feature: add get_req_ssl_pointer() for stream subsystem.

zhuizhuhaomeng · zhuizhuhaomeng · commit b38be979c506 · 2025-07-23T21:40:50.000+08:00
diff --git a/lib/ngx/ssl.lua b/lib/ngx/ssl.lua
@@ -91,7 +91,7 @@ if subsystem == 'http' then
     void *ngx_http_lua_ffi_parse_der_priv_key(const char *data, size_t len,
         char **err) ;
 
-    void *ngx_http_lua_ffi_get_req_ssl_pointer(void *r);
+    void *ngx_http_lua_ffi_get_req_ssl_pointer(void *r, char **err);
 
     int ngx_http_lua_ffi_set_cert(void *r, void *cdata, char **err);
 
@@ -197,6 +197,8 @@ elseif subsystem == 'stream' then
     void *ngx_stream_lua_ffi_parse_der_priv_key(const unsigned char *der,
         size_t der_len, char **err);
 
+    void *ngx_stream_lua_ffi_get_req_ssl_pointer(void *r, char **err);
+
     int ngx_stream_lua_ffi_set_cert(void *r, void *cdata, char **err);
 
     int ngx_stream_lua_ffi_set_priv_key(void *r, void *cdata, char **err);
@@ -239,6 +241,7 @@ elseif subsystem == 'stream' then
     ngx_lua_ffi_free_priv_key = C.ngx_stream_lua_ffi_free_priv_key
     ngx_lua_ffi_ssl_verify_client = C.ngx_stream_lua_ffi_ssl_verify_client
     ngx_lua_ffi_ssl_client_random = C.ngx_stream_lua_ffi_ssl_client_random
+    ngx_lua_ffi_get_req_ssl_pointer = C.ngx_stream_lua_ffi_get_req_ssl_pointer
     ngx_lua_ffi_req_shared_ssl_ciphers =
         C.ngx_stream_lua_ffi_req_shared_ssl_ciphers
 end
@@ -603,9 +606,9 @@ function _M.get_req_ssl_pointer()
         error("no request found")
     end
 
-    local ssl = ngx_lua_ffi_get_req_ssl_pointer(r)
+    local ssl = ngx_lua_ffi_get_req_ssl_pointer(r, errmsg)
     if ssl == nil then
-        return nil, "no ssl object"
+        return nil, ffi_str(errmsg[0])
     end
 
     return ssl
diff --git a/t/stream/ssl.t b/t/stream/ssl.t
@@ -2426,3 +2426,84 @@ qr/1: SHARED_CIPHER 0x/]
 [alert]
 [crit]
 [error]
+
+
+
+=== TEST 30: get req SSL pointer
+--- stream_config
+    lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
+
+    server {
+        listen 127.0.0.1:$TEST_NGINX_RAND_PORT_1 ssl;
+        ssl_protocols TLSv1.2;
+        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384;
+
+        ssl_certificate_by_lua_block {
+            local ssl = require "ngx.ssl"
+            local ssl_conn, err = ssl.get_req_ssl_pointer()
+            if err ~= nil then
+                ngx.log(ngx.ERR, "failed to get ssl pointer: ", err)
+                return
+            end
+            ngx.log(ngx.INFO, "ssl pointer: ", tostring(ssl_conn))
+        }
+
+        ssl_certificate ../../cert/test.crt;
+        ssl_certificate_key ../../cert/test.key;
+
+        return 'it works!\n';
+    }
+--- stream_server_config
+    lua_ssl_trusted_certificate ../../cert/test.crt;
+    lua_ssl_protocols TLSv1.2;
+    lua_ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256;
+
+    content_by_lua_block {
+        do
+            local sock = ngx.socket.tcp()
+
+            sock:settimeout(3000)
+
+            local ok, err = sock:connect("127.0.0.1", $TEST_NGINX_RAND_PORT_1)
+            if not ok then
+                ngx.say("failed to connect: ", err)
+                return
+            end
+
+            ngx.say("connected: ", ok)
+
+            local sess, err = sock:sslhandshake(nil, nil, true)
+            if not sess then
+                ngx.say("failed to do SSL handshake: ", err)
+                return
+            end
+
+            ngx.say("ssl handshake: ", type(sess))
+
+            while true do
+                local line, err = sock:receive()
+                if not line then
+                    -- ngx.say("failed to receive response status line: ", err)
+                    break
+                end
+
+                ngx.say("received: ", line)
+            end
+
+            local ok, err = sock:close()
+            ngx.say("close: ", ok, " ", err)
+        end  -- do
+        -- collectgarbage()
+    }
+
+--- stream_response
+connected: 1
+ssl handshake: userdata
+received: it works!
+close: 1 nil
+--- error_log eval
+qr/ssl pointer: cdata<void \*>: 0x[0-9a-f]+,/
+--- no_error_log
+[alert]
+[crit]
+[error]
