s3_srvr.patch

--- s3_srvr.c	2017-05-25 14:54:38.000000000 +0200
+++ openssl-1.0.2l/ssl/s3_srvr.c	2017-09-29 00:13:46.264789762 +0200
@@ -2272,7 +2272,15 @@
             goto err;
         decrypt_len =
             RSA_private_decrypt((int)n, p, p, rsa, RSA_PKCS1_PADDING);
-        ERR_clear_error();
+//        ERR_clear_error();
+        
+        
+        if (ERR_get_error() != SSL_ERROR_NONE) {
+            al = SSL_AD_HANDSHAKE_FAILURE;
+            SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                   SSL_R_TLSV1_ALERT_DECRYPTION_FAILED);
+            goto f_err;
+        }
 
         /*
          * decrypt_len should be SSL_MAX_MASTER_KEY_LENGTH. decrypt_good will
@@ -2410,8 +2418,10 @@
         }
 
         i = DH_compute_key(p, pub, dh_srvr);
-
-        if (i <= 0) {
+        
+        printf("shared s: %02x %02x %02x %02x ...\n", p[0], p[1], p[2], p[3]);
+        
+        if (i != BN_num_bytes(dh_srvr->p)) {
             al = SSL_AD_HANDSHAKE_FAILURE;
             SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_DH_LIB);
             BN_clear_free(pub);