From: Sergey Kandaurov <pluknet@nginx.com>
Date: Wed, 1 Apr 2020 10:27:42 +0000 (+0300)
Subject: Improved SSL_do_handshake() error handling in QUIC.
X-Git-Tag: release-1.25.0~4^2~809
X-Git-Url: http://www.kaiwu.me/postgresql/commit/static/gitweb.js?a=commitdiff_plain;h=e9d67086c76fd571e51cfbb4f098827619bd9e1a;p=nginx.git

Improved SSL_do_handshake() error handling in QUIC.

It can either return a recoverable SSL_ERROR_WANT_READ or fatal errors.
---

diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index 7231d64ad..ae85b31d0 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -508,6 +508,11 @@ ngx_quic_init_connection(ngx_connection_t *c)
 
         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
                        sslerr);
+
+        if (sslerr != SSL_ERROR_WANT_READ) {
+            ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
+            return NGX_ERROR;
+        }
     }
 
     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
@@ -1050,8 +1055,9 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
                        sslerr);
 
-        if (sslerr == SSL_ERROR_SSL) {
+        if (sslerr != SSL_ERROR_WANT_READ) {
             ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
+            return NGX_ERROR;
         }
 
     } else if (n == 1) {