Always return errors in ssl3_get_client_hello

If we successfully match a cookie don't set return value to 2 as this
results in other error conditions returning 2 as well.

Instead set return value to -2 which can be checked later if everything
else is OK.
(cherry picked from commit c56f5b8edfbcec704f924870daddd96a5f768fbb)

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index d9a21811e49dc699d82571802cb8809c8c884eda..8546c09ca25f46e865a1d97b572ca6d658a794b6 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1083,8 +1083,8 @@ int ssl3_get_client_hello(SSL *s)
                                                SSL_R_COOKIE_MISMATCH);
                                        goto f_err;
                                }
-
-                       ret = 2;
+                       /* Set to -2 so if successful we return 2 */
+                       ret = -2;
                        }
 
                p += cookie_len;
@@ -1455,7 +1455,7 @@ int ssl3_get_client_hello(SSL *s)
                        }
                }
 
-       if (ret < 0) ret=1;
+       if (ret < 0) ret=-ret;
        if (0)
                {
 f_err:
@@ -1463,7 +1463,7 @@ f_err:
                }
 err:
        if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers);
-       return(ret);
+       return ret < 0 ? -1 : ret;
        }
 
 int ssl3_send_server_hello(SSL *s)