Allow TLS13_AD_MISSING_EXTENSION for older versions

Add a pass-through switch case for TLS13_AD_MISSING_EXTENSION in
ssl3_alert_code() and tls1_alert_code(), so that the call to
SSLfatal() in final_psk() will always actually generate an alert,
even for non-TLS1.3 protocol versions.

Fixes #15375

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15412)

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index cf4d5fe4e7b179659440a20fcf7ad256edbd9bd2..88ac6e4205c8230343f852a612f192aabc653981 100644 (file)
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -589,6 +589,8 @@ int ssl3_alert_code(int code)
         return TLS1_AD_NO_APPLICATION_PROTOCOL;
     case SSL_AD_CERTIFICATE_REQUIRED:
         return SSL_AD_HANDSHAKE_FAILURE;
+    case TLS13_AD_MISSING_EXTENSION:
+        return SSL_AD_HANDSHAKE_FAILURE;
     default:
         return -1;
     }

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 5e9c3a0ee52977371aa506727d687c442801e5a4..886709bf4a5b969729ec337b7890743e0f47c2d0 100644 (file)
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -848,6 +848,8 @@ int tls1_alert_code(int code)
         return TLS1_AD_NO_APPLICATION_PROTOCOL;
     case SSL_AD_CERTIFICATE_REQUIRED:
         return SSL_AD_HANDSHAKE_FAILURE;
+    case TLS13_AD_MISSING_EXTENSION:
+        return SSL_AD_HANDSHAKE_FAILURE;
     default:
         return -1;
     }