Klaus Demo nginx / 1bf7dc1
low some SSL handshake errors level Igor Sysoev 13 years ago
1 changed file(s) with 30 addition(s) and 16 deletion(s). Raw diff Collapse all Expand all
12391239 n = ERR_GET_REASON(ERR_peek_error());
12401240
12411241 /* handshake failures */
1242 if (n == SSL_R_DIGEST_CHECK_FAILED
1243 || n == SSL_R_NO_SHARED_CIPHER
1244 || n == SSL_R_UNEXPECTED_MESSAGE
1245 || n == SSL_R_WRONG_VERSION_NUMBER
1246 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC
1242 if (n == SSL_R_DIGEST_CHECK_FAILED /* 149 */
1243 || n == SSL_R_NO_CIPHERS_PASSED /* 182 */
1244 || n == SSL_R_NO_SHARED_CIPHER /* 193 */
1245 || n == SSL_R_UNEXPECTED_MESSAGE /* 244 */
1246 || n == SSL_R_UNEXPECTED_RECORD /* 245 */
1247 || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */
1248 || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */
12471249 || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
1248 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE
1249 || n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC
1250 || n == SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE
1251 || n == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE
1252 || n == SSL_R_SSLV3_ALERT_BAD_CERTIFICATE
1253 || n == SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE
1254 || n == SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED
1255 || n == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED
1256 || n == SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN
1257 || n == SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER
1258 || n == SSL_R_TLSV1_ALERT_UNKNOWN_CA)
1250 || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */
1251 || n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC /* 1020 */
1252 || n == SSL_R_TLSV1_ALERT_DECRYPTION_FAILED /* 1021 */
1253 || n == SSL_R_TLSV1_ALERT_RECORD_OVERFLOW /* 1022 */
1254 || n == SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE /* 1030 */
1255 || n == SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE /* 1040 */
1256 || n == SSL_R_SSLV3_ALERT_NO_CERTIFICATE /* 1041 */
1257 || n == SSL_R_SSLV3_ALERT_BAD_CERTIFICATE /* 1042 */
1258 || n == SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE /* 1043 */
1259 || n == SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED /* 1044 */
1260 || n == SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED /* 1045 */
1261 || n == SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN /* 1046 */
1262 || n == SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER /* 1047 */
1263 || n == SSL_R_TLSV1_ALERT_UNKNOWN_CA /* 1048 */
1264 || n == SSL_R_TLSV1_ALERT_ACCESS_DENIED /* 1049 */
1265 || n == SSL_R_TLSV1_ALERT_DECODE_ERROR /* 1050 */
1266 || n == SSL_R_TLSV1_ALERT_DECRYPT_ERROR /* 1051 */
1267 || n == SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION /* 1060 */
1268 || n == SSL_R_TLSV1_ALERT_PROTOCOL_VERSION /* 1070 */
1269 || n == SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY /* 1071 */
1270 || n == SSL_R_TLSV1_ALERT_INTERNAL_ERROR /* 1080 */
1271 || n == SSL_R_TLSV1_ALERT_USER_CANCELLED /* 1090 */
1272 || n == SSL_R_TLSV1_ALERT_NO_RENEGOTIATION) /* 1100 */
12591273 {
12601274 switch (c->log_error) {
12611275