From e221773675091c3d53a964358f8a1041ef3a7ca0 Mon Sep 17 00:00:00 2001 From: bzp2010 Date: Thu, 23 Oct 2025 13:44:43 +0800 Subject: [PATCH 1/5] feature: tcpsock sslhandshake alpn --- lib/resty/core/socket.lua | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/lib/resty/core/socket.lua b/lib/resty/core/socket.lua index b648435fa..e8dc7bc25 100644 --- a/lib/resty/core/socket.lua +++ b/lib/resty/core/socket.lua @@ -185,6 +185,7 @@ if subsystem == 'http' then local errmsg = base.get_errmsg_ptr() local session_ptr = ffi_new("void *[1]") local server_name_str = ffi_new("ngx_str_t[1]") +local alpn_str = ffi_new("ngx_str_t[1]") local openssl_error_code = ffi_new("int[1]") @@ -217,7 +218,7 @@ end local function sslhandshake(cosocket, reused_session, server_name, ssl_verify, - send_status_req, ...) + send_status_req, alpn, ...) local n = select("#", ...) if not cosocket or n > 0 then @@ -241,6 +242,21 @@ local function sslhandshake(cosocket, reused_session, server_name, ssl_verify, server_name_str[0].len = 0 end + if alpn then + local alpn = {} + for _, proto_str in ipairs(alpn) do + alpn[#alpn + 1] = string.len(proto_str) + for _, proto_byte in ipairs({ string.byte(proto_str, 1, #proto_str) }) do + alpn[#alpn + 1] = proto_byte + end + end + alpn_str[0].data = ffi.new("unsigned char[?]", #alpn, alpn) + alpn_str[0].len = #alpn + else + alpn_str[0].data = nil + alpn_str[0].len = 0 + end + local u = get_tcp_socket(cosocket) local rc = C.ngx_http_lua_ffi_socket_tcp_sslhandshake(r, u, @@ -251,6 +267,7 @@ local function sslhandshake(cosocket, reused_session, server_name, ssl_verify, send_status_req and 1 or 0, cosocket[SOCKET_CLIENT_CERT_INDEX], cosocket[SOCKET_CLIENT_PKEY_INDEX], + alpn_str, errmsg) if rc == FFI_NO_REQ_CTX then From 84cb180913a380c249c140cd1f32f09e84d1344f Mon Sep 17 00:00:00 2001 From: bzp2010 Date: Thu, 23 Oct 2025 13:53:17 +0800 Subject: [PATCH 2/5] fix: luacheck warning --- lib/resty/core/socket.lua | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/resty/core/socket.lua b/lib/resty/core/socket.lua index e8dc7bc25..3dddc225a 100644 --- a/lib/resty/core/socket.lua +++ b/lib/resty/core/socket.lua @@ -243,15 +243,15 @@ local function sslhandshake(cosocket, reused_session, server_name, ssl_verify, end if alpn then - local alpn = {} + local _bytes = {} for _, proto_str in ipairs(alpn) do - alpn[#alpn + 1] = string.len(proto_str) + _bytes[#_bytes + 1] = string.len(proto_str) for _, proto_byte in ipairs({ string.byte(proto_str, 1, #proto_str) }) do - alpn[#alpn + 1] = proto_byte + _bytes[#_bytes + 1] = proto_byte end end - alpn_str[0].data = ffi.new("unsigned char[?]", #alpn, alpn) - alpn_str[0].len = #alpn + alpn_str[0].data = ffi.new("unsigned char[?]", #_bytes, _bytes) + alpn_str[0].len = #_bytes else alpn_str[0].data = nil alpn_str[0].len = 0 From 6811f76095cb1b561f3580154ca5a29ff4a82b21 Mon Sep 17 00:00:00 2001 From: bzp2010 Date: Thu, 23 Oct 2025 14:15:19 +0800 Subject: [PATCH 3/5] fix: luacheck --- lib/resty/core/socket.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/resty/core/socket.lua b/lib/resty/core/socket.lua index 3dddc225a..d76cb9bec 100644 --- a/lib/resty/core/socket.lua +++ b/lib/resty/core/socket.lua @@ -246,7 +246,8 @@ local function sslhandshake(cosocket, reused_session, server_name, ssl_verify, local _bytes = {} for _, proto_str in ipairs(alpn) do _bytes[#_bytes + 1] = string.len(proto_str) - for _, proto_byte in ipairs({ string.byte(proto_str, 1, #proto_str) }) do + for _, proto_byte in ipairs( + { string.byte(proto_str, 1, #proto_str) }) do _bytes[#_bytes + 1] = proto_byte end end From 5103cd710fdf147267ede1f9228587cf590ee851 Mon Sep 17 00:00:00 2001 From: bzp2010 Date: Thu, 23 Oct 2025 14:20:46 +0800 Subject: [PATCH 4/5] fix: locally string.byte --- lib/resty/core/socket.lua | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/resty/core/socket.lua b/lib/resty/core/socket.lua index d76cb9bec..2b49db0fa 100644 --- a/lib/resty/core/socket.lua +++ b/lib/resty/core/socket.lua @@ -13,10 +13,11 @@ local type = type local select = select local registry = debug.getregistry() -local C = ffi.C -local ffi_new = ffi.new -local ffi_str = ffi.string -local ffi_gc = ffi.gc +local str_byte = string.byte +local C = ffi.C +local ffi_new = ffi.new +local ffi_str = ffi.string +local ffi_gc = ffi.gc local get_string_buf = base.get_string_buf local get_size_ptr = base.get_size_ptr @@ -245,9 +246,9 @@ local function sslhandshake(cosocket, reused_session, server_name, ssl_verify, if alpn then local _bytes = {} for _, proto_str in ipairs(alpn) do - _bytes[#_bytes + 1] = string.len(proto_str) + _bytes[#_bytes + 1] = #proto_str for _, proto_byte in ipairs( - { string.byte(proto_str, 1, #proto_str) }) do + { str_byte(proto_str, 1, #proto_str) }) do _bytes[#_bytes + 1] = proto_byte end end From 11b554bdcbc3a976bdd2714120e86aef3beb860e Mon Sep 17 00:00:00 2001 From: bzp2010 Date: Fri, 24 Oct 2025 23:01:39 +0800 Subject: [PATCH 5/5] fix: missing arugment in cdef --- lib/resty/core/socket.lua | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/resty/core/socket.lua b/lib/resty/core/socket.lua index 2b49db0fa..5b88ca7e5 100644 --- a/lib/resty/core/socket.lua +++ b/lib/resty/core/socket.lua @@ -55,7 +55,8 @@ int ngx_http_lua_ffi_socket_tcp_sslhandshake(ngx_http_request_t *r, ngx_http_lua_socket_tcp_upstream_t *u, void *sess, int enable_session_reuse, ngx_str_t *server_name, int verify, - int ocsp_status_req, void *chain, void *pkey, char **errmsg); + int ocsp_status_req, void *chain, void *pkey, ngx_str_t *alpn, + char **errmsg); int ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(ngx_http_request_t *r,