ssl: don't say we consumed bytes if we didn't consume them

diff --git a/src/app-layer-ssl.c b/src/app-layer-ssl.c
index d8a2638fa251871ee11140933caee7260b4c80c5..b6e5a7dcaa04214be6e1f79758b3a320296b6b14 100644 (file)
--- a/src/app-layer-ssl.c
+++ b/src/app-layer-ssl.c
@@ -509,6 +509,7 @@ static inline int TlsDecodeHSCertificateAddCertToChain(SSLState *ssl_state,
     return 0;
 }
 
+/** \retval consumed bytes consumed or -1 on error */
 static int TlsDecodeHSCertificate(SSLState *ssl_state,
                                   const uint8_t * const initial_input,
                                   const uint32_t input_len)
@@ -518,7 +519,7 @@ static int TlsDecodeHSCertificate(SSLState *ssl_state,
     Asn1Generic *cert = NULL;
 
     if (!(HAS_SPACE(3)))
-        return 1;
+        return 0;
 
     uint32_t cert_chain_len = *input << 16 | *(input + 1) << 8 | *(input + 2);
     input += 3;