Always return errors in ssl3_get_client_hello

If we successfully match a cookie don't set return value to 2 as this results in other error conditions returning 2 as well. Instead set return value to -2 which can be checked later if everything else is OK. (cherry picked from commit c56f5b8edfbcec704f924870daddd96a5f768fbb)
author: Dr. Stephen Henson <steve@openssl.org> 2013-04-09 15:53:38 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2013-09-18 13:46:02 +0100
commit: c391a74266f70d2be4c2dd8d1e02cbd6f6e72605 (patch)
tree: 871996fe7c0bb325582f64bf578abd1e5b6de773 /ssl
parent: 65a87d3cc3c21bb54e6e813ee21ad049fea1310a (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index d9a21811e4..8546c09ca2 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1083,8 +1083,8 @@ int ssl3_get_client_hello(SSL *s)
 						SSL_R_COOKIE_MISMATCH);
 					goto f_err;
 				}
-
-			ret = 2;
+			/* Set to -2 so if successful we return 2 */
+			ret = -2;
 			}
 
 		p += cookie_len;
@@ -1455,7 +1455,7 @@ int ssl3_get_client_hello(SSL *s)
 			}
 		}
 
-	if (ret < 0) ret=1;
+	if (ret < 0) ret=-ret;
 	if (0)
 		{
 f_err:
@@ -1463,7 +1463,7 @@ f_err:
 		}
 err:
 	if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
-	return(ret);
+	return ret < 0 ? -1 : ret;
 	}
 
 int ssl3_send_server_hello(SSL *s)
author	Dr. Stephen Henson <steve@openssl.org>	2013-04-09 15:53:38 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2013-09-18 13:46:02 +0100
commit	c391a74266f70d2be4c2dd8d1e02cbd6f6e72605 (patch)
tree	871996fe7c0bb325582f64bf578abd1e5b6de773 /ssl
parent	65a87d3cc3c21bb54e6e813ee21ad049fea1310a (diff)