Mercurial > hg > nginx-quic
annotate misc/GNUmakefile @ 9051:6bee5e692579
SSL: logging levels of various errors reported with tlsfuzzer.
To further differentiate client-related errors and adjust logging levels
of various SSL errors, nginx was tested with tlsfuzzer with multiple
OpenSSL versions (3.1.0-beta1, 3.0.8, 1.1.1t, 1.1.0l, 1.0.2u, 1.0.1u,
1.0.0s, 0.9.8zh).
The following errors were observed during tlsfuzzer runs with OpenSSL 3.0.8,
and are clearly client-related:
SSL_do_handshake() failed (SSL: error:0A000092:SSL routines::data length too long)
SSL_do_handshake() failed (SSL: error:0A0000A0:SSL routines::length too short)
SSL_do_handshake() failed (SSL: error:0A000124:SSL routines::bad legacy version)
SSL_do_handshake() failed (SSL: error:0A000178:SSL routines::no shared signature algorithms)
Accordingly, the SSL_R_DATA_LENGTH_TOO_LONG ("data length too long"),
SSL_R_LENGTH_TOO_SHORT ("length too short"), SSL_R_BAD_LEGACY_VERSION
("bad legacy version"), and SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS
("no shared signature algorithms", misspelled as "sigature" in OpenSSL 1.0.2)
errors are now logged at the "info" level.
Additionally, the following errors were observed with OpenSSL 3.0.8 and
with TLSv1.3 enabled:
SSL_do_handshake() failed (SSL: error:0A00006F:SSL routines::bad digest length)
SSL_do_handshake() failed (SSL: error:0A000070:SSL routines::missing sigalgs extension)
SSL_do_handshake() failed (SSL: error:0A000096:SSL routines::encrypted length too long)
SSL_do_handshake() failed (SSL: error:0A00010F:SSL routines::bad length)
SSL_read() failed (SSL: error:0A00007A:SSL routines::bad key update)
SSL_read() failed (SSL: error:0A000125:SSL routines::mixed handshake and non handshake data)
Accordingly, the SSL_R_BAD_DIGEST_LENGTH ("bad digest length"),
SSL_R_MISSING_SIGALGS_EXTENSION ("missing sigalgs extension"),
SSL_R_ENCRYPTED_LENGTH_TOO_LONG ("encrypted length too long"),
SSL_R_BAD_LENGTH ("bad length"), SSL_R_BAD_KEY_UPDATE ("bad key update"),
and SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA ("mixed handshake and non
handshake data") errors are now logged at the "info" level.
Additionally, the following errors were observed with OpenSSL 1.1.1t:
SSL_do_handshake() failed (SSL: error:14094091:SSL routines:ssl3_read_bytes:data between ccs and finished)
SSL_do_handshake() failed (SSL: error:14094199:SSL routines:ssl3_read_bytes:too many warn alerts)
SSL_read() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long)
SSL_read() failed (SSL: error:14094085:SSL routines:ssl3_read_bytes:ccs received early)
Accordingly, the SSL_R_CCS_RECEIVED_EARLY ("ccs received early"),
SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ("data between ccs and finished"),
SSL_R_PACKET_LENGTH_TOO_LONG ("packet length too long"), and
SSL_R_TOO_MANY_WARN_ALERTS ("too many warn alerts") errors are now logged
at the "info" level.
Additionally, the following errors were observed with OpenSSL 1.0.2u:
SSL_do_handshake() failed (SSL: error:1407612A:SSL routines:SSL23_GET_CLIENT_HELLO:record too small)
SSL_do_handshake() failed (SSL: error:1408C09A:SSL routines:ssl3_get_finished:got a fin before a ccs)
Accordingly, the SSL_R_RECORD_TOO_SMALL ("record too small") and
SSL_R_GOT_A_FIN_BEFORE_A_CCS ("got a fin before a ccs") errors are now
logged at the "info" level.
No additional client-related errors were observed while testing with
OpenSSL 3.1.0-beta1, OpenSSL 1.1.0l, OpenSSL 1.0.1u, OpenSSL 1.0.0s,
and OpenSSL 0.9.8zh.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 08 Mar 2023 22:21:59 +0300 |
parents | 9ed5778f5d4a |
children | 09affff4fd35 |
rev | line source |
---|---|
681 | 1 |
2725 | 2 VER = $(shell grep 'define NGINX_VERSION' src/core/nginx.h \ |
5147
864030a4ff2a
Configure: unified nginx version computation constructs.
Ruslan Ermilov <ru@nginx.com>
parents:
5131
diff
changeset
|
3 | sed -e 's/^.*"\(.*\)".*/\1/') |
2725 | 4 NGINX = nginx-$(VER) |
5 TEMP = tmp | |
6 | |
6855
c2c13f1f47fd
Win32: added a variable to specify compiler.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6738
diff
changeset
|
7 CC = cl |
2725 | 8 OBJS = objs.msvc8 |
8996
9ed5778f5d4a
Updated OpenSSL and zlib used for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
8911
diff
changeset
|
9 OPENSSL = openssl-1.1.1s |
9ed5778f5d4a
Updated OpenSSL and zlib used for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
8911
diff
changeset
|
10 ZLIB = zlib-1.2.13 |
8779
8af85c66da94
Updated OpenSSL and PCRE used for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
8591
diff
changeset
|
11 PCRE = pcre2-10.39 |
681 | 12 |
13 | |
5131
566cd32d8bac
Misc: support for Mercurial repositories.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5130
diff
changeset
|
14 release: export |
681 | 15 |
16 mv $(TEMP)/$(NGINX)/auto/configure $(TEMP)/$(NGINX) | |
17 | |
18 mv $(TEMP)/$(NGINX)/docs/text/LICENSE $(TEMP)/$(NGINX) | |
19 mv $(TEMP)/$(NGINX)/docs/text/README $(TEMP)/$(NGINX) | |
20 mv $(TEMP)/$(NGINX)/docs/html $(TEMP)/$(NGINX) | |
3801
569716d0e447
add man page in release tarball and fix man building procedure
Igor Sysoev <igor@sysoev.ru>
parents:
3717
diff
changeset
|
21 mv $(TEMP)/$(NGINX)/docs/man $(TEMP)/$(NGINX) |
681 | 22 |
23 $(MAKE) -f docs/GNUmakefile changes | |
24 | |
25 rm -r $(TEMP)/$(NGINX)/docs | |
26 rm -r $(TEMP)/$(NGINX)/misc | |
27 | |
704
58bd27d72519
fix bug introduced with snapshot support
Igor Sysoev <igor@sysoev.ru>
parents:
701
diff
changeset
|
28 tar -c -z -f $(NGINX).tar.gz --directory $(TEMP) $(NGINX) |
58bd27d72519
fix bug introduced with snapshot support
Igor Sysoev <igor@sysoev.ru>
parents:
701
diff
changeset
|
29 |
701 | 30 |
5131
566cd32d8bac
Misc: support for Mercurial repositories.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5130
diff
changeset
|
31 export: |
566cd32d8bac
Misc: support for Mercurial repositories.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5130
diff
changeset
|
32 rm -rf $(TEMP) |
5212 | 33 hg archive -X '.hg*' $(TEMP)/$(NGINX) |
5131
566cd32d8bac
Misc: support for Mercurial repositories.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5130
diff
changeset
|
34 |
566cd32d8bac
Misc: support for Mercurial repositories.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5130
diff
changeset
|
35 |
4211
effc7962aebe
Moving RELEASE target in more safe place.
Igor Sysoev <igor@sysoev.ru>
parents:
4181
diff
changeset
|
36 RELEASE: |
5131
566cd32d8bac
Misc: support for Mercurial repositories.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5130
diff
changeset
|
37 hg ci -m nginx-$(VER)-RELEASE |
566cd32d8bac
Misc: support for Mercurial repositories.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5130
diff
changeset
|
38 hg tag -m "release-$(VER) tag" release-$(VER) |
566cd32d8bac
Misc: support for Mercurial repositories.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5130
diff
changeset
|
39 |
5212 | 40 $(MAKE) -f misc/GNUmakefile release |
4211
effc7962aebe
Moving RELEASE target in more safe place.
Igor Sysoev <igor@sysoev.ru>
parents:
4181
diff
changeset
|
41 |
effc7962aebe
Moving RELEASE target in more safe place.
Igor Sysoev <igor@sysoev.ru>
parents:
4181
diff
changeset
|
42 |
4842
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
43 win32: |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
44 ./auto/configure \ |
6855
c2c13f1f47fd
Win32: added a variable to specify compiler.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6738
diff
changeset
|
45 --with-cc=$(CC) \ |
4894
0156fd6f48fa
Style, parentheses instead of braces in misc/GNUMakefile.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4843
diff
changeset
|
46 --builddir=$(OBJS) \ |
4842
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
47 --with-debug \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
48 --prefix= \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
49 --conf-path=conf/nginx.conf \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
50 --pid-path=logs/nginx.pid \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
51 --http-log-path=logs/access.log \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
52 --error-log-path=logs/error.log \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
53 --sbin-path=nginx.exe \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
54 --http-client-body-temp-path=temp/client_body_temp \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
55 --http-proxy-temp-path=temp/proxy_temp \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
56 --http-fastcgi-temp-path=temp/fastcgi_temp \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
57 --http-scgi-temp-path=temp/scgi_temp \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
58 --http-uwsgi-temp-path=temp/uwsgi_temp \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
59 --with-cc-opt=-DFD_SETSIZE=1024 \ |
4894
0156fd6f48fa
Style, parentheses instead of braces in misc/GNUMakefile.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4843
diff
changeset
|
60 --with-pcre=$(OBJS)/lib/$(PCRE) \ |
0156fd6f48fa
Style, parentheses instead of braces in misc/GNUMakefile.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4843
diff
changeset
|
61 --with-zlib=$(OBJS)/lib/$(ZLIB) \ |
6936
0d4f602dc927
Added HTTP/2 to win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6884
diff
changeset
|
62 --with-http_v2_module \ |
4842
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
63 --with-http_realip_module \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
64 --with-http_addition_module \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
65 --with-http_sub_module \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
66 --with-http_dav_module \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
67 --with-http_stub_status_module \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
68 --with-http_flv_module \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
69 --with-http_mp4_module \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
70 --with-http_gunzip_module \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
71 --with-http_gzip_static_module \ |
5335
1d0523f54a9f
Added auth request to win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5236
diff
changeset
|
72 --with-http_auth_request_module \ |
4842
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
73 --with-http_random_index_module \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
74 --with-http_secure_link_module \ |
6318
3250a5783787
Added slice module to win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6231
diff
changeset
|
75 --with-http_slice_module \ |
4842
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
76 --with-mail \ |
6134
96e22e4f1b03
Added stream module to win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6037
diff
changeset
|
77 --with-stream \ |
4894
0156fd6f48fa
Style, parentheses instead of braces in misc/GNUMakefile.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4843
diff
changeset
|
78 --with-openssl=$(OBJS)/lib/$(OPENSSL) \ |
7489
af8abe105348
Win32: avoid using CFLAGS, just add define instead.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7487
diff
changeset
|
79 --with-openssl-opt="no-asm no-tests -D_WIN32_WINNT=0x0501" \ |
4842
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
80 --with-http_ssl_module \ |
d59fff553840
Helper target "win32" to run configure for win32 builds.
Maxim Dounin <mdounin@mdounin.ru>
parents:
4779
diff
changeset
|
81 --with-mail_ssl_module \ |
6724
a6d116645c51
Configure: removed the --with-ipv6 option.
Maxim Dounin <mdounin@mdounin.ru>
parents:
6613
diff
changeset
|
82 --with-stream_ssl_module |
681 | 83 |
5131
566cd32d8bac
Misc: support for Mercurial repositories.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5130
diff
changeset
|
84 |
566cd32d8bac
Misc: support for Mercurial repositories.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5130
diff
changeset
|
85 zip: export |
2725 | 86 rm -f $(NGINX).zip |
87 | |
5129
96ee76fda991
Misc: switch to single export operation in "zip" target.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5065
diff
changeset
|
88 mkdir -p $(TEMP)/$(NGINX)/docs.new |
2725 | 89 mkdir -p $(TEMP)/$(NGINX)/logs |
90 mkdir -p $(TEMP)/$(NGINX)/temp | |
91 | |
4779
117f3284e0de
Removed the need in Perl to generate ZIP archive of nginx/Windows.
Ruslan Ermilov <ru@nginx.com>
parents:
4774
diff
changeset
|
92 sed -i '' -e "s/$$/`printf '\r'`/" $(TEMP)/$(NGINX)/conf/* |
2725 | 93 |
5129
96ee76fda991
Misc: switch to single export operation in "zip" target.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5065
diff
changeset
|
94 mv $(TEMP)/$(NGINX)/docs/text/LICENSE $(TEMP)/$(NGINX)/docs.new |
96ee76fda991
Misc: switch to single export operation in "zip" target.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5065
diff
changeset
|
95 mv $(TEMP)/$(NGINX)/docs/text/README $(TEMP)/$(NGINX)/docs.new |
96ee76fda991
Misc: switch to single export operation in "zip" target.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5065
diff
changeset
|
96 mv $(TEMP)/$(NGINX)/docs/html $(TEMP)/$(NGINX) |
2725 | 97 |
5129
96ee76fda991
Misc: switch to single export operation in "zip" target.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5065
diff
changeset
|
98 rm -r $(TEMP)/$(NGINX)/docs |
96ee76fda991
Misc: switch to single export operation in "zip" target.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5065
diff
changeset
|
99 mv $(TEMP)/$(NGINX)/docs.new $(TEMP)/$(NGINX)/docs |
2725 | 100 |
101 cp -p $(OBJS)/nginx.exe $(TEMP)/$(NGINX) | |
102 | |
5129
96ee76fda991
Misc: switch to single export operation in "zip" target.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5065
diff
changeset
|
103 $(MAKE) -f docs/GNUmakefile changes |
2725 | 104 mv $(TEMP)/$(NGINX)/CHANGES* $(TEMP)/$(NGINX)/docs/ |
105 | |
106 cp -p $(OBJS)/lib/$(OPENSSL)/LICENSE \ | |
107 $(TEMP)/$(NGINX)/docs/OpenSSL.LICENSE | |
108 | |
2871
c7fe4b9118d2
fix "make zip", the bug has been introduced in r2841
Igor Sysoev <igor@sysoev.ru>
parents:
2734
diff
changeset
|
109 cp -p $(OBJS)/lib/$(PCRE)/LICENCE \ |
c7fe4b9118d2
fix "make zip", the bug has been introduced in r2841
Igor Sysoev <igor@sysoev.ru>
parents:
2734
diff
changeset
|
110 $(TEMP)/$(NGINX)/docs/PCRE.LICENCE |
2725 | 111 |
4779
117f3284e0de
Removed the need in Perl to generate ZIP archive of nginx/Windows.
Ruslan Ermilov <ru@nginx.com>
parents:
4774
diff
changeset
|
112 sed -ne '/^ (C) 1995-20/,/^ jloup@gzip\.org/p' \ |
2725 | 113 $(OBJS)/lib/$(ZLIB)/README \ |
114 > $(TEMP)/$(NGINX)/docs/zlib.LICENSE | |
115 | |
116 touch -r $(OBJS)/lib/$(ZLIB)/README \ | |
117 $(TEMP)/$(NGINX)/docs/zlib.LICENSE | |
118 | |
5129
96ee76fda991
Misc: switch to single export operation in "zip" target.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5065
diff
changeset
|
119 rm -r $(TEMP)/$(NGINX)/auto |
96ee76fda991
Misc: switch to single export operation in "zip" target.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5065
diff
changeset
|
120 rm -r $(TEMP)/$(NGINX)/misc |
96ee76fda991
Misc: switch to single export operation in "zip" target.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5065
diff
changeset
|
121 rm -r $(TEMP)/$(NGINX)/src |
96ee76fda991
Misc: switch to single export operation in "zip" target.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5065
diff
changeset
|
122 |
2725 | 123 cd $(TEMP) && zip -r ../$(NGINX).zip $(NGINX) |
124 | |
125 | |
126 icons: src/os/win32/nginx.ico | |
681 | 127 |
2734 | 128 # 48x48, 32x32 and 16x16 icons |
681 | 129 |
2734 | 130 src/os/win32/nginx.ico: src/os/win32/nginx_icon48.xpm \ |
131 src/os/win32/nginx_icon32.xpm \ | |
681 | 132 src/os/win32/nginx_icon16.xpm |
133 | |
134 test -d $(TEMP) || mkdir $(TEMP) | |
135 | |
2734 | 136 xpmtoppm --alphaout=$(TEMP)/nginx48.pbm \ |
137 src/os/win32/nginx_icon48.xpm > $(TEMP)/nginx48.ppm | |
138 | |
681 | 139 xpmtoppm --alphaout=$(TEMP)/nginx32.pbm \ |
140 src/os/win32/nginx_icon32.xpm > $(TEMP)/nginx32.ppm | |
141 | |
142 xpmtoppm --alphaout=$(TEMP)/nginx16.pbm \ | |
143 src/os/win32/nginx_icon16.xpm > $(TEMP)/nginx16.ppm | |
144 | |
145 ppmtowinicon -output src/os/win32/nginx.ico -andpgms \ | |
2734 | 146 $(TEMP)/nginx48.ppm $(TEMP)/nginx48.pbm \ |
681 | 147 $(TEMP)/nginx32.ppm $(TEMP)/nginx32.pbm \ |
148 $(TEMP)/nginx16.ppm $(TEMP)/nginx16.pbm |