-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature: shared ngx.ctx among SSL_* phases and the following phases. #1514
Conversation
This is the sister PR of openresty/lua-resty-core#243 |
@spacewander We don't need the non-FFI version of the API. Actually we are retiring all the non-FFI variants of the existing API functions which already have an FFI version. |
src/ngx_http_lua_ctx.c
Outdated
@@ -145,19 +151,67 @@ ngx_http_lua_ffi_get_ctx_ref(ngx_http_request_t *r) | |||
} | |||
|
|||
|
|||
int | |||
ngx_http_lua_ffi_get_ssl_ctx_ref(ngx_http_request_t *r, int *in_ssl_phase) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I might be missing something, but it seems that we can change the existing ngx_http_lua_ffi_get_ctx_ref
function to look for ssl_ctx-> ssl_ctx
as well and return int *need_clone
based on the current phase and where ref was located instead? That will save one FFI call and introducing new function.
ad408f1
to
ebed5b8
Compare
Updated. |
This pull request is now in conflict :( |
9cae84c
to
30bcd42
Compare
30bcd42
to
f0bb536
Compare
Because HTTP request is created after SSL handshake, the <code>ngx.ctx</code> created | ||
in [[#ssl_certificate_by_lua|ssl_certificate_by_lua*]], [[#ssl_session_store_by_lua|ssl_session_store_by_lua*]] and [[#ssl_session_fetch_by_lua|ssl_session_fetch_by_lua*]] | ||
is not available in the following phases like [[#rewrite_by_lua|rewrite_by_lua*]]. | ||
Since <code>dev</code>, the <code>ngx.ctx</code> created during a SSL handshake |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
style: break a new line may be better?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@doujiang24
Updated.
in [[#ssl_certificate_by_lua|ssl_certificate_by_lua*]], [[#ssl_session_store_by_lua|ssl_session_store_by_lua*]] and [[#ssl_session_fetch_by_lua|ssl_session_fetch_by_lua*]] | ||
is not available in the following phases like [[#rewrite_by_lua|rewrite_by_lua*]]. | ||
Since <code>dev</code>, the <code>ngx.ctx</code> created during a SSL handshake | ||
will be inherited by the requests which share the same TCP connection established by the handshake. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
better clarify the inherited value from ngx.ctx
is read-only.
doc/HttpLuaModule.wiki
Outdated
|
||
Since <code>dev</code>, the <code>ngx.ctx</code> created during a SSL handshake | ||
will be inherited by the requests which share the same TCP connection established by the handshake. | ||
Note that the inherited value from <code>ngx.ctx</code> is read-only. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note that the inherited value from <code>ngx.ctx</code> is read-only. | |
Note that overwrite values in <code>ngx.ctx</code> in the http request phases (like `rewrite_by_lua*`) will only take affect in the current http request. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and add the following case will be much clearer.
for example:
ssl_certificate_by_lua_by_block {
ngx.ctx.foo = 1 -- it will always be 1 in all of the http requests over this SSL connection.
}
location /foo-1 {
rewrite_by_lua_block {
ngx.ctx.foo = 2 -- only take affects in current http request
}
}
location /foo-2 {
rewrite_by_lua_block {
ngx.say(ngx.ctx.foo) -- will alway be 1
}
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@doujiang24
Done. Test case is added in openresty/lua-resty-core#243
e7db3b6
to
118eb82
Compare
src/ngx_http_lua_ctx.c
Outdated
} | ||
|
||
*in_ssl_phase = ctx->context & (NGX_HTTP_LUA_CONTEXT_SSL_CERT | ||
| NGX_HTTP_LUA_CONTEXT_SSL_SESS_FETCH |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This has indentation problem caught by ngx-releng
:
src/ngx_http_lua_ctx.c:
incorrect front spaces, unclosed bracket
89: | NGX_HTTP_LUA_CONTEXT_SSL_SESS_FETCH
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Solved.
1a1bce4
to
aa0702f
Compare
aa0702f
to
489ae10
Compare
TODO: update documentation & support the non-FFI version of API.
I hereby granted the copyright of the changes in this pull request
to the authors of this lua-nginx-module project.