Define TLSEXT_nid_unknown NGINX requires this constant if SSL_get_negotiated_group is defined. OpenSSL returns this to indicate a named group constant it doesn't understand, which doesn't make sense out of SSL_get_negotiated_group because the library wouldn't negotiate a group it doesn't know about. Nonetheless, define it for compatibility. Fixed: 615 Change-Id: I05a6d607912bb8507be9ac6ff5fe1699b4715f6b Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/60326 Commit-Queue: Adam Langley <agl@google.com> Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Auto-Submit: David Benjamin <davidben@google.com>

commit: 28c24092e39bfd70852afa2923a3d12d2e9be2f5 [log] [tgz]
author: David Benjamin <davidben@google.com> Thu Jun 01 18:59:34 2023 -0400
committer: Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Jun 01 23:16:27 2023 +0000
tree: 7397561320b1a23d9d86d38c422a4f34c14a5352
parent: be0fdf7fde7c96c54b463fa3e5033298201fde94 [diff]
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 7974b27..1de31e8 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -5268,6 +5268,11 @@
 #define SSL_CURVE_X25519 SSL_GROUP_X25519
 #define SSL_CURVE_X25519_KYBER768_DRAFT00 SSL_GROUP_X25519_KYBER768_DRAFT00
 
+// TLSEXT_nid_unknown is a constant used in OpenSSL for
+// |SSL_get_negotiated_group| to return an unrecognized group. BoringSSL never
+// returns this value, but we define this constant for compatibility.
+#define TLSEXT_nid_unknown 0x1000000
+
 
 // Compliance policy configurations
 //
commit	28c24092e39bfd70852afa2923a3d12d2e9be2f5	[log] [tgz]
author	David Benjamin <davidben@google.com>	Thu Jun 01 18:59:34 2023 -0400
committer	Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>	Thu Jun 01 23:16:27 2023 +0000
tree	7397561320b1a23d9d86d38c422a4f34c14a5352
parent	be0fdf7fde7c96c54b463fa3e5033298201fde94 [diff]