Fijxu/nginx-quic
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

QUIC: moved "handshake failed" reason to send_alert.

Browse source 
A QUIC handshake failure breaks down into several cases:
- a handshake error which leads to a send_alert call
- an error triggered by the add_handshake_data callback
- internal errors (allocation etc)

Previously, in the first case, only error code was set in the send_alert
callback.  Now the "handshake failed" reason phrase is set there as well.
In the second case, both code and reason are set by add_handshake_data.
In the last case, setting reason phrase is removed: returning NGX_ERROR
now leads to closing the connection with just INTERNAL_ERROR.

Reported by Jiuzhou Cui.
This commit is contained in:
Sergey Kandaurov 2023-02-23 16:16:56 +04:00
parent 20d9744ba3
commit 367b5b9230
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/event/quic/ngx_event_quic_ssl.c
View file

@ -301,6 +301,7 @@ ngx_quic_send_alert(ngx_ssl_conn_t *ssl_conn, enum ssl_encryption_level_t level,
}
qc->error = NGX_QUIC_ERR_CRYPTO(alert);
qc->error_reason = "handshake failed";
return 1;
}
@ -423,7 +424,6 @@ ngx_quic_crypto_input(ngx_connection_t *c, ngx_chain_t *data)
if (sslerr != SSL_ERROR_WANT_READ) {
ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
qc->error_reason = "handshake failed";
return NGX_ERROR;
}
}