When SSL_do_handshake() fails we should send data even when SSL_ERROR_WANT_WRITE is not reported (because a final error such as "unsupported protocol" is reported).
If we don't do it, we don't send handshake alerts toward the peer and as a consequence:
We formally violate RFC 5246, appendix E.1:
If server supports (or is willing to use) only versions greater
than client_version, it MUST send a "protocol_version" alert message
and close the connection.
We are complicating the debugging of the protocol.
We don't give a hint to a peer on how to proceed with the error.
coverage: 57.285% (+0.3%) from 56.971%
when pulling f83322cdaa87b99bc8252c0e388dc3f553346f22 on zinid:send-handshake-failure
into 4ae9adf3420f173ed201fc93bdf0123b618d3a50 on processone:master.
When SSL_do_handshake() fails we should send data even when SSL_ERROR_WANT_WRITE is not reported (because a final error such as "unsupported protocol" is reported).
If we don't do it, we don't send handshake alerts toward the peer and as a consequence:
This commit fixes it.