More record layer conversions to use SSLfatal()

Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4841)
author: Matt Caswell <matt@openssl.org> 2017-12-04 16:16:37 +0000
committer: Matt Caswell <matt@openssl.org> 2017-12-08 16:42:02 +0000
commit: c28533829395183eec027969c0c8d28574f2a3cc (patch)
tree: 3df7201a3b7c85c043cc02a402d2bdb359c7c007 /ssl/d1_lib.c
parent: 99dd374055e9179eea082d4c37fd19ed8814fb22 (diff)
1 files changed, 6 insertions, 2 deletions
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 7f0fea57e9..f80851251f 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -378,7 +378,8 @@ int dtls1_check_timeout_num(SSL *s)
 
     if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
         /* fail the connection, enough alerts have been sent */
-        SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM, SSL_R_READ_TIMEOUT_EXPIRED);
+        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_CHECK_TIMEOUT_NUM,
+                 SSL_R_READ_TIMEOUT_EXPIRED);
         return -1;
     }
 
@@ -397,8 +398,10 @@ int dtls1_handle_timeout(SSL *s)
     else
         dtls1_double_timeout(s);
 
-    if (dtls1_check_timeout_num(s) < 0)
+    if (dtls1_check_timeout_num(s) < 0) {
+        /* SSLfatal() already called */
         return -1;
+    }
 
     s->d1->timeout.read_timeouts++;
     if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
@@ -406,6 +409,7 @@ int dtls1_handle_timeout(SSL *s)
     }
 
     dtls1_start_timer(s);
+    /* Calls SSLfatal() if required */
     return dtls1_retransmit_buffered_messages(s);
 }
author	Matt Caswell <matt@openssl.org>	2017-12-04 16:16:37 +0000
committer	Matt Caswell <matt@openssl.org>	2017-12-08 16:42:02 +0000
commit	c28533829395183eec027969c0c8d28574f2a3cc (patch)
tree	3df7201a3b7c85c043cc02a402d2bdb359c7c007 /ssl/d1_lib.c
parent	99dd374055e9179eea082d4c37fd19ed8814fb22 (diff)