Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_ssl.c @ 9077:cb7dc35ed428 quic
QUIC: moved "handshake failed" reason to send_alert.
A QUIC handshake failure breaks down into several cases:
- a handshake error which leads to a send_alert call
- an error triggered by the add_handshake_data callback
- internal errors (allocation etc)
Previously, in the first case, only error code was set in the send_alert
callback. Now the "handshake failed" reason phrase is set there as well.
In the second case, both code and reason are set by add_handshake_data.
In the last case, setting reason phrase is removed: returning NGX_ERROR
now leads to closing the connection with just INTERNAL_ERROR.
Reported by Jiuzhou Cui.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 23 Feb 2023 16:16:56 +0400 |
parents | 5dcea9f91482 |
children | 0f4f781e57c1 |
comparison
equal
deleted
inserted
replaced
9076:5dcea9f91482 | 9077:cb7dc35ed428 |
---|---|
299 if (qc == NULL) { | 299 if (qc == NULL) { |
300 return 1; | 300 return 1; |
301 } | 301 } |
302 | 302 |
303 qc->error = NGX_QUIC_ERR_CRYPTO(alert); | 303 qc->error = NGX_QUIC_ERR_CRYPTO(alert); |
304 qc->error_reason = "handshake failed"; | |
304 | 305 |
305 return 1; | 306 return 1; |
306 } | 307 } |
307 | 308 |
308 | 309 |
421 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", | 422 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", |
422 sslerr); | 423 sslerr); |
423 | 424 |
424 if (sslerr != SSL_ERROR_WANT_READ) { | 425 if (sslerr != SSL_ERROR_WANT_READ) { |
425 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); | 426 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
426 qc->error_reason = "handshake failed"; | |
427 return NGX_ERROR; | 427 return NGX_ERROR; |
428 } | 428 } |
429 } | 429 } |
430 | 430 |
431 if (n <= 0 || SSL_in_init(ssl_conn)) { | 431 if (n <= 0 || SSL_in_init(ssl_conn)) { |