Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8145:64db9e50f6c5
SSL: logging levels of errors observed with tlsfuzzer and LibreSSL.
As tested with tlsfuzzer with LibreSSL 3.7.0, the following errors are
certainly client-related:
SSL_do_handshake() failed (SSL: error:14026073:SSL routines:ACCEPT_SR_CLNT_HELLO:bad packet length)
SSL_do_handshake() failed (SSL: error:1402612C:SSL routines:ACCEPT_SR_CLNT_HELLO:ssl3 session id too long)
SSL_do_handshake() failed (SSL: error:140380EA:SSL routines:ACCEPT_SR_KEY_EXCH:tls rsa encrypted value length is wrong)
Accordingly, the SSL_R_BAD_PACKET_LENGTH ("bad packet length"),
SSL_R_SSL3_SESSION_ID_TOO_LONG ("ssl3 session id too long"),
SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG ("tls rsa encrypted value
length is wrong") errors are now logged at the "info" level.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 08 Mar 2023 22:22:34 +0300 |
parents | 6bee5e692579 |
children | b7d4bfd132d2 |
comparison
equal
deleted
inserted
replaced
8144:6bee5e692579 | 8145:64db9e50f6c5 |
---|---|
3404 #endif | 3404 #endif |
3405 || n == SSL_R_BAD_DIGEST_LENGTH /* 111 */ | 3405 || n == SSL_R_BAD_DIGEST_LENGTH /* 111 */ |
3406 #ifdef SSL_R_MISSING_SIGALGS_EXTENSION | 3406 #ifdef SSL_R_MISSING_SIGALGS_EXTENSION |
3407 || n == SSL_R_MISSING_SIGALGS_EXTENSION /* 112 */ | 3407 || n == SSL_R_MISSING_SIGALGS_EXTENSION /* 112 */ |
3408 #endif | 3408 #endif |
3409 || n == SSL_R_BAD_PACKET_LENGTH /* 115 */ | |
3409 #ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM | 3410 #ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM |
3410 || n == SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM /* 118 */ | 3411 || n == SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM /* 118 */ |
3411 #endif | 3412 #endif |
3412 #ifdef SSL_R_BAD_KEY_UPDATE | 3413 #ifdef SSL_R_BAD_KEY_UPDATE |
3413 || n == SSL_R_BAD_KEY_UPDATE /* 122 */ | 3414 || n == SSL_R_BAD_KEY_UPDATE /* 122 */ |
3451 || n == SSL_R_PARSE_TLSEXT /* 227 */ | 3452 || n == SSL_R_PARSE_TLSEXT /* 227 */ |
3452 #endif | 3453 #endif |
3453 #ifdef SSL_R_CALLBACK_FAILED | 3454 #ifdef SSL_R_CALLBACK_FAILED |
3454 || n == SSL_R_CALLBACK_FAILED /* 234 */ | 3455 || n == SSL_R_CALLBACK_FAILED /* 234 */ |
3455 #endif | 3456 #endif |
3457 #ifdef SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG | |
3458 || n == SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG /* 234 */ | |
3459 #endif | |
3456 #ifdef SSL_R_NO_APPLICATION_PROTOCOL | 3460 #ifdef SSL_R_NO_APPLICATION_PROTOCOL |
3457 || n == SSL_R_NO_APPLICATION_PROTOCOL /* 235 */ | 3461 || n == SSL_R_NO_APPLICATION_PROTOCOL /* 235 */ |
3458 #endif | 3462 #endif |
3459 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ | 3463 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ |
3460 || n == SSL_R_UNEXPECTED_RECORD /* 245 */ | 3464 || n == SSL_R_UNEXPECTED_RECORD /* 245 */ |
3482 #ifdef SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA | 3486 #ifdef SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA |
3483 || n == SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA /* 293 */ | 3487 || n == SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA /* 293 */ |
3484 #endif | 3488 #endif |
3485 #ifdef SSL_R_RECORD_TOO_SMALL | 3489 #ifdef SSL_R_RECORD_TOO_SMALL |
3486 || n == SSL_R_RECORD_TOO_SMALL /* 298 */ | 3490 || n == SSL_R_RECORD_TOO_SMALL /* 298 */ |
3491 #endif | |
3492 #ifdef SSL_R_SSL3_SESSION_ID_TOO_LONG | |
3493 || n == SSL_R_SSL3_SESSION_ID_TOO_LONG /* 300 */ | |
3487 #endif | 3494 #endif |
3488 #ifdef SSL_R_BAD_ECPOINT | 3495 #ifdef SSL_R_BAD_ECPOINT |
3489 || n == SSL_R_BAD_ECPOINT /* 306 */ | 3496 || n == SSL_R_BAD_ECPOINT /* 306 */ |
3490 #endif | 3497 #endif |
3491 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG | 3498 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG |