Mercurial > hg > nginx
changeset 9077:cb7dc35ed428 quic
QUIC: moved "handshake failed" reason to send_alert.
A QUIC handshake failure breaks down into several cases:
- a handshake error which leads to a send_alert call
- an error triggered by the add_handshake_data callback
- internal errors (allocation etc)
Previously, in the first case, only error code was set in the send_alert
callback. Now the "handshake failed" reason phrase is set there as well.
In the second case, both code and reason are set by add_handshake_data.
In the last case, setting reason phrase is removed: returning NGX_ERROR
now leads to closing the connection with just INTERNAL_ERROR.
Reported by Jiuzhou Cui.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 23 Feb 2023 16:16:56 +0400 |
parents | 5dcea9f91482 |
children | 0f4f781e57c1 |
files | src/event/quic/ngx_event_quic_ssl.c |
diffstat | 1 files changed, 1 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_ssl.c +++ b/src/event/quic/ngx_event_quic_ssl.c @@ -301,6 +301,7 @@ ngx_quic_send_alert(ngx_ssl_conn_t *ssl_ } qc->error = NGX_QUIC_ERR_CRYPTO(alert); + qc->error_reason = "handshake failed"; return 1; } @@ -423,7 +424,6 @@ ngx_quic_crypto_input(ngx_connection_t * if (sslerr != SSL_ERROR_WANT_READ) { ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed"); - qc->error_reason = "handshake failed"; return NGX_ERROR; } }