From 80f82d89c7dd1382f16341bb6ee0747c5d037a8c Mon Sep 17 00:00:00 2001
From: Filippo Valsorda <filippo@cloudflare.com>
Date: Wed, 15 Feb 2017 16:51:32 -0500
Subject: [PATCH] crypto/tls: avoid sending empty OCSP or SCT cert extensions

---
 handshake_messages.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/handshake_messages.go b/handshake_messages.go
index d82ef47..040d6a5 100644
--- a/handshake_messages.go
+++ b/handshake_messages.go
@@ -1419,10 +1419,10 @@ func (m *certificateMsg13) marshal() (x []byte) {
 	var i int
 	for _, cert := range m.certificates {
 		i += len(cert.data)
-		if cert.ocspStaple != nil {
+		if len(cert.ocspStaple) != 0 {
 			i += 8 + len(cert.ocspStaple)
 		}
-		if cert.sctList != nil {
+		if len(cert.sctList) != 0 {
 			i += 4
 			for _, sct := range cert.sctList {
 				i += 2 + len(sct)
@@ -1462,7 +1462,7 @@ func (m *certificateMsg13) marshal() (x []byte) {
 		z = z[2:]
 
 		extensionLen := 0
-		if cert.ocspStaple != nil {
+		if len(cert.ocspStaple) != 0 {
 			stapleLen := 4 + len(cert.ocspStaple)
 			z[0] = uint8(extensionStatusRequest >> 8)
 			z[1] = uint8(extensionStatusRequest)
@@ -1479,7 +1479,7 @@ func (m *certificateMsg13) marshal() (x []byte) {
 
 			extensionLen += 8 + stapleLen
 		}
-		if cert.sctList != nil {
+		if len(cert.sctList) != 0 {
 			z[0] = uint8(extensionSCT >> 8)
 			z[1] = uint8(extensionSCT)
 			sctLenPos := z[2:4]