feature: added the ngx.ssl.session module for the contexts ssl_sessio…

…n_fetch_by_lua* and ssl_session_store_by_lua*.

thanks Zi Lin for the patches.

.travis.yml

@@ -57,6 +57,8 @@ script:
   - cd lua-resty-lrucache && sudo make DESTDIR=$LUAJIT_PREFIX LUA_LIB_DIR=/share/lua/5.1 install && cd ..
   - tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz
   - cd openssl-$OPENSSL_VER/
+  - wget https://raw.githubusercontent.com/openresty/openresty/master/patches/openssl-$OPENSSL_VER-sess_set_get_cb_yield.patch
+  - patch -p1 < openssl-$OPENSSL_VER-sess_set_get_cb_yield.patch
   - ./config shared --prefix=$OPENSSL_PREFIX -DPURIFY > build.log 2>&1 || (cat build.log && exit 1)
   - make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
   - sudo make PATH=$PATH install_sw > build.log 2>&1 || (cat build.log && exit 1)

README.markdown

@@ -28,6 +28,7 @@ Table of Contents
     * [ngx.semaphore](#ngxsemaphore)
     * [ngx.balancer](#ngxbalancer)
     * [ngx.ssl](#ngxssl)
+    * [ngx.ssl.session](#ngxsslsession)
 * [Caveat](#caveat)
 * [TODO](#todo)
 * [Author](#author)
@@ -225,6 +226,15 @@ See the [documentation](./lib/ngx/ssl.md) for this Lua module for more details.
 
 [Back to TOC](#table-of-contents)
 
+## ngx.ssl.session
+
+This Lua module provides a Lua API for manipulating SSL session data and IDs
+for NGINX downstream SSL connections.
+
+See the [documentation](./lib/ngx/ssl/session.md) for this Lua module for more details.
+
+[Back to TOC](#table-of-contents)
+
 Caveat
 ======
 

lib/ngx/ssl/session.lua

@@ -0,0 +1,105 @@
+local _M = {}
+
+
+local ffi = require "ffi"
+local base = require "resty.core.base"
+
+
+local C = ffi.C
+local ffi_str = ffi.string
+local getfenv = getfenv
+local error = error
+local errmsg = base.get_errmsg_ptr()
+local get_string_buf = base.get_string_buf
+local FFI_ERROR = base.FFI_ERROR
+
+
+ffi.cdef[[
+int ngx_http_lua_ffi_ssl_set_serialized_session(ngx_http_request_t *r,
+    const unsigned char *buf, int len, char **err);
+
+int ngx_http_lua_ffi_ssl_get_serialized_session(ngx_http_request_t *r,
+    char *buf, char **err);
+
+int ngx_http_lua_ffi_ssl_get_session_id(ngx_http_request_t *r,
+    char *buf, char **err);
+
+int ngx_http_lua_ffi_ssl_get_serialized_session_size(ngx_http_request_t *r,
+    char **err);
+
+int ngx_http_lua_ffi_ssl_get_session_id_size(ngx_http_request_t *r,
+    char **err);
+]]
+
+
+-- return session, err
+function _M.get_serialized_session()
+    local r = getfenv(0).__ngx_req
+    if not r then
+        return error("no request found")
+    end
+
+    local len = C.ngx_http_lua_ffi_ssl_get_serialized_session_size(r, errmsg)
+
+    if len < 0 then
+        return nil, ffi_str(errmsg[0])
+    end
+
+    if len > 4096 then
+         return nil, "session too big to serialize"
+    end
+    local buf = get_string_buf(len)
+
+    local rc = C.ngx_http_lua_ffi_ssl_get_serialized_session(r, buf, errmsg)
+
+    if rc == FFI_ERROR then
+         return nil, ffi_str(errmsg[0])
+    end
+
+    return ffi_str(buf, len)
+end
+
+
+-- return session_id, err
+function _M.get_session_id()
+    local r = getfenv(0).__ngx_req
+    if not r then
+        return error("no request found")
+    end
+
+    local len = C.ngx_http_lua_ffi_ssl_get_session_id_size(r, errmsg)
+
+    if len < 0 then
+        return nil, ffi_str(errmsg[0])
+    end
+
+    local buf = get_string_buf(len)
+
+    local rc = C.ngx_http_lua_ffi_ssl_get_session_id(r, buf, errmsg)
+
+    if rc == FFI_ERROR then
+        return nil, ffi_str(errmsg[0])
+    end
+
+    return ffi_str(buf, len)
+end
+
+
+-- return ok, err
+function _M.set_serialized_session(sess)
+    local r = getfenv(0).__ngx_req
+    if not r then
+        return error("no request found")
+    end
+
+    local rc = C.ngx_http_lua_ffi_ssl_set_serialized_session(r, sess, #sess,
+                                                             errmsg)
+    if rc == FFI_ERROR then
+        return nil, ffi_str(errmsg[0])
+    end
+
+    return true
+end
+
+
+return _M