From 8ef49e1ff09c39ee3762f1af7942d52b05db9683 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 8 Sep 2022 13:12:07 -0700
Subject: [PATCH] OCSP

The clause where we read the size of the OCSP blob and skip it, needs
to make sure there isn't an existing error. (ZD 14803)
---
 src/internal.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 8c9c78db..4ac0eb3b 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -3361,10 +3361,12 @@ static int ParseAndVerifyCert(WOLFSSH* ssh, byte* in, word32 inSz,
             }
         }
 
-        /* @TODO handle OCSP's */
-        if (ocspCount > 0) {
-            WLOG(WS_LOG_INFO, "Peer sent OCSP's, not yet handled");
-            ret = GetSize(&l, ocspBuf, ocspBufSz, &m);
+        if (ret == WS_SUCCESS) {
+            /* @TODO handle OCSP's */
+            if (ocspCount > 0) {
+                WLOG(WS_LOG_INFO, "Peer sent OCSP's, not yet handled");
+                ret = GetSize(&l, ocspBuf, ocspBufSz, &m);
+            }
         }
     }