Don't use decryption_failed alert for TLS v1.1 or later.

[openssl.git] / ssl / s2_srvr.c

diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index b43a046aa6cdca3bf3f9bb1e764d033efed41e05..94716768723a3f4ef3370878027477d5daa5ded9 100644 (file)
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -267,7 +267,7 @@ int ssl2_accept(SSL *s)
                case SSL2_ST_SEND_SERVER_VERIFY_C:
                        /* get the number of bytes to write */
                        num1=BIO_ctrl(s->wbio,BIO_CTRL_INFO,0,NULL);
-                       if (num1 != 0)
+                       if (num1 > 0)
                                {
                                s->rwstate=SSL_WRITING;
                                num1=BIO_flush(s->wbio);
@@ -697,7 +697,6 @@ static int server_hello(SSL *s)
        {
        unsigned char *p,*d;
        int n,hit;
-       STACK_OF(SSL_CIPHER) *sk;
 
        p=(unsigned char *)s->init_buf->data;
        if (s->state == SSL2_ST_SEND_SERVER_HELLO_A)
@@ -778,7 +777,6 @@ static int server_hello(SSL *s)
                        
                        /* lets send out the ciphers we like in the
                         * prefered order */
-                       sk= s->session->ciphers;
                        n=ssl_cipher_list_to_bytes(s,s->session->ciphers,d,0);
                        d+=n;
                        s2n(n,p);               /* add cipher length */
@@ -1054,7 +1052,7 @@ static int request_certificate(SSL *s)
 
        i=ssl_verify_cert_chain(s,sk);
 
-       if (i)  /* we like the packet, now check the chksum */
+       if (i > 0)      /* we like the packet, now check the chksum */
                {
                EVP_MD_CTX ctx;
                EVP_PKEY *pkey=NULL;
@@ -1083,7 +1081,7 @@ static int request_certificate(SSL *s)
                EVP_PKEY_free(pkey);
                EVP_MD_CTX_cleanup(&ctx);
 
-               if (i) 
+               if (i > 0)
                        {
                        if (s->session->peer != NULL)
                                X509_free(s->session->peer);