Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(core) add kong.resty.getssl module #3681

Merged
merged 1 commit into from
Aug 8, 2018
Merged

feat(core) add kong.resty.getssl module #3681

merged 1 commit into from
Aug 8, 2018

Conversation

james-callahan
Copy link
Contributor

Summary

This allows fetching the SSL* object for the current client as a luaossl object

thibaultcha
thibaultcha requested changes Aug 7, 2018
View reviewed changes
kong/resty/getssl.lua Outdated
return pushssl(ptr)
end

return {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: please respect the 2 lines jump between logical blocks in this codebase - thanks!

kong/resty/getssl.lua Outdated
local get_ssl_pointer = require "ngx.ssl".get_ssl_pointer

if get_ssl_pointer == nil then
error("Openresty patch missing. See https://github.com/Kong/openresty-patches")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: OpenResty

More importantly: we should gracefully fail if the patch is not available, but not prevent the module from loading altogether, which would certainly prevent Kong from even starting; while in fact, this feature might not even be used.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure how this should fail gracefully: if the patch is not applied and you're using this module, then you've likely got a security issue.

We could create a 'dummy' function that always returns nil, "OpenResty patch missing". But would it get checked correctly? I guess that will do for now....

@thibaultcha thibaultcha added pr/changes requested Changes were requested to this PR by a maintainer. Please address them and ping back once done. and removed pr/please review labels Aug 7, 2018
@james-callahan
feat(core) add kong.resty.getssl module
1880641 
This allows fetching the SSL* object for the current client as a luaossl object
@james-callahan james-callahan added pr/please review and removed pr/changes requested Changes were requested to this PR by a maintainer. Please address them and ping back once done. labels Aug 8, 2018
@thibaultcha thibaultcha merged commit 23e0832 into Kong:next Aug 8, 2018
@james-callahan james-callahan deleted the feat/getssl branch August 9, 2018 00:02
@james-callahan james-callahan mentioned this pull request Aug 13, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thibaultcha thibaultcha thibaultcha approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@james-callahan @thibaultcha