Skip to content

feat: add GM C API enable/disable ntls #69

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Nov 4, 2022
Merged

feat: add GM C API enable/disable ntls #69

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8b5dcfa
feat: add GM C API enable/disable ntls
spacewander Nov 4, 2022
146c2bf
test
spacewander Nov 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions lib/resty/apisix/ssl.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ ffi.cdef[[
typedef intptr_t ngx_flag_t;
int ngx_http_apisix_set_gm_cert(void *r, void *cdata, char **err, ngx_flag_t type);
int ngx_http_apisix_set_gm_priv_key(void *r, void *cdata, char **err, ngx_flag_t type);
int ngx_http_apisix_enable_ntls(void *r, int enabled);
]]


Expand Down Expand Up @@ -62,4 +63,24 @@ function _M.set_gm_priv_key(enc_pkey, sign_pkey)
end


function _M.enable_ntls()
local r = get_request()
if not r then
error("no request found")
end

C.ngx_http_apisix_enable_ntls(r, 1)
end


function _M.disable_ntls()
local r = get_request()
if not r then
error("no request found")
end

C.ngx_http_apisix_enable_ntls(r, 0)
end


return _M
19 changes: 15 additions & 4 deletions patch/1.21.4/nginx-enable_ntls.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,25 @@
diff --git src/http/ngx_http_request.c src/http/ngx_http_request.c
index 013b715..a729693 100644
index 013b715..96be553 100644
--- src/http/ngx_http_request.c
+++ src/http/ngx_http_request.c
@@ -754,6 +754,11 @@ ngx_http_ssl_handshake(ngx_event_t *rev)
@@ -8,6 +8,9 @@
#include <ngx_config.h>
#include <ngx_core.h>
#include <ngx_http.h>
+#if (NGX_HTTP_APISIX)
+#include <ngx_http_apisix_module.h>
+#endif


static void ngx_http_wait_request_handler(ngx_event_t *ev);
@@ -754,6 +757,12 @@ ngx_http_ssl_handshake(ngx_event_t *rev)
return;
}

+#if (TONGSUO_VERSION_NUMBER && NGX_HTTP_APISIX)
+ // FIXME: add option later
+ SSL_enable_ntls(c->ssl->connection);
+ if (ngx_http_apisix_is_ntls_enabled(hc->conf_ctx)) {
+ SSL_enable_ntls(c->ssl->connection);
+ }
+#endif
+
ngx_reusable_connection(c, 0);
Expand Down
49 changes: 48 additions & 1 deletion src/ngx_http_apisix_module.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,18 @@
#define NGX_HTTP_APISIX_SSL_SIGN 2


typedef struct {
ngx_flag_t enable_ntls;
} ngx_http_apisix_main_conf_t;


static ngx_str_t remote_addr = ngx_string("remote_addr");
static ngx_str_t remote_port = ngx_string("remote_port");
static ngx_str_t realip_remote_addr = ngx_string("realip_remote_addr");
static ngx_str_t realip_remote_port = ngx_string("realip_remote_port");


static void *ngx_http_apisix_create_main_conf(ngx_conf_t *cf);
static void *ngx_http_apisix_create_loc_conf(ngx_conf_t *cf);
static char *ngx_http_apisix_merge_loc_conf(ngx_conf_t *cf, void *parent,
void *child);
Expand All @@ -36,7 +42,7 @@ static ngx_http_module_t ngx_http_apisix_module_ctx = {
NULL, /* preconfiguration */
NULL, /* postconfiguration */

NULL, /* create main configuration */
ngx_http_apisix_create_main_conf, /* create main configuration */
NULL, /* init main configuration */

NULL, /* create server configuration */
Expand All @@ -63,6 +69,26 @@ ngx_module_t ngx_http_apisix_module = {
};


static void *
ngx_http_apisix_create_main_conf(ngx_conf_t *cf)
{
ngx_http_apisix_main_conf_t *acf;

acf = ngx_pcalloc(cf->pool, sizeof(ngx_http_apisix_main_conf_t));
if (acf == NULL) {
return NULL;
}

/*
* set by ngx_pcalloc():
*
* acf->enable_ntls = 0;
*/

return acf;
}


static void *
ngx_http_apisix_create_loc_conf(ngx_conf_t *cf)
{
Expand Down Expand Up @@ -778,3 +804,24 @@ ngx_http_apisix_set_gm_priv_key(ngx_http_request_t *r,

#endif
}


int
ngx_http_apisix_enable_ntls(ngx_http_request_t *r, int enabled)
{
ngx_http_apisix_main_conf_t *acf;

acf = ngx_http_get_module_main_conf(r, ngx_http_apisix_module);
acf->enable_ntls = enabled;
return NGX_OK;
}


ngx_flag_t
ngx_http_apisix_is_ntls_enabled(ngx_http_conf_ctx_t *conf_ctx)
{
ngx_http_apisix_main_conf_t *acf;

acf = ngx_http_get_module_main_conf(conf_ctx, ngx_http_apisix_module);
return acf->enable_ntls;
}
2 changes: 2 additions & 0 deletions src/ngx_http_apisix_module.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,5 +55,7 @@ void ngx_http_apisix_mark_request_header_set(ngx_http_request_t *r);
ngx_int_t ngx_http_apisix_is_header_filter_by_lua_skipped(ngx_http_request_t *r);
ngx_int_t ngx_http_apisix_is_body_filter_by_lua_skipped(ngx_http_request_t *r);

ngx_flag_t ngx_http_apisix_is_ntls_enabled(ngx_http_conf_ctx_t *conf_ctx);


#endif /* _NGX_HTTP_APISIX_H_INCLUDED_ */
Loading