Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: support ssl.create_ctx and tcp:setsslctx #997

Open
wants to merge 29 commits into
base: master
Choose a base branch
from
Open

feature: support ssl.create_ctx and tcp:setsslctx #997

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
e859096
doc: log level constatns add nginx phase
detailyang Nov 2, 2016
91a6d7d
Merge remote-tracking branch 'openresty/master'
detailyang Jan 13, 2017
635a569
Merge remote-tracking branch 'openresty/master'
detailyang Feb 2, 2017
1c10853
Merge remote-tracking branch 'openresty/master'
detailyang Feb 4, 2017
2ec655d
feature: ssl.create_ctx and tcp:setsslctx
detailyang Feb 19, 2017
df4387b
tests: remove unused openssl version judge
detailyang Feb 21, 2017
7086ff1
refactor: use protocols as the arg to create_ctx
detailyang Feb 26, 2017
ca8c3cb
refactor: remove unsed C macro
detailyang Feb 27, 2017
6ce2ea5
tests: remove duplicated tests
detailyang Feb 27, 2017
1b2eaac
refactor: remove superfluous variable
detailyang Feb 28, 2017
697f0eb
style: combine arguments to one line
detailyang Feb 28, 2017
0409076
refactor: expose tcp object metatable to REGISTRY
detailyang Feb 28, 2017
17c3141
refactor: caller should allocate error message buf
detailyang Mar 8, 2017
8b7e0f5
style: do not exceed 80 columns in source code
detailyang Mar 8, 2017
a30bbf3
tests: use lua-resty-core to test FFI
detailyang Mar 8, 2017
73c5aa8
refactor: copy literal string to caller err buffer
detailyang Mar 11, 2017
0b04b54
travis: use personal lua-resty-core to pass test
detailyang Mar 11, 2017
902ec8d
refactor: use ngx_min to decide the size of msg
detailyang Mar 11, 2017
c94df6d
style: align function argments
detailyang May 5, 2017
6e38b47
style: align function arguemnts (ditto)
detailyang May 5, 2017
8e06dc5
tests: remove unused module
detailyang May 7, 2017
c105935
style: align for aesthetic considerations
detailyang May 7, 2017
69f841f
refactor: replace ngx_copy to ngx_memcpy
detailyang May 7, 2017
3bcc9f7
Merge remote-tracking branch 'openresty/master' into lua-ffi-api-sslctx
detailyang May 7, 2017
f52e7a2
style: variable name tweaks
detailyang May 17, 2017
b57b9db
Merge remote-tracking branch 'openresty/master' into lua-ffi-api-sslctx
detailyang May 21, 2017
f13fd50
Merge remote-tracking branch 'openresty/master' into lua-ffi-api-sslctx
detailyang May 25, 2017
fb52c37
style: variable declaration in #if block
detailyang May 26, 2017
1f1b090
feature: support ciphers, CRL, ca, cert_store
detailyang Jun 1, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ install:
- git clone https://github.com/openresty/rds-json-nginx-module.git ../rds-json-nginx-module
- git clone https://github.com/openresty/srcache-nginx-module.git ../srcache-nginx-module
- git clone https://github.com/openresty/redis2-nginx-module.git ../redis2-nginx-module
- git clone https://github.com/openresty/lua-resty-core.git ../lua-resty-core
- git clone -b lua-ffi-api-sslctx https://github.com/detailyang/lua-resty-core.git ../lua-resty-core
- git clone -b v2.1-agentzh https://github.com/openresty/luajit2.git

before_script:
Expand Down
57 changes: 56 additions & 1 deletion src/ngx_http_lua_socket_tcp.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,12 @@ enum {
}


#if (NGX_HTTP_SSL)

#define ngx_http_lua_ngx_socket_tcp_mt_key "__ngx_socket_tcp_mt"

#endif

static char ngx_http_lua_req_socket_metatable_key;
static char ngx_http_lua_raw_req_socket_metatable_key;
static char ngx_http_lua_tcp_socket_metatable_key;
Expand Down Expand Up @@ -316,6 +322,20 @@ ngx_http_lua_inject_socket_tcp_api(ngx_log_t *log, lua_State *L)

lua_pushvalue(L, -1);
lua_setfield(L, -2, "__index");

#if (NGX_HTTP_SSL)

#ifndef NGX_LUA_NO_FFI_API

/* expose tcp object metatable to REGISTRY for FFI */
lua_pushliteral(L, ngx_http_lua_ngx_socket_tcp_mt_key);
lua_pushvalue(L, -2);
lua_rawset(L, LUA_REGISTRYINDEX);

#endif /* NGX_LUA_NO_FFI_API */

#endif /* NGX_HTTP_SSL */

lua_rawset(L, LUA_REGISTRYINDEX);
/* }}} */

Expand Down Expand Up @@ -587,6 +607,12 @@ ngx_http_lua_socket_tcp_connect(lua_State *L)

u->conf = llcf;

#if (NGX_HTTP_SSL)

u->ssl = llcf->ssl;

#endif

pc = &u->peer;

pc->log = r->connection->log;
Expand Down Expand Up @@ -1200,6 +1226,35 @@ ngx_http_lua_socket_conn_error_retval_handler(ngx_http_request_t *r,

#if (NGX_HTTP_SSL)


#ifndef NGX_LUA_NO_FFI_API

int
ngx_http_lua_ffi_socket_tcp_setsslctx(ngx_http_request_t *r,
ngx_http_lua_socket_tcp_upstream_t *u, void *cdata_ctx, char **err)
{
SSL_CTX *ssl_ctx = cdata_ctx;

ngx_ssl_t *ssl;

ssl = ngx_pcalloc(r->pool, sizeof(ngx_ssl_t));
if (ssl == NULL) {
*err = "no memory";
return NGX_ERROR;
}

ssl->ctx = ssl_ctx;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should increment ref count of SSL_CTX*?

ssl->log = u->ssl->log;
ssl->buffer_size = u->ssl->buffer_size;

u->ssl = ssl;

return NGX_OK;
}

#endif /* NGX_LUA_NO_FFI_API */


static int
ngx_http_lua_socket_tcp_sslhandshake(lua_State *L)
{
Expand Down Expand Up @@ -1286,7 +1341,7 @@ ngx_http_lua_socket_tcp_sslhandshake(lua_State *L)
return 1;
}

if (ngx_ssl_create_connection(u->conf->ssl, c,
if (ngx_ssl_create_connection(u->ssl, c,
NGX_SSL_BUFFER|NGX_SSL_CLIENT)
!= NGX_OK)
{
Expand Down
1 change: 1 addition & 0 deletions src/ngx_http_lua_socket_tcp.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ struct ngx_http_lua_socket_tcp_upstream_s {

#if (NGX_HTTP_SSL)
ngx_str_t ssl_name;
ngx_ssl_t *ssl;
#endif

unsigned ft_type:16;
Expand Down
Loading