Squashed 'src/deps/src/stream-lua-nginx-module/' changes from 69f0cd7621..4169f1ba16

4169f1ba16 bumped version of stream-lua-nginx-module to 16. 7a40a36f73 feature: enable ngx.var at the ssl_certificate_by_lua and ssl_client_hello_by_lua. b22705c041 tests: fixed test case in t/062-count.t. 1e1d93eac2 bugfix: `setkeepalive` failure on TLSv1.3 git-subtree-dir: src/deps/src/stream-lua-nginx-module git-subtree-split: 4169f1ba16860e30403372693a85171bebf1994d
2026-05-24 09:28:37 +00:00 · 2025-01-17 10:20:04 +01:00 · 2025-01-17 10:20:04 +01:00 · 5b87624e3b
commit 5b87624e3b
parent f1c1cfbd8c
7 changed files with 221 additions and 23 deletions
--- a/src/api/ngx_stream_lua_api.h
+++ b/src/api/ngx_stream_lua_api.h
@ -29,7 +29,7 @@
 /* Public API for other Nginx modules */


-#define ngx_stream_lua_version  15
+#define ngx_stream_lua_version  16


 typedef struct {
--- a/src/ngx_stream_lua_socket_tcp.c
+++ b/src/ngx_stream_lua_socket_tcp.c
@ -5595,8 +5595,7 @@ ngx_stream_lua_socket_keepalive_close_handler(ngx_event_t *ev)
    ngx_stream_lua_socket_pool_t                *spool;

    int                n;
-    int                err;
-    char               buf[1];
+    unsigned char      buf[1];
    ngx_connection_t  *c;

    c = ev->data;
@ -5618,20 +5617,10 @@ ngx_stream_lua_socket_keepalive_close_handler(ngx_event_t *ev)
                   "stream lua tcp socket keepalive close handler "
                   "check stale events");

-    n = recv(c->fd, buf, 1, MSG_PEEK);
-    err = ngx_socket_errno;
-#if (NGX_STREAM_SSL)
-    /* ignore ssl protocol data like change cipher spec */
-    if (n == 1 && c->ssl != NULL) {
-        n = c->recv(c, (unsigned char *) buf, 1);
-        if (n == NGX_AGAIN) {
-            n = -1;
-            err = NGX_EAGAIN;
-        }
-    }
-#endif  /* NGX_STREAM_SSL */
+    /* consume the possible ssl-layer data implicitly */
+    n = c->recv(c, buf, 1);

-    if (n == -1 && err == NGX_EAGAIN) {
+    if (n == NGX_AGAIN) {
        /* stale event */

        if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
--- a/src/ngx_stream_lua_variable.c
+++ b/src/ngx_stream_lua_variable.c
@ -32,18 +32,30 @@ ngx_stream_lua_ffi_var_get(ngx_stream_lua_request_t *r, u_char *name_data,
    ngx_uint_t                   hash;
    ngx_str_t                    name;

-    ngx_stream_variable_value_t         *vv;
+    ngx_stream_session_t          *session;
+    ngx_stream_lua_ctx_t          *ctx;
+    ngx_stream_lua_ssl_ctx_t      *cctx;
+    ngx_stream_variable_value_t   *vv;

    if (r == NULL) {
        *err = "no request object found";
        return NGX_ERROR;
    }

+    session = r->session;
    if ((r)->connection->fd == (ngx_socket_t) -1) {
-        *err = "API disabled in the current context";
-        return NGX_ERROR;
-    }
+        ctx = ngx_stream_lua_get_module_ctx(r, ngx_stream_lua_module);
+        if (ctx->context & (NGX_STREAM_LUA_CONTEXT_SSL_CERT
+                            | NGX_STREAM_LUA_CONTEXT_SSL_CLIENT_HELLO))
+        {
+            cctx = ngx_stream_lua_ssl_get_ctx(r->connection->ssl->connection);
+            session = cctx->connection->data;

+        } else {
+            *err = "API disabled in the current context";
+            return NGX_ERROR;
+        }
+    }

    hash = ngx_hash_strlow(lowcase_buf, name_data, name_len);

@ -52,7 +64,7 @@ ngx_stream_lua_ffi_var_get(ngx_stream_lua_request_t *r, u_char *name_data,

    dd("variable name: %.*s", (int) name_len, lowcase_buf);

-    vv = ngx_stream_get_variable(r->session, &name, hash);
+    vv = ngx_stream_get_variable(session, &name, hash);

    if (vv == NULL || vv->not_found) {
        return NGX_DECLINED;
--- a/t/058-tcp-socket.t
+++ b/t/058-tcp-socket.t
@ -4,12 +4,13 @@ use Test::Nginx::Socket::Lua::Stream;

 repeat_each(2);

-plan tests => repeat_each() * 221;
+plan tests => repeat_each() * 224;

 our $HtmlDir = html_dir;

 $ENV{TEST_NGINX_MEMCACHED_PORT} ||= 11211;
 $ENV{TEST_NGINX_RESOLVER} ||= '8.8.8.8';
+$ENV{TEST_NGINX_HTML_DIR} ||= html_dir();

 #log_level 'warn';
 log_level 'debug';
@ -3545,3 +3546,58 @@ lua tcp socket calling receiveany() method to read at most 7 bytes

 --- error_log
 shutdown on a not connected socket: closed
+
+
+
+=== TEST 68: setkeepalive with TLSv1.3
+--- skip_openssl: 3: < 1.1.1
+--- stream_config
+    server {
+        listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+        ssl_certificate     ../../cert/test_ecdsa.crt;
+        ssl_certificate_key ../../cert/test_ecdsa.key;
+        ssl_protocols TLSv1.3;
+        content_by_lua_block {
+            local sock = assert(ngx.req.socket(true))
+            local data
+            while true do
+                data = assert(sock:receive())
+                assert(data == "hello")
+            end
+        }
+    }
+--- stream_server_config
+    lua_ssl_protocols TLSv1.3;
+    content_by_lua_block {
+        local sock = ngx.socket.tcp()
+        sock:settimeout(2000)
+        local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
+        if not ok then
+            ngx.say("failed to connect: ", err)
+            return
+        end
+        ngx.say("connected: ", ok)
+        local ok, err = sock:sslhandshake(false, nil, false)
+        if not ok then
+            ngx.say("failed to sslhandshake: ", err)
+            return
+        end
+        local ok, err = sock:send("hello\n")
+        if not ok then
+            ngx.say("failed to send: ", err)
+            return
+        end
+        -- sleep a while to make sure the NewSessionTicket message has arrived
+        ngx.sleep(1)
+        local ok, err = sock:setkeepalive()
+        if not ok then
+            ngx.say("failed to setkeepalive: ", err)
+        else
+            ngx.say("setkeepalive: ", ok)
+        end
+    }
+--- stream_response
+connected: 1
+setkeepalive: 1
+--- no_error_log
+[error]
--- a/t/062-count.t
+++ b/t/062-count.t
@ -30,7 +30,7 @@ __DATA__
        ngx.say("ngx: ", n)
    }
 --- stream_response
-ngx: 53
+ngx: 54
 --- no_error_log
 [error]

--- a/t/139-ssl-cert-by.t
+++ b/t/139-ssl-cert-by.t
@ -1787,3 +1787,73 @@ client socket file:
 --- no_error_log
 [error]
 [alert]
+
+
+
+=== TEST 27: call ngx.var
+--- stream_config
+    server {
+        listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+        ssl_certificate_by_lua_block {
+            ngx.log(ngx.INFO, "hostname:", ngx.var.hostname)
+        }
+
+        ssl_certificate ../../cert/test.crt;
+        ssl_certificate_key ../../cert/test.key;
+
+        return 'it works!\n';
+    }
+--- stream_server_config
+    lua_ssl_trusted_certificate ../../cert/test.crt;
+
+    content_by_lua_block {
+        do
+            local sock = ngx.socket.tcp()
+
+            sock:settimeout(2000)
+
+            local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
+            if not ok then
+                ngx.say("failed to connect: ", err)
+                return
+            end
+
+            ngx.say("connected: ", ok)
+
+            local sess, err = sock:sslhandshake(nil, "test.com", true)
+            if not sess then
+                ngx.say("failed to do SSL handshake: ", err)
+                return
+            end
+
+            ngx.say("ssl handshake: ", type(sess))
+
+            while true do
+                local line, err = sock:receive()
+                if not line then
+                    -- ngx.say("failed to receive response status line: ", err)
+                    break
+                end
+
+                ngx.say("received: ", line)
+            end
+
+            local ok, err = sock:close()
+            ngx.say("close: ", ok, " ", err)
+        end  -- do
+        -- collectgarbage()
+    }
+
+--- stream_response
+connected: 1
+ssl handshake: userdata
+received: it works!
+close: 1 nil
+
+--- error_log
+lua ssl server name: "test.com"
+
+--- no_error_log
+[error]
+[alert]
+[crit]
--- a/t/162-ssl-client-hello-by.t
+++ b/t/162-ssl-client-hello-by.t
@ -1806,3 +1806,74 @@ ssl handshake: userdata
 uthread: hello from f()
 uthread: killed
 uthread: failed to kill: already waited or killed
+
+
+
+=== TEST 27: call ngx.var
+--- stream_config
+    server {
+        listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+        ssl_client_hello_by_lua_block {
+            ngx.log(ngx.INFO, "hostname: ", ngx.var.hostname)
+        }
+
+        ssl_certificate ../../cert/test.crt;
+        ssl_certificate_key ../../cert/test.key;
+
+        return 'it works!\n';
+    }
+
+--- stream_server_config
+    lua_ssl_trusted_certificate ../../cert/test.crt;
+
+    content_by_lua_block {
+        do
+            local sock = ngx.socket.tcp()
+
+            sock:settimeout(2000)
+
+            local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
+            if not ok then
+                ngx.say("failed to connect: ", err)
+                return
+            end
+
+            ngx.say("connected: ", ok)
+
+            local sess, err = sock:sslhandshake(nil, "test.com", true)
+            if not sess then
+                ngx.say("failed to do SSL handshake: ", err)
+                return
+            end
+
+            ngx.say("ssl handshake: ", type(sess))
+
+            while true do
+                local line, err = sock:receive()
+                if not line then
+                    -- ngx.say("failed to receive response status line: ", err)
+                    break
+                end
+
+                ngx.say("received: ", line)
+            end
+
+            local ok, err = sock:close()
+            ngx.say("close: ", ok, " ", err)
+        end  -- do
+        -- collectgarbage()
+    }
+
+--- stream_response
+connected: 1
+ssl handshake: userdata
+received: it works!
+close: 1 nil
+
+--- error_log
+lua ssl server name: "test.com"
+
+--- no_error_log
+[error]
+[alert]
+[crit]