improvements for alert handling

[openssl.git] / ssl / s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 578285230d30e8ebb4f5fe078e560e2ef840b2f6..d50f588b94bef21d13754f56df8dd1f32f909188 100644 (file)
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -258,12 +258,19 @@ int ssl3_connect(SSL *s)
 #ifndef OPENSSL_NO_TLSEXT
                        {
                                int al;
-                               if (ssl_check_tlsext(s,&al) <= 0)
+                               switch (ssl_check_tlsext(s,&al))
                                        {
-                                       ssl3_send_alert(s,SSL3_AL_FATAL,al); /* XXX does this *have* to be fatal? */
+                               case SSL_TLSEXT_ERR_ALERT_FATAL:
+                                       ssl3_send_alert(s,SSL3_AL_FATAL,al);
                                        SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SERVERHELLO_TLS_EXT);
                                        ret = -1;
                                        goto end;
+
+                               case SSL_TLSEXT_ERR_ALERT_WARNING:
+                                       ssl3_send_alert(s,SSL3_AL_WARNING,al); 
+                                       
+                               default:
+                                       ;
                                        }
                        }
 #endif