From dad854de5177179ddbc0644e5d0477a4156793e2 Mon Sep 17 00:00:00 2001
From: spacewander <spacewanderlzx@gmail.com>
Date: Fri, 7 Aug 2020 14:10:46 +0800
Subject: [PATCH] feature: shared ngx.ctx among SSL_* phases and the following
 phases.

---
 src/ngx_stream_lua_ctx.c        | 57 +++++++++++++++++++++++++++------
 src/ngx_stream_lua_ssl.h        |  4 +++
 src/ngx_stream_lua_ssl_certby.c |  2 ++
 src/ngx_stream_lua_util.h       |  1 +
 4 files changed, 55 insertions(+), 9 deletions(-)

diff --git a/src/ngx_stream_lua_ctx.c b/src/ngx_stream_lua_ctx.c
index 365404e2..9c4468e4 100644
--- a/src/ngx_stream_lua_ctx.c
+++ b/src/ngx_stream_lua_ctx.c
@@ -19,6 +19,7 @@
 
 
 #include "ngx_stream_lua_util.h"
+#include "ngx_stream_lua_ssl.h"
 #include "ngx_stream_lua_ctx.h"
 
 
@@ -29,7 +30,7 @@ typedef struct {
 
 
 static ngx_int_t ngx_stream_lua_ngx_ctx_add_cleanup(ngx_stream_lua_request_t *r,
-    int ref);
+    ngx_pool_t *pool, int ref);
 static void ngx_stream_lua_ngx_ctx_cleanup(void *data);
 
 
@@ -37,6 +38,8 @@ int
 ngx_stream_lua_ngx_set_ctx_helper(lua_State *L, ngx_stream_lua_request_t *r,
     ngx_stream_lua_ctx_t *ctx, int index)
 {
+    ngx_pool_t              *pool;
+
     if (index < 0) {
         index = lua_gettop(L) + index + 1;
     }
@@ -51,7 +54,8 @@ ngx_stream_lua_ngx_set_ctx_helper(lua_State *L, ngx_stream_lua_request_t *r,
         ctx->ctx_ref = luaL_ref(L, -2);
         lua_pop(L, 1);
 
-        if (ngx_stream_lua_ngx_ctx_add_cleanup(r, ctx->ctx_ref) != NGX_OK) {
+        pool = r->pool;
+        if (ngx_stream_lua_ngx_ctx_add_cleanup(r, pool, ctx->ctx_ref) != NGX_OK) {
             return luaL_error(L, "no memory");
         }
 
@@ -74,32 +78,66 @@ ngx_stream_lua_ngx_set_ctx_helper(lua_State *L, ngx_stream_lua_request_t *r,
 
 
 int
-ngx_stream_lua_ffi_get_ctx_ref(ngx_stream_lua_request_t *r)
+ngx_stream_lua_ffi_get_ctx_ref(ngx_stream_lua_request_t *r, int *in_ssl_phase,
+    int *ssl_ctx_ref)
 {
-    ngx_stream_lua_ctx_t        *ctx;
+    ngx_stream_lua_ctx_t                    *ctx;
+    ngx_stream_lua_ssl_ctx_t                *ssl_ctx;
 
     ctx = ngx_stream_lua_get_module_ctx(r, ngx_stream_lua_module);
     if (ctx == NULL) {
         return NGX_STREAM_LUA_FFI_NO_REQ_CTX;
     }
 
-    return ctx->ctx_ref;
+    if (ctx->ctx_ref >= 0 || in_ssl_phase == NULL) {
+        return ctx->ctx_ref;
+    }
+
+    *in_ssl_phase = ctx->context & NGX_STREAM_LUA_CONTEXT_SSL_CERT;
+    *ssl_ctx_ref = LUA_NOREF;
+
+    if (r->connection->ssl != NULL) {
+        ssl_ctx = ngx_stream_lua_ssl_get_ctx(r->connection->ssl->connection);
+
+        if (ssl_ctx != NULL) {
+            *ssl_ctx_ref = ssl_ctx->ctx_ref;
+        }
+    }
+
+    return LUA_NOREF;
 }
 
 
 int
 ngx_stream_lua_ffi_set_ctx_ref(ngx_stream_lua_request_t *r, int ref)
 {
-    ngx_stream_lua_ctx_t        *ctx;
+    ngx_pool_t                      *pool;
+    ngx_connection_t                *c;
+    ngx_stream_lua_ctx_t            *ctx;
+    ngx_stream_lua_ssl_ctx_t        *ssl_ctx;
 
     ctx = ngx_stream_lua_get_module_ctx(r, ngx_stream_lua_module);
     if (ctx == NULL) {
         return NGX_STREAM_LUA_FFI_NO_REQ_CTX;
     }
 
+    if (ctx->context & NGX_STREAM_LUA_CONTEXT_SSL_CERT) {
+        ssl_ctx = ngx_stream_lua_ssl_get_ctx(r->connection->ssl->connection);
+        if (ssl_ctx == NULL) {
+            return NGX_ERROR;
+        }
+
+        ssl_ctx->ctx_ref = ref;
+        c = ngx_ssl_get_connection(r->connection->ssl->connection);
+        pool = c->pool;
+
+    } else {
+        pool = r->pool;
+    }
+
     ctx->ctx_ref = ref;
 
-    if (ngx_stream_lua_ngx_ctx_add_cleanup(r, ref) != NGX_OK) {
+    if (ngx_stream_lua_ngx_ctx_add_cleanup(r, pool, ref) != NGX_OK) {
         return NGX_ERROR;
     }
 
@@ -108,7 +146,8 @@ ngx_stream_lua_ffi_set_ctx_ref(ngx_stream_lua_request_t *r, int ref)
 
 
 static ngx_int_t
-ngx_stream_lua_ngx_ctx_add_cleanup(ngx_stream_lua_request_t *r, int ref)
+ngx_stream_lua_ngx_ctx_add_cleanup(ngx_stream_lua_request_t *r, ngx_pool_t *pool,
+    int ref)
 {
     lua_State                   *L;
     ngx_pool_cleanup_t          *cln;
@@ -119,7 +158,7 @@ ngx_stream_lua_ngx_ctx_add_cleanup(ngx_stream_lua_request_t *r, int ref)
     ctx = ngx_stream_lua_get_module_ctx(r, ngx_stream_lua_module);
     L = ngx_stream_lua_get_lua_vm(r, ctx);
 
-    cln = ngx_pool_cleanup_add(r->pool,
+    cln = ngx_pool_cleanup_add(pool,
                                sizeof(ngx_stream_lua_ngx_ctx_cleanup_data_t));
     if (cln == NULL) {
         return NGX_ERROR;
diff --git a/src/ngx_stream_lua_ssl.h b/src/ngx_stream_lua_ssl.h
index 485ccbc7..d2635483 100644
--- a/src/ngx_stream_lua_ssl.h
+++ b/src/ngx_stream_lua_ssl.h
@@ -35,6 +35,10 @@ typedef struct {
     int                      exit_code;  /* exit code for openssl's
                                             set_cert_cb callback */
 
+    int                      ctx_ref;    /* reference to anchor
+                                            request ctx data in lua
+                                            registry */
+
     unsigned                 done:1;
     unsigned                 aborted:1;
 
diff --git a/src/ngx_stream_lua_ssl_certby.c b/src/ngx_stream_lua_ssl_certby.c
index 7b374ce2..4b25ecfc 100644
--- a/src/ngx_stream_lua_ssl_certby.c
+++ b/src/ngx_stream_lua_ssl_certby.c
@@ -279,6 +279,8 @@ ngx_stream_lua_ssl_cert_handler(ngx_ssl_conn_t *ssl_conn, void *data)
         if (cctx == NULL) {
             goto failed;  /* error */
         }
+
+        cctx->ctx_ref = LUA_NOREF;
     }
 
     cctx->exit_code = 1;  /* successful by default */
diff --git a/src/ngx_stream_lua_util.h b/src/ngx_stream_lua_util.h
index 232f10ef..deb255f6 100644
--- a/src/ngx_stream_lua_util.h
+++ b/src/ngx_stream_lua_util.h
@@ -23,6 +23,7 @@
 
 
 #include "ngx_stream_lua_common.h"
+#include "ngx_stream_lua_ssl.h"
 #include "ngx_stream_lua_api.h"