Mercurial > hg > nginx

diff src/event/ngx_event_openssl.c @ 8009:a736a7a613ea

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: logging level of "application data after close notify". Such fatal errors are reported by OpenSSL 1.1.1, and similarly by BoringSSL, if application data is encountered during SSL shutdown, which started to be observed on the second SSL_shutdown() call after SSL shutdown fixes made in 09fb2135a589 (1.19.2). The error means that the client continues to send application data after receiving the "close_notify" alert (ticket #2318). Previously it was reported as SSL_shutdown() error of SSL_ERROR_SYSCALL.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 08 Feb 2022 17:35:27 +0300
parents e30f7dc7f143
children cac164d0807e ce6d9cf0f567
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3385,6 +3385,12 @@ ngx_ssl_connection_error(ngx_connection_
 #endif
             || n == SSL_R_WRONG_VERSION_NUMBER                       /*  267 */
             || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        /*  281 */
+#ifdef SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY
+            || n == SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY        /*  291 */
+#endif
+#ifdef SSL_R_APPLICATION_DATA_ON_SHUTDOWN
+            || n == SSL_R_APPLICATION_DATA_ON_SHUTDOWN               /*  291 */
+#endif
 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
             || n == SSL_R_RENEGOTIATE_EXT_TOO_LONG                   /*  335 */
             || n == SSL_R_RENEGOTIATION_ENCODING_ERR                 /*  336 */