Allow TLS13_AD_MISSING_EXTENSION for older versions

Add a pass-through switch case for TLS13_AD_MISSING_EXTENSION in ssl3_alert_code() and tls1_alert_code(), so that the call to SSLfatal() in final_psk() will always actually generate an alert, even for non-TLS1.3 protocol versions. Fixes #15375 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15412)
author: Benjamin Kaduk <bkaduk@akamai.com> 2021-05-21 19:25:00 +0200
committer: Benjamin Kaduk <bkaduk@akamai.com> 2021-05-25 23:13:22 +0200
commit: 1376708c1cfee91a891057db132aa45aa2a81a98 (patch)
tree: 7b1390240151d6e8f49d2a18ff162e62323ac450 /ssl/t1_enc.c
parent: Remove tmp file smcont.signed_ that was used for debuggin PR #15347 (diff)
download: openssl-1376708c1cfee91a891057db132aa45aa2a81a98.tar.xz
openssl-1376708c1cfee91a891057db132aa45aa2a81a98.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 5e9c3a0ee5..886709bf4a 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -848,6 +848,8 @@ int tls1_alert_code(int code)
         return TLS1_AD_NO_APPLICATION_PROTOCOL;
     case SSL_AD_CERTIFICATE_REQUIRED:
         return SSL_AD_HANDSHAKE_FAILURE;
+    case TLS13_AD_MISSING_EXTENSION:
+        return SSL_AD_HANDSHAKE_FAILURE;
     default:
         return -1;
     }
author	Benjamin Kaduk <bkaduk@akamai.com>	2021-05-21 19:25:00 +0200
committer	Benjamin Kaduk <bkaduk@akamai.com>	2021-05-25 23:13:22 +0200
commit	1376708c1cfee91a891057db132aa45aa2a81a98 (patch)
tree	7b1390240151d6e8f49d2a18ff162e62323ac450 /ssl/t1_enc.c
parent	Remove tmp file smcont.signed_ that was used for debuggin PR #15347 (diff)
download	openssl-1376708c1cfee91a891057db132aa45aa2a81a98.tar.xz openssl-1376708c1cfee91a891057db132aa45aa2a81a98.zip