OCSP stapling fix (OpenSSL 0.9.8r/1.0.0d)

[openssl.git] / ssl / d1_pkt.c

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 1fd58bf598a706411559bf1ce8695ba76cbbf68c..467711077ea954ec930d14572bbc92d02e68364f 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -414,7 +414,8 @@ dtls1_process_record(SSL *s)
                        goto err;
 
                /* otherwise enc_err == -1 */
-               goto err;
+               al=SSL_AD_BAD_RECORD_MAC;
+               goto f_err;
                }
 
 #ifdef TLS_DEBUG
@@ -957,6 +958,7 @@ start:
                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
                        !s->s3->renegotiate)
                        {
+                       s->new_session = 1;
                        ssl3_renegotiate(s);
                        if (ssl3_renegotiate_check(s))
                                {
@@ -1163,6 +1165,7 @@ start:
 #else
                        s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
 #endif
+                       s->renegotiate=1;
                        s->new_session=1;
                        }
                i=s->handshake_func(s);