]> git.kaiwu.me - nginx.git/commitdiff
projects / nginx.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5d7fd4a)
QUIC: logging missing mandatory TLS extensions only once.
authorSergey Kandaurov <pluknet@nginx.com>
Tue, 6 May 2025 14:57:01 +0000 (18:57 +0400)
committerRoman Arutyunyan <arutyunyan.roman@gmail.com>
Fri, 23 May 2025 11:00:47 +0000 (15:00 +0400)
Previously, they might be logged on every add_handshake_data
callback invocation when using OpenSSL compat layer and processing
coalesced handshake messages.

Further, the ALPN error message is adjusted to signal the missing
extension.  Possible reasons were previously narrowed down with
ebb6f7d65 changes in the ALPN callback that is invoked earlier in
the handshake.

src/event/quic/ngx_event_quic_ssl.c patch | blob | history

diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
index 5b897bdb64db8eb701734153faa880165848bea2..e5d481d1ca789c2c8ca651b5155b5eb39109048d 100644 (file)
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -195,11 +195,14 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
         SSL_get0_alpn_selected(ssl_conn, &alpn_data, &alpn_len);
 
         if (alpn_len == 0) {
-            qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_NO_APPLICATION_PROTOCOL);
-            qc->error_reason = "unsupported protocol in ALPN extension";
+            if (qc->error == 0) {
+                qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_NO_APPLICATION_PROTOCOL);
+                qc->error_reason = "missing ALPN extension";
+
+                ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                              "quic missing ALPN extension");
+            }
 
-            ngx_log_error(NGX_LOG_INFO, c->log, 0,
-                          "quic unsupported protocol in ALPN extension");
             return 1;
         }
 
@@ -212,11 +215,15 @@ ngx_quic_add_handshake_data(ngx_ssl_conn_t *ssl_conn,
 
         if (client_params_len == 0) {
             /* RFC 9001, 8.2.  QUIC Transport Parameters Extension */
-            qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
-            qc->error_reason = "missing transport parameters";
 
-            ngx_log_error(NGX_LOG_INFO, c->log, 0,
-                          "missing transport parameters");
+            if (qc->error == 0) {
+                qc->error = NGX_QUIC_ERR_CRYPTO(SSL_AD_MISSING_EXTENSION);
+                qc->error_reason = "missing transport parameters";
+
+                ngx_log_error(NGX_LOG_INFO, c->log, 0,
+                              "missing transport parameters");
+            }
+
             return 1;
         }
 
nginx upstream