diff --git a/mozilla/security/nss/lib/ssl/ssl3ext.c b/mozilla/security/nss/lib/ssl/ssl3ext.c
index c1b029875d2..d291da2e67a 100644
--- a/mozilla/security/nss/lib/ssl/ssl3ext.c
+++ b/mozilla/security/nss/lib/ssl/ssl3ext.c
@@ -41,7 +41,7 @@
  * ***** END LICENSE BLOCK ***** */
 
 /* TLS extension code moved here from ssl3ecc.c */
-/* $Id: ssl3ext.c,v 1.12 2010-02-26 19:25:44 alexei.volkov.bugs%sun.com Exp $ */
+/* $Id: ssl3ext.c,v 1.13 2010-03-01 20:03:45 alexei.volkov.bugs%sun.com Exp $ */
 
 #include "nssrenam.h"
 #include "nss.h"
@@ -1501,6 +1501,8 @@ ssl3_HandleRenegotiationInfoXtn(sslSocket *ss, PRUint16 ex_type, SECItem *data)
 	data->data[0] != len  || (len && 
 	NSS_SecureMemcmp(ss->ssl3.hs.finishedMsgs.data,
 	                 data->data + 1, len))) {
+	/* Can we do this here? Or, must we arrange for the caller to do it? */     
+	(void)SSL3_SendAlert(ss, alert_fatal, handshake_failure);                   
 	PORT_SetError(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE);
 	return SECFailure;
     }