From 8db8943ec31e12fd3b94da945924130eb90237a0 Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Thu, 23 Feb 2023 16:26:38 +0400
Subject: [PATCH] QUIC: improved ssl_reject_handshake error logging.

The check follows the ngx_ssl_handshake() change in 59e1c73fe02b.
---
 src/event/quic/ngx_event_quic_ssl.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
index 2df38b386..f23260d24 100644
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -423,6 +423,14 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data)
                        sslerr);
 
         if (sslerr != SSL_ERROR_WANT_READ) {
+
+            if (c->ssl->handshake_rejected) {
+                ngx_connection_error(c, 0, "handshake rejected");
+                ERR_clear_error();
+
+                return NGX_ERROR;
+            }
+
             ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
             return NGX_ERROR;
         }