1 files changed, 29 insertions, 18 deletions

diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
index 9e68b6e66..fad5f39ef 100644
--- a/lib/ssl/ssl3con.c
+++ b/lib/ssl/ssl3con.c
@@ -9538,21 +9538,32 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
      * get one when it is allowed, but otherwise we just carry on.
      */
     if (ss->ssl3.hs.ws == wait_certificate_status) {
-       /* We must process any CertificateStatus message before we call
-        * ssl3_AuthCertificate, as ssl3_AuthCertificate needs any stapled OCSP
-        * response we get.
-        */
-       if (ss->ssl3.hs.msg_type == certificate_status) {
-           rv = ssl3_HandleCertificateStatus(ss, b, length);
-           if (rv != SECSuccess)
-               return rv;
-       }
+        /* We must process any CertificateStatus message before we call
+         * ssl3_AuthCertificate, as ssl3_AuthCertificate needs any stapled
+         * OCSP response we get.
+         */
+        if (ss->ssl3.hs.msg_type == certificate_status) {
+            rv = ssl3_HandleCertificateStatus(ss, b, length);
+            if (rv != SECSuccess)
+                return rv;
+            if (IS_DTLS(ss)) {
+                /* Increment the expected sequence number */
+                ss->ssl3.hs.recvMessageSeq++;
+            }
+        }
 
-       /* Regardless of whether we got a CertificateStatus message, we must
-        * authenticate the cert before we handle any more handshake messages.
-        */
-       rv = ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
-    } else switch (ss->ssl3.hs.msg_type) {
+        /* Regardless of whether we got a CertificateStatus message, we must
+         * authenticate the cert before we handle any more handshake messages.
+         */
+        rv = ssl3_AuthCertificate(ss); /* sets ss->ssl3.hs.ws */
+
+        if (rv != SECSuccess || ss->ssl3.hs.msg_type == certificate_status) {
+            PORT_Assert(rv == SECFailure); /* Not SECWouldBlock */
+            return rv;
+        }
+    }
+
+    switch (ss->ssl3.hs.msg_type) {
     case hello_request:
 	if (length != 0) {
 	    (void)ssl3_DecodeError(ss);
@@ -9594,10 +9605,10 @@ ssl3_HandleHandshakeMessage(sslSocket *ss, SSL3Opaque *b, PRUint32 length)
 	rv = ssl3_HandleCertificate(ss, b, length);
 	break;
     case certificate_status:
-       /* The good case is handled above */
-       PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS);
-       rv = SECFailure;
-       break;
+	/* The good case is handled above */
+	(void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);
+	PORT_SetError(SSL_ERROR_RX_UNEXPECTED_CERT_STATUS);
+	return SECFailure;
     case server_key_exchange:
 	if (ss->sec.isServer) {
 	    (void)SSL3_SendAlert(ss, alert_fatal, unexpected_message);