Hi, On Wed, Mar 01, 2023 at 05:56:05PM +0300, Maxim Dounin wrote: > # HG changeset patch > # User Maxim Dounin <mdou...@mdounin.ru> > # Date 1677682467 -10800 > # Wed Mar 01 17:54:27 2023 +0300 > # Node ID ad67809ab209bd575dac52756ad4aeb5255d430e > # Parent 207742991a561c0ed70834d4ce18e8452689419d > SSL: logging levels of errors observed with BoringSSL. > > As tested with tlsfuzzer with BoringSSL, the following errors are > certainly client-related: > > SSL_do_handshake() failed (SSL: error:10000066:SSL > routines:OPENSSL_internal:BAD_ALERT) > SSL_do_handshake() failed (SSL: error:10000089:SSL > routines:OPENSSL_internal:DECODE_ERROR) > SSL_do_handshake() failed (SSL: error:100000dc:SSL > routines:OPENSSL_internal:TOO_MANY_WARNING_ALERTS) > SSL_do_handshake() failed (SSL: error:10000100:SSL > routines:OPENSSL_internal:INVALID_COMPRESSION_LIST) > SSL_do_handshake() failed (SSL: error:10000102:SSL > routines:OPENSSL_internal:MISSING_KEY_SHARE) > SSL_do_handshake() failed (SSL: error:1000010e:SSL > routines:OPENSSL_internal:TOO_MUCH_SKIPPED_EARLY_DATA) > SSL_read() failed (SSL: error:100000b6:SSL > routines:OPENSSL_internal:NO_RENEGOTIATION) > > Accordingly, the SSL_R_BAD_ALERT, SSL_R_DECODE_ERROR, > SSL_R_TOO_MANY_WARNING_ALERTS, SSL_R_INVALID_COMPRESSION_LIST, > SSL_R_MISSING_KEY_SHARE, SSL_R_TOO_MUCH_SKIPPED_EARLY_DATA, > and SSL_R_NO_RENEGOTIATION errors are now logged at the "info" level. > > diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c > --- a/src/event/ngx_event_openssl.c > +++ b/src/event/ngx_event_openssl.c > @@ -3396,6 +3396,9 @@ ngx_ssl_connection_error(ngx_connection_ > #ifdef SSL_R_NO_SUITABLE_KEY_SHARE > || n == SSL_R_NO_SUITABLE_KEY_SHARE /* 101 > */ > #endif > +#ifdef SSL_R_BAD_ALERT > + || n == SSL_R_BAD_ALERT /* 102 > */ > +#endif > #ifdef SSL_R_BAD_KEY_SHARE > || n == SSL_R_BAD_KEY_SHARE /* 108 > */ > #endif > @@ -3415,6 +3418,9 @@ ngx_ssl_connection_error(ngx_connection_ > #endif > || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 > */ > || n == SSL_R_CCS_RECEIVED_EARLY /* 133 > */ > +#ifdef SSL_R_DECODE_ERROR > + || n == SSL_R_DECODE_ERROR /* 137 > */ > +#endif > #ifdef SSL_R_DATA_BETWEEN_CCS_AND_FINISHED > || n == SSL_R_DATA_BETWEEN_CCS_AND_FINISHED /* 145 > */ > #endif > @@ -3432,6 +3438,9 @@ ngx_ssl_connection_error(ngx_connection_ > #ifdef SSL_R_LENGTH_TOO_SHORT > || n == SSL_R_LENGTH_TOO_SHORT /* 160 > */ > #endif > +#ifdef SSL_R_NO_RENEGOTIATION > + || n == SSL_R_NO_RENEGOTIATION /* 182 > */ > +#endif > #ifdef SSL_R_NO_CIPHERS_PASSED > || n == SSL_R_NO_CIPHERS_PASSED /* 182 > */ > #endif > @@ -3445,6 +3454,9 @@ ngx_ssl_connection_error(ngx_connection_ > || n == SSL_R_PACKET_LENGTH_TOO_LONG /* 198 > */ > #endif > || n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 > */ > +#ifdef SSL_R_TOO_MANY_WARNING_ALERTS > + || n == SSL_R_TOO_MANY_WARNING_ALERTS /* 220 > */ > +#endif > #ifdef SSL_R_CLIENTHELLO_TLSEXT > || n == SSL_R_CLIENTHELLO_TLSEXT /* 226 > */ > #endif > @@ -3467,11 +3479,20 @@ ngx_ssl_connection_error(ngx_connection_ > #ifdef SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS > || n == SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS /* 253 > */ > #endif > +#ifdef SSL_R_INVALID_COMPRESSION_LIST > + || n == SSL_R_INVALID_COMPRESSION_LIST /* 256 > */ > +#endif > +#ifdef SSL_R_MISSING_KEY_SHARE > + || n == SSL_R_MISSING_KEY_SHARE /* 258 > */ > +#endif > || n == SSL_R_UNSUPPORTED_PROTOCOL /* 258 > */ > #ifdef SSL_R_NO_SHARED_GROUP > || n == SSL_R_NO_SHARED_GROUP /* 266 > */ > #endif > || n == SSL_R_WRONG_VERSION_NUMBER /* 267 > */ > +#ifdef SSL_R_TOO_MUCH_SKIPPED_EARLY_DATA > + || n == SSL_R_TOO_MUCH_SKIPPED_EARLY_DATA /* 270 > */ > +#endif > || n == SSL_R_BAD_LENGTH /* 271 > */ > || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 > */ > #ifdef SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY > _______________________________________________ > nginx-devel mailing list > nginx-devel@nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx-devel
Looks ok _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel
