From 634f1fe505270a144b23ad9a6677e07c146674f4 Mon Sep 17 00:00:00 2001
From: Sukun <sukunrt@gmail.com>
Date: Mon, 4 Mar 2024 17:55:57 +0530
Subject: [PATCH 1/2] Fix typing for alertErrors

---
 conn.go      | 18 ++++++++----------
 conn_test.go | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+), 10 deletions(-)

diff --git a/conn.go b/conn.go
index 04b4f7d57..746dbdc3b 100644
--- a/conn.go
+++ b/conn.go
@@ -626,13 +626,12 @@ func (c *Conn) readAndBuffer(ctx context.Context) error {
 		}
 
 		var e *alertError
-		if errors.As(err, &e) {
-			if e.IsFatalOrCloseNotify() {
-				return e
-			}
-		} else if err != nil {
+		if errors.As(err, &e) && e.IsFatalOrCloseNotify() {
 			return e
 		}
+		if err != nil {
+			return err
+		}
 	}
 	if hasHandshake {
 		done := make(chan struct{})
@@ -661,13 +660,12 @@ func (c *Conn) handleQueuedPackets(ctx context.Context) error {
 			}
 		}
 		var e *alertError
-		if errors.As(err, &e) {
-			if e.IsFatalOrCloseNotify() {
-				return e
-			}
-		} else if err != nil {
+		if errors.As(err, &e) && e.IsFatalOrCloseNotify() {
 			return e
 		}
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }
diff --git a/conn_test.go b/conn_test.go
index 6083a050a..0d0a33bf9 100644
--- a/conn_test.go
+++ b/conn_test.go
@@ -3135,3 +3135,53 @@ func TestApplicationDataQueueLimited(t *testing.T) {
 	ca.Close()
 	<-done
 }
+
+func TestApplicationDataWithClientHelloRejected(t *testing.T) {
+	// Limit runtime in case of deadlocks
+	lim := test.TimeOut(time.Second * 20)
+	defer lim.Stop()
+
+	// Check for leaking routines
+	report := test.CheckRoutines(t)
+	defer report()
+
+	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+	defer cancel()
+
+	ca, cb := dpipe.Pipe()
+	defer ca.Close()
+	defer cb.Close()
+
+	done := make(chan struct{})
+	go func() {
+		if _, err := testServer(ctx, cb, &Config{}, true); err == nil {
+			t.Error("expected handshake to fail")
+		}
+		close(done)
+	}()
+	extensions := []extension.Extension{}
+
+	time.Sleep(50 * time.Millisecond)
+
+	err := sendClientHello([]byte{}, ca, 0, extensions)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	// Send an application data packet
+	packet, err := (&recordlayer.RecordLayer{
+		Header: recordlayer.Header{
+			Version:        protocol.Version1_2,
+			SequenceNumber: uint64(3),
+			Epoch:          0,
+		},
+		Content: &protocol.ApplicationData{
+			Data: []byte{1, 2, 3, 4},
+		},
+	}).Marshal()
+	if err != nil {
+		t.Fatal(err)
+	}
+	ca.Write(packet)
+	<-done
+}

From 767143cb8d45a06fdace01890abd8aafb696299a Mon Sep 17 00:00:00 2001
From: sukun <sukunrt@gmail.com>
Date: Wed, 17 Apr 2024 23:28:53 +0530
Subject: [PATCH 2/2] simplify error type check

---
 conn.go | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/conn.go b/conn.go
index 746dbdc3b..ccea999d9 100644
--- a/conn.go
+++ b/conn.go
@@ -625,10 +625,6 @@ func (c *Conn) readAndBuffer(ctx context.Context) error {
 			hasHandshake = true
 		}
 
-		var e *alertError
-		if errors.As(err, &e) && e.IsFatalOrCloseNotify() {
-			return e
-		}
 		if err != nil {
 			return err
 		}
@@ -660,10 +656,11 @@ func (c *Conn) handleQueuedPackets(ctx context.Context) error {
 			}
 		}
 		var e *alertError
-		if errors.As(err, &e) && e.IsFatalOrCloseNotify() {
-			return e
-		}
-		if err != nil {
+		if errors.As(err, &e) {
+			if e.IsFatalOrCloseNotify() {
+				return e
+			}
+		} else if err != nil {
 			return err
 		}
 	}