From 502fcc67cccda4d997fc121eae4f2789f50adae6 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 15 Sep 2016 20:53:09 +0100
Subject: [PATCH] Revert "Abort on unrecognised warning alerts"

This reverts commit 15d81749322c3498027105f8ee44e8c25479d475.

There were some unexpected side effects to this commit, e.g. in SSLv3 a
warning alert gets sent "no_certificate" if a client does not send a
Certificate during Client Auth. With the above commit this causes the
connection to abort, which is incorrect. There may be some other edge cases
like this so we need to have a rethink on this.

Reviewed-by: Tim Hudson <tjh@openssl.org>
---
 ssl/s3_pkt.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 91f0c58fb2..df124cf52c 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1462,13 +1462,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
             }
 #ifdef SSL_AD_MISSING_SRP_USERNAME
             else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
-                return 0;
+                return (0);
 #endif
-            else {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerr(SSL_F_SSL3_READ_BYTES, SSL_R_UNKNOWN_ALERT_TYPE);
-                goto f_err;
-            }
         } else if (alert_level == SSL3_AL_FATAL) {
             char tmp[16];
 
-- 
2.40.0