summaryrefslogtreecommitdiffstats
path: root/server/resty/openssl/auxiliary/nginx_c.lua
blob: f50db365a28d5b92b7cf2a0be5ee7096cd5fd4f5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
local ffi = require "ffi"
local C = ffi.C

local SOCKET_CTX_INDEX = 1
local NGX_OK = ngx.OK


local get_req_ssl, get_req_ssl_ctx
local get_socket_ssl, get_socket_ssl_ctx

local get_request
do
  local ok, exdata = pcall(require, "thread.exdata")
  if ok and exdata then
    function get_request()
      local r = exdata()
      if r ~= nil then
          return r
      end
    end

  else
    local getfenv = getfenv

    function get_request()
      return getfenv(0).__ngx_req
    end
  end
end


local stream_subsystem = false
if ngx.config.subsystem == "stream" then
  stream_subsystem = true

  ffi.cdef [[
    typedef struct ngx_stream_lua_request_s ngx_stream_lua_request_t;
    typedef struct ngx_stream_lua_socket_tcp_upstream_s ngx_stream_lua_socket_tcp_upstream_t;

    int ngx_stream_lua_resty_openssl_aux_get_request_ssl(ngx_stream_lua_request_t *r,
        void **_ssl_conn);

    int ngx_stream_lua_resty_openssl_aux_get_request_ssl_ctx(ngx_stream_lua_request_t *r,
        void **_sess);

    int ngx_stream_lua_resty_openssl_aux_get_socket_ssl(ngx_stream_lua_socket_tcp_upstream_t *u,
        void **_ssl_conn);

    int ngx_stream_lua_resty_openssl_aux_get_socket_ssl_ctx(ngx_stream_lua_socket_tcp_upstream_t *u,
        void **_sess);
  ]]

  -- sanity test
  local _ = C.ngx_stream_lua_resty_openssl_aux_get_request_ssl
else
  ffi.cdef [[
    typedef struct ngx_http_request_s ngx_http_request_t;
    typedef struct ngx_http_lua_socket_tcp_upstream_s ngx_http_lua_socket_tcp_upstream_t;

    int ngx_http_lua_resty_openssl_aux_get_request_ssl(ngx_http_request_t *r,
        void **_ssl_conn);

    int ngx_http_lua_resty_openssl_aux_get_request_ssl_ctx(ngx_http_request_t *r,
        void **_sess);

    int ngx_http_lua_resty_openssl_aux_get_socket_ssl(ngx_http_lua_socket_tcp_upstream_t *u,
        void **_ssl_conn);

    int ngx_http_lua_resty_openssl_aux_get_socket_ssl_ctx(ngx_http_lua_socket_tcp_upstream_t *u,
        void **_sess);
  ]]

  -- sanity test
  local _ = C.ngx_http_lua_resty_openssl_aux_get_request_ssl
end

local void_pp = ffi.new("void *[1]")
local ssl_type = ffi.typeof("SSL*")
local ssl_ctx_type = ffi.typeof("SSL_CTX*")

get_req_ssl = function()
  local c = get_request()

  local ret
  if stream_subsystem then
    ret = C.ngx_stream_lua_resty_openssl_aux_get_request_ssl(c, void_pp)
  else
    ret = C.ngx_http_lua_resty_openssl_aux_get_request_ssl(c, void_pp)
  end

  if ret ~= NGX_OK then
    return nil, "cannot read r->connection->ssl->connection"
  end

  return ffi.cast(ssl_type, void_pp[0])
end

get_req_ssl_ctx = function()
  local c = get_request()

  local ret
  if stream_subsystem then
    ret = C.ngx_stream_lua_resty_openssl_aux_get_request_ssl_ctx(c, void_pp)
  else
    ret = C.ngx_http_lua_resty_openssl_aux_get_request_ssl_ctx(c, void_pp)
  end

  if ret ~= NGX_OK then
    return nil, "cannot read r->connection->ssl->session_ctx"
  end

  return ffi.cast(ssl_ctx_type, void_pp[0])
end

get_socket_ssl = function(sock)
  local u = sock[SOCKET_CTX_INDEX]

  local ret
  if stream_subsystem then
    ret = C.ngx_stream_lua_resty_openssl_aux_get_socket_ssl(u, void_pp)
  else
    ret = C.ngx_http_lua_resty_openssl_aux_get_socket_ssl(u, void_pp)
  end

  if ret ~= NGX_OK then
    return nil, "cannot read u->peer.connection->ssl->connection"
  end

  return ffi.cast(ssl_type, void_pp[0])
end

get_socket_ssl_ctx = function(sock)
  local u = sock[SOCKET_CTX_INDEX]

  local ret
  if stream_subsystem then
    ret = C.ngx_stream_lua_resty_openssl_aux_get_socket_ssl_ctx(u, void_pp)
  else
    ret = C.ngx_http_lua_resty_openssl_aux_get_socket_ssl_ctx(u, void_pp)
  end

  if ret ~= NGX_OK then
    return nil, "cannot read u->peer.connection->ssl->session_ctx"
  end

  return ffi.cast(ssl_ctx_type, void_pp[0])
end

return {
  get_req_ssl = get_req_ssl,
  get_req_ssl_ctx = get_req_ssl_ctx,
  get_socket_ssl = get_socket_ssl,
  get_socket_ssl_ctx = get_socket_ssl_ctx,
}