Mercurial > hg > nginx

comparison src/event/ngx_event_openssl.c @ 8054:cac164d0807e

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: logging levels of various errors added in OpenSSL 1.1.1. Starting with OpenSSL 1.1.1, various additional errors can be reported by OpenSSL in case of client-related issues, most notably during TLSv1.3 handshakes. In particular, SSL_R_BAD_KEY_SHARE ("bad key share"), SSL_R_BAD_EXTENSION ("bad extension"), SSL_R_BAD_CIPHER ("bad cipher"), SSL_R_BAD_ECPOINT ("bad ecpoint"). These are now logged at the "info" level.
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 12 Jul 2022 15:55:22 +0300
parents a736a7a613ea
children 9cf231508a8d b30bec3d71d6
comparison
equal deleted inserted replaced
8053:9d98d524bd02 8054:cac164d0807e
3341 /* handshake failures */ 3341 /* handshake failures */
3342 if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */ 3342 if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */
3343 #ifdef SSL_R_NO_SUITABLE_KEY_SHARE 3343 #ifdef SSL_R_NO_SUITABLE_KEY_SHARE
3344 || n == SSL_R_NO_SUITABLE_KEY_SHARE /* 101 */ 3344 || n == SSL_R_NO_SUITABLE_KEY_SHARE /* 101 */
3345 #endif 3345 #endif
3346 #ifdef SSL_R_BAD_KEY_SHARE
3347 || n == SSL_R_BAD_KEY_SHARE /* 108 */
3348 #endif
3349 #ifdef SSL_R_BAD_EXTENSION
3350 || n == SSL_R_BAD_EXTENSION /* 110 */
3351 #endif
3346 #ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM 3352 #ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM
3347 || n == SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM /* 118 */ 3353 || n == SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM /* 118 */
3348 #endif 3354 #endif
3349 || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */ 3355 || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */
3350 || n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ 3356 || n == SSL_R_DIGEST_CHECK_FAILED /* 149 */
3355 || n == SSL_R_LENGTH_MISMATCH /* 159 */ 3361 || n == SSL_R_LENGTH_MISMATCH /* 159 */
3356 #ifdef SSL_R_NO_CIPHERS_PASSED 3362 #ifdef SSL_R_NO_CIPHERS_PASSED
3357 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ 3363 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */
3358 #endif 3364 #endif
3359 || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */ 3365 || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */
3366 #ifdef SSL_R_BAD_CIPHER
3367 || n == SSL_R_BAD_CIPHER /* 186 */
3368 #endif
3360 || n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */ 3369 || n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */
3361 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ 3370 || n == SSL_R_NO_SHARED_CIPHER /* 193 */
3362 || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */ 3371 || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */
3363 #ifdef SSL_R_CLIENTHELLO_TLSEXT 3372 #ifdef SSL_R_CLIENTHELLO_TLSEXT
3364 || n == SSL_R_CLIENTHELLO_TLSEXT /* 226 */ 3373 || n == SSL_R_CLIENTHELLO_TLSEXT /* 226 */
3388 #ifdef SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY 3397 #ifdef SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY
3389 || n == SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY /* 291 */ 3398 || n == SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY /* 291 */
3390 #endif 3399 #endif
3391 #ifdef SSL_R_APPLICATION_DATA_ON_SHUTDOWN 3400 #ifdef SSL_R_APPLICATION_DATA_ON_SHUTDOWN
3392 || n == SSL_R_APPLICATION_DATA_ON_SHUTDOWN /* 291 */ 3401 || n == SSL_R_APPLICATION_DATA_ON_SHUTDOWN /* 291 */
3402 #endif
3403 #ifdef SSL_R_BAD_ECPOINT
3404 || n == SSL_R_BAD_ECPOINT /* 306 */
3393 #endif 3405 #endif
3394 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG 3406 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
3395 || n == SSL_R_RENEGOTIATE_EXT_TOO_LONG /* 335 */ 3407 || n == SSL_R_RENEGOTIATE_EXT_TOO_LONG /* 335 */
3396 || n == SSL_R_RENEGOTIATION_ENCODING_ERR /* 336 */ 3408 || n == SSL_R_RENEGOTIATION_ENCODING_ERR /* 336 */
3397 || n == SSL_R_RENEGOTIATION_MISMATCH /* 337 */ 3409 || n == SSL_R_RENEGOTIATION_MISMATCH /* 337 */