[nginx] SSL: logging level of "invalid alert" errors.

Maxim Dounin Sun, 05 May 2024 14:12:42 -0700

details:   http://freenginx.org/hg/nginx/rev/d89e0386b695
branches:  
changeset: 9265:d89e0386b695
user:      Maxim Dounin <mdou...@mdounin.ru>
date:      Mon May 06 00:07:18 2024 +0300
description:
SSL: logging level of "invalid alert" errors.


The SSL_R_INVALID_ALERT ("invalid alert") errors are reported by OpenSSL
1.1.1 or newer if the client sends a malformed alert.  These errors are
now logged at the "info" level.

diffstat:

 src/event/ngx_event_openssl.c |  3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diffs (13 lines):

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3495,6 +3495,9 @@ ngx_ssl_connection_error(ngx_connection_
 #ifdef SSL_R_PACKET_LENGTH_TOO_LONG
             || n == SSL_R_PACKET_LENGTH_TOO_LONG                     /*  198 */
 #endif
+#ifdef SSL_R_INVALID_ALERT
+            || n == SSL_R_INVALID_ALERT                              /*  205 */
+#endif
             || n == SSL_R_RECORD_LENGTH_MISMATCH                     /*  213 */
 #ifdef SSL_R_TOO_MANY_WARNING_ALERTS
             || n == SSL_R_TOO_MANY_WARNING_ALERTS                    /*  220 */
-- 
nginx-devel mailing list
nginx-devel@freenginx.org
https://freenginx.org/mailman/listinfo/nginx-devel

[nginx] SSL: logging level of "invalid alert" errors.

Reply via email to