From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 7 Nov 2025 12:10:48 +0000 (+0100)
Subject: gtls: skip session resumption when verifystatus is set
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9d1acd048c75b24d56d5131cc12f907e37f0bd8f;p=thirdparty%2Fcurl.git

gtls: skip session resumption when verifystatus is set

Resumed TLS sessions skip OCSP stapled-response verification. Force a
full handshake so verifystatus() runs.

Follow-up to 4bfd7a961521e1fd6aab7610e931d82a342781

Pointed out by ZeroPath
---

diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index f3d6abb23c..ebd2c8de1e 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -1121,7 +1121,7 @@ CURLcode Curl_gtls_ctx_init(struct gtls_ctx *gctx,
   /* This might be a reconnect, so we check for a session ID in the cache
      to speed up things. We need to do this before constructing the gnutls
      session since we need to set flags depending on the kind of reuse. */
-  if(conn_config->cache_session) {
+  if(conn_config->cache_session && !conn_config->verifystatus) {
     result = Curl_ssl_scache_take(cf, data, peer->scache_key, &scs);
     if(result)
       goto out;