feature: shared ngx.ctx among SSL_* phases and the following phases.

openresty · Aug 21, 2020 · dad854d · dad854d
1 parent 6eb31d2
commit dad854d
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 9 deletions.
diff --git a/src/ngx_stream_lua_ctx.c b/src/ngx_stream_lua_ctx.c
@@ -19,6 +19,7 @@
 
 
 #include "ngx_stream_lua_util.h"
+#include "ngx_stream_lua_ssl.h"
 #include "ngx_stream_lua_ctx.h"
 
 
@@ -29,14 +30,16 @@ typedef struct {
 
 
 static ngx_int_t ngx_stream_lua_ngx_ctx_add_cleanup(ngx_stream_lua_request_t *r,
-    int ref);
+    ngx_pool_t *pool, int ref);
 static void ngx_stream_lua_ngx_ctx_cleanup(void *data);
 
 
 int
 ngx_stream_lua_ngx_set_ctx_helper(lua_State *L, ngx_stream_lua_request_t *r,
     ngx_stream_lua_ctx_t *ctx, int index)
 {
+    ngx_pool_t              *pool;
+
     if (index < 0) {
         index = lua_gettop(L) + index + 1;
     }
@@ -51,7 +54,8 @@ ngx_stream_lua_ngx_set_ctx_helper(lua_State *L, ngx_stream_lua_request_t *r,
         ctx->ctx_ref = luaL_ref(L, -2);
         lua_pop(L, 1);
 
-        if (ngx_stream_lua_ngx_ctx_add_cleanup(r, ctx->ctx_ref) != NGX_OK) {
+        pool = r->pool;
+        if (ngx_stream_lua_ngx_ctx_add_cleanup(r, pool, ctx->ctx_ref) != NGX_OK) {
             return luaL_error(L, "no memory");
         }
 
@@ -74,32 +78,66 @@ ngx_stream_lua_ngx_set_ctx_helper(lua_State *L, ngx_stream_lua_request_t *r,
 
 
 int
-ngx_stream_lua_ffi_get_ctx_ref(ngx_stream_lua_request_t *r)
+ngx_stream_lua_ffi_get_ctx_ref(ngx_stream_lua_request_t *r, int *in_ssl_phase,
+    int *ssl_ctx_ref)
 {
-    ngx_stream_lua_ctx_t        *ctx;
+    ngx_stream_lua_ctx_t                    *ctx;
+    ngx_stream_lua_ssl_ctx_t                *ssl_ctx;
 
     ctx = ngx_stream_lua_get_module_ctx(r, ngx_stream_lua_module);
     if (ctx == NULL) {
         return NGX_STREAM_LUA_FFI_NO_REQ_CTX;
     }
 
-    return ctx->ctx_ref;
+    if (ctx->ctx_ref >= 0 || in_ssl_phase == NULL) {
+        return ctx->ctx_ref;
+    }
+
+    *in_ssl_phase = ctx->context & NGX_STREAM_LUA_CONTEXT_SSL_CERT;
+    *ssl_ctx_ref = LUA_NOREF;
+
+    if (r->connection->ssl != NULL) {
+        ssl_ctx = ngx_stream_lua_ssl_get_ctx(r->connection->ssl->connection);
+
+        if (ssl_ctx != NULL) {
+            *ssl_ctx_ref = ssl_ctx->ctx_ref;
+        }
+    }
+
+    return LUA_NOREF;
 }
 
 
 int
 ngx_stream_lua_ffi_set_ctx_ref(ngx_stream_lua_request_t *r, int ref)
 {
-    ngx_stream_lua_ctx_t        *ctx;
+    ngx_pool_t                      *pool;
+    ngx_connection_t                *c;
+    ngx_stream_lua_ctx_t            *ctx;
+    ngx_stream_lua_ssl_ctx_t        *ssl_ctx;
 
     ctx = ngx_stream_lua_get_module_ctx(r, ngx_stream_lua_module);
     if (ctx == NULL) {
         return NGX_STREAM_LUA_FFI_NO_REQ_CTX;
     }
 
+    if (ctx->context & NGX_STREAM_LUA_CONTEXT_SSL_CERT) {
+        ssl_ctx = ngx_stream_lua_ssl_get_ctx(r->connection->ssl->connection);
+        if (ssl_ctx == NULL) {
+            return NGX_ERROR;
+        }
+
+        ssl_ctx->ctx_ref = ref;
+        c = ngx_ssl_get_connection(r->connection->ssl->connection);
+        pool = c->pool;
+
+    } else {
+        pool = r->pool;
+    }
+
     ctx->ctx_ref = ref;
 
-    if (ngx_stream_lua_ngx_ctx_add_cleanup(r, ref) != NGX_OK) {
+    if (ngx_stream_lua_ngx_ctx_add_cleanup(r, pool, ref) != NGX_OK) {
         return NGX_ERROR;
     }
 
@@ -108,7 +146,8 @@ ngx_stream_lua_ffi_set_ctx_ref(ngx_stream_lua_request_t *r, int ref)
 
 
 static ngx_int_t
-ngx_stream_lua_ngx_ctx_add_cleanup(ngx_stream_lua_request_t *r, int ref)
+ngx_stream_lua_ngx_ctx_add_cleanup(ngx_stream_lua_request_t *r, ngx_pool_t *pool,
+    int ref)
 {
     lua_State                   *L;
     ngx_pool_cleanup_t          *cln;
@@ -119,7 +158,7 @@ ngx_stream_lua_ngx_ctx_add_cleanup(ngx_stream_lua_request_t *r, int ref)
     ctx = ngx_stream_lua_get_module_ctx(r, ngx_stream_lua_module);
     L = ngx_stream_lua_get_lua_vm(r, ctx);
 
-    cln = ngx_pool_cleanup_add(r->pool,
+    cln = ngx_pool_cleanup_add(pool,
                                sizeof(ngx_stream_lua_ngx_ctx_cleanup_data_t));
     if (cln == NULL) {
         return NGX_ERROR;

diff --git a/src/ngx_stream_lua_ssl.h b/src/ngx_stream_lua_ssl.h
@@ -35,6 +35,10 @@ typedef struct {
     int                      exit_code;  /* exit code for openssl's
                                             set_cert_cb callback */
 
+    int                      ctx_ref;    /* reference to anchor
+                                            request ctx data in lua
+                                            registry */
+
     unsigned                 done:1;
     unsigned                 aborted:1;
 

diff --git a/src/ngx_stream_lua_ssl_certby.c b/src/ngx_stream_lua_ssl_certby.c
@@ -279,6 +279,8 @@ ngx_stream_lua_ssl_cert_handler(ngx_ssl_conn_t *ssl_conn, void *data)
         if (cctx == NULL) {
             goto failed;  /* error */
         }
+
+        cctx->ctx_ref = LUA_NOREF;
     }
 
     cctx->exit_code = 1;  /* successful by default */

diff --git a/src/ngx_stream_lua_util.h b/src/ngx_stream_lua_util.h
@@ -23,6 +23,7 @@
 
 
 #include "ngx_stream_lua_common.h"
+#include "ngx_stream_lua_ssl.h"
 #include "ngx_stream_lua_api.h"
Original file line number	Diff line number	Diff line change
Expand Up		@@ -23,6 +23,7 @@


		#include "ngx_stream_lua_common.h"
		#include "ngx_stream_lua_ssl.h"
		#include "ngx_stream_lua_api.h"


Expand Down