Commit b3d26e438a for openssl.org
commit b3d26e438a6a0d879bb0383de866a0474238cd61
Author: Andrew Dinh <andrewd@openssl.org>
Date: Thu Sep 11 17:06:59 2025 +1000
Rename SSL3 error codes to TLS equivalents
Updated error code names and references from SSL3 to TLS in error definitions and error strings. Legacy error codes are preserved in sslerr_legacy.h for backward compatibility
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša NedvÄ›dický <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29338)
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index a3fce49548..91aa11d1a6 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -45,19 +45,19 @@ L OSSL_DECODER include/openssl/decodererr.h crypto/encode_decode/decoder_err
L HTTP include/openssl/httperr.h crypto/http/http_err.c include/crypto/httperr.h
# SSL/TLS alerts
-R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
-R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
+R SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE 1010
+R SSL_R_TLS_ALERT_BAD_RECORD_MAC 1020
R SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
R SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
-R SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
-R SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
-R SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
-R SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
-R SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
-R SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
-R SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
-R SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
-R SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
+R SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE 1030
+R SSL_R_TLS_ALERT_HANDSHAKE_FAILURE 1040
+R SSL_R_TLS_ALERT_NO_CERTIFICATE 1041
+R SSL_R_TLS_ALERT_BAD_CERTIFICATE 1042
+R SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE 1043
+R SSL_R_TLS_ALERT_CERTIFICATE_REVOKED 1044
+R SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED 1045
+R SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN 1046
+R SSL_R_TLS_ALERT_ILLEGAL_PARAMETER 1047
R SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049
R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 1c160cecb5..3302b94a1e 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1586,22 +1586,22 @@ SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES:362:srtp could not allocate profiles
SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG:363:\
srtp protection profile list too long
SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE:364:srtp unknown protection profile
-SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH:232:\
+SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH:232:\
ssl3 ext invalid max fragment length
-SSL_R_SSL3_EXT_INVALID_SERVERNAME:319:ssl3 ext invalid servername
-SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE:320:ssl3 ext invalid servername type
-SSL_R_SSL3_SESSION_ID_TOO_LONG:300:ssl3 session id too long
-SSL_R_SSLV3_ALERT_BAD_CERTIFICATE:1042:ssl/tls alert bad certificate
-SSL_R_SSLV3_ALERT_BAD_RECORD_MAC:1020:ssl/tls alert bad record mac
-SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED:1045:ssl/tls alert certificate expired
-SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED:1044:ssl/tls alert certificate revoked
-SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN:1046:ssl/tls alert certificate unknown
-SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE:1030:ssl/tls alert decompression failure
-SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE:1040:ssl/tls alert handshake failure
-SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER:1047:ssl/tls alert illegal parameter
-SSL_R_SSLV3_ALERT_NO_CERTIFICATE:1041:ssl/tls alert no certificate
-SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE:1010:ssl/tls alert unexpected message
-SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE:1043:\
+SSL_R_TLS_EXT_INVALID_SERVERNAME:319:ssl3 ext invalid servername
+SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE:320:ssl3 ext invalid servername type
+SSL_R_TLS_SESSION_ID_TOO_LONG:300:ssl3 session id too long
+SSL_R_TLS_ALERT_BAD_CERTIFICATE:1042:ssl/tls alert bad certificate
+SSL_R_TLS_ALERT_BAD_RECORD_MAC:1020:ssl/tls alert bad record mac
+SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED:1045:ssl/tls alert certificate expired
+SSL_R_TLS_ALERT_CERTIFICATE_REVOKED:1044:ssl/tls alert certificate revoked
+SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN:1046:ssl/tls alert certificate unknown
+SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE:1030:ssl/tls alert decompression failure
+SSL_R_TLS_ALERT_HANDSHAKE_FAILURE:1040:ssl/tls alert handshake failure
+SSL_R_TLS_ALERT_ILLEGAL_PARAMETER:1047:ssl/tls alert illegal parameter
+SSL_R_TLS_ALERT_NO_CERTIFICATE:1041:ssl/tls alert no certificate
+SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE:1010:ssl/tls alert unexpected message
+SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE:1043:\
ssl/tls alert unsupported certificate
SSL_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty
SSL_R_SSL_COMMAND_SECTION_NOT_FOUND:125:ssl command section not found
diff --git a/crypto/ssl_err.c b/crypto/ssl_err.c
index c8963522a3..9fce52bf7c 100644
--- a/crypto/ssl_err.c
+++ b/crypto/ssl_err.c
@@ -422,36 +422,36 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
"srtp protection profile list too long" },
{ ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),
"srtp unknown protection profile" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH),
- "ssl3 ext invalid max fragment length" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME),
- "ssl3 ext invalid servername" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
- "ssl3 ext invalid servername type" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG),
- "ssl3 session id too long" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
- "ssl/tls alert bad certificate" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
- "ssl/tls alert bad record mac" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
- "ssl/tls alert certificate expired" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
- "ssl/tls alert certificate revoked" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
- "ssl/tls alert certificate unknown" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
- "ssl/tls alert decompression failure" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
- "ssl/tls alert handshake failure" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
- "ssl/tls alert illegal parameter" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
- "ssl/tls alert no certificate" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
- "ssl/tls alert unexpected message" },
- { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
- "ssl/tls alert unsupported certificate" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH),
+ "tls ext invalid max fragment length" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_EXT_INVALID_SERVERNAME),
+ "tls ext invalid servername" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE),
+ "tls ext invalid servername type" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_SESSION_ID_TOO_LONG),
+ "tls session id too long" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_BAD_CERTIFICATE),
+ "tls alert bad certificate" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_BAD_RECORD_MAC),
+ "tls alert bad record mac" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED),
+ "tls alert certificate expired" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_CERTIFICATE_REVOKED),
+ "tls alert certificate revoked" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN),
+ "tls alert certificate unknown" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE),
+ "tls alert decompression failure" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_HANDSHAKE_FAILURE),
+ "tls alert handshake failure" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_ILLEGAL_PARAMETER),
+ "tls alert illegal parameter" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_NO_CERTIFICATE),
+ "tls alert no certificate" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE),
+ "tls alert unexpected message" },
+ { ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE),
+ "tls alert unsupported certificate" },
{ ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_EMPTY),
"ssl command section empty" },
{ ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND),
diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
index 3f0568f285..24dbf0d7c3 100644
--- a/include/openssl/sslerr.h
+++ b/include/openssl/sslerr.h
@@ -266,21 +266,21 @@
#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES 362
#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG 363
#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE 364
-#define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
-#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
+#define SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH 232
+#define SSL_R_TLS_EXT_INVALID_SERVERNAME 319
+#define SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE 320
+#define SSL_R_TLS_SESSION_ID_TOO_LONG 300
+#define SSL_R_TLS_ALERT_BAD_CERTIFICATE 1042
+#define SSL_R_TLS_ALERT_BAD_RECORD_MAC 1020
+#define SSL_R_TLS_ALERT_CERTIFICATE_EXPIRED 1045
+#define SSL_R_TLS_ALERT_CERTIFICATE_REVOKED 1044
+#define SSL_R_TLS_ALERT_CERTIFICATE_UNKNOWN 1046
+#define SSL_R_TLS_ALERT_DECOMPRESSION_FAILURE 1030
+#define SSL_R_TLS_ALERT_HANDSHAKE_FAILURE 1040
+#define SSL_R_TLS_ALERT_ILLEGAL_PARAMETER 1047
+#define SSL_R_TLS_ALERT_NO_CERTIFICATE 1041
+#define SSL_R_TLS_ALERT_UNEXPECTED_MESSAGE 1010
+#define SSL_R_TLS_ALERT_UNSUPPORTED_CERTIFICATE 1043
#define SSL_R_SSL_COMMAND_SECTION_EMPTY 117
#define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND 125
#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228
diff --git a/include/openssl/sslerr_legacy.h b/include/openssl/sslerr_legacy.h
index 8cf1ebd7b0..fd3453e413 100644
--- a/include/openssl/sslerr_legacy.h
+++ b/include/openssl/sslerr_legacy.h
@@ -461,6 +461,26 @@ OSSL_DEPRECATEDIN_3_0 int ERR_load_SSL_strings(void);
#define SSL_F_WRITE_STATE_MACHINE 0
#endif
+#ifndef OPENSSL_NO_DEPRECATED_4_0
+
+#define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH 232
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME 319
+#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE 320
+#define SSL_R_SSL3_SESSION_ID_TOO_LONG 300
+#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042
+#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED 1044
+#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN 1046
+#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE 1030
+#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040
+#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047
+#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041
+#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
+#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043
+
+#endif
+
#ifdef __cplusplus
}
#endif
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 397ddf4bf5..872812e4f4 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -4003,7 +4003,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
break;
len = strlen((char *)parg);
if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
- ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
+ ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_SERVERNAME);
return 0;
}
if ((sc->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
@@ -4011,7 +4011,7 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
return 0;
}
} else {
- ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
+ ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_SERVERNAME_TYPE);
return 0;
}
break;
diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
index 1833a61799..e91b7400ea 100644
--- a/ssl/statem/extensions_clnt.c
+++ b/ssl/statem/extensions_clnt.c
@@ -1365,7 +1365,7 @@ int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt,
/* |value| should contains a valid max-fragment-length code. */
if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
- SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+ SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
return 0;
}
@@ -1377,7 +1377,7 @@ int tls_parse_stoc_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt,
*/
if (value != s->ext.max_fragment_len_mode) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
- SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+ SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
return 0;
}
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index c4aef4c939..f241861740 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -188,7 +188,7 @@ int tls_parse_ctos_maxfragmentlen(SSL_CONNECTION *s, PACKET *pkt,
/* Received |value| should be a valid max-fragment-length code. */
if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) {
SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
- SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+ SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
return 0;
}
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index a9b229fca3..3907664ebc 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1518,7 +1518,7 @@ MSG_PROCESS_RETURN tls_process_server_hello(SSL_CONNECTION *s, PACKET *pkt)
session_id_len = PACKET_remaining(&session_id);
if (session_id_len > sizeof(s->session->session_id)
|| session_id_len > SSL3_SESSION_ID_SIZE) {
- SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_SSL3_SESSION_ID_TOO_LONG);
+ SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_R_TLS_SESSION_ID_TOO_LONG);
goto err;
}
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 9ece318950..02f5d43055 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -4779,7 +4779,7 @@ int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode)
{
if (mode != TLSEXT_max_fragment_length_DISABLED
&& !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
- ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+ ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
return 0;
}
@@ -4797,7 +4797,7 @@ int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode)
if (mode != TLSEXT_max_fragment_length_DISABLED
&& !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
- ERR_raise(ERR_LIB_SSL, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+ ERR_raise(ERR_LIB_SSL, SSL_R_TLS_EXT_INVALID_MAX_FRAGMENT_LENGTH);
return 0;
}