Mercurial > nginx

--- a/src/event/quic/ngx_event_quic.c	Wed May 21 19:55:31 2025 +0400
+++ b/src/event/quic/ngx_event_quic.c	Tue May 13 20:12:10 2025 +0400
@@ -135,6 +135,9 @@
     if (scid.len != ctp->initial_scid.len
         || ngx_memcmp(scid.data, ctp->initial_scid.data, scid.len) != 0)
     {
+        qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
+        qc->error_reason = "invalid initial_source_connection_id";
+
         ngx_log_error(NGX_LOG_INFO, c->log, 0,
                       "quic client initial_source_connection_id mismatch");
         return NGX_ERROR;
--- a/src/event/quic/ngx_event_quic_openssl_compat.c	Wed May 21 19:55:31 2025 +0400
+++ b/src/event/quic/ngx_event_quic_openssl_compat.c	Tue May 13 20:12:10 2025 +0400
@@ -437,7 +437,7 @@
                        ngx_quic_level_name(level), len);

         if (com->method->add_handshake_data(ssl, level, buf, len) != 1) {
-            goto failed;
+            return;
         }

         break;
@@ -451,7 +451,7 @@
                            ngx_quic_level_name(level), alert, len);

             if (com->method->send_alert(ssl, level, alert) != 1) {
-                goto failed;
+                return;
             }
         }

@@ -459,10 +459,6 @@
     }

     return;
-
-failed:
-
-    ngx_post_event(&qc->close, &ngx_posted_events);
 }
--- a/src/event/quic/ngx_event_quic_ssl.c	Wed May 21 19:55:31 2025 +0400
+++ b/src/event/quic/ngx_event_quic_ssl.c	Tue May 13 20:12:10 2025 +0400
@@ -72,7 +72,7 @@
                                             cipher, rsecret, secret_len)
         != NGX_OK)
     {
-        return 0;
+        qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
     }

     return 1;
@@ -102,7 +102,7 @@
                                             cipher, wsecret, secret_len)
         != NGX_OK)
     {
-        return 0;
+        qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
     }

     return 1;
@@ -136,7 +136,8 @@
                                             cipher, rsecret, secret_len)
         != NGX_OK)
     {
-        return 0;
+        qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
+        return 1;
     }

     if (level == ssl_encryption_early_data) {
@@ -153,7 +154,7 @@
                                             cipher, wsecret, secret_len)
         != NGX_OK)
     {
-        return 0;
+        qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
     }

     return 1;
@@ -199,7 +200,7 @@

             ngx_log_error(NGX_LOG_INFO, c->log, 0,
                           "quic unsupported protocol in ALPN extension");
-            return 0;
+            return 1;
         }

         SSL_get_peer_quic_transport_params(ssl_conn, &client_params,
@@ -216,7 +217,7 @@

             ngx_log_error(NGX_LOG_INFO, c->log, 0,
                           "missing transport parameters");
-            return 0;
+            return 1;
         }

         p = (u_char *) client_params;
@@ -231,11 +232,11 @@
             qc->error = NGX_QUIC_ERR_TRANSPORT_PARAMETER_ERROR;
             qc->error_reason = "failed to process transport parameters";

-            return 0;
+            return 1;
         }

         if (ngx_quic_apply_transport_params(c, &ctp) != NGX_OK) {
-            return 0;
+            return 1;
         }

         qc->client_tp_done = 1;
@@ -245,12 +246,14 @@

     out = ngx_quic_copy_buffer(c, (u_char *) data, len);
     if (out == NGX_CHAIN_ERROR) {
-        return 0;
+        qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
+        return 1;
     }

     frame = ngx_quic_alloc_frame(c);
     if (frame == NULL) {
-        return 0;
+        qc->error = NGX_QUIC_ERR_INTERNAL_ERROR;
+        return 1;
     }

     frame->data = out;
@@ -412,6 +415,10 @@

     ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_do_handshake: %d", n);

+    if (qc->error != (ngx_uint_t) -1) {
+        return NGX_ERROR;
+    }
+
     if (n <= 0) {
         sslerr = SSL_get_error(ssl_conn, n);