Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8146:b7d4bfd132d2
SSL: logging levels of errors observed with BoringSSL.
As tested with tlsfuzzer with BoringSSL, the following errors are
certainly client-related:
SSL_do_handshake() failed (SSL: error:10000066:SSL routines:OPENSSL_internal:BAD_ALERT)
SSL_do_handshake() failed (SSL: error:10000089:SSL routines:OPENSSL_internal:DECODE_ERROR)
SSL_do_handshake() failed (SSL: error:100000dc:SSL routines:OPENSSL_internal:TOO_MANY_WARNING_ALERTS)
SSL_do_handshake() failed (SSL: error:10000100:SSL routines:OPENSSL_internal:INVALID_COMPRESSION_LIST)
SSL_do_handshake() failed (SSL: error:10000102:SSL routines:OPENSSL_internal:MISSING_KEY_SHARE)
SSL_do_handshake() failed (SSL: error:1000010e:SSL routines:OPENSSL_internal:TOO_MUCH_SKIPPED_EARLY_DATA)
SSL_read() failed (SSL: error:100000b6:SSL routines:OPENSSL_internal:NO_RENEGOTIATION)
Accordingly, the SSL_R_BAD_ALERT, SSL_R_DECODE_ERROR,
SSL_R_TOO_MANY_WARNING_ALERTS, SSL_R_INVALID_COMPRESSION_LIST,
SSL_R_MISSING_KEY_SHARE, SSL_R_TOO_MUCH_SKIPPED_EARLY_DATA,
and SSL_R_NO_RENEGOTIATION errors are now logged at the "info" level.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 08 Mar 2023 22:22:47 +0300 |
| parents | 64db9e50f6c5 |
| children | 0af598651e33 |
comparison
equal
deleted
inserted
replaced
| 8145:64db9e50f6c5 | 8146:b7d4bfd132d2 |
|---|---|
| 3394 /* handshake failures */ | 3394 /* handshake failures */ |
| 3395 if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */ | 3395 if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */ |
| 3396 #ifdef SSL_R_NO_SUITABLE_KEY_SHARE | 3396 #ifdef SSL_R_NO_SUITABLE_KEY_SHARE |
| 3397 || n == SSL_R_NO_SUITABLE_KEY_SHARE /* 101 */ | 3397 || n == SSL_R_NO_SUITABLE_KEY_SHARE /* 101 */ |
| 3398 #endif | 3398 #endif |
| 3399 #ifdef SSL_R_BAD_ALERT | |
| 3400 || n == SSL_R_BAD_ALERT /* 102 */ | |
| 3401 #endif | |
| 3399 #ifdef SSL_R_BAD_KEY_SHARE | 3402 #ifdef SSL_R_BAD_KEY_SHARE |
| 3400 || n == SSL_R_BAD_KEY_SHARE /* 108 */ | 3403 || n == SSL_R_BAD_KEY_SHARE /* 108 */ |
| 3401 #endif | 3404 #endif |
| 3402 #ifdef SSL_R_BAD_EXTENSION | 3405 #ifdef SSL_R_BAD_EXTENSION |
| 3403 || n == SSL_R_BAD_EXTENSION /* 110 */ | 3406 || n == SSL_R_BAD_EXTENSION /* 110 */ |
| 3413 #ifdef SSL_R_BAD_KEY_UPDATE | 3416 #ifdef SSL_R_BAD_KEY_UPDATE |
| 3414 || n == SSL_R_BAD_KEY_UPDATE /* 122 */ | 3417 || n == SSL_R_BAD_KEY_UPDATE /* 122 */ |
| 3415 #endif | 3418 #endif |
| 3416 || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */ | 3419 || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */ |
| 3417 || n == SSL_R_CCS_RECEIVED_EARLY /* 133 */ | 3420 || n == SSL_R_CCS_RECEIVED_EARLY /* 133 */ |
| 3421 #ifdef SSL_R_DECODE_ERROR | |
| 3422 || n == SSL_R_DECODE_ERROR /* 137 */ | |
| 3423 #endif | |
| 3418 #ifdef SSL_R_DATA_BETWEEN_CCS_AND_FINISHED | 3424 #ifdef SSL_R_DATA_BETWEEN_CCS_AND_FINISHED |
| 3419 || n == SSL_R_DATA_BETWEEN_CCS_AND_FINISHED /* 145 */ | 3425 || n == SSL_R_DATA_BETWEEN_CCS_AND_FINISHED /* 145 */ |
| 3420 #endif | 3426 #endif |
| 3421 || n == SSL_R_DATA_LENGTH_TOO_LONG /* 146 */ | 3427 || n == SSL_R_DATA_LENGTH_TOO_LONG /* 146 */ |
| 3422 || n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ | 3428 || n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ |
| 3430 || n == SSL_R_HTTP_REQUEST /* 156 */ | 3436 || n == SSL_R_HTTP_REQUEST /* 156 */ |
| 3431 || n == SSL_R_LENGTH_MISMATCH /* 159 */ | 3437 || n == SSL_R_LENGTH_MISMATCH /* 159 */ |
| 3432 #ifdef SSL_R_LENGTH_TOO_SHORT | 3438 #ifdef SSL_R_LENGTH_TOO_SHORT |
| 3433 || n == SSL_R_LENGTH_TOO_SHORT /* 160 */ | 3439 || n == SSL_R_LENGTH_TOO_SHORT /* 160 */ |
| 3434 #endif | 3440 #endif |
| 3441 #ifdef SSL_R_NO_RENEGOTIATION | |
| 3442 || n == SSL_R_NO_RENEGOTIATION /* 182 */ | |
| 3443 #endif | |
| 3435 #ifdef SSL_R_NO_CIPHERS_PASSED | 3444 #ifdef SSL_R_NO_CIPHERS_PASSED |
| 3436 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ | 3445 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ |
| 3437 #endif | 3446 #endif |
| 3438 || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */ | 3447 || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */ |
| 3439 #ifdef SSL_R_BAD_CIPHER | 3448 #ifdef SSL_R_BAD_CIPHER |
| 3443 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ | 3452 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ |
| 3444 #ifdef SSL_R_PACKET_LENGTH_TOO_LONG | 3453 #ifdef SSL_R_PACKET_LENGTH_TOO_LONG |
| 3445 || n == SSL_R_PACKET_LENGTH_TOO_LONG /* 198 */ | 3454 || n == SSL_R_PACKET_LENGTH_TOO_LONG /* 198 */ |
| 3446 #endif | 3455 #endif |
| 3447 || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */ | 3456 || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */ |
| 3457 #ifdef SSL_R_TOO_MANY_WARNING_ALERTS | |
| 3458 || n == SSL_R_TOO_MANY_WARNING_ALERTS /* 220 */ | |
| 3459 #endif | |
| 3448 #ifdef SSL_R_CLIENTHELLO_TLSEXT | 3460 #ifdef SSL_R_CLIENTHELLO_TLSEXT |
| 3449 || n == SSL_R_CLIENTHELLO_TLSEXT /* 226 */ | 3461 || n == SSL_R_CLIENTHELLO_TLSEXT /* 226 */ |
| 3450 #endif | 3462 #endif |
| 3451 #ifdef SSL_R_PARSE_TLSEXT | 3463 #ifdef SSL_R_PARSE_TLSEXT |
| 3452 || n == SSL_R_PARSE_TLSEXT /* 227 */ | 3464 || n == SSL_R_PARSE_TLSEXT /* 227 */ |
| 3465 || n == SSL_R_UNKNOWN_ALERT_TYPE /* 246 */ | 3477 || n == SSL_R_UNKNOWN_ALERT_TYPE /* 246 */ |
| 3466 || n == SSL_R_UNKNOWN_PROTOCOL /* 252 */ | 3478 || n == SSL_R_UNKNOWN_PROTOCOL /* 252 */ |
| 3467 #ifdef SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS | 3479 #ifdef SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS |
| 3468 || n == SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS /* 253 */ | 3480 || n == SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS /* 253 */ |
| 3469 #endif | 3481 #endif |
| 3482 #ifdef SSL_R_INVALID_COMPRESSION_LIST | |
| 3483 || n == SSL_R_INVALID_COMPRESSION_LIST /* 256 */ | |
| 3484 #endif | |
| 3485 #ifdef SSL_R_MISSING_KEY_SHARE | |
| 3486 || n == SSL_R_MISSING_KEY_SHARE /* 258 */ | |
| 3487 #endif | |
| 3470 || n == SSL_R_UNSUPPORTED_PROTOCOL /* 258 */ | 3488 || n == SSL_R_UNSUPPORTED_PROTOCOL /* 258 */ |
| 3471 #ifdef SSL_R_NO_SHARED_GROUP | 3489 #ifdef SSL_R_NO_SHARED_GROUP |
| 3472 || n == SSL_R_NO_SHARED_GROUP /* 266 */ | 3490 || n == SSL_R_NO_SHARED_GROUP /* 266 */ |
| 3473 #endif | 3491 #endif |
| 3474 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ | 3492 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ |
| 3493 #ifdef SSL_R_TOO_MUCH_SKIPPED_EARLY_DATA | |
| 3494 || n == SSL_R_TOO_MUCH_SKIPPED_EARLY_DATA /* 270 */ | |
| 3495 #endif | |
| 3475 || n == SSL_R_BAD_LENGTH /* 271 */ | 3496 || n == SSL_R_BAD_LENGTH /* 271 */ |
| 3476 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ | 3497 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ |
| 3477 #ifdef SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY | 3498 #ifdef SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY |
| 3478 || n == SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY /* 291 */ | 3499 || n == SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY /* 291 */ |
| 3479 #endif | 3500 #endif |