Fix ssl_read wrt non-Application Data
diff --git a/ChangeLog b/ChangeLog
index 9d0821c..7e47c45 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,10 +16,14 @@
    * Fix compiler warnings on iOS (found by Sander Niemeijer).
    * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
    * Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
+   * ssl_read() could return non-application data records on server while
+     renegotation was pending, and on client when a HelloRequest was received.
 
 Changes
    * X.509 certificates with more than one AttributeTypeAndValue per
      RelativeDistinguishedName are not accepted any more.
+   * ssl_read() now returns POLARSSL_ERR_NET_WANT_READ rather than
+     POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE on harmless alerts.
 
 = Version 1.2.11 released 2014-07-11
 Features
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index d8eddd9..18bad95 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3930,11 +3930,20 @@
                     SSL_DEBUG_RET( 1, "ssl_renegotiate", ret );
                     return( ret );
                 }
-
-                return( POLARSSL_ERR_NET_WANT_READ );
             }
+
+            /* Tell the user to call ssl_read() again */
+            return( POLARSSL_ERR_NET_WANT_READ );
         }
-        else if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
+
+        /* Fatal and closure alerts handled by ssl_read_record() */
+        if( ssl->in_msgtype == SSL_MSG_ALERT )
+        {
+            SSL_DEBUG_MSG( 2, ( "ignoring non-fatal non-closure alert" ) );
+            return( POLARSSL_ERR_NET_WANT_READ );
+        }
+
+        if( ssl->in_msgtype != SSL_MSG_APPLICATION_DATA )
         {
             SSL_DEBUG_MSG( 1, ( "bad application data message" ) );
             return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );