Keep old method in case of an unsupported protocol

[openssl.git] / ssl / s3_enc.c

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 409a15b8a75790a48e3860bf99d77cea71a24609..f4391ec3947132f72d47d19daf598a4bd2cda2e8 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -504,8 +504,6 @@ int ssl3_enc(SSL *s, int send)
                
                EVP_Cipher(ds,rec->data,rec->input,l);
 
-               rec->orig_len = rec->length;
-
                if (s->read_hash != NULL)
                        mac_size = EVP_MD_size(s->read_hash);
 
@@ -760,7 +758,13 @@ int ssl3_alert_code(int code)
        case SSL_AD_INTERNAL_ERROR:     return(SSL3_AD_HANDSHAKE_FAILURE);
        case SSL_AD_USER_CANCELLED:     return(SSL3_AD_HANDSHAKE_FAILURE);
        case SSL_AD_NO_RENEGOTIATION:   return(-1); /* Don't send it :-) */
+       case SSL_AD_UNSUPPORTED_EXTENSION: return(SSL3_AD_HANDSHAKE_FAILURE);
+       case SSL_AD_CERTIFICATE_UNOBTAINABLE: return(SSL3_AD_HANDSHAKE_FAILURE);
+       case SSL_AD_UNRECOGNIZED_NAME:  return(SSL3_AD_HANDSHAKE_FAILURE);
+       case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: return(SSL3_AD_HANDSHAKE_FAILURE);
+       case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: return(SSL3_AD_HANDSHAKE_FAILURE);
+       case SSL_AD_UNKNOWN_PSK_IDENTITY:return(TLS1_AD_UNKNOWN_PSK_IDENTITY);
+       case SSL_AD_INAPPROPRIATE_FALLBACK:return(TLS1_AD_INAPPROPRIATE_FALLBACK);
        default:                        return(-1);
                }
        }
-