The legacy client OCSP callback should run without server OCSP.

It's conditioned in OpenSSL on client offer, not server accept.

Change-Id: Iae5483a33d9365258446ce0ae34132aeb4a92c66
Reviewed-on: https://boringssl-review.googlesource.com/28545
Reviewed-by: Adam Langley <agl@google.com>

ssl/handshake.cc

@@ -367,7 +367,7 @@ enum ssl_verify_result_t ssl_verify_peer_cert(SSL_HANDSHAKE *hs) {
   // Emulate OpenSSL's client OCSP callback. OpenSSL verifies certificates
   // before it receives the OCSP, so it needs a second callback for OCSP.
   if (ret == ssl_verify_ok && !ssl->server &&
-      hs->new_session->ocsp_response != nullptr &&
+      hs->config->ocsp_stapling_enabled &&
       ssl->ctx->legacy_ocsp_callback != nullptr) {
     int cb_ret =
         ssl->ctx->legacy_ocsp_callback(ssl, ssl->ctx->legacy_ocsp_callback_arg);

ssl/test/runner/runner.go

@@ -4841,8 +4841,8 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
 			expectedLocalError: expectedLocalError,
 			expectedError:      ":OCSP_CB_ERROR:",
 		})
-		// The callback does not run if the server does not send an
-		// OCSP response.
+		// The callback still runs if the server does not send an OCSP
+		// response.
 		certNoStaple := rsaCertificate
 		certNoStaple.OCSPStaple = nil
 		tests = append(tests, testCase{
@@ -4858,6 +4858,9 @@ func addStateMachineCoverageTests(config stateMachineTestConfig) {
 				"-use-ocsp-callback",
 				"-fail-ocsp-callback",
 			},
+			shouldFail:         true,
+			expectedLocalError: expectedLocalError,
+			expectedError:      ":OCSP_CB_ERROR:",
 		})
 
 		// The server OCSP callback is a legacy mechanism for