[PATCH] QUIC: improved ssl_reject_handshake error logging
Sergey Kandaurov
pluknet at nginx.com
Thu Feb 23 12:56:49 UTC 2023
> On 21 Feb 2023, at 15:58, Roman Arutyunyan <arut at nginx.com> wrote:
>
> On Mon, Feb 20, 2023 at 07:37:04PM +0400, Sergey Kandaurov wrote:
>> # HG changeset patch
>> # User Sergey Kandaurov <pluknet at nginx.com>
>> # Date 1676907370 -14400
>> # Mon Feb 20 19:36:10 2023 +0400
>> # Branch quic
>> # Node ID 60b9d9ef878cc87d8a18e968b4f9122534a7deb8
>> # Parent ed403c1fe1f060ee362155bb00c43aaab356e30f
>> QUIC: improved ssl_reject_handshake error logging.
>>
>> The check follows the ngx_ssl_handshake() change in 59e1c73fe02b.
>>
>> diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
>> --- a/src/event/quic/ngx_event_quic_ssl.c
>> +++ b/src/event/quic/ngx_event_quic_ssl.c
>> @@ -422,8 +422,17 @@ ngx_quic_crypto_input(ngx_connection_t *
>> sslerr);
>>
>> if (sslerr != SSL_ERROR_WANT_READ) {
>> +
>> + qc->error_reason = "handshake failed";
>> +
>> + if (c->ssl->handshake_rejected) {
>> + ngx_connection_error(c, 0, "handshake rejected");
>> + ERR_clear_error();
>> +
>> + return NGX_ERROR;
>> + }
>> +
>> ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
>> - qc->error_reason = "handshake failed";
>> return NGX_ERROR;
>> }
>> }
>
> Looks ok
For the record, the patch was slightly simplified after cb7dc35ed428.
Pushed in 639fa6723700.
--
Sergey Kandaurov
More information about the nginx-devel
mailing list