diff --git a/.travis.yml b/.travis.yml index bb3400f5a8..ee5f43d1c7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -45,12 +45,10 @@ env: - LUAJIT_LIB=$LUAJIT_PREFIX/lib - LUAJIT_INC=$LUAJIT_PREFIX/include/luajit-2.1 - LUA_INCLUDE_DIR=$LUAJIT_INC - #- PCRE2_PREFIX=/usr/local/openresty/pcre2 - - PCRE2_PREFIX=/opt/pcre2 + - PCRE2_PREFIX=/usr/local/openresty/pcre2 - PCRE2_LIB=$PCRE2_PREFIX/lib - PCRE2_INC=$PCRE2_PREFIX/include - #- OPENSSL_PREFIX=/usr/local/openresty/openssl3 - - OPENSSL_PREFIX=/opt/openssl3 + - OPENSSL_PREFIX=/usr/local/openresty/openssl3 - OPENSSL_LIB=$OPENSSL_PREFIX/lib - OPENSSL_INC=$OPENSSL_PREFIX/include - LIBDRIZZLE_PREFIX=/opt/drizzle @@ -84,8 +82,8 @@ before_install: install: - if [ ! -f download-cache/drizzle7-$DRIZZLE_VER.tar.gz ]; then wget -P download-cache https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/drizzle7-$DRIZZLE_VER.tar.gz; fi - - if [ -n "$PCRE2_VER" ] && [ ! -f download-cache/pcre2-$PCRE2_VER.tar.gz ]; then wget -P download-cache https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${PCRE2_VER}/pcre2-${PCRE2_VER}.tar.gz; fi - - if [ -n "$OPENSSL_VER" ] && [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VER/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi + #- if [ -n "$PCRE2_VER" ] && [ ! -f download-cache/pcre2-$PCRE2_VER.tar.gz ]; then wget -P download-cache https://github.com/PCRE2Project/pcre2/releases/download/pcre2-${PCRE2_VER}/pcre2-${PCRE2_VER}.tar.gz; fi + #- if [ -n "$OPENSSL_VER" ] && [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VER/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi - wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/boringssl-20230902-x64-focal.tar.gz - wget https://github.com/openresty/openresty-deps-prebuild/releases/download/v20230902/curl-h3-x64-focal.tar.gz - git clone https://github.com/openresty/test-nginx.git @@ -137,9 +135,9 @@ script: - sudo make install-libdrizzle-1.0 > build.log 2>&1 || (cat build.log && exit 1) - cd ../mockeagain/ && make CC=$CC -j$JOBS && cd .. - cd lua-cjson/ && make -j$JOBS && sudo make install && cd .. - - if [ -n "$PCRE2_VER" ]; then tar zxf download-cache/pcre2-$PCRE2_VER.tar.gz; cd pcre2-$PCRE2_VER/; ./configure --prefix=$PCRE2_PREFIX --enable-jit --enable-utf > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo PATH=$PATH make install > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi - - if [ -n "$OPENSSL_VER" ]; then tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz; cd openssl-$OPENSSL_VER/; patch -p1 < ../../openresty/patches/openssl-$OPENSSL_PATCH_VER-sess_set_get_cb_yield.patch; ./config shared enable-ssl3 enable-ssl3-method -g --prefix=$OPENSSL_PREFIX --libdir=lib -DPURIFY > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo make PATH=$PATH install_sw > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi - - if [ -n "$BORINGSSL" ]; then sudo rm -fr /usr/local/openresty/openssl3/ && sudo mkdir -p /usr/local/openresty/openssl3 && sudo tar -C /usr/local/openresty/openssl3 -xf boringssl-20230902-x64-focal.tar.gz --strip-components=1; fi + #- if [ -n "$PCRE2_VER" ]; then tar zxf download-cache/pcre2-$PCRE2_VER.tar.gz; cd pcre2-$PCRE2_VER/; ./configure --prefix=$PCRE2_PREFIX --enable-jit --enable-utf > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo PATH=$PATH make install > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi + #- if [ -n "$OPENSSL_VER" ]; then tar zxf download-cache/openssl-$OPENSSL_VER.tar.gz; cd openssl-$OPENSSL_VER/; patch -p1 < ../../openresty/patches/openssl-$OPENSSL_PATCH_VER-sess_set_get_cb_yield.patch; ./config shared enable-ssl3 enable-ssl3-method -g --prefix=$OPENSSL_PREFIX --libdir=lib -DPURIFY > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo make PATH=$PATH install_sw > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi + - if [ -n "$BORINGSSL" ]; then sudo rm -fr $OPENSSL_PREFIX && sudo mkdir -p $OPENSSL_PREFIX && sudo tar -C $OPENSSL_PREFIX -xf boringssl-20230902-x64-focal.tar.gz --strip-components=1; fi - export NGX_BUILD_CC=$CC - sh util/build-without-ssl.sh $NGINX_VERSION > build.log 2>&1 || (cat build.log && exit 1) - sh util/build-with-dd.sh $NGINX_VERSION > build.log 2>&1 || (cat build.log && exit 1) diff --git a/src/ngx_http_lua_common.h b/src/ngx_http_lua_common.h index 262f71feab..28538cc224 100644 --- a/src/ngx_http_lua_common.h +++ b/src/ngx_http_lua_common.h @@ -24,6 +24,28 @@ #include + +#if (NGX_HTTP_SSL) +/* introduce OPENSSL_IS_BORINGSSL and LIBRESSL_VERSION_NUMBER */ +#include + +#ifdef HAVE_PROXY_SSL_PATCH + +#if defined(LIBRESSL_VERSION_NUMBER) +#define HAVE_LUA_PROXY_SSL 0 +#elif defined(OPENSSL_IS_BORINGSSL) +#define HAVE_LUA_PROXY_SSL 0 +#elif defined(SSL_ERROR_WANT_RETRY_VERIFY) && \ + OPENSSL_VERSION_NUMBER >= 0x30000020uL +#define HAVE_LUA_PROXY_SSL 1 +#else +#define HAVE_LUA_PROXY_SSL 0 +#endif + +#endif /* HAVE_PROXY_SSL_PATCH */ +#endif /* NGX_HTTP_SSL */ + + #if defined(NDK) && NDK #include @@ -393,7 +415,7 @@ struct ngx_http_lua_loc_conf_s { ngx_array_t *ssl_conf_commands; #endif -#ifdef HAVE_PROXY_SSL_PATCH +#if HAVE_LUA_PROXY_SSL ngx_http_lua_loc_conf_handler_pt proxy_ssl_cert_handler; ngx_str_t proxy_ssl_cert_src; u_char *proxy_ssl_cert_src_key; diff --git a/src/ngx_http_lua_control.c b/src/ngx_http_lua_control.c index c3febe3094..895604c42c 100644 --- a/src/ngx_http_lua_control.c +++ b/src/ngx_http_lua_control.c @@ -387,7 +387,7 @@ ngx_http_lua_ffi_exit(ngx_http_request_t *r, int status, u_char *err, | NGX_HTTP_LUA_CONTEXT_TIMER | NGX_HTTP_LUA_CONTEXT_HEADER_FILTER | NGX_HTTP_LUA_CONTEXT_BALANCER -#ifdef HAVE_PROXY_SSL_PATCH +#if HAVE_LUA_PROXY_SSL | NGX_HTTP_LUA_CONTEXT_PROXY_SSL_CERT | NGX_HTTP_LUA_CONTEXT_PROXY_SSL_VERIFY #endif @@ -402,7 +402,7 @@ ngx_http_lua_ffi_exit(ngx_http_request_t *r, int status, u_char *err, } if (ctx->context & (NGX_HTTP_LUA_CONTEXT_SSL_CERT -#ifdef HAVE_PROXY_SSL_PATCH +#if HAVE_LUA_PROXY_SSL | NGX_HTTP_LUA_CONTEXT_PROXY_SSL_CERT | NGX_HTTP_LUA_CONTEXT_PROXY_SSL_VERIFY #endif diff --git a/src/ngx_http_lua_module.c b/src/ngx_http_lua_module.c index 638c6ac28d..19880ff599 100644 --- a/src/ngx_http_lua_module.c +++ b/src/ngx_http_lua_module.c @@ -33,10 +33,8 @@ #include "ngx_http_lua_ssl_session_storeby.h" #include "ngx_http_lua_ssl_session_fetchby.h" -#ifdef HAVE_PROXY_SSL_PATCH #include "ngx_http_lua_proxy_ssl_certby.h" #include "ngx_http_lua_proxy_ssl_verifyby.h" -#endif #include "ngx_http_lua_headers.h" #include "ngx_http_lua_headers_out.h" @@ -698,7 +696,7 @@ static ngx_command_t ngx_http_lua_cmds[] = { 0, (void *) ngx_http_lua_ssl_sess_fetch_handler_file }, -#if HAVE_PROXY_SSL_PATCH +#if HAVE_LUA_PROXY_SSL /* same context as proxy_pass directive */ { ngx_string("proxy_ssl_certificate_by_lua_block"), NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS, @@ -1586,7 +1584,7 @@ ngx_http_lua_create_loc_conf(ngx_conf_t *cf) #if (nginx_version >= 1019004) conf->ssl_conf_commands = NGX_CONF_UNSET_PTR; #endif -#ifdef HAVE_PROXY_SSL_PATCH +#if HAVE_LUA_PROXY_SSL conf->proxy_ssl_cert_src_ref = LUA_REFNIL; conf->proxy_ssl_verify_src_ref = LUA_REFNIL; conf->upstream_skip_openssl_default_verify = NGX_CONF_UNSET; @@ -1693,7 +1691,7 @@ ngx_http_lua_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) NULL); #endif -#if HAVE_PROXY_SSL_PATCH +#if HAVE_LUA_PROXY_SSL if (conf->proxy_ssl_cert_src.len == 0) { conf->proxy_ssl_cert_src = prev->proxy_ssl_cert_src; conf->proxy_ssl_cert_handler = prev->proxy_ssl_cert_handler; diff --git a/src/ngx_http_lua_proxy_ssl_certby.c b/src/ngx_http_lua_proxy_ssl_certby.c index e38d2f72bb..4be90de007 100644 --- a/src/ngx_http_lua_proxy_ssl_certby.c +++ b/src/ngx_http_lua_proxy_ssl_certby.c @@ -5,12 +5,12 @@ #ifndef DDEBUG #define DDEBUG 0 #endif -#include "ddebug.h" - -#if (NGX_HTTP_SSL) +#include "ddebug.h" +#include "ngx_http_lua_proxy_ssl_certby.h" +#if HAVE_LUA_PROXY_SSL #include "ngx_http_lua_cache.h" #include "ngx_http_lua_initworkerby.h" #include "ngx_http_lua_util.h" @@ -19,8 +19,6 @@ #include "ngx_http_lua_directive.h" #include "ngx_http_lua_ssl.h" -#ifdef HAVE_PROXY_SSL_PATCH -#include "ngx_http_lua_proxy_ssl_certby.h" static void ngx_http_lua_proxy_ssl_cert_done(void *data); @@ -32,16 +30,6 @@ static ngx_int_t ngx_http_lua_proxy_ssl_cert_by_chunk(lua_State *L, ngx_int_t ngx_http_lua_proxy_ssl_cert_set_callback(ngx_conf_t *cf) { - -#ifdef LIBRESSL_VERSION_NUMBER - - ngx_log_error(NGX_LOG_EMERG, cf->log, 0, - "LibreSSL does not support by proxy_ssl_certificate_by_lua*"); - - return NGX_ERROR; - -#else - void *plcf; ngx_http_upstream_conf_t *ucf; ngx_ssl_t *ssl; @@ -63,22 +51,9 @@ ngx_http_lua_proxy_ssl_cert_set_callback(ngx_conf_t *cf) return NGX_ERROR; } -#if OPENSSL_VERSION_NUMBER >= 0x1000205fL - SSL_CTX_set_cert_cb(ssl->ctx, ngx_http_lua_proxy_ssl_cert_handler, NULL); return NGX_OK; - -#else - - ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "OpenSSL too old to support " - "proxy_ssl_certificate_by_lua*"); - - return NGX_ERROR; - -#endif - -#endif } @@ -149,16 +124,6 @@ char * ngx_http_lua_proxy_ssl_cert_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { -#if OPENSSL_VERSION_NUMBER < 0x1000205fL - - ngx_log_error(NGX_LOG_EMERG, cf->log, 0, - "at least OpenSSL 1.0.2e required but found " - OPENSSL_VERSION_TEXT); - - return NGX_CONF_ERROR; - -#else - size_t chunkname_len; u_char *chunkname; u_char *cache_key = NULL; @@ -227,8 +192,6 @@ ngx_http_lua_proxy_ssl_cert_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, llcf->proxy_ssl_cert_src_key = cache_key; return NGX_CONF_OK; - -#endif /* OPENSSL_VERSION_NUMBER < 0x1000205fL */ } @@ -561,20 +524,6 @@ ngx_http_lua_ffi_proxy_ssl_get_tls1_version(ngx_http_request_t *r, char **err) int ngx_http_lua_ffi_proxy_ssl_clear_certs(ngx_http_request_t *r, char **err) { -#ifdef LIBRESSL_VERSION_NUMBER - - *err = "LibreSSL not supported"; - return NGX_ERROR; - -#else - -# if OPENSSL_VERSION_NUMBER < 0x1000205fL - - *err = "at least OpenSSL 1.0.2e required but found " OPENSSL_VERSION_TEXT; - return NGX_ERROR; - -# else - ngx_http_upstream_t *u; ngx_ssl_conn_t *ssl_conn; ngx_connection_t *c; @@ -599,9 +548,6 @@ ngx_http_lua_ffi_proxy_ssl_clear_certs(ngx_http_request_t *r, char **err) SSL_certs_clear(ssl_conn); return NGX_OK; - -# endif /* OPENSSL_VERSION_NUMBER < 0x1000205fL */ -#endif } @@ -609,20 +555,6 @@ int ngx_http_lua_ffi_proxy_ssl_set_der_certificate(ngx_http_request_t *r, const char *data, size_t len, char **err) { -#ifdef LIBRESSL_VERSION_NUMBER - - *err = "LibreSSL not supported"; - return NGX_ERROR; - -#else - -# if OPENSSL_VERSION_NUMBER < 0x1000205fL - - *err = "at least OpenSSL 1.0.2e required but found " OPENSSL_VERSION_TEXT; - return NGX_ERROR; - -# else - ngx_http_upstream_t *u; ngx_ssl_conn_t *ssl_conn; ngx_connection_t *c; @@ -701,9 +633,6 @@ ngx_http_lua_ffi_proxy_ssl_set_der_certificate(ngx_http_request_t *r, ERR_clear_error(); return NGX_ERROR; - -# endif /* OPENSSL_VERSION_NUMBER < 0x1000205fL */ -#endif } @@ -777,20 +706,6 @@ int ngx_http_lua_ffi_proxy_ssl_set_cert(ngx_http_request_t *r, void *cdata, char **err) { -#ifdef LIBRESSL_VERSION_NUMBER - - *err = "LibreSSL not supported"; - return NGX_ERROR; - -#else - -# if OPENSSL_VERSION_NUMBER < 0x1000205fL - - *err = "at least OpenSSL 1.0.2e required but found " OPENSSL_VERSION_TEXT; - return NGX_ERROR; - -# else - #ifdef OPENSSL_IS_BORINGSSL size_t i; #else @@ -862,9 +777,6 @@ ngx_http_lua_ffi_proxy_ssl_set_cert(ngx_http_request_t *r, ERR_clear_error(); return NGX_ERROR; - -# endif /* OPENSSL_VERSION_NUMBER < 0x1000205fL */ -#endif } @@ -915,67 +827,4 @@ ngx_http_lua_ffi_proxy_ssl_set_priv_key(ngx_http_request_t *r, return NGX_ERROR; } - -#else /* HAVE_PROXY_SSL_PATCH */ - - -int -ngx_http_lua_ffi_proxy_ssl_get_tls1_version(ngx_http_request_t *r, char **err) -{ - *err = "Does not have HAVE_PROXY_SSL_PATCH to support this function"; - - return NGX_ERROR; -} - - -int -ngx_http_lua_ffi_proxy_ssl_clear_certs(ngx_http_request_t *r, char **err) -{ - *err = "Does not have HAVE_PROXY_SSL_PATCH to support this function"; - - return NGX_ERROR; -} - - -int -ngx_http_lua_ffi_proxy_ssl_set_der_certificate(ngx_http_request_t *r, - const char *data, size_t len, char **err) -{ - *err = "Does not have HAVE_PROXY_SSL_PATCH to support this function"; - - return NGX_ERROR; -} - - -int -ngx_http_lua_ffi_proxy_ssl_set_der_private_key(ngx_http_request_t *r, - const char *data, size_t len, char **err) -{ - *err = "Does not have HAVE_PROXY_SSL_PATCH to support this function"; - - return NGX_ERROR; -} - - -int -ngx_http_lua_ffi_proxy_ssl_set_cert(ngx_http_request_t *r, - void *cdata, char **err) -{ - *err = "Does not have HAVE_PROXY_SSL_PATCH to support this function"; - - return NGX_ERROR; -} - - -int -ngx_http_lua_ffi_proxy_ssl_set_priv_key(ngx_http_request_t *r, - void *cdata, char **err) -{ - *err = "Does not have HAVE_PROXY_SSL_PATCH to support this function"; - - return NGX_ERROR; -} - - -#endif /* HAVE_PROXY_SSL_PATCH */ -#endif /* NGX_HTTP_SSL */ +#endif /* HAVE_LUA_PROXY_SSL */ diff --git a/src/ngx_http_lua_proxy_ssl_certby.h b/src/ngx_http_lua_proxy_ssl_certby.h index 0e3905b87a..d72ff5ed82 100644 --- a/src/ngx_http_lua_proxy_ssl_certby.h +++ b/src/ngx_http_lua_proxy_ssl_certby.h @@ -8,9 +8,7 @@ #include "ngx_http_lua_common.h" - -#if (NGX_HTTP_SSL) -#ifdef HAVE_PROXY_SSL_PATCH +#if HAVE_LUA_PROXY_SSL /* do not introduce ngx_http_proxy_module to pollute ngx_http_lua_module.c */ extern ngx_module_t ngx_http_proxy_module; @@ -31,8 +29,7 @@ int ngx_http_lua_proxy_ssl_cert_handler(ngx_ssl_conn_t *ssl_conn, void *data); ngx_int_t ngx_http_lua_proxy_ssl_cert_set_callback(ngx_conf_t *cf); -#endif /* HAVE_PROXY_SSL_PATCH */ -#endif /* NGX_HTTP_SSL */ +#endif /* HAVE_LUA_PROXY_SSL */ #endif /* _NGX_HTTP_LUA_PROXY_SSL_CERTBY_H_INCLUDED_ */ diff --git a/src/ngx_http_lua_proxy_ssl_verifyby.c b/src/ngx_http_lua_proxy_ssl_verifyby.c index ace9e9bcc5..0eced5e380 100644 --- a/src/ngx_http_lua_proxy_ssl_verifyby.c +++ b/src/ngx_http_lua_proxy_ssl_verifyby.c @@ -5,11 +5,12 @@ #ifndef DDEBUG #define DDEBUG 0 #endif -#include "ddebug.h" +#include "ddebug.h" +#include "ngx_http_lua_proxy_ssl_verifyby.h" -#if (NGX_HTTP_SSL) +#if HAVE_LUA_PROXY_SSL #include "ngx_http_lua_cache.h" #include "ngx_http_lua_initworkerby.h" #include "ngx_http_lua_util.h" @@ -17,10 +18,7 @@ #include "ngx_http_lua_contentby.h" #include "ngx_http_lua_directive.h" #include "ngx_http_lua_ssl.h" -#include "ngx_http_lua_proxy_ssl_verifyby.h" - -#if HAVE_PROXY_SSL_PATCH static void ngx_http_lua_proxy_ssl_verify_done(void *data); static void ngx_http_lua_proxy_ssl_verify_aborted(void *data); @@ -658,5 +656,4 @@ ngx_http_lua_ffi_proxy_ssl_get_verify_cert(ngx_http_request_t *r, char **err) return x509; } -#endif /* HAVE_PROXY_SSL_PATCH */ -#endif /* NGX_HTTP_SSL */ +#endif /* HAVE_LUA_PROXY_SSL */ diff --git a/src/ngx_http_lua_proxy_ssl_verifyby.h b/src/ngx_http_lua_proxy_ssl_verifyby.h index bba0ecbeab..4e8a8b2dc8 100644 --- a/src/ngx_http_lua_proxy_ssl_verifyby.h +++ b/src/ngx_http_lua_proxy_ssl_verifyby.h @@ -10,18 +10,7 @@ #if (NGX_HTTP_SSL) -#ifdef HAVE_PROXY_SSL_PATCH - -#if defined(LIBRESSL_VERSION_NUMBER) -#define HAVE_PROXY_SSL_PATCH 0 -#elif defined(OPENSSL_IS_BORINGSSL) -#define HAVE_PROXY_SSL_PATCH 0 -#elif defined(SSL_ERROR_WANT_RETRY_VERIFY) && \ - OPENSSL_VERSION_NUMBER >= 0x30000020uL -#define HAVE_PROXY_SSL_PATCH 1 -#else -#define HAVE_PROXY_SSL_PATCH 0 -#endif +#if HAVE_LUA_PROXY_SSL /* do not introduce ngx_http_proxy_module to pollute ngx_http_lua_module.c */ @@ -44,7 +33,7 @@ int ngx_http_lua_proxy_ssl_verify_handler(X509_STORE_CTX *x509_store, ngx_int_t ngx_http_lua_proxy_ssl_verify_set_callback(ngx_conf_t *cf); -#endif /* HAVE_PROXY_SSL_PATCH */ +#endif /* HAVE_LUA_PROXY_SSL */ #endif /* NGX_HTTP_SSL */ diff --git a/src/ngx_http_lua_ssl.h b/src/ngx_http_lua_ssl.h index 173e2dc762..a7cdc6e633 100644 --- a/src/ngx_http_lua_ssl.h +++ b/src/ngx_http_lua_ssl.h @@ -24,7 +24,7 @@ typedef struct { ngx_str_t session_id; -#ifdef HAVE_PROXY_SSL_PATCH +#if HAVE_LUA_PROXY_SSL X509_STORE_CTX *x509_store; ngx_pool_t *pool; #endif @@ -38,7 +38,7 @@ typedef struct { request ctx data in lua registry */ -#ifdef HAVE_PROXY_SSL_PATCH +#if HAVE_LUA_PROXY_SSL /* same size as count field of ngx_http_request_t */ unsigned original_request_count:16; #endif @@ -48,7 +48,7 @@ typedef struct { unsigned entered_client_hello_handler:1; unsigned entered_cert_handler:1; unsigned entered_sess_fetch_handler:1; -#ifdef HAVE_PROXY_SSL_PATCH +#if HAVE_LUA_PROXY_SSL unsigned entered_proxy_ssl_cert_handler:1; unsigned entered_proxy_ssl_verify_handler:1; #endif diff --git a/src/ngx_http_lua_util.c b/src/ngx_http_lua_util.c index d7e697888b..2dc4f84902 100644 --- a/src/ngx_http_lua_util.c +++ b/src/ngx_http_lua_util.c @@ -1684,7 +1684,7 @@ ngx_http_lua_run_thread(lua_State *L, ngx_http_request_t *r, done: -#ifdef HAVE_PROXY_SSL_PATCH +#if HAVE_LUA_PROXY_SSL if (ctx->context == NGX_HTTP_LUA_CONTEXT_PROXY_SSL_CERT || ctx->context == NGX_HTTP_LUA_CONTEXT_PROXY_SSL_VERIFY) { @@ -2447,7 +2447,7 @@ ngx_http_lua_handle_exit(lua_State *L, ngx_http_request_t *r, return ctx->exit_code; } -#ifdef HAVE_PROXY_SSL_PATCH +#if HAVE_LUA_PROXY_SSL if (ctx->context == NGX_HTTP_LUA_CONTEXT_PROXY_SSL_CERT || ctx->context == NGX_HTTP_LUA_CONTEXT_PROXY_SSL_VERIFY) { @@ -3691,7 +3691,7 @@ ngx_http_lua_finalize_request(ngx_http_request_t *r, ngx_int_t rc) { ngx_http_lua_ctx_t *ctx; #if (NGX_HTTP_SSL) -#ifdef HAVE_PROXY_SSL_PATCH +#if HAVE_LUA_PROXY_SSL ngx_http_upstream_t *u; ngx_connection_t *c; ngx_http_lua_ssl_ctx_t *cctx; @@ -3704,7 +3704,7 @@ ngx_http_lua_finalize_request(ngx_http_request_t *r, ngx_int_t rc) } #if (NGX_HTTP_SSL) -#ifdef HAVE_PROXY_SSL_PATCH +#if HAVE_LUA_PROXY_SSL u = r->upstream; if (u) { c = u->peer.connection;