Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Major cosockets patch #290

Closed
wants to merge 30 commits into from
Closed

Major cosockets patch #290

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
3f39535
Added an optional parameter for ngx.req.set_header and ngx.req.clear_…
Apr 24, 2013
886e27b
Merged with 0.8.1
May 8, 2013
1c5e5b9
Changed the replace_underscores parameter to a table of parameters (o…
May 8, 2013
f2e849a
Added an options table to clean_header as well.
May 8, 2013
e1281a2
Merge branch 'master' of https://github.com/chaoslawful/lua-nginx-module
Sep 29, 2013
d4d2988
Removed unneeded variable.
Sep 29, 2013
ef2ce04
Added SSL support for TCP cosockets.
Sep 29, 2013
a3f9aa9
Multiple changes:
Sep 29, 2013
d4864a9
Added the option 'bsd_receive' to the receive method, which enables u…
Sep 29, 2013
ae9d9f7
Added fake_close to the raw socket as well.
Sep 30, 2013
e699fcc
Merge branch 'master' of https://github.com/chaoslawful/lua-nginx-module
Oct 3, 2013
b6df8d6
ngx_http_lua_socket_read_handler was declared twice...
Oct 3, 2013
e9e1dec
Reverted unnecessary changes.
Oct 3, 2013
24cb685
Reverted unnecessary changes.
Oct 3, 2013
61b3fea
Revereted unnecessary changes.
Oct 3, 2013
1ba8d55
Setting `ctx->writing_raw_req_socket` to 0 when the raw downstream so…
Oct 17, 2013
5627c38
Bugfix - correcting u->prepare_retvals on each read/write success/err…
Oct 23, 2013
974112f
Merge remote-tracking branch 'original-repository/master'
Dec 10, 2013
3bd5acc
`ngx_http_lua_req_socket_rev_handler()` could be called when `u->peer…
Dec 10, 2013
d6bc3d5
Merged from master
Dec 10, 2013
48fdf3d
Merge branch 'master' of https://github.com/chaoslawful/lua-nginx-module
Dec 18, 2013
df2cb4c
Merge branch 'master' into socket-changes
Dec 18, 2013
2284867
Author: aviramc <aviram@adallom.com>
Dec 18, 2013
6921aa5
Now considering timeout error in handshake.
Dec 23, 2013
701f6db
Added name verification to the cosockets SSL API. The name to verify …
Dec 24, 2013
dd99124
Added CRL to the Lua options, made some refactoring.
Dec 24, 2013
305f0a5
Merge branch 'master' of https://github.com/chaoslawful/lua-nginx-module
Dec 24, 2013
c143ce8
Merge branch 'master' into socket-changes
Dec 24, 2013
764f739
Fixed typo.
Dec 24, 2013
2254d00
Added the set timeout methods for the raw request socket.
Dec 24, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
9 changes: 9 additions & 0 deletions src/ngx_http_lua_common.h
View file
Open in desktop
Expand Up @@ -210,6 +210,15 @@ typedef struct {
ngx_flag_t transform_underscores_in_resp_headers;
ngx_flag_t log_socket_errors;
ngx_flag_t check_client_abort;

#if (NGX_HTTP_SSL)
ngx_ssl_t *ssl;
ngx_flag_t ssl_verify;
ngx_uint_t ssl_verify_depth;
ngx_str_t ssl_trusted_certificate;
ngx_str_t ssl_crl;
#endif

ngx_flag_t use_default_type;
} ngx_http_lua_loc_conf_t;

Expand Down
123 changes: 122 additions & 1 deletion src/ngx_http_lua_module.c
View file
Open in desktop
Expand Up @@ -34,6 +34,8 @@ static char *ngx_http_lua_init_main_conf(ngx_conf_t *cf, void *conf);
static void *ngx_http_lua_create_loc_conf(ngx_conf_t *cf);
static char *ngx_http_lua_merge_loc_conf(ngx_conf_t *cf, void *parent,
void *child);
static ngx_int_t ngx_http_lua_set_ssl(ngx_conf_t *cf,
ngx_http_lua_loc_conf_t *plcf);
static ngx_int_t ngx_http_lua_init(ngx_conf_t *cf);
static char *ngx_http_lua_lowat_check(ngx_conf_t *cf, void *post, void *data);

Expand Down Expand Up @@ -343,6 +345,38 @@ static ngx_command_t ngx_http_lua_cmds[] = {
offsetof(ngx_http_lua_loc_conf_t, check_client_abort),
NULL },

#if (NGX_HTTP_SSL)

{ ngx_string("lua_ssl_verify"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_conf_set_flag_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_lua_loc_conf_t, ssl_verify),
NULL },

{ ngx_string("lua_ssl_verify_depth"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_conf_set_num_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_lua_loc_conf_t, ssl_verify_depth),
NULL },

{ ngx_string("lua_ssl_trusted_certificate"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_lua_loc_conf_t, ssl_trusted_certificate),
NULL },

{ ngx_string("lua_ssl_crl"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
NGX_HTTP_LOC_CONF_OFFSET,
offsetof(ngx_http_lua_loc_conf_t, ssl_crl),
NULL },

#endif

{ ngx_string("lua_use_default_type"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
|NGX_CONF_FLAG,
Expand Down Expand Up @@ -635,6 +669,8 @@ ngx_http_lua_create_loc_conf(ngx_conf_t *cf)
* conf->body_filter_src = {{ 0, NULL }, NULL, NULL, NULL};
* conf->body_filter_src_key = NULL
* conf->body_filter_handler = NULL;
*
* conf->ssl_trusted_certificate = NULL;
*/

conf->force_read_body = NGX_CONF_UNSET;
Expand All @@ -654,7 +690,13 @@ ngx_http_lua_create_loc_conf(ngx_conf_t *cf)
conf->transform_underscores_in_resp_headers = NGX_CONF_UNSET;
conf->log_socket_errors = NGX_CONF_UNSET;


#if (NGX_HTTP_SSL)

conf->ssl_verify = NGX_CONF_UNSET;
conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;

#endif

return conf;
}

Expand Down Expand Up @@ -733,7 +775,86 @@ ngx_http_lua_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)

ngx_conf_merge_value(conf->log_socket_errors, prev->log_socket_errors, 1);

#if (NGX_HTTP_SSL)

if (ngx_http_lua_set_ssl(cf, conf) != NGX_OK) {
return NGX_CONF_ERROR;
}

ngx_conf_merge_value(conf->ssl_verify,
prev->ssl_verify, 0);
ngx_conf_merge_uint_value(conf->ssl_verify_depth,
prev->ssl_verify_depth, 1);
ngx_conf_merge_str_value(conf->ssl_trusted_certificate,
prev->ssl_trusted_certificate, "");
ngx_conf_merge_str_value(conf->ssl_crl,
prev->ssl_crl, "");

/* TODO: Maybe the verification should be an option for the
tcpsock:connect() method. */
if (conf->ssl_verify) {
if (conf->ssl_trusted_certificate.len == 0) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"no \"lua_ssl_trusted_certificate\" is "
" defined for the \"lua_ssl_verify\" "
"directive");

return NGX_CONF_ERROR;
}

if (ngx_ssl_trusted_certificate(cf, conf->ssl,
&conf->ssl_trusted_certificate,
conf->ssl_verify_depth)
!= NGX_OK)
{
return NGX_CONF_ERROR;
}

if (ngx_ssl_crl(cf, conf->ssl, &conf->ssl_crl) != NGX_OK) {
return NGX_CONF_ERROR;
}
}

#endif

return NGX_CONF_OK;
}


#if (NGX_HTTP_SSL)

static ngx_int_t
ngx_http_lua_set_ssl(ngx_conf_t *cf, ngx_http_lua_loc_conf_t *plcf)
{
ngx_pool_cleanup_t *cln;

plcf->ssl = ngx_pcalloc(cf->pool, sizeof(ngx_ssl_t));
if (plcf->ssl == NULL) {
return NGX_ERROR;
}

plcf->ssl->log = cf->log;

if (ngx_ssl_create(plcf->ssl,
NGX_SSL_SSLv2|NGX_SSL_SSLv3|NGX_SSL_TLSv1
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2,
NULL)
!= NGX_OK)
{
return NGX_ERROR;
}

cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
return NGX_ERROR;
}

cln->handler = ngx_ssl_cleanup_ctx;
cln->data = plcf->ssl;

return NGX_OK;
}

#endif

/* vi:set ft=c ts=4 sw=4 et fdm=marker: */