Fix a bug caused by the return value being set early to signal successful
DTLS cookie validation. This can mask a later failure and result in a
positive return value being returned from ssl3_get_client_hello(), when
it should return a negative value to propagate the error.

ok beck@