Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feature: ssl: support for TLS-PSK #1167

Open
wants to merge 30 commits into
base: master
Choose a base branch
from
Open

feature: ssl: support for TLS-PSK #1167

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
7fc0fac
feature: TLS-PSK handshake control.
Jul 28, 2017
26bd228
tests: added a test case for TLS-PSK upstream and downstream.
Jul 31, 2017
7f5808a
travis-ci: use ssl-psk branch of lua-resty-core.
Jul 31, 2017
78e1aed
config: fixed a typo, include ngx_http_lua_ssl_pskby.h in HTTP_LUA_DEPS.
Jul 31, 2017
a22ed55
bugfix: TLS-PSK requires at least OpenSSL 1.0.0, not OpenSSL 1.0.1.
Oct 4, 2017
a250455
tests: fixed a typo in TLS-PSK test case.
Oct 4, 2017
88737ed
doc: documented ssl_psk_by_lua_block, ssl_psk_by_lua_file, ssl_psk_id…
Oct 4, 2017
8b308df
style: fixed oversized lines.
Oct 4, 2017
1b9827f
style: fixed one oversized line.
Oct 4, 2017
e2c532e
tests: Use TLSv1 in TLS-PSK test case.
Oct 4, 2017
121534b
tests: Fixed a typo, use TLSv1 in TLS-PSK test case.
Oct 4, 2017
92ebec5
bugfix: use correct memory pool for ngx_palloc in ngx_http_lua_ffi_ss…
Oct 5, 2017
a28db8b
tests: trigger travis-ci run again
Oct 5, 2017
1a03ba2
bugfix: get return value of ssl_psk_by_lua_* pcall.
Oct 5, 2017
aaeee58
tests: trigger travis-ci run again.
Oct 5, 2017
7766377
tests: trigger travis-ci run again.
Oct 5, 2017
2e2c5d9
doc: generated a new markdown version.
Oct 5, 2017
375a933
doc: updated the documentation to point to a related branch of lua-re…
Oct 5, 2017
7d319c9
doc: updated the documentation to point to a related branch of lua-re…
Oct 5, 2017
b234464
doc: updated the documentation to contain a better example of using s…
Oct 5, 2017
81a1273
bugfix: return NGX_OK in ngx_http_lua_ffi_exit when in NGX_HTTP_LUA_C…
Oct 6, 2017
dda90bc
Removed trailing white spaces.
Oct 7, 2017
c1f255b
Changed ngx_http_lua_ssl_psk_server_handler to use ssl_certificate_by…
Oct 8, 2017
2d2e9a4
Removed references to ssl_psk_by_lua*.
Oct 9, 2017
8fbbe24
tests: Changed t/140-ssl-c-api.t TLS-PSK test to use ssl_certificate_…
Oct 9, 2017
7fd69c3
doc: Removed references to ssl_psk_by_lua*.
Oct 9, 2017
2ca05ce
bugfix: copy ctx->exit_code to cctx->exit_code in ngx_http_lua_ssl_ce…
Oct 9, 2017
7fff2b2
This reverts commit 01055ca82044dd452b2a10b46f67850f0526473b
Oct 9, 2017
3353c6d
tests: Updated expected ciphers to match ones used by openresty.org i…
Oct 14, 2017
f1844c8
tests: increased a timeout value of test 25 by one second in t/129-ss…
Oct 14, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
doc: updated the documentation to point to a related branch of lua-re… 
…sty-core containing TLS-PSK functions.
  • Loading branch information
Tuure Vartiainen committed Oct 14, 2017
commit 375a933200e9c4caeb3c1d9624c1db3f506bb35b
5 changes: 2 additions & 3 deletions README.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2591,7 +2591,7 @@ the SSL session via SSL session IDs or TLS session tickets for the current SSL c
other words, this Lua handler only runs when NGINX has to initiate a full SSL handshake.

Below is a trivial example using the
[ngx.ssl](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl.md) module
[ngx.ssl](https://github.com/vartiait/lua-resty-core/blob/ssl-psk/lib/ngx/ssl.md) module
at the same time:

```nginx
Expand All @@ -2615,8 +2615,7 @@ at the same time:
See more complicated examples in the [ngx.ssl](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl.md)
Lua module's official documentation.

Uncaught Lua exceptions in the user Lua code immediately abort the current SSL session, so does the
[ngx.exit](#ngxexit) call with an error code like `ngx.ERROR`.
Uncaught Lua exceptions in the user Lua code immediately abort the current SSL session, so does return call with an error code like `ngx.ERROR`.

This Lua code execution context *does not* support yielding, so Lua APIs that may yield
(like cosockets, sleeping, and "light threads")
Expand Down
5 changes: 2 additions & 3 deletions doc/HttpLuaModule.wiki
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2180,7 +2180,7 @@ the SSL session via SSL session IDs or TLS session tickets for the current SSL c
other words, this Lua handler only runs when NGINX has to initiate a full SSL handshake.

Below is a trivial example using the
[https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl.md ngx.ssl] module
[https://github.com/vartiait/lua-resty-core/blob/ssl-psk/lib/ngx/ssl.md ngx.ssl] module
at the same time:

<geshi lang="nginx">
Expand All @@ -2203,8 +2203,7 @@ at the same time:
See more complicated examples in the [https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl.md ngx.ssl]
Lua module's official documentation.

Uncaught Lua exceptions in the user Lua code immediately abort the current SSL session, so does the
[[#ngx.exit|ngx.exit]] call with an error code like <code>ngx.ERROR</code>.
Uncaught Lua exceptions in the user Lua code immediately abort the current SSL session, so does return call with an error code like <code>ngx.ERROR</code>.

This Lua code execution context *does not* support yielding, so Lua APIs that may yield
(like cosockets, sleeping, and "light threads")
Expand Down