[PATCH] QUIC: improved ssl_reject_handshake error logging
Sergey Kandaurov
pluknet at nginx.com
Mon Feb 20 15:37:04 UTC 2023
# HG changeset patch
# User Sergey Kandaurov <pluknet at nginx.com>
# Date 1676907370 -14400
# Mon Feb 20 19:36:10 2023 +0400
# Branch quic
# Node ID 60b9d9ef878cc87d8a18e968b4f9122534a7deb8
# Parent ed403c1fe1f060ee362155bb00c43aaab356e30f
QUIC: improved ssl_reject_handshake error logging.
The check follows the ngx_ssl_handshake() change in 59e1c73fe02b.
diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -422,8 +422,17 @@ ngx_quic_crypto_input(ngx_connection_t *
sslerr);
if (sslerr != SSL_ERROR_WANT_READ) {
+
+ qc->error_reason = "handshake failed";
+
+ if (c->ssl->handshake_rejected) {
+ ngx_connection_error(c, 0, "handshake rejected");
+ ERR_clear_error();
+
+ return NGX_ERROR;
+ }
+
ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
- qc->error_reason = "handshake failed";
return NGX_ERROR;
}
}
More information about the nginx-devel
mailing list