Only send the status request extension on cert authentication

That is, do not both asking for it, or replying to it, if we are not using any certificates.
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-09-23 16:01:07 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2016-09-23 16:01:09 +0200
commit: ae9acc56be22f25daab9081fb5ab5d3247c4175f (patch)
tree: 81053621dfec43b87f336258173aa328599b1455 /lib
parent: 8f4dcf8efe02096a782f24e202d5faed60ec94ce (diff)
download: gnutls-ae9acc56be22f25daab9081fb5ab5d3247c4175f.tar.gz
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index b6bf7d2fe9..01d0266151 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -216,6 +216,11 @@ _gnutls_status_request_send_params(gnutls_session_t session,
 	status_request_ext_st *priv;
 	int ret;
 
+	/* Do not bother sending the OCSP status request extension
+	 * if we are not using certificate authentication */
+	if (_gnutls_get_cred(session, GNUTLS_CRD_CERTIFICATE) == NULL)
+		return 0;
+
 	ret = _gnutls_ext_get_session_data(session,
 					   GNUTLS_EXTENSION_STATUS_REQUEST,
 					   &epriv);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-09-23 16:01:07 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2016-09-23 16:01:09 +0200
commit	ae9acc56be22f25daab9081fb5ab5d3247c4175f (patch)
tree	81053621dfec43b87f336258173aa328599b1455 /lib
parent	8f4dcf8efe02096a782f24e202d5faed60ec94ce (diff)
download	gnutls-ae9acc56be22f25daab9081fb5ab5d3247c4175f.tar.gz