wolfSSL · MatanRad · Mar 12, 2026 · Copilot · Mar 12, 2026 · Copilot
diff --git a/src/tls13.c b/src/tls13.c
@@ -13448,8 +13448,8 @@ int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                                 &idx, ssl->arrays->pendingMsgType,
                                 ssl->arrays->pendingMsgSz - HANDSHAKE_HEADER_SZ,
                                 ssl->arrays->pendingMsgSz);
-        #ifdef WOLFSSL_ASYNC_CRYPT
-            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) {
+        #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) || ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
-        #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
-            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) || ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
+        #if defined(WOLFSSL_ASYNC_IO) || defined(HAVE_CRL_IO) || \
+            defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+                ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
-            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) || ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+                ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
-        #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
-            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) || ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
+        #if defined(WOLFSSL_ASYNC_IO) || defined(HAVE_CRL_IO) || \
+            defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+                ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
-            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) || ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
+            if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) ||
+                ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) {
                 /* setup to process fragment again */
                 ssl->arrays->pendingMsgOffset -= inputLength;
                 *inOutIdx -= inputLength + ssl->keys.padSz;