From 01049f9c00f0a903d4923a054769ef9f2187bd21 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Date: Fri, 21 Nov 2014 20:18:08 +0100
Subject: [PATCH] treat GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial
 negotiation is complete

This corrects a regression introduced in b5a0de2e6da98866cafb770c3141b7353d030ab2
Reported by Dan Winship. https://savannah.gnu.org/support/?108690
---
 lib/gnutls_handshake.c | 11 ++++++++---
 lib/gnutls_record.c    |  2 +-
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c
index 40d399c..e904f2e 100644
--- a/lib/gnutls_handshake.c
+++ b/lib/gnutls_handshake.c
@@ -2607,6 +2610,8 @@ gnutls_handshake_set_timeout(gnutls_session_t session, unsigned int ms)
 		/* EAGAIN and INTERRUPTED are always non-fatal */ \
 		if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) \
 			return ret; \
+		if (ret == GNUTLS_E_GOT_APPLICATION_DATA && session->internals.initial_negotiation_completed != 0) \
+			return ret; \
 		if (ret == GNUTLS_E_LARGE_PACKET && session->internals.handshake_large_loops < 16) { \
 			session->internals.handshake_large_loops++; \
 			return ret; \
diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c
index 157d12a..40c20fe 100644
--- a/lib/gnutls_record.c
+++ b/lib/gnutls_record.c
@@ -837,7 +837,7 @@ record_add_to_buffers(gnutls_session_t session,
 			 * reasons). Otherwise it is an unexpected packet
 			 */
 			if (type == GNUTLS_ALERT
-			    || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
+			    || ((htype == GNUTLS_HANDSHAKE_SERVER_HELLO || htype == GNUTLS_HANDSHAKE_CLIENT_HELLO)
 				&& type == GNUTLS_HANDSHAKE)) {
 				/* even if data is unexpected put it into the buffer */
 				_gnutls_record_buffer_put(session, recv->type,
-- 
2.1.0