Fixes from HEAD.

ssl/s23_clnt.c

@@ -223,6 +223,15 @@ static int ssl23_client_hello(SSL *s)
 		{
 		version = SSL2_VERSION;
 		}
+#ifndef OPENSSL_NO_TLSEXT 
+	if (version != SSL2_VERSION)
+		{
+		/* have to disable SSL 2.0 compatibility if we need TLS extensions */
+
+		if (s->tlsext_hostname != NULL)
+			ssl2_compat = 0;
+		}
+#endif
 
 	buf=(unsigned char *)s->init_buf->data;
 	if (s->state == SSL23_ST_CW_CLNT_HELLO_A)

ssl/s3_lib.c

@@ -1935,6 +1935,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
  		break;
 	case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
 		s->tlsext_debug_arg=parg;
+		ret = 1;
 		break;
 #endif /* !OPENSSL_NO_TLSEXT */
 	default:

ssl/t1_lib.c

@@ -150,7 +150,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		   + hostname length 
 		*/
 		   
-		if ((lenmax = limit - p - 9) < 0 
+		if ((lenmax = limit - ret - 9) < 0 
 		|| (size_str = strlen(s->tlsext_hostname)) > (unsigned long)lenmax) 
 			return NULL;
 			
@@ -179,7 +179,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 		/* Check for enough room 2 for extension type, 2 for len
  		 * rest for ticket
   		 */
-		if (limit - p - 4 - ticklen < 0)
+		if (limit - ret - 4 - ticklen < 0)
 			return NULL;
 		s2n(TLSEXT_TYPE_session_ticket,ret); 
 		s2n(ticklen,ret);