Fix CERTIFICATE STATUS processing when using non-blocking I/O

_gnutls_recv_server_certificate_status() must wait for the first full
packet before setting priv->expect_cstatus = 0, or else CERTIFCATE
STATUS packets won't be processed in subsequent calls at all, leaving
them in the buffer and therefore causing later connection aborts.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index d7009aab5b..7ba840bac4 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -578,14 +578,14 @@ int _gnutls_recv_server_certificate_status(gnutls_session_t session)
 	if (!priv->expect_cstatus)
 		return 0;
 
-	priv->expect_cstatus = 0;
-
 	ret = _gnutls_recv_handshake(session,
 				     GNUTLS_HANDSHAKE_CERTIFICATE_STATUS,
 				     0, &buf);
 	if (ret < 0)
 		return gnutls_assert_val_fatal(ret);
 
+	priv->expect_cstatus = 0;
+
 	data = buf.data;
 	data_size = buf.length;