]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Only send the status request extension on cert authentication
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Fri, 23 Sep 2016 14:01:07 +0000 (16:01 +0200)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Fri, 23 Sep 2016 14:01:09 +0000 (16:01 +0200)
That is, do not both asking for it, or replying to it, if we are
not using any certificates.

lib/ext/status_request.c

index b6bf7d2fe9c3555980f382f85f8e8db12b91890d..01d0266151b0625cca609ad8f6a3bce132aed332 100644 (file)
@@ -216,6 +216,11 @@ _gnutls_status_request_send_params(gnutls_session_t session,
        status_request_ext_st *priv;
        int ret;
 
+       /* Do not bother sending the OCSP status request extension
+        * if we are not using certificate authentication */
+       if (_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL)
+               return 0;
+
        ret = _gnutls_ext_get_session_data(session,
                                           GNUTLS_EXTENSION_STATUS_REQUEST,
                                           &epriv);