Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_ssl.c @ 9077:cb7dc35ed428 quic
QUIC: moved "handshake failed" reason to send_alert.
A QUIC handshake failure breaks down into several cases:
- a handshake error which leads to a send_alert call
- an error triggered by the add_handshake_data callback
- internal errors (allocation etc)
Previously, in the first case, only error code was set in the send_alert
callback. Now the "handshake failed" reason phrase is set there as well.
In the second case, both code and reason are set by add_handshake_data.
In the last case, setting reason phrase is removed: returning NGX_ERROR
now leads to closing the connection with just INTERNAL_ERROR.
Reported by Jiuzhou Cui.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Thu, 23 Feb 2023 16:16:56 +0400 |
| parents | 5dcea9f91482 |
| children | 0f4f781e57c1 |
comparison
equal
deleted
inserted
replaced
| 9076:5dcea9f91482 | 9077:cb7dc35ed428 |
|---|---|
| 299 if (qc == NULL) { | 299 if (qc == NULL) { |
| 300 return 1; | 300 return 1; |
| 301 } | 301 } |
| 302 | 302 |
| 303 qc->error = NGX_QUIC_ERR_CRYPTO(alert); | 303 qc->error = NGX_QUIC_ERR_CRYPTO(alert); |
| 304 qc->error_reason = "handshake failed"; | |
| 304 | 305 |
| 305 return 1; | 306 return 1; |
| 306 } | 307 } |
| 307 | 308 |
| 308 | 309 |
| 421 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", | 422 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d", |
| 422 sslerr); | 423 sslerr); |
| 423 | 424 |
| 424 if (sslerr != SSL_ERROR_WANT_READ) { | 425 if (sslerr != SSL_ERROR_WANT_READ) { |
| 425 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); | 426 ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); |
| 426 qc->error_reason = "handshake failed"; | |
| 427 return NGX_ERROR; | 427 return NGX_ERROR; |
| 428 } | 428 } |
| 429 } | 429 } |
| 430 | 430 |
| 431 if (n <= 0 || SSL_in_init(ssl_conn)) { | 431 if (n <= 0 || SSL_in_init(ssl_conn)) { |