Skip to content

Commit e172890

Browse files
willmafhwillmafh
committed
feature: proxy_ssl_certificate_by_lua directives
1 parent 5246add commit e172890

14 files changed

+2399
-0
lines changed

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -151,6 +151,8 @@ behavior.
151151
* [ssl_client_hello_by_lua_file](https://github.com/openresty/lua-nginx-module#ssl_client_hello_by_lua_file)
152152
* [ssl_certificate_by_lua_block](https://github.com/openresty/lua-nginx-module#ssl_certificate_by_lua_block)
153153
* [ssl_certificate_by_lua_file](https://github.com/openresty/lua-nginx-module#ssl_certificate_by_lua_file)
154+
* [proxy_ssl_certificate_by_lua_block](https://github.com/openresty/lua-nginx-module#proxy_ssl_certificate_by_lua_block)
155+
* [proxy_ssl_certificate_by_lua_file](https://github.com/openresty/lua-nginx-module#proxy_ssl_certificate_by_lua_file)
154156
* [proxy_ssl_verify_by_lua_block](https://github.com/openresty/lua-nginx-module#proxy_ssl_verify_by_lua_block)
155157
* [proxy_ssl_verify_by_lua_file](https://github.com/openresty/lua-nginx-module#proxy_ssl_verify_by_lua_file)
156158
* [lua_shared_dict](https://github.com/openresty/lua-nginx-module#lua_shared_dict)

config

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -278,6 +278,7 @@ STREAM_LUA_SRCS=" \
278278
$ngx_addon_dir/src/ngx_stream_lua_semaphore.c \
279279
$ngx_addon_dir/src/ngx_stream_lua_ssl_client_helloby.c \
280280
$ngx_addon_dir/src/ngx_stream_lua_ssl_certby.c \
281+
$ngx_addon_dir/src/ngx_stream_lua_proxy_ssl_certby.c \
281282
$ngx_addon_dir/src/ngx_stream_lua_proxy_ssl_verifyby.c \
282283
$ngx_addon_dir/src/ngx_stream_lua_log_ringbuf.c \
283284
$ngx_addon_dir/src/ngx_stream_lua_input_filters.c \
@@ -323,6 +324,7 @@ STREAM_LUA_DEPS=" \
323324
$ngx_addon_dir/src/ngx_stream_lua_semaphore.h \
324325
$ngx_addon_dir/src/ngx_stream_lua_ssl_client_helloby.h \
325326
$ngx_addon_dir/src/ngx_stream_lua_ssl_certby.h \
327+
$ngx_addon_dir/src/ngx_stream_lua_proxy_ssl_certby.h \
326328
$ngx_addon_dir/src/ngx_stream_lua_proxy_ssl_verifyby.h \
327329
$ngx_addon_dir/src/ngx_stream_lua_log_ringbuf.h \
328330
$ngx_addon_dir/src/ngx_stream_lua_input_filters.h \

src/ngx_stream_lua_common.h

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -138,6 +138,7 @@
138138

139139
#ifdef HAVE_PROXY_SSL_PATCH
140140
#define NGX_STREAM_LUA_CONTEXT_PROXY_SSL_VERIFY 0x0100
141+
#define NGX_STREAM_LUA_CONTEXT_PROXY_SSL_CERT 0x0200
141142
#endif
142143

143144

@@ -277,6 +278,10 @@ struct ngx_stream_lua_srv_conf_s {
277278

278279
#ifdef HAVE_PROXY_SSL_PATCH
279280
struct {
281+
ngx_stream_lua_srv_conf_handler_pt proxy_ssl_cert_handler;
282+
ngx_str_t proxy_ssl_cert_src;
283+
u_char *proxy_ssl_cert_src_key;
284+
280285
ngx_stream_lua_srv_conf_handler_pt proxy_ssl_verify_handler;
281286
ngx_str_t proxy_ssl_verify_src;
282287
u_char *proxy_ssl_verify_src_key;

src/ngx_stream_lua_control.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,7 @@ ngx_stream_lua_ffi_exit(ngx_stream_lua_request_t *r, int status, u_char *err,
117117
| NGX_STREAM_LUA_CONTEXT_SSL_CLIENT_HELLO
118118
| NGX_STREAM_LUA_CONTEXT_SSL_CERT
119119
#ifdef HAVE_PROXY_SSL_PATCH
120+
| NGX_STREAM_LUA_CONTEXT_PROXY_SSL_CERT
120121
| NGX_STREAM_LUA_CONTEXT_PROXY_SSL_VERIFY
121122
#endif
122123
| NGX_STREAM_LUA_CONTEXT_PREREAD,
@@ -127,6 +128,7 @@ ngx_stream_lua_ffi_exit(ngx_stream_lua_request_t *r, int status, u_char *err,
127128

128129
if (ctx->context & (NGX_STREAM_LUA_CONTEXT_SSL_CERT
129130
#ifdef HAVE_PROXY_SSL_PATCH
131+
| NGX_STREAM_LUA_CONTEXT_PROXY_SSL_CERT
130132
| NGX_STREAM_LUA_CONTEXT_PROXY_SSL_VERIFY
131133
#endif
132134
| NGX_STREAM_LUA_CONTEXT_SSL_CLIENT_HELLO ))

src/ngx_stream_lua_coroutine.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -206,6 +206,7 @@ ngx_stream_lua_coroutine_resume(lua_State *L)
206206
| NGX_STREAM_LUA_CONTEXT_SSL_CLIENT_HELLO
207207
| NGX_STREAM_LUA_CONTEXT_SSL_CERT
208208
#ifdef HAVE_PROXY_SSL_PATCH
209+
| NGX_STREAM_LUA_CONTEXT_PROXY_SSL_CERT
209210
| NGX_STREAM_LUA_CONTEXT_PROXY_SSL_VERIFY
210211
#endif
211212
| NGX_STREAM_LUA_CONTEXT_PREREAD
@@ -270,6 +271,7 @@ ngx_stream_lua_coroutine_yield(lua_State *L)
270271
| NGX_STREAM_LUA_CONTEXT_SSL_CLIENT_HELLO
271272
| NGX_STREAM_LUA_CONTEXT_SSL_CERT
272273
#ifdef HAVE_PROXY_SSL_PATCH
274+
| NGX_STREAM_LUA_CONTEXT_PROXY_SSL_CERT
273275
| NGX_STREAM_LUA_CONTEXT_PROXY_SSL_VERIFY
274276
#endif
275277
| NGX_STREAM_LUA_CONTEXT_PREREAD
@@ -433,6 +435,7 @@ ngx_stream_lua_coroutine_status(lua_State *L)
433435
| NGX_STREAM_LUA_CONTEXT_SSL_CLIENT_HELLO
434436
| NGX_STREAM_LUA_CONTEXT_SSL_CERT
435437
#ifdef HAVE_PROXY_SSL_PATCH
438+
| NGX_STREAM_LUA_CONTEXT_PROXY_SSL_CERT
436439
| NGX_STREAM_LUA_CONTEXT_PROXY_SSL_VERIFY
437440
#endif
438441
| NGX_STREAM_LUA_CONTEXT_PREREAD

src/ngx_stream_lua_module.c

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@
3232
#include "ngx_stream_lua_ssl_certby.h"
3333

3434
#ifdef HAVE_PROXY_SSL_PATCH
35+
#include "ngx_stream_lua_proxy_ssl_certby.h"
3536
#include "ngx_stream_lua_proxy_ssl_verifyby.h"
3637
#endif
3738

@@ -428,6 +429,20 @@ static ngx_command_t ngx_stream_lua_cmds[] = {
428429

429430
#ifdef HAVE_PROXY_SSL_PATCH
430431
/* same context as proxy_pass directive */
432+
{ ngx_string("proxy_ssl_certificate_by_lua_block"),
433+
NGX_STREAM_SRV_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS,
434+
ngx_stream_lua_proxy_ssl_cert_by_lua_block,
435+
NGX_STREAM_SRV_CONF_OFFSET,
436+
0,
437+
(void *) ngx_stream_lua_proxy_ssl_cert_handler_inline },
438+
439+
{ ngx_string("proxy_ssl_certificate_by_lua_file"),
440+
NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
441+
ngx_stream_lua_proxy_ssl_cert_by_lua,
442+
NGX_STREAM_SRV_CONF_OFFSET,
443+
0,
444+
(void *) ngx_stream_lua_proxy_ssl_cert_handler_file },
445+
431446
{ ngx_string("proxy_ssl_verify_by_lua_block"),
432447
NGX_STREAM_SRV_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS,
433448
ngx_stream_lua_proxy_ssl_verify_by_lua_block,
@@ -855,6 +870,10 @@ ngx_stream_lua_create_srv_conf(ngx_conf_t *cf)
855870
* lscf->srv.ssl_client_hello_src = { 0, NULL };
856871
* lscf->srv.ssl_client_hello_src_key = NULL;
857872
*
873+
* lscf->ups.proxy_ssl_cert_handler = NULL;
874+
* lscf->ups.proxy_ssl_cert_src = { 0, NULL };
875+
* lscf->ups.proxy_ssl_cert_src_key = NULL;
876+
*
858877
* lscf->ups.proxy_ssl_verify_handler = NULL;
859878
* lscf->ups.proxy_ssl_verify_src = { 0, NULL };
860879
* lscf->ups.proxy_ssl_verify_src_key = NULL;
@@ -1038,6 +1057,18 @@ ngx_stream_lua_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
10381057
#endif
10391058

10401059
#ifdef HAVE_PROXY_SSL_PATCH
1060+
if (conf->ups.proxy_ssl_cert_src.len == 0) {
1061+
conf->ups.proxy_ssl_cert_src = prev->ups.proxy_ssl_cert_src;
1062+
conf->ups.proxy_ssl_cert_handler = prev->ups.proxy_ssl_cert_handler;
1063+
conf->ups.proxy_ssl_cert_src_key = prev->ups.proxy_ssl_cert_src_key;
1064+
}
1065+
1066+
if (conf->ups.proxy_ssl_cert_src.len) {
1067+
if (ngx_stream_lua_proxy_ssl_cert_set_callback(cf) != NGX_OK) {
1068+
return NGX_CONF_ERROR;
1069+
}
1070+
}
1071+
10411072
if (conf->ups.proxy_ssl_verify_src.len == 0) {
10421073
conf->ups.proxy_ssl_verify_src = prev->ups.proxy_ssl_verify_src;
10431074
conf->ups.proxy_ssl_verify_handler = prev->ups.proxy_ssl_verify_handler;

src/ngx_stream_lua_phase.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,10 @@ ngx_stream_lua_ngx_get_phase(lua_State *L)
6767
break;
6868

6969
#ifdef HAVE_PROXY_SSL_PATCH
70+
case NGX_STREAM_LUA_CONTEXT_PROXY_SSL_CERT:
71+
lua_pushliteral(L, "proxy_ssl_cert");
72+
break;
73+
7074
case NGX_STREAM_LUA_CONTEXT_PROXY_SSL_VERIFY:
7175
lua_pushliteral(L, "proxy_ssl_verify");
7276
break;

0 commit comments

Comments
 (0)