From a68f4e620476f8b038ab9a99652cb85f69bdcb24 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 13 Jun 2021 15:51:10 +0000
Subject: Add SSL_AD_MISSING_EXTENSION.

This is an alert that was added in TLSv1.3 - we already use it internally,
but did not provide the SSL_AD_* define previously.

ok tb@
---
 src/lib/libssl/ssl.h      | 3 ++-
 src/lib/libssl/ssl_stat.c | 8 +++++++-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 1b81c2aed3..4719a50c7e 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.193 2021/06/13 15:47:11 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.194 2021/06/13 15:51:10 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1023,6 +1023,7 @@ int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
 #define SSL_AD_INAPPROPRIATE_FALLBACK		86
 #define SSL_AD_USER_CANCELLED			90
 #define SSL_AD_NO_RENEGOTIATION			100	/* Removed in TLSv1.3 */
+#define SSL_AD_MISSING_EXTENSION		109	/* Added in TLSv1.3. */
 #define SSL_AD_UNSUPPORTED_EXTENSION		110
 #define SSL_AD_CERTIFICATE_UNOBTAINABLE		111	/* Removed in TLSv1.3 */
 #define SSL_AD_UNRECOGNIZED_NAME		112
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
index 67f5222502..b51538c1b2 100644
--- a/src/lib/libssl/ssl_stat.c
+++ b/src/lib/libssl/ssl_stat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_stat.c,v 1.16 2021/06/13 15:29:19 jsing Exp $ */
+/* $OpenBSD: ssl_stat.c,v 1.17 2021/06/13 15:51:10 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -641,6 +641,9 @@ SSL_alert_desc_string(int value)
 	case SSL_AD_NO_RENEGOTIATION:
 		str = "NR";
 		break;
+	case SSL_AD_MISSING_EXTENSION:
+		str = "ME";
+		break;
 	case SSL_AD_UNSUPPORTED_EXTENSION:
 		str = "UE";
 		break;
@@ -735,6 +738,9 @@ SSL_alert_desc_string_long(int value)
 	case SSL_AD_NO_RENEGOTIATION:
 		str = "no renegotiation";
 		break;
+	case SSL_AD_MISSING_EXTENSION:
+		str = "missing extension";
+		break;
 	case SSL_AD_UNSUPPORTED_EXTENSION:
 		str = "unsupported extension";
 		break;
-- 
cgit v1.2.3-55-g6feb