SSL: logging level of "application data after close notify". Such fatal errors are reported by OpenSSL 1.1.1, and similarly by BoringSSL, if application data is encountered during SSL shutdown, which started to be observed on the second SSL_shutdown() call after SSL shutdown fixes made in 09fb2135a589 (1.19.2). The error means that the client continues to send application data after receiving the "close_notify" alert (ticket #2318). Previously it was reported as SSL_shutdown() error of SSL_ERROR_SYSCALL.

commit: ab8b107e0f47c29967c0b0fc53eef1d9489b39bf [log] [tgz]
author: Sergey Kandaurov <pluknet@nginx.com> Tue Feb 08 17:35:27 2022 +0300
committer: Sergey Kandaurov <pluknet@nginx.com> Tue Feb 08 17:35:27 2022 +0300
tree: ccbad227be9d94f0c760fac61b460655837e380a
parent: 7546b8be84381ab40eb2025d8161342edd76c235 [diff]
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 1e6fc96..975f959 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c

@@ -3385,6 +3385,12 @@
 #endif
             || n == SSL_R_WRONG_VERSION_NUMBER                       /*  267 */
             || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        /*  281 */
+#ifdef SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY
+            || n == SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY        /*  291 */
+#endif
+#ifdef SSL_R_APPLICATION_DATA_ON_SHUTDOWN
+            || n == SSL_R_APPLICATION_DATA_ON_SHUTDOWN               /*  291 */
+#endif
 #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
             || n == SSL_R_RENEGOTIATE_EXT_TOO_LONG                   /*  335 */
             || n == SSL_R_RENEGOTIATION_ENCODING_ERR                 /*  336 */
commit	ab8b107e0f47c29967c0b0fc53eef1d9489b39bf	[log] [tgz]
author	Sergey Kandaurov <pluknet@nginx.com>	Tue Feb 08 17:35:27 2022 +0300
committer	Sergey Kandaurov <pluknet@nginx.com>	Tue Feb 08 17:35:27 2022 +0300
tree	ccbad227be9d94f0c760fac61b460655837e380a
parent	7546b8be84381ab40eb2025d8161342edd76c235 [diff]