[PATCH] SSL: decrease log level of SSL_R_NO_RENEGOTIATION to "info"

Piotr Sikora piotrsikora at google.com
Wed Oct 19 07:51:36 UTC 2016


# HG changeset patch
# User Piotr Sikora <piotrsikora at google.com>
# Date 1476859304 25200
#      Tue Oct 18 23:41:44 2016 -0700
# Node ID ae85978091f832d27d862e468ee5e4cbfb18da11
# Parent  8081e1f3ab8b9ccb4e2d7f9240cbfb8e404a3c95
SSL: decrease log level of SSL_R_NO_RENEGOTIATION to "info".

Previously, "no renegotiation" error was logged at the "critical" level
when using BoringSSL, which rejects renegotiation at the protocol level.

Signed-off-by: Piotr Sikora <piotrsikora at google.com>

diff -r 8081e1f3ab8b -r ae85978091f8 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2045,6 +2045,9 @@ ngx_ssl_connection_error(ngx_connection_
 #ifdef SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED
             || n == SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED       /*  338 */
 #endif
+#ifdef SSL_R_NO_RENEGOTIATION
+            || n == SSL_R_NO_RENEGOTIATION                           /*  339 */
+#endif
 #ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
             || n == SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           /*  345 */
 #endif



More information about the nginx-devel mailing list