Don't fail on an out-of-order CCS in DTLS Fixes #4929 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6170)

commit: f20404fce90919b614b737d07cc75d9e1c019fb8 [log] [tgz]
author: Matt Caswell <matt@openssl.org> Thu May 03 12:07:47 2018 +0100
committer: Matt Caswell <matt@openssl.org> Tue May 08 09:40:17 2018 +0100
tree: d7a76201369b36630d03a12ac7e05b59dfba60a7
parent: e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255 [diff] [blame]
diff --git a/ssl/statem/statem.c b/ssl/statem/statem.c
index 1f221e7..e836769 100644
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c

@@ -589,10 +589,8 @@
              * Validate that we are allowed to move to the new state and move
              * to that state if so
              */
-            if (!transition(s, mt)) {
-                check_fatal(s, SSL_F_READ_STATE_MACHINE);
+            if (!transition(s, mt))
                 return SUB_STATE_ERROR;
-            }
 
             if (s->s3->tmp.message_size > max_message_size(s)) {
                 SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_READ_STATE_MACHINE,
commit	f20404fce90919b614b737d07cc75d9e1c019fb8	[log] [tgz]
author	Matt Caswell <matt@openssl.org>	Thu May 03 12:07:47 2018 +0100
committer	Matt Caswell <matt@openssl.org>	Tue May 08 09:40:17 2018 +0100
tree	d7a76201369b36630d03a12ac7e05b59dfba60a7
parent	e15e92dbd5248bc8dbd95d2c0af33a6daf8f7255 [diff] [blame]