|
| 1 | +diff --git src/ngx_stream_lua_ssl_certby.c src/ngx_stream_lua_ssl_certby.c |
| 2 | +index 7b4cc5b..a67386d 100644 |
| 3 | +--- src/ngx_stream_lua_ssl_certby.c |
| 4 | ++++ src/ngx_stream_lua_ssl_certby.c |
| 5 | +@@ -882,6 +882,49 @@ ngx_stream_lua_ffi_ssl_server_name(ngx_stream_lua_request_t *r, char **name, |
| 6 | + } |
| 7 | + |
| 8 | + |
| 9 | ++int |
| 10 | ++ngx_stream_lua_ffi_ssl_session_hostname(ngx_stream_request_t *r, char **name, |
| 11 | ++ size_t *namelen, char **err) |
| 12 | ++{ |
| 13 | ++ ngx_ssl_conn_t *ssl_conn; |
| 14 | ++ |
| 15 | ++ if (r->connection == NULL || r->connection->ssl == NULL) { |
| 16 | ++ *err = "bad request"; |
| 17 | ++ return NGX_ERROR; |
| 18 | ++ } |
| 19 | ++ |
| 20 | ++ ssl_conn = r->connection->ssl->connection; |
| 21 | ++ if (ssl_conn == NULL) { |
| 22 | ++ *err = "bad ssl conn"; |
| 23 | ++ return NGX_ERROR; |
| 24 | ++ } |
| 25 | ++ |
| 26 | ++#if (defined(TLS1_3_VERSION) \ |
| 27 | ++ && !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL)) |
| 28 | ++ |
| 29 | ++ /* |
| 30 | ++ * SSL_SESSION_get0_hostname() is only available in OpenSSL 1.1.1+, |
| 31 | ++ * but servername being negotiated in every TLSv1.3 handshake |
| 32 | ++ * is only returned in OpenSSL 1.1.1+ as well |
| 33 | ++ */ |
| 34 | ++ |
| 35 | ++ SSL_SESSION *sess = SSL_get0_session(ssl_conn); |
| 36 | ++ if (sess != NULL) { |
| 37 | ++ *name = (char *) SSL_SESSION_get0_hostname(sess); |
| 38 | ++ if (*name) { |
| 39 | ++ *namelen = ngx_strlen(*name); |
| 40 | ++ return NGX_OK; |
| 41 | ++ } |
| 42 | ++ } |
| 43 | ++ |
| 44 | ++#endif |
| 45 | ++ |
| 46 | ++ *name = ""; |
| 47 | ++ *namelen = 0; |
| 48 | ++ return NGX_OK; |
| 49 | ++} |
| 50 | ++ |
| 51 | ++ |
| 52 | + int |
| 53 | + ngx_stream_lua_ffi_ssl_server_port(ngx_stream_lua_request_t *r, |
| 54 | + unsigned short *server_port, char **err) |
0 commit comments