Fix kerberos ciphersuite bugs introduced with PR:1336.

	if (!ok) return((int)n);

	if (s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE)

	if ((s->s3->tmp.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) ||

		((s->s3->tmp.new_cipher->algorithms & SSL_aKRB5) && 

		(s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)))

		{

		s->s3->tmp.reuse_message=1;

		return(1);

	sc=s->session->sess_cert;

	if (sc == NULL)

		{

		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);

		goto err;

		}

	algs=s->s3->tmp.new_cipher->algorithms;

	/* we don't have a certificate */

	if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5))

		return(1);

	if (sc == NULL)

		{

		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR);

		goto err;

		}

#ifndef OPENSSL_NO_RSA

	rsa=s->session->sess_cert->peer_rsa_tmp;

#endif

				SSL_R_DATA_LENGTH_TOO_LONG);

			goto err;

			}

		if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))

		if (!((pms[0] == (s->client_version>>8)) && (pms[1] == (s->client_version & 0xff))))

		    {

		    /* The premaster secret must contain the same version number as the

		     * ClientHello to detect version rollback attacks (strangely, the

		     * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. 

		     * (Perhaps we should have a separate BUG value for the Kerberos cipher)

		     */

		    if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) &&

			   (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))

		    if (!(s->options & SSL_OP_TLS_ROLLBACK_BUG))

		        {

			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

			       SSL_AD_DECODE_ERROR);