diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index fc5316186..f1f9c219e 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -888,7 +888,10 @@ int ssl3_get_server_hello(SSL *s)
 		}
 	s->s3->tmp.new_cipher=c;
 	if (!ssl3_digest_cached_records(s))
+		{
+		al = SSL_AD_INTERNAL_ERROR;
 		goto f_err;
+		}
 
 	/* lets get the compression algorithm */
 	/* COMPRESSION */
@@ -968,7 +971,9 @@ int ssl3_get_server_hello(SSL *s)
 	return(1);
 f_err:
 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+#ifndef OPENSSL_NO_TLSEXT
 err:
+#endif
 	return(-1);
 	}
 
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index b4a6a37d8..14aa451e0 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1269,7 +1269,10 @@ int ssl3_get_client_hello(SSL *s)
 		}
 
 	if (!ssl3_digest_cached_records(s))
+		{
+		al = SSL_AD_INTERNAL_ERROR;
 		goto f_err;
+		}
 	
 	/* we now have the following setup. 
 	 * client_random
@@ -1282,6 +1285,7 @@ int ssl3_get_client_hello(SSL *s)
 	 * s->tmp.new_cipher	- the new cipher to use.
 	 */
 
+#ifndef OPENSSL_NO_TLSEXT
 	/* Handles TLS extensions that we couldn't check earlier */
 	if (s->version >= SSL3_VERSION)
 		{
@@ -1291,6 +1295,7 @@ int ssl3_get_client_hello(SSL *s)
 			goto err;
 			}
 		}
+#endif
 
 	if (ret < 0) ret=1;
 	if (0)