Mercurial > hg > nginx

changeset 8300:23a2b5e7acc8 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Improved SSL_do_handshake() error handling in QUIC. It can either return a recoverable SSL_ERROR_WANT_READ or fatal errors.
author Sergey Kandaurov <pluknet@nginx.com>
date Wed, 01 Apr 2020 13:27:42 +0300
parents 4ad7d4272cd5
children c9fbe9508e1f
files src/event/ngx_event_quic.c
diffstat 1 files changed, 7 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -508,6 +508,11 @@ ngx_quic_init_connection(ngx_connection_
 
         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
                        sslerr);
+
+        if (sslerr != SSL_ERROR_WANT_READ) {
+            ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
+            return NGX_ERROR;
+        }
     }
 
     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
@@ -1050,8 +1055,9 @@ ngx_quic_handle_crypto_frame(ngx_connect
         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
                        sslerr);
 
-        if (sslerr == SSL_ERROR_SSL) {
+        if (sslerr != SSL_ERROR_WANT_READ) {
             ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
+            return NGX_ERROR;
         }
 
     } else if (n == 1) {