Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8054:cac164d0807e
SSL: logging levels of various errors added in OpenSSL 1.1.1.
Starting with OpenSSL 1.1.1, various additional errors can be reported
by OpenSSL in case of client-related issues, most notably during TLSv1.3
handshakes. In particular, SSL_R_BAD_KEY_SHARE ("bad key share"),
SSL_R_BAD_EXTENSION ("bad extension"), SSL_R_BAD_CIPHER ("bad cipher"),
SSL_R_BAD_ECPOINT ("bad ecpoint"). These are now logged at the "info"
level.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 12 Jul 2022 15:55:22 +0300 |
parents | a736a7a613ea |
children | 9cf231508a8d b30bec3d71d6 |
comparison
equal
deleted
inserted
replaced
8053:9d98d524bd02 | 8054:cac164d0807e |
---|---|
3341 /* handshake failures */ | 3341 /* handshake failures */ |
3342 if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */ | 3342 if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */ |
3343 #ifdef SSL_R_NO_SUITABLE_KEY_SHARE | 3343 #ifdef SSL_R_NO_SUITABLE_KEY_SHARE |
3344 || n == SSL_R_NO_SUITABLE_KEY_SHARE /* 101 */ | 3344 || n == SSL_R_NO_SUITABLE_KEY_SHARE /* 101 */ |
3345 #endif | 3345 #endif |
3346 #ifdef SSL_R_BAD_KEY_SHARE | |
3347 || n == SSL_R_BAD_KEY_SHARE /* 108 */ | |
3348 #endif | |
3349 #ifdef SSL_R_BAD_EXTENSION | |
3350 || n == SSL_R_BAD_EXTENSION /* 110 */ | |
3351 #endif | |
3346 #ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM | 3352 #ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM |
3347 || n == SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM /* 118 */ | 3353 || n == SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM /* 118 */ |
3348 #endif | 3354 #endif |
3349 || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */ | 3355 || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */ |
3350 || n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ | 3356 || n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ |
3355 || n == SSL_R_LENGTH_MISMATCH /* 159 */ | 3361 || n == SSL_R_LENGTH_MISMATCH /* 159 */ |
3356 #ifdef SSL_R_NO_CIPHERS_PASSED | 3362 #ifdef SSL_R_NO_CIPHERS_PASSED |
3357 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ | 3363 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ |
3358 #endif | 3364 #endif |
3359 || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */ | 3365 || n == SSL_R_NO_CIPHERS_SPECIFIED /* 183 */ |
3366 #ifdef SSL_R_BAD_CIPHER | |
3367 || n == SSL_R_BAD_CIPHER /* 186 */ | |
3368 #endif | |
3360 || n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */ | 3369 || n == SSL_R_NO_COMPRESSION_SPECIFIED /* 187 */ |
3361 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ | 3370 || n == SSL_R_NO_SHARED_CIPHER /* 193 */ |
3362 || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */ | 3371 || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */ |
3363 #ifdef SSL_R_CLIENTHELLO_TLSEXT | 3372 #ifdef SSL_R_CLIENTHELLO_TLSEXT |
3364 || n == SSL_R_CLIENTHELLO_TLSEXT /* 226 */ | 3373 || n == SSL_R_CLIENTHELLO_TLSEXT /* 226 */ |
3388 #ifdef SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY | 3397 #ifdef SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY |
3389 || n == SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY /* 291 */ | 3398 || n == SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY /* 291 */ |
3390 #endif | 3399 #endif |
3391 #ifdef SSL_R_APPLICATION_DATA_ON_SHUTDOWN | 3400 #ifdef SSL_R_APPLICATION_DATA_ON_SHUTDOWN |
3392 || n == SSL_R_APPLICATION_DATA_ON_SHUTDOWN /* 291 */ | 3401 || n == SSL_R_APPLICATION_DATA_ON_SHUTDOWN /* 291 */ |
3402 #endif | |
3403 #ifdef SSL_R_BAD_ECPOINT | |
3404 || n == SSL_R_BAD_ECPOINT /* 306 */ | |
3393 #endif | 3405 #endif |
3394 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG | 3406 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG |
3395 || n == SSL_R_RENEGOTIATE_EXT_TOO_LONG /* 335 */ | 3407 || n == SSL_R_RENEGOTIATE_EXT_TOO_LONG /* 335 */ |
3396 || n == SSL_R_RENEGOTIATION_ENCODING_ERR /* 336 */ | 3408 || n == SSL_R_RENEGOTIATION_ENCODING_ERR /* 336 */ |
3397 || n == SSL_R_RENEGOTIATION_MISMATCH /* 337 */ | 3409 || n == SSL_R_RENEGOTIATION_MISMATCH /* 337 */ |