gnutls_ocsp_status_request_get2: allow operation under TLS1.3 for server side

Under TLS1.3 it is possible for both client and server to send the
status request extension in certificate message.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index 8b16ac0478a75f788388f129aa755e2cf6c35d5f..e8dbaa1827fa37d8881b73c58e6354b9173a5b89 100644 (file)
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -345,10 +345,11 @@ gnutls_ocsp_status_request_get2(gnutls_session_t session,
                                unsigned idx,
                                gnutls_datum_t * response)
 {
+       const version_entry_st *ver = get_version(session);
        cert_auth_info_t info = _gnutls_get_auth_info(session, GNUTLS_CRD_CERTIFICATE);
 
-       if (session->security_parameters.entity == GNUTLS_SERVER)
-               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+       if (!ver->tls13_sem && session->security_parameters.entity == GNUTLS_SERVER)
+               return gnutls_assert_val(GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE);
 
        if (info == NULL || info->raw_ocsp_list == NULL ||
            idx >= info->nocsp || info->raw_ocsp_list[idx].size == 0)