From bdb4a7e0920298f9fb9ea02fd0ec3dfd82ed5a8e Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sat, 15 May 2004 17:46:50 +0000
Subject: [PATCH] Fixes so alerts are sent properly in s3_pkt.c

PR: 851
---
 CHANGES      |  3 +++
 ssl/s3_pkt.c | 12 ++++++------
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index 0675c6a6e8..70b759e692 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@
 
  Changes between 0.9.7d and 0.9.7e  [XX xxx XXXX]
 
+  *) Various fixes to s3_pkt.c so alerts are sent properly.
+     [David Holmes <d.holmes@f5.com>]
+
   *) Reduce the chances of duplicate issuer name and serial numbers (in
      violation of RFC3280) using the OpenSSL certificate creation utilities.
      This is done by creating a random 64 bit value for the initial serial
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 9f3e5139ad..cb0b12b400 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -862,7 +862,7 @@ start:
 		{
 		al=SSL_AD_UNEXPECTED_MESSAGE;
 		SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
-		goto err;
+		goto f_err;
 		}
 
 	/* If the other end has shut down, throw anything we read away
@@ -969,7 +969,7 @@ start:
 			{
 			al=SSL_AD_DECODE_ERROR;
 			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST);
-			goto err;
+			goto f_err;
 			}
 
 		if (s->msg_callback)
@@ -1080,17 +1080,17 @@ start:
 		if (	(rr->length != 1) || (rr->off != 0) ||
 			(rr->data[0] != SSL3_MT_CCS))
 			{
-			i=SSL_AD_ILLEGAL_PARAMETER;
+			al=SSL_AD_ILLEGAL_PARAMETER;
 			SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
-			goto err;
+			goto f_err;
 			}
 
 		/* Check we have a cipher to change to */
 		if (s->s3->tmp.new_cipher == NULL)
 			{
-			i=SSL_AD_UNEXPECTED_MESSAGE;
+			al=SSL_AD_UNEXPECTED_MESSAGE;
 			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
-			goto err;
+			goto f_err;
 			}
 
 		rr->length=0;
-- 
2.40.0