balancer patch should not contain reject in handshake patch

shreemaan-abhishek · shreemaan-abhishek · commit 9178aa142d8c · 2025-01-28T12:08:17.000+05:45
diff --git a/patch/1.27.1.1/lua-resty-core-enable_keepalive.patch b/patch/1.27.1.1/lua-resty-core-enable_keepalive.patch
@@ -141,51 +141,3 @@ index 18bdc2c..cc1c61a 100644
          if rc == FFI_OK then
              return true
          end
-diff --git lib/ngx/ssl.lua lib/ngx/ssl.lua
-index b696bea..f3b20e0 100644
---- lib/ngx/ssl.lua
-+++ lib/ngx/ssl.lua
-@@ -100,7 +100,7 @@ if subsystem == 'http' then
-     void ngx_http_lua_ffi_free_priv_key(void *cdata);
- 
-     int ngx_http_lua_ffi_ssl_verify_client(void *r,
--        void *client_certs, void *trusted_certs, int depth, char **err);
-+        void *client_certs, void *trusted_certs, int depth, int reject_in_handshake, char **err);
- 
-     int ngx_http_lua_ffi_ssl_client_random(ngx_http_request_t *r,
-         const unsigned char *out, size_t *outlen, char **err);
-@@ -198,7 +198,7 @@ elseif subsystem == 'stream' then
-     void ngx_stream_lua_ffi_free_priv_key(void *cdata);
- 
-     int ngx_stream_lua_ffi_ssl_verify_client(void *r,
--        void *client_certs, void *trusted_certs, int depth, char **err);
-+        void *client_certs, void *trusted_certs, int depth, int reject_in_handshake, char **err);
- 
-     int ngx_stream_lua_ffi_ssl_client_random(ngx_stream_lua_request_t *r,
-         unsigned char *out, size_t *outlen, char **err);
-@@ -484,7 +484,7 @@ function _M.set_priv_key(priv_key)
- end
- 
- 
--function _M.verify_client(client_certs, depth, trusted_certs)
-+function _M.verify_client(client_certs, depth, trusted_certs, reject_in_handshake)
-     local r = get_request()
-     if not r then
-         error("no request found")
-@@ -494,8 +494,15 @@ function _M.verify_client(client_certs, depth, trusted_certs)
-         depth = -1
-     end
- 
-+    if reject_in_handshake == nil then
-+        -- reject by default so we can migrate to the new behavior
-+        -- without modifying Lua code
-+        reject_in_handshake = true
-+    end
-+
-+    local reject_in_handshake_int = reject_in_handshake and 1 or 0
-     local rc = ngx_lua_ffi_ssl_verify_client(r, client_certs, trusted_certs,
--                                             depth, errmsg)
-+                                             depth, reject_in_handshake_int, errmsg)
-     if rc == FFI_OK then
-         return true
-     end
