diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2008-11-18 16:05:00 +0000 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2008-11-18 16:05:00 +0000 |
| commit | 1bf7dc18846113dd16be360777b2ad788a114ac7 (patch) | |
| tree | ec22fb06b0a2df913602e6ed47b419038c229369 | |
| parent | b3ac4fb27ce15a813e4a5d5eb3b979a8279c3132 (diff) | |
| download | nginx-1bf7dc18846113dd16be360777b2ad788a114ac7.tar.gz | |
low some SSL handshake errors level
| -rw-r--r-- | src/event/ngx_event_openssl.c | 46 |
1 files changed, 30 insertions, 16 deletions
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 2b3f0711a..f6a8ff2ce 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -1240,23 +1240,37 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err, n = ERR_GET_REASON(ERR_peek_error()); /* handshake failures */ - if (n == SSL_R_DIGEST_CHECK_FAILED - || n == SSL_R_NO_SHARED_CIPHER - || n == SSL_R_UNEXPECTED_MESSAGE - || n == SSL_R_WRONG_VERSION_NUMBER - || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC + if (n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ + || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ + || n == SSL_R_NO_SHARED_CIPHER /* 193 */ + || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */ + || n == SSL_R_UNEXPECTED_RECORD /* 245 */ + || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ + || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ - || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE - || n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC - || n == SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE - || n == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE - || n == SSL_R_SSLV3_ALERT_BAD_CERTIFICATE - || n == SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE - || n == SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED - || n == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED - || n == SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN - || n == SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER - || n == SSL_R_TLSV1_ALERT_UNKNOWN_CA) + || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */ + || n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC /* 1020 */ + || n == SSL_R_TLSV1_ALERT_DECRYPTION_FAILED /* 1021 */ + || n == SSL_R_TLSV1_ALERT_RECORD_OVERFLOW /* 1022 */ + || n == SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE /* 1030 */ + || n == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE /* 1040 */ + || n == SSL_R_SSLV3_ALERT_NO_CERTIFICATE /* 1041 */ + || n == SSL_R_SSLV3_ALERT_BAD_CERTIFICATE /* 1042 */ + || n == SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE /* 1043 */ + || n == SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED /* 1044 */ + || n == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED /* 1045 */ + || n == SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN /* 1046 */ + || n == SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER /* 1047 */ + || n == SSL_R_TLSV1_ALERT_UNKNOWN_CA /* 1048 */ + || n == SSL_R_TLSV1_ALERT_ACCESS_DENIED /* 1049 */ + || n == SSL_R_TLSV1_ALERT_DECODE_ERROR /* 1050 */ + || n == SSL_R_TLSV1_ALERT_DECRYPT_ERROR /* 1051 */ + || n == SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION /* 1060 */ + || n == SSL_R_TLSV1_ALERT_PROTOCOL_VERSION /* 1070 */ + || n == SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY /* 1071 */ + || n == SSL_R_TLSV1_ALERT_INTERNAL_ERROR /* 1080 */ + || n == SSL_R_TLSV1_ALERT_USER_CANCELLED /* 1090 */ + || n == SSL_R_TLSV1_ALERT_NO_RENEGOTIATION) /* 1100 */ { switch (c->log_error) { |