Fix a bug caused by the return value being set early to signal successful

Fix a bug caused by the return value being set early to signal successful
DTLS cookie validation. This can mask a later failure and result in a
positive return value being returned from ssl3_get_client_hello(), when
it should return a negative value to propagate the error.

Ironically this was introduced in OpenSSL 2e9802b7a7b with the commit
message "Fix DTLS cookie management bugs".

Fix based on OpenSSL.

Issue reported by Nicolas Bouliane <nbouliane at jive dot com>.

ok beck@