Skip to content

Commit e3ef58d

Browse files
agentzhagentzh
committed
feature: added the ngx.ssl.session module for the contexts ssl_session_fetch_by_lua* and ssl_session_store_by_lua*.
thanks Zi Lin for the patches.
1 parent 51e07cf commit e3ef58d

File tree

6 files changed

+1078
-0
lines changed

6 files changed

+1078
-0
lines changed

.travis.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,8 @@ script:
5757
- cd lua-resty-lrucache && sudo make DESTDIR=$LUAJIT_PREFIX LUA_LIB_DIR=/share/lua/5.1 install && cd ..
5858
- tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz
5959
- cd openssl-$OPENSSL_VER/
60+
- wget https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-$OPENSSL_VER-sess_set_get_cb_yield.patch
61+
- patch -p1 < openssl-$OPENSSL_VER-sess_set_get_cb_yield.patch
6062
- ./config shared --prefix=$OPENSSL_PREFIX -DPURIFY > build.log 2>&1 || (cat build.log && exit 1)
6163
- make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
6264
- sudo make PATH=$PATH install_sw > build.log 2>&1 || (cat build.log && exit 1)

README.markdown

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ Table of Contents
2828
* [ngx.semaphore](#ngxsemaphore)
2929
* [ngx.balancer](#ngxbalancer)
3030
* [ngx.ssl](#ngxssl)
31+
* [ngx.ssl.session](#ngxsslsession)
3132
* [Caveat](#caveat)
3233
* [TODO](#todo)
3334
* [Author](#author)
@@ -225,6 +226,15 @@ See the [documentation](./lib/ngx/ssl.md) for this Lua module for more details.
225226

226227
[Back to TOC](#table-of-contents)
227228

229+
## ngx.ssl.session
230+
231+
This Lua module provides a Lua API for manipulating SSL session data and IDs
232+
for NGINX downstream SSL connections.
233+
234+
See the [documentation](./lib/ngx/ssl/session.md) for this Lua module for more details.
235+
236+
[Back to TOC](#table-of-contents)
237+
228238
Caveat
229239
======
230240

lib/ngx/ssl/session.lua

Lines changed: 105 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,105 @@
1+
local _M = {}
2+
3+
4+
local ffi = require "ffi"
5+
local base = require "resty.core.base"
6+
7+
8+
local C = ffi.C
9+
local ffi_str = ffi.string
10+
local getfenv = getfenv
11+
local error = error
12+
local errmsg = base.get_errmsg_ptr()
13+
local get_string_buf = base.get_string_buf
14+
local FFI_ERROR = base.FFI_ERROR
15+
16+
17+
ffi.cdef[[
18+
int ngx_http_lua_ffi_ssl_set_serialized_session(ngx_http_request_t *r,
19+
const unsigned char *buf, int len, char **err);
20+
21+
int ngx_http_lua_ffi_ssl_get_serialized_session(ngx_http_request_t *r,
22+
char *buf, char **err);
23+
24+
int ngx_http_lua_ffi_ssl_get_session_id(ngx_http_request_t *r,
25+
char *buf, char **err);
26+
27+
int ngx_http_lua_ffi_ssl_get_serialized_session_size(ngx_http_request_t *r,
28+
char **err);
29+
30+
int ngx_http_lua_ffi_ssl_get_session_id_size(ngx_http_request_t *r,
31+
char **err);
32+
]]
33+
34+
35+
-- return session, err
36+
function _M.get_serialized_session()
37+
local r = getfenv(0).__ngx_req
38+
if not r then
39+
return error("no request found")
40+
end
41+
42+
local len = C.ngx_http_lua_ffi_ssl_get_serialized_session_size(r, errmsg)
43+
44+
if len < 0 then
45+
return nil, ffi_str(errmsg[0])
46+
end
47+
48+
if len > 4096 then
49+
return nil, "session too big to serialize"
50+
end
51+
local buf = get_string_buf(len)
52+
53+
local rc = C.ngx_http_lua_ffi_ssl_get_serialized_session(r, buf, errmsg)
54+
55+
if rc == FFI_ERROR then
56+
return nil, ffi_str(errmsg[0])
57+
end
58+
59+
return ffi_str(buf, len)
60+
end
61+
62+
63+
-- return session_id, err
64+
function _M.get_session_id()
65+
local r = getfenv(0).__ngx_req
66+
if not r then
67+
return error("no request found")
68+
end
69+
70+
local len = C.ngx_http_lua_ffi_ssl_get_session_id_size(r, errmsg)
71+
72+
if len < 0 then
73+
return nil, ffi_str(errmsg[0])
74+
end
75+
76+
local buf = get_string_buf(len)
77+
78+
local rc = C.ngx_http_lua_ffi_ssl_get_session_id(r, buf, errmsg)
79+
80+
if rc == FFI_ERROR then
81+
return nil, ffi_str(errmsg[0])
82+
end
83+
84+
return ffi_str(buf, len)
85+
end
86+
87+
88+
-- return ok, err
89+
function _M.set_serialized_session(sess)
90+
local r = getfenv(0).__ngx_req
91+
if not r then
92+
return error("no request found")
93+
end
94+
95+
local rc = C.ngx_http_lua_ffi_ssl_set_serialized_session(r, sess, #sess,
96+
errmsg)
97+
if rc == FFI_ERROR then
98+
return nil, ffi_str(errmsg[0])
99+
end
100+
101+
return true
102+
end
103+
104+
105+
return _M

0 commit comments

Comments
 (0)