From 3cc7f8acbfeaa0831d9c07b2b9bb0377399e0329 Mon Sep 17 00:00:00 2001 From: tzssangglass Date: Wed, 3 Jun 2026 11:57:37 +0800 Subject: [PATCH] bugfix: sslhandshake lost verify error when handshake completed immediately After ngx_ssl_handshake(c) returns NGX_OK, the handshake handler may still record a verify error in u->error_ret via SSL_get_verify_result(). The old code only checked rc == NGX_ERROR and missed u->error_ret, returning FFI_OK with an unread error. Added u->error_ret != NULL check so the Lua caller receives the SSL error instead of a misleading "closed" on the next socket operation. --- src/ngx_http_lua_socket_tcp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ngx_http_lua_socket_tcp.c b/src/ngx_http_lua_socket_tcp.c index 13b5156039..08c02ae043 100644 --- a/src/ngx_http_lua_socket_tcp.c +++ b/src/ngx_http_lua_socket_tcp.c @@ -2035,7 +2035,7 @@ ngx_http_lua_ffi_socket_tcp_sslhandshake(ngx_http_request_t *r, ngx_http_lua_ssl_handshake_handler(c); - if (rc == NGX_ERROR) { + if (rc == NGX_ERROR || u->error_ret != NULL) { *errmsg = u->error_ret; return NGX_ERROR; }