A few other return segments looked suspicous as well. Here is my updated diff. I made a few assumptions when reviewing the code; 1. Assume that if the author took the trouble of specifying the alert code in 'al', then he/she meant for that alert to be sent to the peer via 'goto f_err'.
2. Assume that if an error code is not supposed to be transmitted due to side-channel attack that the author would include a comment to the effect. No such comments surround these errors. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
