_resplen = -1;
/*
* If we've requested certificate status and we wont get one tell the
* callback
*/
if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected)
- && s->ctx && s->ctx->tlsext_status_cb) {
+ && !(s->hit) && s->ctx && s->ctx->tlsext_status_cb) {
int r;
/*
- * Set resp to NULL, resplen to -1 so callback knows there is no
- * response.
+ * Call callback with resp == NULL and resplen == -1 so callback
+ * knows there is no response
*/
- if (s->tlsext_ocsp_resp) {
- OPENSSL_free(s->tlsext_ocsp_resp);
- s->tlsext_ocsp_resp = NULL;
- }
- s->tlsext_ocsp_resplen = -1;
r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
if (r == 0) {
al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;