[nginx] SSL: logging level of "invalid alert" errors.
Maxim Dounin
mdounin at mdounin.ru
Sun May 5 21:12:38 UTC 2024
details: http://freenginx.org/hg/nginx/rev/d89e0386b695
branches:
changeset: 9265:d89e0386b695
user: Maxim Dounin <mdounin at mdounin.ru>
date: Mon May 06 00:07:18 2024 +0300
description:
SSL: logging level of "invalid alert" errors.
The SSL_R_INVALID_ALERT ("invalid alert") errors are reported by OpenSSL
1.1.1 or newer if the client sends a malformed alert. These errors are
now logged at the "info" level.
diffstat:
src/event/ngx_event_openssl.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diffs (13 lines):
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3495,6 +3495,9 @@ ngx_ssl_connection_error(ngx_connection_
#ifdef SSL_R_PACKET_LENGTH_TOO_LONG
|| n == SSL_R_PACKET_LENGTH_TOO_LONG /* 198 */
#endif
+#ifdef SSL_R_INVALID_ALERT
+ || n == SSL_R_INVALID_ALERT /* 205 */
+#endif
|| n == SSL_R_RECORD_LENGTH_MISMATCH /* 213 */
#ifdef SSL_R_TOO_MANY_WARNING_ALERTS
|| n == SSL_R_TOO_MANY_WARNING_ALERTS /* 220 */
More information about the nginx-devel
mailing list