changes so that we can use ngx.ctx to pass data from downstream

phases to upstream phases & its related test case

Author: willmafh

src/ngx_stream_lua_ctx.c

@@ -97,9 +97,6 @@ ngx_stream_lua_ffi_get_ctx_ref(ngx_stream_lua_request_t *r, int *in_ssl_phase,
     }
 
     *in_ssl_phase = ctx->context & (NGX_STREAM_LUA_CONTEXT_SSL_CERT
-#ifdef HAVE_PROXY_SSL_PATCH
-                                    | NGX_STREAM_LUA_CONTEXT_PROXY_SSL_VERIFY
-#endif
                                     | NGX_STREAM_LUA_CONTEXT_SSL_CLIENT_HELLO);
     *ssl_ctx_ref = LUA_NOREF;
 

src/ngx_stream_lua_proxy_ssl_verifyby.c

@@ -258,6 +258,7 @@ ngx_stream_lua_proxy_ssl_verify_handler(X509_STORE_CTX *x509_store, void *arg)
     ngx_stream_lua_request_t           *r = NULL;
     ngx_pool_cleanup_t                 *cln;
     ngx_stream_lua_srv_conf_t          *lscf;
+    ngx_stream_lua_ctx_t               *ctx;
     ngx_stream_lua_ssl_ctx_t           *cctx;
     ngx_stream_core_srv_conf_t         *cscf;
     ngx_stream_session_t               *s, *fs;
@@ -315,6 +316,14 @@ ngx_stream_lua_proxy_ssl_verify_handler(X509_STORE_CTX *x509_store, void *arg)
 
     fs->main_conf = s->main_conf;
     fs->srv_conf = s->srv_conf;
+    /*
+     * so that we can use ngx.ctx to pass data from downstream phases to
+     * upstream phases if there is any
+     */
+    ctx = ngx_stream_get_module_ctx(s, ngx_stream_lua_module);
+    if (ctx) {
+        ngx_stream_set_ctx(fs, ctx, ngx_stream_lua_module);
+    }
 
     r = ngx_stream_lua_create_fake_request(fs);
     if (r == NULL) {

t/164-proxy-ssl-verify-by.t

@@ -887,3 +887,41 @@ qr/\[debug\] .*? SSL_do_handshake: 1/,
 proxy_ssl_verify_by_lua: openssl default verify
 [error]
 [alert]
+
+
+
+=== TEST 22: ngx.ctx to pass data from downstream phase to upstream phase
+--- stream_config
+    server {
+	listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+
+        ssl_certificate ../../cert/mtls_server.crt;
+        ssl_certificate_key ../../cert/mtls_server.key;
+
+	return 'it works!\n';
+    }
+--- stream_server_config
+    proxy_pass                    unix:$TEST_NGINX_HTML_DIR/nginx.sock;
+    proxy_ssl                     on;
+    proxy_ssl_verify              on;
+    proxy_ssl_name                example.com;
+    proxy_ssl_certificate         ../../cert/mtls_client.crt;
+    proxy_ssl_certificate_key     ../../cert/mtls_client.key;
+    proxy_ssl_trusted_certificate ../../cert/mtls_ca.crt;
+    proxy_ssl_session_reuse       off;
+
+    preread_by_lua_block {
+        ngx.ctx.greeting = "I am from preread phase"
+    }
+
+    proxy_ssl_verify_by_lua_block {
+        ngx.log(ngx.INFO, "greeting: ", ngx.ctx.greeting)
+    }
+--- stream_response
+it works!
+--- error_log
+greeting: I am from preread phase
+proxy_ssl_verify_by_lua: handler return value: 0, cert verify callback exit code: 1
+--- no_error_log
+[error]
+[alert]