From e9d67086c76fd571e51cfbb4f098827619bd9e1a Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Wed, 1 Apr 2020 13:27:42 +0300
Subject: [PATCH] Improved SSL_do_handshake() error handling in QUIC.

It can either return a recoverable SSL_ERROR_WANT_READ or fatal errors.
---
 src/event/ngx_event_quic.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/event/ngx_event_quic.c b/src/event/ngx_event_quic.c
index 7231d64ad..ae85b31d0 100644
--- a/src/event/ngx_event_quic.c
+++ b/src/event/ngx_event_quic.c
@@ -508,6 +508,11 @@ ngx_quic_init_connection(ngx_connection_t *c)
 
         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
                        sslerr);
+
+        if (sslerr != SSL_ERROR_WANT_READ) {
+            ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
+            return NGX_ERROR;
+        }
     }
 
     ngx_log_debug2(NGX_LOG_DEBUG_EVENT, c->log, 0,
@@ -1050,8 +1055,9 @@ ngx_quic_handle_crypto_frame(ngx_connection_t *c, ngx_quic_header_t *pkt,
         ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "SSL_get_error: %d",
                        sslerr);
 
-        if (sslerr == SSL_ERROR_SSL) {
+        if (sslerr != SSL_ERROR_WANT_READ) {
             ngx_ssl_error(NGX_LOG_ERR, c->log, 0, "SSL_do_handshake() failed");
+            return NGX_ERROR;
         }
 
     } else if (n == 1) {