Nginx/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-11-21 16:28:40 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
The official NGINX Open Source repository.
7,142 Commits 21 Branches 567 Tags 79 MiB
C 97.6%
Vim Script 1.8%
XS 0.4%
Perl 0.1%
a976e6b9ef
Go to file
Maxim Dounin a976e6b9ef SSL: switched to detect log level based on the last error. 
In some cases there might be multiple errors in the OpenSSL error queue,
notably when a libcrypto call fails, and then the SSL layer generates
an error itself.  For example, the following errors were observed
with OpenSSL 3.0.8 with TLSv1.3 enabled:

SSL_do_handshake() failed (SSL: error:02800066:Diffie-Hellman routines::invalid public key error:0A000132:SSL routines::bad ecpoint)
SSL_do_handshake() failed (SSL: error:08000066:elliptic curve routines::invalid encoding error:0A000132:SSL routines::bad ecpoint)
SSL_do_handshake() failed (SSL: error:0800006B:elliptic curve routines::point is not on curve error:0A000132:SSL routines::bad ecpoint)

In such cases it seems to be better to determine logging level based on
the last error in the error queue (the one added by the SSL layer,
SSL_R_BAD_ECPOINT in all of the above example example errors).  To do so,
the ngx_ssl_connection_error() function was changed to use
ERR_peek_last_error().
2023-03-08 22:21:53 +03:00
auto Win32: OpenSSL compilation for x64 targets with MSVC. 2023-02-23 18:16:08 +03:00
conf MIME: added image/avif type. 2021-10-25 20:49:15 +03:00
contrib Contrib: vim syntax, update core and 3rd party module directives. 2022-06-18 15:54:40 +03:00
docs nginx-1.23.3-RELEASE 2022-12-13 18:53:53 +03:00
misc Updated OpenSSL and zlib used for win32 builds. 2022-12-13 03:32:57 +03:00
src SSL: switched to detect log level based on the last error. 2023-03-08 22:21:53 +03:00
.hgtags release-1.23.3 tag 2022-12-13 18:53:53 +03:00