diff options
author | Sergey Kandaurov <pluknet@nginx.com> | 2022-02-08 17:35:27 +0300 |
---|---|---|
committer | Sergey Kandaurov <pluknet@nginx.com> | 2022-02-08 17:35:27 +0300 |
commit | 828fb94e1dbe1c433edd39147ba085c4622c99ed (patch) | |
tree | ccbad227be9d94f0c760fac61b460655837e380a | |
parent | 2a79484c8348216393d7055cf292de1c28ef75ce (diff) |
SSL: logging level of "application data after close notify".branches/default
Such fatal errors are reported by OpenSSL 1.1.1, and similarly by BoringSSL,
if application data is encountered during SSL shutdown, which started to be
observed on the second SSL_shutdown() call after SSL shutdown fixes made in
09fb2135a589 (1.19.2). The error means that the client continues to send
application data after receiving the "close_notify" alert (ticket #2318).
Previously it was reported as SSL_shutdown() error of SSL_ERROR_SYSCALL.
-rw-r--r-- | src/event/ngx_event_openssl.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 1e6fc9614..975f959ac 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -3385,6 +3385,12 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err, #endif || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ +#ifdef SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY + || n == SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY /* 291 */ +#endif +#ifdef SSL_R_APPLICATION_DATA_ON_SHUTDOWN + || n == SSL_R_APPLICATION_DATA_ON_SHUTDOWN /* 291 */ +#endif #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG || n == SSL_R_RENEGOTIATE_EXT_TOO_LONG /* 335 */ || n == SSL_R_RENEGOTIATION_ENCODING_ERR /* 336 */ |