Merge commit 'c0515d7989c6ad77f99bb0684ac09859319b8027' into dev

src/deps/src/lua-resty-openssl/.github/workflows/tests.yml

@@ -29,14 +29,14 @@ jobs:
         # TODO: arm64
         # latest and one version older for valgrind and perf test
         - nginx: "1.19.9"
-          openssl: "3.1.4"
+          openssl: "3.1.5"
           openssl_fips: "3.0.8"
           extras: "valgrind"
           lua_nginx_module: "v0.10.20"
           lua_resty_core: "v0.1.22"
           nginx_cc_opts: "-Wno-error"
         - nginx: "1.21.4"
-          openssl: "3.1.4"
+          openssl: "3.1.5"
           openssl_fips: "3.0.8"
           extras: "valgrind"
           lua_nginx_module: "v0.10.25"
@@ -48,23 +48,23 @@ jobs:
           lua_nginx_module: "v0.10.26"
           lua_resty_core: "v0.1.28"
         - nginx: "1.25.3"
-          openssl: "3.0.12"
+          openssl: "3.0.13"
           openssl_fips: "3.0.8"
           extras: "valgrind perf"
           lua_nginx_module: "v0.10.26"
           lua_resty_core: "v0.1.28"
           nginx_cc_opts: "-Wno-error"
         - nginx: "1.25.3"
-          openssl: "3.1.4"
+          openssl: "3.1.5"
           openssl_fips: "3.0.8"
           extras: "valgrind perf"
           lua_nginx_module: "v0.10.26"
           lua_resty_core: "v0.1.28"
           nginx_cc_opts: "-Wno-error"
         - nginx: "1.25.3"
-          openssl: "3.2.0"
+          openssl: "3.2.1"
           openssl_fips: "3.0.8"
-          extras: "valgrind perf"
+          extras: "valgrind perf lua-kong-nginx-module"
           lua_nginx_module: "v0.10.26"
           lua_resty_core: "v0.1.28"
           nginx_cc_opts: "-Wno-error"
@@ -115,6 +115,7 @@ jobs:
         git clone https://github.com/openresty/lua-nginx-module.git ./lua-nginx-module -b ${{ matrix.lua_nginx_module }}
         git clone https://github.com/openresty/no-pool-nginx.git ./no-pool-nginx
         git clone https://github.com/fffonion/lua-resty-openssl-aux-module ./lua-resty-openssl-aux-module
+        git clone https://github.com/Kong/lua-kong-nginx-module.git ./lua-kong-nginx-module
         # lua libraries at parent directory of current repository
         popd
         git clone https://github.com/openresty/lua-resty-core.git ../lua-resty-core -b ${{ matrix.lua_resty_core }}
@@ -170,15 +171,17 @@ jobs:
     - name: Build Nginx
       env:
         NGINX_CC_OPTS: ${{ matrix.nginx_cc_opts }}
+        NGINX_MODULES: ""
       run: |
         if [[ "${{ matrix.extras }}" == *valgrind* ]]; then NGINX_CC_OPTS="$NGINX_CC_OPTS -O0"; fi
+        if [[ "${{ matrix.extras }}" == *lua-kong-nginx-module* ]]; then NGINX_MODULES="$NGINX_MODULES --add-module=../lua-kong-nginx-module"; fi
         export PATH=$BASE_PATH/work/nginx/sbin:$BASE_PATH/../nginx-devel-utils:$PATH
         export LD_LIBRARY_PATH=$LUAJIT_LIB:$LD_LIBRARY_PATH
         export NGX_LUA_LOC=$BASE_PATH/../lua-nginx-module
         export NGX_STREAM_LUA_LOC=$BASE_PATH/../stream-lua-nginx-module
         export
         cd $BASE_PATH
-        if [ ! -e work ]; then ngx-build ${{ matrix.nginx }} --add-module=../ndk-nginx-module --add-module=../lua-nginx-module --add-module=../lua-resty-openssl-aux-module --with-http_ssl_module --with-cc-opt="-I$OPENSSL_INC $NGINX_CC_OPTS" --with-ld-opt="-L$OPENSSL_LIB -Wl,-rpath,$OPENSSL_LIB" --with-debug > build.log 2>&1 || (cat build.log && exit 1); fi
+        if [ ! -e work ]; then ngx-build ${{ matrix.nginx }} --add-module=../ndk-nginx-module --add-module=../lua-nginx-module --add-module=../lua-resty-openssl-aux-module $NGINX_MODULES --with-http_ssl_module --with-cc-opt="-I$OPENSSL_INC $NGINX_CC_OPTS" --with-ld-opt="-L$OPENSSL_LIB -Wl,-rpath,$OPENSSL_LIB" --with-debug > build.log 2>&1 || (cat build.log && exit 1); fi
         nginx -V
         ldd `which nginx`|grep -E 'luajit|ssl|pcre'
 
@@ -191,6 +194,8 @@ jobs:
         echo "Nginx SSL plain FFI"
         export CI_SKIP_NGINX_C=1
         TEST_NGINX_TIMEOUT=10 prove -j$JOBS t/openssl/ssl/ 2>&1
+        export CI_SKIP_KONG_SSL_FUNCS=1
+        TEST_NGINX_TIMEOUT=10 prove -j$JOBS t/openssl/ssl/ 2>&1
 
     - name: Run Valgrind
       if: contains(matrix.extras, 'valgrind')
@@ -205,6 +210,9 @@ jobs:
         export CI_SKIP_NGINX_C=1
         stdbuf -o 0 -e 0 prove -j$JOBS t/openssl/ssl/ 2>&1 | grep -v "Connection refused" | grep -v "Retry connecting after" | tee output.log
         if grep -q 'insert_a_suppression_name_here' output.log; then echo "Valgrind found problems"; exit 1; fi
+        export CI_SKIP_KONG_SSL_FUNCS=1
+        stdbuf -o 0 -e 0 prove -j$JOBS t/openssl/ssl/ 2>&1 | grep -v "Connection refused" | grep -v "Retry connecting after" | tee output.log
+        if grep -q 'insert_a_suppression_name_here' output.log; then echo "Valgrind found problems"; exit 1; fi
 
     - name: Run FIPS Test
       run: |

src/deps/src/lua-resty-openssl/CHANGELOG.md

@@ -2,6 +2,12 @@
 ## [Unreleased]
 
 
+<a name="1.3.0"></a>
+## [1.3.0] - 2024-04-15
+### features
+- **aux/nginx:** use lua-kong-nginx-module's get_socket_ssl when available ([#3](https://github.com/fffonion/lua-resty-openssl/issues/3)) [48c5107](https://github.com/fffonion/lua-resty-openssl/commit/48c51077444e375b2cdd5155693b49d92a82d4a1)
+
+
 <a name="1.2.1"></a>
 ## [1.2.1] - 2024-02-27
 ### bug fixes
@@ -488,8 +494,8 @@
 - **autogen:** generate tests for x509, csr and crl [1392428](https://github.com/fffonion/lua-resty-openssl/commit/1392428352164d2a1a6e0c03075ff65b55aecdee)
 - **objects:** add helper function for ASN1_OBJECT [d037706](https://github.com/fffonion/lua-resty-openssl/commit/d037706c11d716afe3616bdaf4658afc1763081d)
 - **pkey:** asymmetric encryption and decryption [6d60451](https://github.com/fffonion/lua-resty-openssl/commit/6d60451157edbf9cefb634f888dfa3e6d9be302f)
-- **x509:** getter/setters for extensions [243f40d](https://github.com/fffonion/lua-resty-openssl/commit/243f40d35562a516f404188a5c7eb8f5134d9b30)
 - **x509:** add get_ocsp_url and get_crl_url [6141b6f](https://github.com/fffonion/lua-resty-openssl/commit/6141b6f5aed38706b477a71d8c4383bf55da7eee)
+- **x509:** getter/setters for extensions [243f40d](https://github.com/fffonion/lua-resty-openssl/commit/243f40d35562a516f404188a5c7eb8f5134d9b30)
 - **x509.altname:** support iterate and decode over the stack [083a201](https://github.com/fffonion/lua-resty-openssl/commit/083a201746e02d51f6c5c640ad9bf8c6730ebe0b)
 - **x509.crl:** add crl module [242f8cb](https://github.com/fffonion/lua-resty-openssl/commit/242f8cb45d6c2df5918f26540c92a430d42feb5d)
 - **x509.csr:** autogen some csr functions as well [9800e36](https://github.com/fffonion/lua-resty-openssl/commit/9800e36c2ff8a299b88f24091cc722940a8652bb)
@@ -577,7 +583,8 @@
 - **x509:** export pubkey [ede4f81](https://github.com/fffonion/lua-resty-openssl/commit/ede4f817cb0fe092ad6f9ab5d6ecdcde864a9fd8)
 
 
-[Unreleased]: https://github.com/fffonion/lua-resty-openssl/compare/1.2.1...HEAD
+[Unreleased]: https://github.com/fffonion/lua-resty-openssl/compare/1.3.0...HEAD
+[1.3.0]: https://github.com/fffonion/lua-resty-openssl/compare/1.2.1...1.3.0
 [1.2.1]: https://github.com/fffonion/lua-resty-openssl/compare/1.2.0...1.2.1
 [1.2.0]: https://github.com/fffonion/lua-resty-openssl/compare/1.1.0...1.2.0
 [1.1.0]: https://github.com/fffonion/lua-resty-openssl/compare/1.0.2...1.1.0

src/deps/src/lua-resty-openssl/lib/resty/openssl.lua

@@ -24,7 +24,7 @@ try_require_modules()
 
 
 local _M = {
-  _VERSION = '1.2.1',
+  _VERSION = '1.3.0',
 }
 
 function _M.load_modules()

src/deps/src/lua-resty-openssl/lib/resty/openssl/auxiliary/nginx_c.lua

@@ -1,5 +1,6 @@
 local ffi = require "ffi"
 local C = ffi.C
+local os = os
 
 local SOCKET_CTX_INDEX = 1
 local NGX_OK = ngx.OK
@@ -30,6 +31,8 @@ end
 
 
 local stream_subsystem = false
+local get_sock_ssl
+
 if ngx.config.subsystem == "stream" then
   stream_subsystem = true
 
@@ -48,10 +51,21 @@ if ngx.config.subsystem == "stream" then
 
     int ngx_stream_lua_resty_openssl_aux_get_socket_ssl_ctx(ngx_stream_lua_socket_tcp_upstream_t *u,
         void **_sess);
+
+    int ngx_stream_lua_kong_get_socket_ssl(ngx_stream_lua_socket_tcp_upstream_t *u,
+        void **ssl_conn);
   ]]
 
   -- sanity test
   local _ = C.ngx_stream_lua_resty_openssl_aux_get_request_ssl
+  local success
+  if not os.getenv("CI_SKIP_KONG_SSL_FUNCS") then
+    success, get_sock_ssl = pcall(function() return C.ngx_stream_lua_kong_get_socket_ssl end)
+  end
+  if not success or get_sock_ssl == nil then
+    get_sock_ssl = C.ngx_stream_lua_resty_openssl_aux_get_socket_ssl_ctx
+  end
+
 else
   ffi.cdef [[
     typedef struct ngx_http_request_s ngx_http_request_t;
@@ -68,10 +82,20 @@ else
 
     int ngx_http_lua_resty_openssl_aux_get_socket_ssl_ctx(ngx_http_lua_socket_tcp_upstream_t *u,
         void **_sess);
+
+    int ngx_http_lua_kong_ffi_get_socket_ssl(ngx_http_lua_socket_tcp_upstream_t *u,
+        void **ssl_conn);
   ]]
 
   -- sanity test
   local _ = C.ngx_http_lua_resty_openssl_aux_get_request_ssl
+  local success
+  if not os.getenv("CI_SKIP_KONG_SSL_FUNCS") then
+    success, get_sock_ssl = pcall(function() return C.ngx_http_lua_kong_ffi_get_socket_ssl end)
+  end
+  if not success or get_sock_ssl == nil then
+    get_sock_ssl = C.ngx_http_lua_resty_openssl_aux_get_socket_ssl
+  end
 end
 
 local void_pp = ffi.new("void *[1]")
@@ -115,12 +139,7 @@ end
 get_socket_ssl = function(sock)
   local u = sock[SOCKET_CTX_INDEX]
 
-  local ret
-  if stream_subsystem then
-    ret = C.ngx_stream_lua_resty_openssl_aux_get_socket_ssl(u, void_pp)
-  else
-    ret = C.ngx_http_lua_resty_openssl_aux_get_socket_ssl(u, void_pp)
-  end
+  local ret = get_sock_ssl(u, void_pp)
 
   if ret ~= NGX_OK then
     return nil, "cannot read u->peer.connection->ssl->connection"
@@ -151,4 +170,4 @@ return {
   get_req_ssl_ctx = get_req_ssl_ctx,
   get_socket_ssl = get_socket_ssl,
   get_socket_ssl_ctx = get_socket_ssl_ctx,
-}
+}

src/deps/src/lua-resty-openssl/lua-resty-openssl-1.3.0-1.rockspec

@@ -1,8 +1,8 @@
 package = "lua-resty-openssl"
-version = "1.2.1-1"
+version = "1.3.0-1"
 source = {
    url = "git+https://github.com/fffonion/lua-resty-openssl.git",
-   tag = "1.2.1"
+   tag = "1.3.0"
 }
 description = {
    detailed = "FFI-based OpenSSL binding for LuaJIT.",