fix(mtls) use OpenResty's API for mtls (Kong#99)

AlinsRan · Jun 2, 2023 · 60b222a · 60b222a
1 parent bb5a3e1
commit 60b222a
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/lib/resty/healthcheck.lua b/lib/resty/healthcheck.lua
@@ -918,9 +918,19 @@ function checker:run_single_check(ip, port, hostname, hostheader)
   end
 
   if self.checks.active.type == "https" then
-    local session
-    session, err = sock:sslhandshake(nil, hostname,
+    local https_sni, session, err
+    https_sni = self.checks.active.https_sni or hostheader or hostname
+    if self.ssl_cert and self.ssl_key then
+      ok, err = sock:setclientcert(self.ssl_cert, self.ssl_key)
+
+      if not ok then
+        self:log(ERR, "failed to set client certificate: ", err)
+      end
+    end
+
+    session, err = sock:sslhandshake(nil, https_sni,
                                      self.checks.active.https_verify_certificate)
+
     if not session then
       sock:close()
       self:log(ERR, "failed SSL handshake with '", hostname or "", " (", ip, ":", port, ")': ", err)