seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
}
- if (ctx == NULL
- || (rec->type == SSL3_RT_ALERT
- && s->statem.enc_write_state
- == ENC_WRITE_STATE_WRITE_PLAIN_ALERTS)) {
+ /*
+ * If we're sending an alert and ctx != NULL then we must be forcing
+ * plaintext alerts. If we're reading and ctx != NULL then we allow
+ * plaintext alerts at certain points in the handshake. If we've got this
+ * far then we have already validated that a plaintext alert is ok here.
+ */
+ if (ctx == NULL || rec->type == SSL3_RT_ALERT) {
memmove(rec->data, rec->input, rec->length);
rec->input = rec->data;
return 1;