Fix status_request and SCT extensions

    {

        TLSEXT_TYPE_status_request,

        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO

        | SSL_EXT_TLS1_3_CERTIFICATE,

        | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,

        init_status_request, tls_parse_ctos_status_request,

        tls_parse_stoc_status_request, tls_construct_stoc_status_request,

        tls_construct_ctos_status_request, NULL

    {

        TLSEXT_TYPE_signed_certificate_timestamp,

        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO

        | SSL_EXT_TLS1_3_CERTIFICATE,

        | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,

        NULL,

        /*

         * No server side support for this, but can be provided by a custom

int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,

                                  X509 *x, size_t chainidx)

{

    if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) {

        /* We ignore this if the server sends a CertificateRequest */

        /* TODO(TLS1.3): Add support for this */

        return 1;

    }

    /*

     * MUST only be sent if we've requested a status

     * request message. In TLS <= 1.2 it must also be empty.

int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,

                       size_t chainidx)

{

    if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) {

        /* We ignore this if the server sends it in a CertificateRequest */

        /* TODO(TLS1.3): Add support for this */

        return 1;

    }

    /*

     * Only take it if we asked for it - i.e if there is no CT validation

     * callback set, then a custom extension MAY be processing it, so we