Define SSL_AD_* as actual values.

Rather than having SSL_AD_* as defines that refer to SSL3_AD_* or TLS1_AD_*, just give them actual values directly since it is more readable and the indirection provides no value. Place SSL3_AD_* and TLS1_AD_* under #ifndef LIBRESSL_INTERNAL to prevent further usage. ok tb@
author: jsing <> 2021-06-13 15:47:11 +0000
committer: jsing <> 2021-06-13 15:47:11 +0000
commit: 585c11d2b544684d641066bf05e3fc3734d50309 (patch)
tree: 2476825cefcc33fed1c57a651360cf0aa187c8bd
parent: 83aea7ddd63a4f3e06d9e54201546df2afd0807b (diff)
download: openbsd-585c11d2b544684d641066bf05e3fc3734d50309.tar.gz
openbsd-585c11d2b544684d641066bf05e3fc3734d50309.tar.bz2
openbsd-585c11d2b544684d641066bf05e3fc3734d50309.zip
3 files changed, 49 insertions, 42 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 509b353fd5..1b81c2aed3 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.192 2021/06/13 15:29:54 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.193 2021/06/13 15:47:11 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -988,43 +988,52 @@ SSL_SESSION *PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x,
 int PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x);
 int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
-#define SSL_AD_REASON_OFFSET            1000 /* offset to get SSL_R_... value from SSL_AD_... */
+/*
+ * TLS Alerts.
+ *
+ * https://www.iana.org/assignments/tls-parameters/#tls-parameters-6
+ */
+/* Obsolete alerts. */
 #ifndef LIBRESSL_INTERNAL
-#define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED       /* Removed in TLSv1.1 */
+#define SSL_AD_DECRYPTION_FAILED                21      /* Removed in TLSv1.1 */
-#define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE          /* Removed in TLSv1.0 */
+#define SSL_AD_NO_CERTIFICATE                   41      /* Removed in TLSv1.0 */
-#define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION      /* Removed in TLSv1.1 */
+#define SSL_AD_EXPORT_RESTRICTION               60      /* Removed in TLSv1.1 */
 #endif
-/* These alert types are for SSLv3 and TLSv1 */
+#define SSL_AD_CLOSE_NOTIFY                     0
-#define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
+#define SSL_AD_UNEXPECTED_MESSAGE               10
-#define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE /* fatal */
+#define SSL_AD_BAD_RECORD_MAC                   20
-#define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC     /* fatal */
+#define SSL_AD_RECORD_OVERFLOW                  22
-#define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
+#define SSL_AD_DECOMPRESSION_FAILURE            30      /* Removed in TLSv1.3 */
-#define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE/* fatal */
+#define SSL_AD_HANDSHAKE_FAILURE                40
-#define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE/* fatal */
+#define SSL_AD_BAD_CERTIFICATE                  42
-#define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
+#define SSL_AD_UNSUPPORTED_CERTIFICATE          43
-#define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
+#define SSL_AD_CERTIFICATE_REVOKED              44
-#define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
+#define SSL_AD_CERTIFICATE_EXPIRED              45
-#define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
+#define SSL_AD_CERTIFICATE_UNKNOWN              46
-#define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
+#define SSL_AD_ILLEGAL_PARAMETER                47
-#define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER   /* fatal */
+#define SSL_AD_UNKNOWN_CA                       48
-#define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA      /* fatal */
+#define SSL_AD_ACCESS_DENIED                    49
-#define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED   /* fatal */
+#define SSL_AD_DECODE_ERROR                     50
-#define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR    /* fatal */
+#define SSL_AD_DECRYPT_ERROR                    51
-#define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
+#define SSL_AD_PROTOCOL_VERSION                 70
-#define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION /* fatal */
+#define SSL_AD_INSUFFICIENT_SECURITY            71
-#define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
+#define SSL_AD_INTERNAL_ERROR                   80
-#define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR  /* fatal */
+#define SSL_AD_INAPPROPRIATE_FALLBACK           86
-#define SSL_AD_INAPPROPRIATE_FALLBACK   TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */
+#define SSL_AD_USER_CANCELLED                   90
-#define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
+#define SSL_AD_NO_RENEGOTIATION                 100     /* Removed in TLSv1.3 */
-#define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
+#define SSL_AD_UNSUPPORTED_EXTENSION            110
-#define SSL_AD_UNSUPPORTED_EXTENSION    TLS1_AD_UNSUPPORTED_EXTENSION
+#define SSL_AD_CERTIFICATE_UNOBTAINABLE         111     /* Removed in TLSv1.3 */
-#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
+#define SSL_AD_UNRECOGNIZED_NAME                112
-#define SSL_AD_UNRECOGNIZED_NAME        TLS1_AD_UNRECOGNIZED_NAME
+#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE  113
-#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE       114     /* Removed in TLSv1.3 */
-#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
+#define SSL_AD_UNKNOWN_PSK_IDENTITY             115
-#define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */
+#define SSL_AD_CERTIFICATE_REQUIRED             116
+#define SSL_AD_NO_APPLICATION_PROTOCOL          120
+/* Offset to get an SSL_R_... value from an SSL_AD_... value. */
+#define SSL_AD_REASON_OFFSET                    1000
 #define SSL_ERROR_NONE                  0
 #define SSL_ERROR_SSL                   1
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index 631f8dee23..04c12bca9c 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.53 2021/05/10 17:10:57 tb Exp $ */
+/* $OpenBSD: ssl3.h,v 1.54 2021/06/13 15:47:11 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -297,6 +297,7 @@ extern "C" {
 #define SSL3_AL_WARNING                 1
 #define SSL3_AL_FATAL                   2
+#ifndef LIBRESSL_INTERNAL
 #define SSL3_AD_CLOSE_NOTIFY             0
 #define SSL3_AD_UNEXPECTED_MESSAGE      10      /* fatal */
 #define SSL3_AD_BAD_RECORD_MAC          20      /* fatal */
@@ -309,6 +310,7 @@ extern "C" {
 #define SSL3_AD_CERTIFICATE_EXPIRED     45
 #define SSL3_AD_CERTIFICATE_UNKNOWN     46
 #define SSL3_AD_ILLEGAL_PARAMETER       47      /* fatal */
+#endif
 #define TLS1_HB_REQUEST         1
 #define TLS1_HB_RESPONSE        2
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 628a6b2fca..771ed96fc9 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.42 2021/03/10 18:32:38 jsing Exp $ */
+/* $OpenBSD: tls1.h,v 1.43 2021/06/13 15:47:11 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -185,12 +185,7 @@ extern "C" {
                ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
 #endif
-/*
+#ifndef LIBRESSL_INTERNAL
- * TLS Alert codes.
- *
- * https://www.iana.org/assignments/tls-parameters/#tls-parameters-6
- */
 #define TLS1_AD_DECRYPTION_FAILED               21
 #define TLS1_AD_RECORD_OVERFLOW                 22
 #define TLS1_AD_UNKNOWN_CA                      48      /* fatal */
@@ -213,6 +208,7 @@ extern "C" {
 #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE      114
 /* Code 115 from RFC 4279. */
 #define TLS1_AD_UNKNOWN_PSK_IDENTITY            115     /* fatal */
+#endif
 /*
 * TLS ExtensionType values.
author	jsing <>	2021-06-13 15:47:11 +0000
committer	jsing <>	2021-06-13 15:47:11 +0000
commit	585c11d2b544684d641066bf05e3fc3734d50309 (patch)
tree	2476825cefcc33fed1c57a651360cf0aa187c8bd
parent	83aea7ddd63a4f3e06d9e54201546df2afd0807b (diff)
download	openbsd-585c11d2b544684d641066bf05e3fc3734d50309.tar.gz openbsd-585c11d2b544684d641066bf05e3fc3734d50309.tar.bz2 openbsd-585c11d2b544684d641066bf05e3fc3734d50309.zip

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 509b353fd5..1b81c2aed3 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.192 2021/06/13 15:29:54 jsing Exp $ */	1	/* $OpenBSD: ssl.h,v 1.193 2021/06/13 15:47:11 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -988,43 +988,52 @@ SSL_SESSION PEM_read_SSL_SESSION(FILE fp, SSL_SESSION **x,
988	int PEM_write_bio_SSL_SESSION(BIO bp, SSL_SESSION x);	988	int PEM_write_bio_SSL_SESSION(BIO bp, SSL_SESSION x);
989	int PEM_write_SSL_SESSION(FILE fp, SSL_SESSION x);	989	int PEM_write_SSL_SESSION(FILE fp, SSL_SESSION x);
990		990
991	#define SSL_AD_REASON_OFFSET 1000 /* offset to get SSL_R_... value from SSL_AD_... */	991	/*
		992	* TLS Alerts.
		993	*
		994	* https://www.iana.org/assignments/tls-parameters/#tls-parameters-6
		995	*/
992		996
		997	/* Obsolete alerts. */
993	#ifndef LIBRESSL_INTERNAL	998	#ifndef LIBRESSL_INTERNAL
994	#define SSL_AD_DECRYPTION_FAILED TLS1_AD_DECRYPTION_FAILED /* Removed in TLSv1.1 */	999	#define SSL_AD_DECRYPTION_FAILED 21 /* Removed in TLSv1.1 */
995	#define SSL_AD_NO_CERTIFICATE SSL3_AD_NO_CERTIFICATE /* Removed in TLSv1.0 */	1000	#define SSL_AD_NO_CERTIFICATE 41 /* Removed in TLSv1.0 */
996	#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION /* Removed in TLSv1.1 */	1001	#define SSL_AD_EXPORT_RESTRICTION 60 /* Removed in TLSv1.1 */
997	#endif	1002	#endif
998		1003
999	/* These alert types are for SSLv3 and TLSv1 */	1004	#define SSL_AD_CLOSE_NOTIFY 0
1000	#define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY	1005	#define SSL_AD_UNEXPECTED_MESSAGE 10
1001	#define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */	1006	#define SSL_AD_BAD_RECORD_MAC 20
1002	#define SSL_AD_BAD_RECORD_MAC SSL3_AD_BAD_RECORD_MAC /* fatal */	1007	#define SSL_AD_RECORD_OVERFLOW 22
1003	#define SSL_AD_RECORD_OVERFLOW TLS1_AD_RECORD_OVERFLOW	1008	#define SSL_AD_DECOMPRESSION_FAILURE 30 /* Removed in TLSv1.3 */
1004	#define SSL_AD_DECOMPRESSION_FAILURE SSL3_AD_DECOMPRESSION_FAILURE/* fatal */	1009	#define SSL_AD_HANDSHAKE_FAILURE 40
1005	#define SSL_AD_HANDSHAKE_FAILURE SSL3_AD_HANDSHAKE_FAILURE/* fatal */	1010	#define SSL_AD_BAD_CERTIFICATE 42
1006	#define SSL_AD_BAD_CERTIFICATE SSL3_AD_BAD_CERTIFICATE	1011	#define SSL_AD_UNSUPPORTED_CERTIFICATE 43
1007	#define SSL_AD_UNSUPPORTED_CERTIFICATE SSL3_AD_UNSUPPORTED_CERTIFICATE	1012	#define SSL_AD_CERTIFICATE_REVOKED 44
1008	#define SSL_AD_CERTIFICATE_REVOKED SSL3_AD_CERTIFICATE_REVOKED	1013	#define SSL_AD_CERTIFICATE_EXPIRED 45
1009	#define SSL_AD_CERTIFICATE_EXPIRED SSL3_AD_CERTIFICATE_EXPIRED	1014	#define SSL_AD_CERTIFICATE_UNKNOWN 46
1010	#define SSL_AD_CERTIFICATE_UNKNOWN SSL3_AD_CERTIFICATE_UNKNOWN	1015	#define SSL_AD_ILLEGAL_PARAMETER 47
1011	#define SSL_AD_ILLEGAL_PARAMETER SSL3_AD_ILLEGAL_PARAMETER /* fatal */	1016	#define SSL_AD_UNKNOWN_CA 48
1012	#define SSL_AD_UNKNOWN_CA TLS1_AD_UNKNOWN_CA /* fatal */	1017	#define SSL_AD_ACCESS_DENIED 49
1013	#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */	1018	#define SSL_AD_DECODE_ERROR 50
1014	#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */	1019	#define SSL_AD_DECRYPT_ERROR 51
1015	#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR	1020	#define SSL_AD_PROTOCOL_VERSION 70
1016	#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */	1021	#define SSL_AD_INSUFFICIENT_SECURITY 71
1017	#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */	1022	#define SSL_AD_INTERNAL_ERROR 80
1018	#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */	1023	#define SSL_AD_INAPPROPRIATE_FALLBACK 86
1019	#define SSL_AD_INAPPROPRIATE_FALLBACK TLS1_AD_INAPPROPRIATE_FALLBACK /* fatal */	1024	#define SSL_AD_USER_CANCELLED 90
1020	#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED	1025	#define SSL_AD_NO_RENEGOTIATION 100 /* Removed in TLSv1.3 */
1021	#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION	1026	#define SSL_AD_UNSUPPORTED_EXTENSION 110
1022	#define SSL_AD_UNSUPPORTED_EXTENSION TLS1_AD_UNSUPPORTED_EXTENSION	1027	#define SSL_AD_CERTIFICATE_UNOBTAINABLE 111 /* Removed in TLSv1.3 */
1023	#define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE	1028	#define SSL_AD_UNRECOGNIZED_NAME 112
1024	#define SSL_AD_UNRECOGNIZED_NAME TLS1_AD_UNRECOGNIZED_NAME	1029	#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
1025	#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE	1030	#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE 114 /* Removed in TLSv1.3 */
1026	#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE	1031	#define SSL_AD_UNKNOWN_PSK_IDENTITY 115
1027	#define SSL_AD_UNKNOWN_PSK_IDENTITY TLS1_AD_UNKNOWN_PSK_IDENTITY /* fatal */	1032	#define SSL_AD_CERTIFICATE_REQUIRED 116
		1033	#define SSL_AD_NO_APPLICATION_PROTOCOL 120
		1034
		1035	/* Offset to get an SSL_R_... value from an SSL_AD_... value. */
		1036	#define SSL_AD_REASON_OFFSET 1000
1028		1037
1029	#define SSL_ERROR_NONE 0	1038	#define SSL_ERROR_NONE 0
1030	#define SSL_ERROR_SSL 1	1039	#define SSL_ERROR_SSL 1


diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 631f8dee23..04c12bca9c 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl3.h,v 1.53 2021/05/10 17:10:57 tb Exp $ */	1	/* $OpenBSD: ssl3.h,v 1.54 2021/06/13 15:47:11 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -297,6 +297,7 @@ extern "C" {
297	#define SSL3_AL_WARNING 1	297	#define SSL3_AL_WARNING 1
298	#define SSL3_AL_FATAL 2	298	#define SSL3_AL_FATAL 2
299		299
		300	#ifndef LIBRESSL_INTERNAL
300	#define SSL3_AD_CLOSE_NOTIFY 0	301	#define SSL3_AD_CLOSE_NOTIFY 0
301	#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */	302	#define SSL3_AD_UNEXPECTED_MESSAGE 10 /* fatal */
302	#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */	303	#define SSL3_AD_BAD_RECORD_MAC 20 /* fatal */
@@ -309,6 +310,7 @@ extern "C" {
309	#define SSL3_AD_CERTIFICATE_EXPIRED 45	310	#define SSL3_AD_CERTIFICATE_EXPIRED 45
310	#define SSL3_AD_CERTIFICATE_UNKNOWN 46	311	#define SSL3_AD_CERTIFICATE_UNKNOWN 46
311	#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */	312	#define SSL3_AD_ILLEGAL_PARAMETER 47 /* fatal */
		313	#endif
312		314
313	#define TLS1_HB_REQUEST 1	315	#define TLS1_HB_REQUEST 1
314	#define TLS1_HB_RESPONSE 2	316	#define TLS1_HB_RESPONSE 2


diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index 628a6b2fca..771ed96fc9 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls1.h,v 1.42 2021/03/10 18:32:38 jsing Exp $ */	1	/* $OpenBSD: tls1.h,v 1.43 2021/06/13 15:47:11 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -185,12 +185,7 @@ extern "C" {
185	((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)	185	((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
186	#endif	186	#endif
187		187
188	/*	188	#ifndef LIBRESSL_INTERNAL
189	* TLS Alert codes.
190	*
191	* https://www.iana.org/assignments/tls-parameters/#tls-parameters-6
192	*/
193
194	#define TLS1_AD_DECRYPTION_FAILED 21	189	#define TLS1_AD_DECRYPTION_FAILED 21
195	#define TLS1_AD_RECORD_OVERFLOW 22	190	#define TLS1_AD_RECORD_OVERFLOW 22
196	#define TLS1_AD_UNKNOWN_CA 48 /* fatal */	191	#define TLS1_AD_UNKNOWN_CA 48 /* fatal */
@@ -213,6 +208,7 @@ extern "C" {
213	#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114	208	#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
214	/* Code 115 from RFC 4279. */	209	/* Code 115 from RFC 4279. */
215	#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */	210	#define TLS1_AD_UNKNOWN_PSK_IDENTITY 115 /* fatal */
		211	#endif
216		212
217	/*	213	/*
218	* TLS ExtensionType values.	214	* TLS ExtensionType values.