From 9ca8f6653c355af527d5be2e8ce4e5c80b55f070 Mon Sep 17 00:00:00 2001
From: Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Date: Wed, 4 Oct 2023 11:58:06 +0200
Subject: [PATCH] Update dtls max version

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
---
 include/openssl/dtls1.h  | 2 +-
 ssl/ssl_local.h          | 2 +-
 ssl/statem/statem_clnt.c | 2 +-
 ssl/statem/statem_lib.c  | 5 +++--
 4 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/include/openssl/dtls1.h b/include/openssl/dtls1.h
index 5dc6b5419c2..024584f426e 100644
--- a/include/openssl/dtls1.h
+++ b/include/openssl/dtls1.h
@@ -27,7 +27,7 @@ extern "C" {
 /* DTLS*_VERSION constants are defined in prov_ssl.h */
 # ifndef OPENSSL_NO_DEPRECATED_3_0
 #  define DTLS_MIN_VERSION                DTLS1_VERSION
-#  define DTLS_MAX_VERSION                DTLS1_2_VERSION
+#  define DTLS_MAX_VERSION                DTLS1_3_VERSION
 # endif
 # define DTLS1_VERSION_MAJOR             0xFE
 
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index 2b8df7d26ce..701145438cb 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -45,7 +45,7 @@
 # endif
 
 # define TLS_MAX_VERSION_INTERNAL TLS1_3_VERSION
-# define DTLS_MAX_VERSION_INTERNAL DTLS1_2_VERSION
+# define DTLS_MAX_VERSION_INTERNAL DTLS1_3_VERSION
 
 /*
  * DTLS version numbers are strange because they're inverted. Except for
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 00a4359bc99..5a6fed1c446 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -192,7 +192,7 @@ static int ossl_statem_client13_read_transition(SSL_CONNECTION *s, int mt)
         if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
 #if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION
             /* Restore digest for PHA before adding message.*/
-# error Internal DTLS version error
+# warning Internal DTLS version error
 #endif
             if (!SSL_CONNECTION_IS_DTLS(s)
                 && s->post_handshake_auth == SSL_PHA_EXT_SENT) {
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index 2424c93484b..123c5b01c69 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1848,12 +1848,13 @@ static const version_info tls_version_table[] = {
     {0, NULL, NULL},
 };
 
-#if DTLS_MAX_VERSION_INTERNAL != DTLS1_2_VERSION
-# error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION.
+#if DTLS_MAX_VERSION_INTERNAL != DTLS1_3_VERSION
+# error Code needs update for DTLS_method() support beyond DTLS1_3_VERSION.
 #endif
 
 /* Must be in order high to low */
 static const version_info dtls_version_table[] = {
+    {DTLS1_3_VERSION, dtlsv1_3_client_method, dtlsv1_3_server_method},
 #ifndef OPENSSL_NO_DTLS1_2
     {DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method},
 #else
-- 
2.47.2