Don't fail on an out-of-order CCS in DTLS

Fixes #4929 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6170)
author: Matt Caswell <matt@openssl.org> 2018-05-03 12:07:47 +0100
committer: Matt Caswell <matt@openssl.org> 2018-05-08 09:40:17 +0100
commit: f20404fce90919b614b737d07cc75d9e1c019fb8 (patch)
tree: d7a76201369b36630d03a12ac7e05b59dfba60a7 /ssl/statem/statem.c
parent: e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255 (diff)
1 files changed, 1 insertions, 3 deletions
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 1f221e7542..e836769666 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@@ -589,10 +589,8 @@ static SUB_STATE_RETURN read_state_machine(SSL *s)
              * Validate that we are allowed to move to the new state and move
              * to that state if so
              */
-            if (!transition(s, mt)) {
-                check_fatal(s, SSL_F_READ_STATE_MACHINE);
+            if (!transition(s, mt))
                 return SUB_STATE_ERROR;
-            }
 
             if (s->s3->tmp.message_size > max_message_size(s)) {
                 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_READ_STATE_MACHINE,
author	Matt Caswell <matt@openssl.org>	2018-05-03 12:07:47 +0100
committer	Matt Caswell <matt@openssl.org>	2018-05-08 09:40:17 +0100
commit	f20404fce90919b614b737d07cc75d9e1c019fb8 (patch)
tree	d7a76201369b36630d03a12ac7e05b59dfba60a7 /ssl/statem/statem.c
parent	e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255 (diff)