# HG changeset patch
# User Sergey Kandaurov <pluknet@nginx.com>
# Date 1585736862 -10800
# Node ID 23a2b5e7acc8c46bfa188ace371e3d6f6c0d6662
# Parent  4ad7d4272cd5f353ef3c6193575579c61d44a6ea
Improved SSL_do_handshake() error handling in QUIC.

It can either return a recoverable SSL_ERROR_WANT_READ or fatal errors.

diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -508,6 +508,11 @@ ngx_quic_init_connection(ngx_connection_
 
         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
                        sslerr);
+
+        if (sslerr != SSL_ERROR_WANT_READ) {
+            ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
+            return NGX_ERROR;
+        }
     }
 
     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
@@ -1050,8 +1055,9 @@ ngx_quic_handle_crypto_frame(ngx_connect
         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
                        sslerr);
 
-        if (sslerr == SSL_ERROR_SSL) {
+        if (sslerr != SSL_ERROR_WANT_READ) {
             ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
+            return NGX_ERROR;
         }
 
     } else if (n == 1) {