Fijxu
/
nginx-quic
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SSL: logging levels of various errors added in OpenSSL 1.1.1. 

Starting with OpenSSL 1.1.1, various additional errors can be reported
by OpenSSL in case of client-related issues, most notably during TLSv1.3
handshakes.  In particular, SSL_R_BAD_KEY_SHARE ("bad key share"),
SSL_R_BAD_EXTENSION ("bad extension"), SSL_R_BAD_CIPHER ("bad cipher"),
SSL_R_BAD_ECPOINT ("bad ecpoint").  These are now logged at the "info"
level.
This commit is contained in:
Maxim Dounin 2022-07-12 15:55:22 +03:00
parent 86fa8882c8
commit f94e5b01a7
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/event/ngx_event_openssl.c
View File

@ -3343,6 +3343,12 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
#ifdef SSL_R_NO_SUITABLE_KEY_SHARE
|| n == SSL_R_NO_SUITABLE_KEY_SHARE /* 101 */
#endif
#ifdef SSL_R_BAD_KEY_SHARE
|| n == SSL_R_BAD_KEY_SHARE /* 108 */
#endif
#ifdef SSL_R_BAD_EXTENSION
|| n == SSL_R_BAD_EXTENSION /* 110 */
#endif
#ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM
|| n == SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM /* 118 */
#endif
@ -3357,6 +3363,9 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
|| n == SSL_R_NO_CIPHERS_PASSED /* 182 */
#endif
|| n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */
#ifdef SSL_R_BAD_CIPHER
|| n == SSL_R_BAD_CIPHER /* 186 */
#endif
|| n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */
|| n == SSL_R_NO_SHARED_CIPHER /* 193 */
|| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */
@ -3391,6 +3400,9 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
#ifdef SSL_R_APPLICATION_DATA_ON_SHUTDOWN
|| n == SSL_R_APPLICATION_DATA_ON_SHUTDOWN /* 291 */
#endif
#ifdef SSL_R_BAD_ECPOINT
|| n == SSL_R_BAD_ECPOINT /* 306 */
#endif
#ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
|| n == SSL_R_RENEGOTIATE_EXT_TOO_LONG /* 335 */
|| n == SSL_R_RENEGOTIATION_ENCODING_ERR /* 336 */