set_ssl_certificate_by_lua* compatibility with lua-resty-redis, connect blocking

[Soulou]

Hi there, I've done the following PoC to use ssl_certifciate_by_lua: and loading dynamically a certificate from a redis server. However it doesn't work I can't connect to the database.

The first logs appear correctly in my error log, however the second is never called. So I assume, the red:connect statement is blocking.

Is it by design? Can't I use the coroutine - tcp related API here? What is the workaround?

Versions installed are

• nginx 1.10.1
• lua-resty-core v0.1.8
• lua-resty-redis v0.25
• lua-nginx-module v0.10.6

Nginx is stopping client connection, curl is exiting with the following error:

• Unknown SSL protocol error in connection to :443Hi there, I've done the following PoC to use ssl_certifciate_by_lua: and loading dynamically a certificate from a redis server. However it doesn't work I can't connect to the database.

The nginx configuration:

server  {
  listen 80 default_server;
  listen 443 ssl default_server;

  server_name  default;

  access_log /var/log/nginx/app-access.log;
  error_log /var/log/nginx/app-error.log;

  ssl_certificate /etc/ssl/web/default.crt;
  ssl_certificate_key /etc/ssl/web/default.key;

  ssl_certificate_by_lua_block {
    local ssl = require "ngx.ssl"
    local redis           = require "resty.redis"
    local red             = redis:new()
    ngx.log(ngx.ERR, "Before connection")
    local ok, err         = red:connect("127.0.0.1", 6379)
    ngx.log(ngx.ERR, ok..""..err)
    ... More logic (clean old cert, setup new)
  }
}

[agentzh]

Please try the latest OpenResty release from openresty.org. Thank you. See https://openresty.org/en/download.html

[agentzh]

It should work with OpenResty.

[Soulou]

Hi there, I'm already building a custom nginx as I need some other external modules, not included in openresty, is there possible to get a more complete response ? I'm still gonna try though and tell you if it's ok

Thanks

[agentzh]

@Soulou You can also add external modules into OpenResty in a similar way. Just read the documentation:

https://openresty.org/en/download.html

[agentzh]

@Soulou And also this link: http://openresty.org/en/installation.html

[mehrdadpfg]

Hi there,
I'm having the same issue with the latest version of openresty 1.11.2 that includes:
lua-resty-core v0.1.11
lua-resty-redis v0.26
I did the exact same troubleshooting procedure and the code has stopped in "connect()" function.

local redis = require "resty.redis"
local red = redis:new()

ngx.log(ngx.ERR, "before... ")
local ok, err = red:connect("127.0.0.1", 6379)
ngx.log(ngx.ERR, "after...")

also, i should mention that I can connect successfully to Redis in the access_by_lua_* section.

[mehrdadpfg]

My Error_log:

2017/08/08 15:53:08 [error] 7#7: *2 [lua] ssl_certificate_by_lua:14: REDIS: before... : nil, context: ssl_certificate_by_lua*, client: X.X.X.X, server: 0.0.0.0:443
2017/08/08 15:53:08 [info] 7#7: *1 peer closed connection in SSL handshake while loading SSL certificate by lua, client: X.X.X.X, server: 0.0.0.0:443

[agentzh]

@mehrdadpfg Please do not cross post. It's annoying. Thanks for your cooperation. Also, replying to a closed issue is not recommended unless you have a very good reason.