From 9d1acd048c75b24d56d5131cc12f907e37f0bd8f Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 7 Nov 2025 13:10:48 +0100
Subject: [PATCH] gtls: skip session resumption when verifystatus is set

Resumed TLS sessions skip OCSP stapled-response verification. Force a
full handshake so verifystatus() runs.

Follow-up to 4bfd7a961521e1fd6aab7610e931d82a342781

Pointed out by ZeroPath
---
 lib/vtls/gtls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index f3d6abb23c..ebd2c8de1e 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -1121,7 +1121,7 @@ CURLcode Curl_gtls_ctx_init(struct gtls_ctx *gctx,
   /* This might be a reconnect, so we check for a session ID in the cache
      to speed up things. We need to do this before constructing the gnutls
      session since we need to set flags depending on the kind of reuse. */
-  if(conn_config->cache_session) {
+  if(conn_config->cache_session && !conn_config->verifystatus) {
     result = Curl_ssl_scache_take(cf, data, peer->scache_key, &scs);
     if(result)
       goto out;
-- 
2.47.3