QUIC: logging missing mandatory TLS extensions only once.

Previously, they might be logged on every add_handshake_data callback invocation when using OpenSSL compat layer and processing coalesced handshake messages. Further, the ALPN error message is adjusted to signal the missing extension. Possible reasons were previously narrowed down with ebb6f7d65 changes in the ALPN callback that is invoked earlier in the handshake.
author: Sergey Kandaurov <pluknet@nginx.com> 2025-05-06 18:57:01 +0400
committer: Roman Arutyunyan <arutyunyan.roman@gmail.com> 2025-05-23 15:00:47 +0400
commit: 54e6b7cfeeae50f708398468078094fd309828e0 (patch)
tree: 41cc1cc308cc52d3208824944fbe5d16c9db4293 /src
parent: 5d7fd4a7e3025e8600bb029742a0a28bf4ca9eec (diff)
download: nginx-54e6b7cfeeae50f708398468078094fd309828e0.tar.gz
nginx-54e6b7cfeeae50f708398468078094fd309828e0.zip
1 files changed, 15 insertions, 8 deletions
diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
index 5b897bdb6..e5d481d1c 100644
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -195,11 +195,14 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
         SSL_get0_alpn_selected(ssl_conn, &alpn_data, &alpn_len);
 
         if (alpn_len == 0) {
-            qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_NO_APPLICATION_PROTOCOL);
-            qc->error_reason = "unsupported protocol in ALPN extension";
+            if (qc->error == 0) {
+                qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_NO_APPLICATION_PROTOCOL);
+                qc->error_reason = "missing ALPN extension";
+
+                ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                              "quic missing ALPN extension");
+            }
 
-            ngx_log_error(NGX_LOG_INFO, c->log, 0,
-                          "quic unsupported protocol in ALPN extension");
             return 1;
         }
 
@@ -212,11 +215,15 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
 
         if (client_params_len == 0) {
             /* RFC 9001, 8.2.  QUIC Transport Parameters Extension */
-            qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
-            qc->error_reason = "missing transport parameters";
 
-            ngx_log_error(NGX_LOG_INFO, c->log, 0,
-                          "missing transport parameters");
+            if (qc->error == 0) {
+                qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
+                qc->error_reason = "missing transport parameters";
+
+                ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                              "missing transport parameters");
+            }
+
             return 1;
         }
author	Sergey Kandaurov <pluknet@nginx.com>	2025-05-06 18:57:01 +0400
committer	Roman Arutyunyan <arutyunyan.roman@gmail.com>	2025-05-23 15:00:47 +0400
commit	54e6b7cfeeae50f708398468078094fd309828e0 (patch)
tree	41cc1cc308cc52d3208824944fbe5d16c9db4293 /src
parent	5d7fd4a7e3025e8600bb029742a0a28bf4ca9eec (diff)
download	nginx-54e6b7cfeeae50f708398468078094fd309828e0.tar.gz nginx-54e6b7cfeeae50f708398468078094fd309828e0.zip