diff --git a/.requirements b/.requirements index 9513aa741b9b..27e84ee9c546 100644 --- a/.requirements +++ b/.requirements @@ -1,6 +1,6 @@ KONG_PACKAGE_NAME=kong -OPENRESTY=1.21.4.1 +OPENRESTY=1.21.4.2 LUAROCKS=3.9.2 OPENSSL=3.1.2 PCRE=8.45 diff --git a/CHANGELOG.md b/CHANGELOG.md index b72b9c1847a3..d9efc155ae71 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -165,6 +165,8 @@ ### Dependencies +- Bumped OpenResty from 1.21.4.1 to 1.21.4.2 + [#11360](https://github.com/Kong/kong/pull/11360) - Bumped lua-resty-openssl from 0.8.20 to 0.8.23 [#10837](https://github.com/Kong/kong/pull/10837) [#11099](https://github.com/Kong/kong/pull/11099) diff --git a/build/openresty/patches/LuaJIT-2.1-20220411_02.patch b/build/openresty/patches/LuaJIT-2.1-20220411_02.patch deleted file mode 100644 index 971ab37cd5b9..000000000000 --- a/build/openresty/patches/LuaJIT-2.1-20220411_02.patch +++ /dev/null @@ -1,24 +0,0 @@ -From dad04f1754723e76ba9dcf9f401f3134a0cd3972 Mon Sep 17 00:00:00 2001 -From: Mike Pall -Date: Wed, 14 Sep 2022 12:26:53 +0200 -Subject: [PATCH] Fix trace join to BC_JLOOP originating from BC_ITERN. - -Reported by OpenResty Inc. ---- - src/lj_record.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/bundle/LuaJIT-2.1-20220411/src/lj_record.c b/bundle/LuaJIT-2.1-20220411/src/lj_record.c -index 5d02d24a1..bfd412365 100644 ---- a/bundle/LuaJIT-2.1-20220411/src/lj_record.c -+++ b/bundle/LuaJIT-2.1-20220411/src/lj_record.c -@@ -2566,7 +2566,8 @@ void lj_record_ins(jit_State *J) - break; - case BC_JLOOP: - rec_loop_jit(J, rc, rec_loop(J, ra, -- !bc_isret(bc_op(traceref(J, rc)->startins)))); -+ !bc_isret(bc_op(traceref(J, rc)->startins)) && -+ bc_op(traceref(J, rc)->startins) != BC_ITERN)); - break; - - case BC_IFORL: \ No newline at end of file diff --git a/build/openresty/patches/LuaJIT-2.1-20220411_01_patch_macro_luajit_version.patch b/build/openresty/patches/LuaJIT-2.1-20230410_01_patch_macro_luajit_version.patch similarity index 76% rename from build/openresty/patches/LuaJIT-2.1-20220411_01_patch_macro_luajit_version.patch rename to build/openresty/patches/LuaJIT-2.1-20230410_01_patch_macro_luajit_version.patch index fbb6be67bb63..9edd6e5478f7 100644 --- a/build/openresty/patches/LuaJIT-2.1-20220411_01_patch_macro_luajit_version.patch +++ b/build/openresty/patches/LuaJIT-2.1-20230410_01_patch_macro_luajit_version.patch @@ -7,10 +7,10 @@ Subject: [PATCH] Patch macro `LUAJIT_VERSION` src/luajit.h | 2 ++ 1 file changed, 2 insertions(+) -diff --git a/bundle/LuaJIT-2.1-20220411/src/luajit.h b/bundle/LuaJIT-2.1-20220411/src/luajit.h +diff --git a/bundle/LuaJIT-2.1-20230410/src/luajit.h b/bundle/LuaJIT-2.1-20230410/src/luajit.h index a4d33001..e35f4e7e 100644 ---- a/bundle/LuaJIT-2.1-20220411/src/luajit.h -+++ b/bundle/LuaJIT-2.1-20220411/src/luajit.h +--- a/bundle/LuaJIT-2.1-20230410/src/luajit.h ++++ b/bundle/LuaJIT-2.1-20230410/src/luajit.h @@ -32,7 +32,9 @@ #define OPENRESTY_LUAJIT diff --git a/build/openresty/patches/LuaJIT-2.1-20220411_03_pass_cc_env.patch b/build/openresty/patches/LuaJIT-2.1-20230410_02_pass_cc_env.patch similarity index 83% rename from build/openresty/patches/LuaJIT-2.1-20220411_03_pass_cc_env.patch rename to build/openresty/patches/LuaJIT-2.1-20230410_02_pass_cc_env.patch index bb6baa78d413..27aede320072 100644 --- a/build/openresty/patches/LuaJIT-2.1-20220411_03_pass_cc_env.patch +++ b/build/openresty/patches/LuaJIT-2.1-20230410_02_pass_cc_env.patch @@ -1,7 +1,7 @@ -diff --git a/bundle/LuaJIT-2.1-20220411/src/Makefile b/bundle/LuaJIT-2.1-20220411/src/Makefile +diff --git a/bundle/LuaJIT-2.1-20230410/src/Makefile b/bundle/LuaJIT-2.1-20230410/src/Makefile index 68a9a7c..8d2de33 100644 ---- a/bundle/LuaJIT-2.1-20220411/src/Makefile -+++ b/bundle/LuaJIT-2.1-20220411/src/Makefile +--- a/bundle/LuaJIT-2.1-20230410/src/Makefile ++++ b/bundle/LuaJIT-2.1-20230410/src/Makefile @@ -27,7 +27,8 @@ NODOTABIVER= 51 DEFAULT_CC = gcc # @@ -37,4 +37,4 @@ index 68a9a7c..8d2de33 100644 + TARGET_DYNXLDOPTS= -Wl,-rpath,$(TARGET_LIBPATH) endif endif - ifneq (,$(MULTILIB)) \ No newline at end of file + ifneq (,$(MULTILIB)) diff --git a/build/openresty/patches/LuaJIT-2.1-20220411_05_arm64_sigill.patch b/build/openresty/patches/LuaJIT-2.1-20230410_03_arm64_sigill.patch similarity index 78% rename from build/openresty/patches/LuaJIT-2.1-20220411_05_arm64_sigill.patch rename to build/openresty/patches/LuaJIT-2.1-20230410_03_arm64_sigill.patch index 32ab57b8ad83..55fc8831d7be 100644 --- a/build/openresty/patches/LuaJIT-2.1-20220411_05_arm64_sigill.patch +++ b/build/openresty/patches/LuaJIT-2.1-20230410_03_arm64_sigill.patch @@ -8,10 +8,10 @@ Subject: [PATCH] Fix fuse case for LDP instuction on Arm64 when offset is src/lj_emit_arm64.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/bundle/LuaJIT-2.1-20220411/src/lj_emit_arm64.h b/bundle/LuaJIT-2.1-20220411/src/lj_emit_arm64.h +diff --git a/bundle/LuaJIT-2.1-20230410/src/lj_emit_arm64.h b/bundle/LuaJIT-2.1-20230410/src/lj_emit_arm64.h index 0ddba4a3..e19a8e4a 100644 ---- a/bundle/LuaJIT-2.1-20220411/src/lj_emit_arm64.h -+++ b/bundle/LuaJIT-2.1-20220411/src/lj_emit_arm64.h +--- a/bundle/LuaJIT-2.1-20230410/src/lj_emit_arm64.h ++++ b/bundle/LuaJIT-2.1-20230410/src/lj_emit_arm64.h @@ -143,7 +143,7 @@ static void emit_lso(ASMState *as, A64Ins ai, Reg rd, Reg rn, int64_t ofs) goto nopair; } diff --git a/build/openresty/patches/LuaJIT-2.1-20220411_06_arm64_fix_HREFK.patch b/build/openresty/patches/LuaJIT-2.1-20230410_04_arm64_fix_HREFK.patch similarity index 79% rename from build/openresty/patches/LuaJIT-2.1-20220411_06_arm64_fix_HREFK.patch rename to build/openresty/patches/LuaJIT-2.1-20230410_04_arm64_fix_HREFK.patch index b4b803cbd815..d52d51c09a2e 100644 --- a/build/openresty/patches/LuaJIT-2.1-20220411_06_arm64_fix_HREFK.patch +++ b/build/openresty/patches/LuaJIT-2.1-20230410_04_arm64_fix_HREFK.patch @@ -9,10 +9,10 @@ Fix contributed by Peter Cawley. src/lj_asm_arm64.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/bundle/LuaJIT-2.1-20220411/src/lj_asm_arm64.h b/bundle/LuaJIT-2.1-20220411/src/lj_asm_arm64.h +diff --git a/bundle/LuaJIT-2.1-20230410/src/lj_asm_arm64.h b/bundle/LuaJIT-2.1-20230410/src/lj_asm_arm64.h index 805ea54b..95138fe9 100644 ---- a/bundle/LuaJIT-2.1-20220411/src/lj_asm_arm64.h -+++ b/bundle/LuaJIT-2.1-20220411/src/lj_asm_arm64.h +--- a/bundle/LuaJIT-2.1-20230410/src/lj_asm_arm64.h ++++ b/bundle/LuaJIT-2.1-20230410/src/lj_asm_arm64.h @@ -938,7 +938,7 @@ static void asm_hrefk(ASMState *as, IRIns *ir) IRIns *irkey = IR(kslot->op1); int32_t ofs = (int32_t)(kslot->op2 * sizeof(Node)); diff --git a/build/openresty/patches/lua-cjson-2.1.0.10_01-empty_array.patch b/build/openresty/patches/lua-cjson-2.1.0.10_01-empty_array.patch deleted file mode 100644 index f0542d6624bc..000000000000 --- a/build/openresty/patches/lua-cjson-2.1.0.10_01-empty_array.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ruN a/bundle/lua-cjson-2.1.0.8/lua_cjson.c b/bundle/lua-cjson-2.1.0.8/lua_cjson.c ---- a/bundle/lua-cjson-2.1.0.10/lua_cjson.c 2022-01-11 15:11:17.495464192 +0800 -+++ b/bundle/lua-cjson-2.1.0.10/lua_cjson.c 2022-01-11 14:58:55.150669748 +0800 -@@ -800,7 +800,7 @@ - case LUA_TLIGHTUSERDATA: - if (lua_touserdata(l, -1) == NULL) { - strbuf_append_mem(json, "null", 4); -- } else if (lua_touserdata(l, -1) == &json_array) { -+ } else if (lua_touserdata(l, -1) == json_lightudata_mask(&json_array)) { - json_append_array(l, cfg, current_depth, json, 0); - } - break; diff --git a/build/openresty/patches/lua-cjson-2.1.0.10_02-handle-large-string-correctly.patch b/build/openresty/patches/lua-cjson-2.1.0.11_01-handle-large-string-correctly.patch similarity index 95% rename from build/openresty/patches/lua-cjson-2.1.0.10_02-handle-large-string-correctly.patch rename to build/openresty/patches/lua-cjson-2.1.0.11_01-handle-large-string-correctly.patch index 2458c4e186a3..c59b10d2aafd 100644 --- a/build/openresty/patches/lua-cjson-2.1.0.10_02-handle-large-string-correctly.patch +++ b/build/openresty/patches/lua-cjson-2.1.0.11_01-handle-large-string-correctly.patch @@ -1,7 +1,7 @@ -diff --git a/bundle/lua-cjson-2.1.0.10/lua_cjson.c b/bundle/lua-cjson-2.1.0.10/lua_cjson.c +diff --git a/bundle/lua-cjson-2.1.0.11/lua_cjson.c b/bundle/lua-cjson-2.1.0.11/lua_cjson.c index ff61c47..3b055c4 100644 ---- a/bundle/lua-cjson-2.1.0.10/lua_cjson.c -+++ b/bundle/lua-cjson-2.1.0.10/lua_cjson.c +--- a/bundle/lua-cjson-2.1.0.11/lua_cjson.c ++++ b/bundle/lua-cjson-2.1.0.11/lua_cjson.c @@ -40,6 +40,7 @@ #include #include @@ -44,10 +44,10 @@ index ff61c47..3b055c4 100644 luaL_argcheck(l, lua_gettop(l) == 1, 1, "expected 1 argument"); -diff --git a/bundle/lua-cjson-2.1.0.10/strbuf.c b/bundle/lua-cjson-2.1.0.10/strbuf.c +diff --git a/bundle/lua-cjson-2.1.0.11/strbuf.c b/bundle/lua-cjson-2.1.0.11/strbuf.c index ed13367..2dc30be 100644 ---- a/bundle/lua-cjson-2.1.0.10/strbuf.c -+++ b/bundle/lua-cjson-2.1.0.10/strbuf.c +--- a/bundle/lua-cjson-2.1.0.11/strbuf.c ++++ b/bundle/lua-cjson-2.1.0.11/strbuf.c @@ -26,6 +26,7 @@ #include #include @@ -258,10 +258,10 @@ index ed13367..2dc30be 100644 /* vi:ai et sw=4 ts=4: */ -diff --git a/bundle/lua-cjson-2.1.0.10/strbuf.h b/bundle/lua-cjson-2.1.0.10/strbuf.h +diff --git a/bundle/lua-cjson-2.1.0.11/strbuf.h b/bundle/lua-cjson-2.1.0.11/strbuf.h index 5df0b7b..d77e0f4 100644 ---- a/bundle/lua-cjson-2.1.0.10/strbuf.h -+++ b/bundle/lua-cjson-2.1.0.10/strbuf.h +--- a/bundle/lua-cjson-2.1.0.11/strbuf.h ++++ b/bundle/lua-cjson-2.1.0.11/strbuf.h @@ -32,15 +32,13 @@ /* Size: Total bytes allocated to *buf @@ -384,4 +384,4 @@ index 5df0b7b..d77e0f4 100644 +static inline char *strbuf_string(strbuf_t *s, size_t *len) { if (len) - *len = s->length; \ No newline at end of file + *len = s->length; diff --git a/build/openresty/patches/lua-resty-core-0.1.23_01-cosocket-mtls.patch b/build/openresty/patches/lua-resty-core-0.1.23_01-cosocket-mtls.patch deleted file mode 100644 index 9240a38568d3..000000000000 --- a/build/openresty/patches/lua-resty-core-0.1.23_01-cosocket-mtls.patch +++ /dev/null @@ -1,566 +0,0 @@ -From 4f0f4bf63d23a952179aaf810c10dfffc19ee835 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 28 Jan 2022 20:54:30 +0800 -Subject: [PATCH 1/9] move tcp.lua into socket.lua - ---- - lib/resty/core/socket.lua | 136 +++++++++++++++++++++++++++++++++++++- - 1 file changed, 133 insertions(+), 3 deletions(-) - -diff --git a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -index 1a504ec..cc0081e 100644 ---- a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -@@ -6,13 +6,21 @@ local ffi = require 'ffi' - - local error = error - local tonumber = tonumber -+local tostring = tostring -+local type = type -+local select = select - local registry = debug.getregistry() -+ -+local C = ffi.C - local ffi_new = ffi.new - local ffi_string = ffi.string --local C = ffi.C -+local ffi_gc = ffi.gc -+ - local get_string_buf = base.get_string_buf - local get_size_ptr = base.get_size_ptr --local tostring = tostring -+local get_request = base.get_request -+ -+local co_yield = coroutine._yield - - - local option_index = { -@@ -35,15 +43,29 @@ ngx_http_lua_ffi_socket_tcp_getoption(ngx_http_lua_socket_tcp_upstream_t *u, - int - ngx_http_lua_ffi_socket_tcp_setoption(ngx_http_lua_socket_tcp_upstream_t *u, - int opt, int val, unsigned char *err, size_t *errlen); -+ -+int ngx_http_lua_ffi_socket_tcp_sslhandshake(ngx_http_request_t *r, -+ ngx_http_lua_socket_tcp_upstream_t *u, void *sess, -+ int enable_session_reuse, ngx_str_t *server_name, int verify, -+ int ocsp_status_req, void *chain, void *pkey, char **errmsg); -+ -+int ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(ngx_http_request_t *r, -+ ngx_http_lua_socket_tcp_upstream_t *u, void **sess, char **errmsg, -+ int *openssl_error_code); -+ -+void ngx_http_lua_ffi_ssl_free_session(void *sess); - ]] - - - local output_value_buf = ffi_new("int[1]") - local FFI_OK = base.FFI_OK -+local FFI_ERROR = base.FFI_ERROR -+local FFI_DONE = base.FFI_DONE -+local FFI_AGAIN = base.FFI_AGAIN -+local FFI_NO_REQ_CTX = base.FFI_NO_REQ_CTX - local SOCKET_CTX_INDEX = 1 - local ERR_BUF_SIZE = 4096 - -- - local function get_tcp_socket(cosocket) - local tcp_socket = cosocket[SOCKET_CTX_INDEX] - if not tcp_socket then -@@ -114,10 +136,118 @@ local function setoption(cosocket, option, value) - end - - -+local errmsg = base.get_errmsg_ptr() -+local session_ptr = ffi_new("void *[1]") -+local server_name_str = ffi_new("ngx_str_t[1]") -+local openssl_error_code = ffi_new("int[1]") -+ -+ -+local function setclientcert(self, cert, pkey) -+ if not cert and not pkey then -+ self.client_cert = nil -+ self.client_pkey = nil -+ return -+ end -+ -+ if not cert or not pkey then -+ error("client certificate must be supplied with corresponding " .. -+ "private key", 2) -+ end -+ -+ if type(cert) ~= "cdata" then -+ error("bad client cert type", 2) -+ end -+ -+ if type(pkey) ~= "cdata" then -+ error("bad client pkey type", 2) -+ end -+ -+ self.client_cert = cert -+ self.client_pkey = pkey -+end -+ -+ -+local function sslhandshake(self, reused_session, server_name, ssl_verify, -+ send_status_req, ...) -+ -+ local n = select("#", ...) -+ if not self or n > 1 then -+ error("ngx.socket sslhandshake: expecting 1 ~ 5 arguments " .. -+ "(including the object), but seen " .. (5 + n)) -+ end -+ -+ local r = get_request() -+ if not r then -+ error("no request found", 2) -+ end -+ -+ session_ptr[0] = type(reused_session) == "cdata" and reused_session or nil -+ -+ if server_name then -+ server_name_str[0].data = server_name -+ server_name_str[0].len = #server_name -+ -+ else -+ server_name_str[0].data = nil -+ server_name_str[0].len = 0 -+ end -+ -+ local u = self[SOCKET_CTX_INDEX] -+ -+ local rc = C.ngx_http_lua_ffi_socket_tcp_sslhandshake(r, u, -+ session_ptr[0], -+ reused_session ~= false, -+ server_name_str, -+ ssl_verify and 1 or 0, -+ send_status_req and 1 or 0, -+ self.client_cert, self.client_pkey, errmsg) -+ -+ if rc == FFI_NO_REQ_CTX then -+ error("no request ctx found", 2) -+ end -+ -+ while true do -+ if rc == FFI_ERROR then -+ if openssl_error_code[0] ~= 0 then -+ return nil, openssl_error_code[0] .. ": " .. ffi_string(errmsg[0]) -+ end -+ -+ return nil, ffi_string(errmsg[0]) -+ end -+ -+ if rc == FFI_DONE then -+ return reused_session -+ end -+ -+ if rc == FFI_OK then -+ if reused_session == false then -+ return true -+ end -+ -+ rc = C.ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(r, u, -+ session_ptr, errmsg, openssl_error_code) -+ -+ if session_ptr[0] == nil then -+ return nil -+ end -+ -+ return ffi_gc(session_ptr[0], C.ngx_http_lua_ffi_ssl_free_session) -+ end -+ -+ co_yield() -+ -+ rc = C.ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(r, u, -+ session_ptr, errmsg, openssl_error_code) -+ end -+end -+ -+ - do - local method_table = registry.__tcp_cosocket_mt - method_table.getoption = getoption - method_table.setoption = setoption -+ method_table.setclientcert = setclientcert -+ method_table.sslhandshake = sslhandshake - end - - --- -2.32.0 (Apple Git-132) - - -From 4eab5793d741c739d9c5cfe14e0671c1d70fd6e5 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 28 Jan 2022 21:37:45 +0800 -Subject: [PATCH 2/9] revert assert in sslhandshake - ---- - lib/resty/core/socket.lua | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -index cc0081e..7c61d06 100644 ---- a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -@@ -5,6 +5,7 @@ local ffi = require 'ffi' - - - local error = error -+local assert = assert - local tonumber = tonumber - local tostring = tostring - local type = type -@@ -227,6 +228,8 @@ local function sslhandshake(self, reused_session, server_name, ssl_verify, - rc = C.ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(r, u, - session_ptr, errmsg, openssl_error_code) - -+ assert(rc == FFI_OK) -+ - if session_ptr[0] == nil then - return nil - end -@@ -234,6 +237,8 @@ local function sslhandshake(self, reused_session, server_name, ssl_verify, - return ffi_gc(session_ptr[0], C.ngx_http_lua_ffi_ssl_free_session) - end - -+ assert(rc == FFI_AGAIN) -+ - co_yield() - - rc = C.ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(r, u, --- -2.32.0 (Apple Git-132) - - -From 58de9a44c89f07eda98bb7fd978a9e04a244d2f2 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 28 Jan 2022 21:45:42 +0800 -Subject: [PATCH 3/9] rename ffi_string to ffi_str - ---- - lib/resty/core/socket.lua | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -index 7c61d06..14457da 100644 ---- a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -@@ -14,7 +14,7 @@ local registry = debug.getregistry() - - local C = ffi.C - local ffi_new = ffi.new --local ffi_string = ffi.string -+local ffi_str = ffi.string - local ffi_gc = ffi.gc - - local get_string_buf = base.get_string_buf -@@ -98,7 +98,7 @@ local function getoption(cosocket, option) - err, - errlen) - if rc ~= FFI_OK then -- return nil, ffi_string(err, errlen[0]) -+ return nil, ffi_str(err, errlen[0]) - end - - return tonumber(output_value_buf[0]) -@@ -130,7 +130,7 @@ local function setoption(cosocket, option, value) - err, - errlen) - if rc ~= FFI_OK then -- return nil, ffi_string(err, errlen[0]) -+ return nil, ffi_str(err, errlen[0]) - end - - return true -@@ -210,10 +210,10 @@ local function sslhandshake(self, reused_session, server_name, ssl_verify, - while true do - if rc == FFI_ERROR then - if openssl_error_code[0] ~= 0 then -- return nil, openssl_error_code[0] .. ": " .. ffi_string(errmsg[0]) -+ return nil, openssl_error_code[0] .. ": " .. ffi_str(errmsg[0]) - end - -- return nil, ffi_string(errmsg[0]) -+ return nil, ffi_str(errmsg[0]) - end - - if rc == FFI_DONE then --- -2.32.0 (Apple Git-132) - - -From ff138619432bda6b9bd4f37403c12600a4739e47 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Sat, 29 Jan 2022 07:23:16 +0800 -Subject: [PATCH 4/9] minor style fix - ---- - lib/resty/core/socket.lua | 15 +++++++++------ - 1 file changed, 9 insertions(+), 6 deletions(-) - -diff --git a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -index 14457da..3c882af 100644 ---- a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -@@ -1,7 +1,7 @@ - local base = require "resty.core.base" --base.allows_subsystem('http') --local debug = require 'debug' --local ffi = require 'ffi' -+base.allows_subsystem("http") -+local debug = require "debug" -+local ffi = require "ffi" - - - local error = error -@@ -45,16 +45,19 @@ int - ngx_http_lua_ffi_socket_tcp_setoption(ngx_http_lua_socket_tcp_upstream_t *u, - int opt, int val, unsigned char *err, size_t *errlen); - --int ngx_http_lua_ffi_socket_tcp_sslhandshake(ngx_http_request_t *r, -+int -+ngx_http_lua_ffi_socket_tcp_sslhandshake(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, void *sess, - int enable_session_reuse, ngx_str_t *server_name, int verify, - int ocsp_status_req, void *chain, void *pkey, char **errmsg); - --int ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(ngx_http_request_t *r, -+int -+ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, void **sess, char **errmsg, - int *openssl_error_code); - --void ngx_http_lua_ffi_ssl_free_session(void *sess); -+void -+ngx_http_lua_ffi_ssl_free_session(void *sess); - ]] - - --- -2.32.0 (Apple Git-132) - - -From a843a258987efba49f0b6979389f75ee32c2150c Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Sat, 29 Jan 2022 07:28:41 +0800 -Subject: [PATCH 5/9] rename self to cosocket - ---- - lib/resty/core/socket.lua | 18 +++++++++--------- - 1 file changed, 9 insertions(+), 9 deletions(-) - -diff --git a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -index 3c882af..374d583 100644 ---- a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -@@ -146,10 +146,10 @@ local server_name_str = ffi_new("ngx_str_t[1]") - local openssl_error_code = ffi_new("int[1]") - - --local function setclientcert(self, cert, pkey) -+local function setclientcert(cosocket, cert, pkey) - if not cert and not pkey then -- self.client_cert = nil -- self.client_pkey = nil -+ cosocket.client_cert = nil -+ cosocket.client_pkey = nil - return - end - -@@ -166,16 +166,16 @@ local function setclientcert(self, cert, pkey) - error("bad client pkey type", 2) - end - -- self.client_cert = cert -- self.client_pkey = pkey -+ cosocket.client_cert = cert -+ cosocket.client_pkey = pkey - end - - --local function sslhandshake(self, reused_session, server_name, ssl_verify, -+local function sslhandshake(cosocket, reused_session, server_name, ssl_verify, - send_status_req, ...) - - local n = select("#", ...) -- if not self or n > 1 then -+ if not cosocket or n > 1 then - error("ngx.socket sslhandshake: expecting 1 ~ 5 arguments " .. - "(including the object), but seen " .. (5 + n)) - end -@@ -196,7 +196,7 @@ local function sslhandshake(self, reused_session, server_name, ssl_verify, - server_name_str[0].len = 0 - end - -- local u = self[SOCKET_CTX_INDEX] -+ local u = cosocket[SOCKET_CTX_INDEX] - - local rc = C.ngx_http_lua_ffi_socket_tcp_sslhandshake(r, u, - session_ptr[0], -@@ -204,7 +204,7 @@ local function sslhandshake(self, reused_session, server_name, ssl_verify, - server_name_str, - ssl_verify and 1 or 0, - send_status_req and 1 or 0, -- self.client_cert, self.client_pkey, errmsg) -+ cosocket.client_cert, cosocket.client_pkey, errmsg) - - if rc == FFI_NO_REQ_CTX then - error("no request ctx found", 2) --- -2.32.0 (Apple Git-132) - - -From db95a049a019ff6f0d3b4e550412e40c25dda41f Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Sat, 29 Jan 2022 07:35:04 +0800 -Subject: [PATCH 6/9] use get_tcp_socket() in sslhandshake - ---- - lib/resty/core/socket.lua | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -index 374d583..ecff453 100644 ---- a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -@@ -196,7 +196,7 @@ local function sslhandshake(cosocket, reused_session, server_name, ssl_verify, - server_name_str[0].len = 0 - end - -- local u = cosocket[SOCKET_CTX_INDEX] -+ local u = get_tcp_socket(cosocket) - - local rc = C.ngx_http_lua_ffi_socket_tcp_sslhandshake(r, u, - session_ptr[0], --- -2.32.0 (Apple Git-132) - - -From 6767f0c2e8a73fd1a09d727431bed457c5cac4c0 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Sat, 29 Jan 2022 08:58:52 +0800 -Subject: [PATCH 7/9] fix arguments check in sslhandshake - ---- - lib/resty/core/socket.lua | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -index ecff453..15e3065 100644 ---- a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -@@ -177,7 +177,7 @@ local function sslhandshake(cosocket, reused_session, server_name, ssl_verify, - local n = select("#", ...) - if not cosocket or n > 1 then - error("ngx.socket sslhandshake: expecting 1 ~ 5 arguments " .. -- "(including the object), but seen " .. (5 + n)) -+ "(including the object), but seen " .. (cosocket and 5 + n or 0)) - end - - local r = get_request() --- -2.32.0 (Apple Git-132) - - -From 4eeddcd2114d0097e4b9cb11f2f93d30c70d573e Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Mon, 7 Feb 2022 10:59:35 +0800 -Subject: [PATCH 8/9] setclientcert return err - ---- - lib/resty/core/socket.lua | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -index 15e3065..879d678 100644 ---- a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -@@ -150,24 +150,27 @@ local function setclientcert(cosocket, cert, pkey) - if not cert and not pkey then - cosocket.client_cert = nil - cosocket.client_pkey = nil -- return -+ return true - end - - if not cert or not pkey then -- error("client certificate must be supplied with corresponding " .. -- "private key", 2) -+ return nil, -+ "client certificate must be supplied with corresponding " .. -+ "private key" - end - - if type(cert) ~= "cdata" then -- error("bad client cert type", 2) -+ return nil, "bad client cert type" - end - - if type(pkey) ~= "cdata" then -- error("bad client pkey type", 2) -+ return nil, "bad client pkey type" - end - - cosocket.client_cert = cert - cosocket.client_pkey = pkey -+ -+ return true - end - - --- -2.32.0 (Apple Git-132) - - -From fead2a28f409117ad1b6c98d02edb6a38a64fde0 Mon Sep 17 00:00:00 2001 -From: James Hurst -Date: Wed, 9 Feb 2022 16:05:11 +0000 -Subject: [PATCH 9/9] fix(socket) add temporary backwards compatability for - tlshandshake - ---- - lib/resty/core/socket.lua | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -index 879d678..448bf36 100644 ---- a/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -+++ b/bundle/lua-resty-core-0.1.23/lib/resty/core/socket.lua -@@ -253,12 +253,34 @@ local function sslhandshake(cosocket, reused_session, server_name, ssl_verify, - end - - -+-- Temporary patch for backwards compatablity with existing Kong tech debt -+local function tlshandshake(cosocket, options) -+ local options = options or {} -+ -+ if options.client_cert then -+ local ok, err = cosocket:setclientcert(options.client_cert, options.client_priv_key) -+ if not ok then -+ return nil, err -+ end -+ end -+ -+ return sslhandshake( -+ cosocket, -+ options.reused_session, -+ options.server_name, -+ options.ssl_verify, -+ options.ocsp_status_req -+ ) -+end -+ -+ - do - local method_table = registry.__tcp_cosocket_mt - method_table.getoption = getoption - method_table.setoption = setoption - method_table.setclientcert = setclientcert - method_table.sslhandshake = sslhandshake -+ method_table.tlshandshake = tlshandshake - end - - --- -2.32.0 (Apple Git-132) - diff --git a/build/openresty/patches/lua-resty-core-0.1.23_03-make-resty.core.shdict-compatible-with-m1.patch b/build/openresty/patches/lua-resty-core-0.1.23_03-make-resty.core.shdict-compatible-with-m1.patch deleted file mode 100644 index e9dd92810562..000000000000 --- a/build/openresty/patches/lua-resty-core-0.1.23_03-make-resty.core.shdict-compatible-with-m1.patch +++ /dev/null @@ -1,270 +0,0 @@ -From 85202b4306db143de55926564bf6ce981f3631b4 Mon Sep 17 00:00:00 2001 -From: Aapo Talvensaari -Date: Thu, 16 Dec 2021 19:28:43 +0200 -Subject: [PATCH] fix(shdict) make resty.core.shdict compatible with m1 (using - wrappers) - ---- - lua-resty-core-0.1.23/lib/resty/core/shdict.lua | 174 ++++++++++++++++++++++++++++++++++++++ - 1 file changed, 174 insertions(+) - -diff --git a/bundle/lua-resty-core-0.1.23/lib/resty/core/shdict.lua b/bundle/lua-resty-core-0.1.23/lib/resty/core/shdict.lua -index dedf12c..e501a38 100644 ---- a/bundle/lua-resty-core-0.1.23/lib/resty/core/shdict.lua -+++ b/bundle/lua-resty-core-0.1.23/lib/resty/core/shdict.lua -@@ -32,8 +32,11 @@ local subsystem = ngx.config.subsystem - - - local ngx_lua_ffi_shdict_get -+local ngx_lua_ffi_shdict_get_m1 - local ngx_lua_ffi_shdict_incr -+local ngx_lua_ffi_shdict_incr_m1 - local ngx_lua_ffi_shdict_store -+local ngx_lua_ffi_shdict_store_m1 - local ngx_lua_ffi_shdict_flush_all - local ngx_lua_ffi_shdict_get_ttl - local ngx_lua_ffi_shdict_set_expire -@@ -42,6 +45,53 @@ local ngx_lua_ffi_shdict_free_space - local ngx_lua_ffi_shdict_udata_to_zone - - -+local M1 = jit and jit.os == "OSX" and jit.arch == "arm64" -+if M1 then -+ ffi.cdef[[ -+typedef struct { -+ void *zone; -+ const unsigned char *key; -+ size_t key_len; -+ int *value_type; -+ unsigned char **str_value_buf; -+ size_t *str_value_len; -+ double *num_value; -+ int *user_flags; -+ int get_stale; -+ int *is_stale; -+ char **errmsg; -+} ngx_shdict_get_t; -+ -+typedef struct { -+ void *zone; -+ int op; -+ const unsigned char *key; -+ size_t key_len; -+ int value_type; -+ const unsigned char *str_value_buf; -+ size_t str_value_len; -+ double num_value; -+ long exptime; -+ int user_flags; -+ char **errmsg; -+ int *forcible; -+} ngx_shdict_store_t; -+ -+typedef struct { -+ void *zone; -+ const unsigned char *key; -+ size_t key_len; -+ double *num_value; -+ char **errmsg; -+ int has_init; -+ double init; -+ long init_ttl; -+ int *forcible; -+} ngx_shdict_incr_t; -+]] -+end -+ -+ - if subsystem == 'http' then - ffi.cdef[[ - int ngx_http_lua_ffi_shdict_get(void *zone, const unsigned char *key, -@@ -72,6 +122,18 @@ size_t ngx_http_lua_ffi_shdict_capacity(void *zone); - void *ngx_http_lua_ffi_shdict_udata_to_zone(void *zone_udata); - ]] - -+ if M1 then -+ ffi.cdef [[ -+int ngx_http_lua_ffi_shdict_get_m1(ngx_shdict_get_t *s); -+int ngx_http_lua_ffi_shdict_store_m1(ngx_shdict_store_t *s); -+int ngx_http_lua_ffi_shdict_incr_m1(ngx_shdict_incr_t *s); -+ ]] -+ -+ ngx_lua_ffi_shdict_get_m1 = C.ngx_http_lua_ffi_shdict_get_m1 -+ ngx_lua_ffi_shdict_store_m1 = C.ngx_http_lua_ffi_shdict_store_m1 -+ ngx_lua_ffi_shdict_incr_m1 = C.ngx_http_lua_ffi_shdict_incr_m1 -+ end -+ - ngx_lua_ffi_shdict_get = C.ngx_http_lua_ffi_shdict_get - ngx_lua_ffi_shdict_incr = C.ngx_http_lua_ffi_shdict_incr - ngx_lua_ffi_shdict_store = C.ngx_http_lua_ffi_shdict_store -@@ -126,6 +188,17 @@ size_t ngx_stream_lua_ffi_shdict_capacity(void *zone); - void *ngx_stream_lua_ffi_shdict_udata_to_zone(void *zone_udata); - ]] - -+ if M1 then -+ ffi.cdef [[ -+int ngx_stream_lua_ffi_shdict_get_m1(ngx_shdict_get_t *s); -+int ngx_stream_lua_ffi_shdict_store_m1(ngx_shdict_store_t *s); -+int ngx_stream_lua_ffi_shdict_incr_m1(ngx_shdict_incr_t *s); -+ ]] -+ ngx_lua_ffi_shdict_get_m1 = C.ngx_stream_lua_ffi_shdict_get_m1 -+ ngx_lua_ffi_shdict_store_m1 = C.ngx_stream_lua_ffi_shdict_store_m1 -+ ngx_lua_ffi_shdict_incr_m1 = C.ngx_stream_lua_ffi_shdict_incr_m1 -+ end -+ - ngx_lua_ffi_shdict_get = C.ngx_stream_lua_ffi_shdict_get - ngx_lua_ffi_shdict_incr = C.ngx_stream_lua_ffi_shdict_incr - ngx_lua_ffi_shdict_store = C.ngx_stream_lua_ffi_shdict_store -@@ -245,6 +318,31 @@ local function shdict_store(zone, op, key, value, exptime, flags) - return nil, "bad value type" - end - -+ local rc -+ if M1 then -+ local q = ffi_new("ngx_shdict_store_t") -+ q.zone = zone -+ q.op = op -+ q.key = key -+ q.key_len = key_len -+ q.value_type = valtyp -+ q.str_value_buf = str_val_buf -+ q.str_value_len = str_val_len -+ q.num_value = num_val -+ q.exptime = exptime * 1000 -+ q.user_flags = flags -+ q.errmsg = errmsg -+ q.forcible = forcible -+ -+ local rc = ngx_lua_ffi_shdict_store_m1(q) -+ if rc == 0 then -- NGX_OK -+ return true, nil, forcible[0] == 1 -+ end -+ -+ -- NGX_DECLINED or NGX_ERROR -+ return false, ffi_str(errmsg[0]), forcible[0] == 1 -+ end -+ - local rc = ngx_lua_ffi_shdict_store(zone, op, key, key_len, - valtyp, str_val_buf, - str_val_len, num_val, -@@ -317,6 +415,30 @@ local function shdict_get(zone, key) - local value_len = get_size_ptr() - value_len[0] = size - -+ if M1 then -+ local q = ffi_new("ngx_shdict_get_t") -+ q.zone = zone -+ q.key = key -+ q.key_len = key_len -+ q.value_type = value_type -+ q.str_value_buf = str_value_buf -+ q.str_value_len = value_len -+ q.num_value = num_value -+ q.user_flags = user_flags -+ q.get_stale = 0 -+ q.is_stale = is_stale -+ q.errmsg = errmsg -+ -+ local rc = ngx_lua_ffi_shdict_get_m1(q) -+ if rc ~= 0 then -+ if errmsg[0] ~= nil then -+ return nil, ffi_str(errmsg[0]) -+ end -+ -+ error("failed to get the key") -+ end -+ else -+ - local rc = ngx_lua_ffi_shdict_get(zone, key, key_len, value_type, - str_value_buf, value_len, - num_value, user_flags, 0, -@@ -329,6 +451,8 @@ local function shdict_get(zone, key) - error("failed to get the key") - end - -+ end -+ - local typ = value_type[0] - - if typ == 0 then -- LUA_TNIL -@@ -392,6 +516,30 @@ local function shdict_get_stale(zone, key) - local value_len = get_size_ptr() - value_len[0] = size - -+ if M1 then -+ local q = ffi_new("ngx_shdict_get_t") -+ q.zone = zone -+ q.key = key -+ q.key_len = key_len -+ q.value_type = value_type -+ q.str_value_buf = str_value_buf -+ q.str_value_len = value_len -+ q.num_value = num_value -+ q.user_flags = user_flags -+ q.get_stale = 1 -+ q.is_stale = is_stale -+ q.errmsg = errmsg -+ -+ local rc = ngx_lua_ffi_shdict_get_m1(q) -+ if rc ~= 0 then -+ if errmsg[0] ~= nil then -+ return nil, ffi_str(errmsg[0]) -+ end -+ -+ error("failed to get the key") -+ end -+ else -+ - local rc = ngx_lua_ffi_shdict_get(zone, key, key_len, value_type, - str_value_buf, value_len, - num_value, user_flags, 1, -@@ -404,6 +552,8 @@ local function shdict_get_stale(zone, key) - error("failed to get the key") - end - -+ end -+ - local typ = value_type[0] - - if typ == 0 then -- LUA_TNIL -@@ -498,6 +648,28 @@ local function shdict_incr(zone, key, value, init, init_ttl) - init_ttl = 0 - end - -+ if M1 then -+ local q = ffi_new("ngx_shdict_incr_t") -+ q.zone = zone -+ q.key = key -+ q.key_len = key_len -+ q.num_value = num_value -+ q.errmsg = errmsg -+ if init then -+ q.has_init = 1 -+ q.init = init -+ else -+ q.has_init = 0 -+ end -+ q.init_ttl = init_ttl * 1000 -+ q.forcible = forcible -+ -+ local rc = ngx_lua_ffi_shdict_incr_m1(q) -+ if rc ~= 0 then -- ~= NGX_OK -+ return nil, ffi_str(errmsg[0]) -+ end -+ else -+ - local rc = ngx_lua_ffi_shdict_incr(zone, key, key_len, num_value, - errmsg, init and 1 or 0, - init or 0, init_ttl * 1000, -@@ -506,6 +678,8 @@ local function shdict_incr(zone, key, value, init, init_ttl) - return nil, ffi_str(errmsg[0]) - end - -+ end -+ - if not init then - return tonumber(num_value[0]) - end --- -2.34.1 - diff --git a/build/openresty/patches/lua-resty-core-0.1.23_04-make-resty.core.response-compatible-with-m1.patch b/build/openresty/patches/lua-resty-core-0.1.23_04-make-resty.core.response-compatible-with-m1.patch deleted file mode 100644 index db06d9272066..000000000000 --- a/build/openresty/patches/lua-resty-core-0.1.23_04-make-resty.core.response-compatible-with-m1.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 94efefb9aaede738ec9e29e639cf5e934e9a1d5a Mon Sep 17 00:00:00 2001 -From: Aapo Talvensaari -Date: Thu, 16 Dec 2021 19:28:13 +0200 -Subject: [PATCH] fix(response) make resty.core.response compatible with m1 - (using kong wrappers) - ---- - lua-resty-core-0.1.23/lib/resty/core/response.lua | 58 +++++++++++++++++++++++++++++++++++++ - 1 file changed, 58 insertions(+) - -diff --git a/bundle/lua-resty-core-0.1.23/lib/resty/core/response.lua b/bundle/lua-resty-core-0.1.23/lib/resty/core/response.lua -index 891a07e..1efdf56 100644 ---- a/bundle/lua-resty-core-0.1.23/lib/resty/core/response.lua -+++ b/bundle/lua-resty-core-0.1.23/lib/resty/core/response.lua -@@ -45,6 +45,27 @@ ffi.cdef[[ - ]] - - -+local M1 = jit and jit.os == "OSX" and jit.arch == "arm64" -+if M1 then -+ffi.cdef[[ -+ typedef struct { -+ ngx_http_request_t *r; -+ const char *key_data; -+ size_t key_len; -+ int is_nil; -+ const char *sval; -+ size_t sval_len; -+ void *mvals; -+ size_t mvals_len; -+ int override; -+ char **errmsg; -+ } ngx_set_resp_header_t; -+ -+ int ngx_http_lua_ffi_set_resp_header_m1(ngx_set_resp_header_t *s); -+]] -+end -+ -+ - local function set_resp_header(tb, key, value, no_override) - local r = get_request() - if not r then -@@ -61,6 +82,22 @@ local function set_resp_header(tb, key, value, no_override) - error("invalid header value", 3) - end - -+ if M1 then -+ local q = ffi.new("ngx_set_resp_header_t") -+ q.r = r -+ q.key_data = key -+ q.key_len = #key -+ q.is_nil = true -+ q.sval_len = 0 -+ q.mvals_len = 0 -+ q.override = 1 -+ q.errmsg = errmsg -+ -+ rc = C.ngx_http_lua_ffi_set_resp_header_m1(q) -+ -+ goto results -+ end -+ - rc = C.ngx_http_lua_ffi_set_resp_header(r, key, #key, true, nil, 0, nil, - 0, 1, errmsg) - else -@@ -99,11 +136,32 @@ local function set_resp_header(tb, key, value, no_override) - end - - local override_int = no_override and 0 or 1 -+ -+ if M1 then -+ local s = ffi.new("ngx_set_resp_header_t") -+ s.r = r -+ s.key_data = key -+ s.key_len = #key -+ s.is_nil = false -+ s.sval = sval -+ s.sval_len = sval_len -+ s.mvals = mvals -+ s.mvals_len = mvals_len -+ s.override = override_int -+ s.errmsg = errmsg -+ -+ rc = C.ngx_http_lua_ffi_set_resp_header_m1(s) -+ -+ goto results -+ end -+ - rc = C.ngx_http_lua_ffi_set_resp_header(r, key, #key, false, sval, - sval_len, mvals, mvals_len, - override_int, errmsg) - end - -+ ::results:: -+ - if rc == 0 or rc == FFI_DECLINED then - return - end --- -2.34.1 - diff --git a/build/openresty/patches/lua-resty-core-0.1.23_02-dyn_upstream_keepalive.patch b/build/openresty/patches/lua-resty-core-0.1.27_01-dyn_upstream_keepalive.patch similarity index 96% rename from build/openresty/patches/lua-resty-core-0.1.23_02-dyn_upstream_keepalive.patch rename to build/openresty/patches/lua-resty-core-0.1.27_01-dyn_upstream_keepalive.patch index 7669a29e81dc..82107d5c72a1 100644 --- a/build/openresty/patches/lua-resty-core-0.1.23_02-dyn_upstream_keepalive.patch +++ b/build/openresty/patches/lua-resty-core-0.1.27_01-dyn_upstream_keepalive.patch @@ -1,6 +1,6 @@ -diff -ruN a/bundle/lua-resty-core-0.1.23/lib/ngx/balancer.lua b/bundle/lua-resty-core-0.1.23/lib/ngx/balancer.lua ---- a/bundle/lua-resty-core-0.1.23/lib/ngx/balancer.lua 2022-12-02 10:58:50.078203826 +0800 -+++ b/bundle/lua-resty-core-0.1.23/lib/ngx/balancer.lua 2022-12-03 11:50:57.271540206 +0800 +diff -ruN a/bundle/lua-resty-core-0.1.27/lib/ngx/balancer.lua b/bundle/lua-resty-core-0.1.27/lib/ngx/balancer.lua +--- a/bundle/lua-resty-core-0.1.27/lib/ngx/balancer.lua 2022-12-02 10:58:50.078203826 +0800 ++++ b/bundle/lua-resty-core-0.1.27/lib/ngx/balancer.lua 2022-12-03 11:50:57.271540206 +0800 @@ -19,6 +19,7 @@ local max = math.max local subsystem = ngx.config.subsystem diff --git a/build/openresty/patches/lua-resty-websocket-0.09_01-client-mtls.patch b/build/openresty/patches/lua-resty-websocket-0.09_01-client-mtls.patch deleted file mode 100644 index 0b705896fb5c..000000000000 --- a/build/openresty/patches/lua-resty-websocket-0.09_01-client-mtls.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 05d0832cf96c216297810cb495706c50309b8c5a Mon Sep 17 00:00:00 2001 -From: James Hurst -Date: Mon, 7 Feb 2022 11:36:25 +0000 -Subject: [PATCH 1/2] feat: add mtls client cert support - ---- - lib/resty/websocket/client.lua | 26 ++++++++++++++++++++++---- - 1 file changed, 22 insertions(+), 4 deletions(-) - -diff --git a/bundle/lua-resty-websocket-0.09/lib/resty/websocket/client.lua b/bundle/lua-resty-websocket-0.09/lib/resty/websocket/client.lua -index 067b2a5..2ec96dd 100644 ---- a/bundle/lua-resty-websocket-0.09/lib/resty/websocket/client.lua -+++ b/bundle/lua-resty-websocket-0.09/lib/resty/websocket/client.lua -@@ -98,7 +98,8 @@ function _M.connect(self, uri, opts) - path = "/" - end - -- local ssl_verify, headers, proto_header, origin_header, sock_opts = false -+ local ssl_verify, server_name, headers, proto_header, origin_header, sock_opts = false -+ local client_cert, client_priv_key - - if opts then - local protos = opts.protocols -@@ -122,11 +123,20 @@ function _M.connect(self, uri, opts) - sock_opts = { pool = pool } - end - -- if opts.ssl_verify then -+ client_cert = opts.client_cert -+ client_priv_key = opts.client_priv_key -+ -+ if client_cert then -+ assert(client_priv_key, -+ "client_priv_key must be provided with client_cert") -+ end -+ -+ if opts.ssl_verify or opts.server_name then - if not ssl_support then - return nil, "ngx_lua 0.9.11+ required for SSL sockets" - end -- ssl_verify = true -+ ssl_verify = opts.ssl_verify -+ server_name = opts.server_name or host - end - - if opts.headers then -@@ -151,7 +161,15 @@ function _M.connect(self, uri, opts) - if not ssl_support then - return nil, "ngx_lua 0.9.11+ required for SSL sockets" - end -- ok, err = sock:sslhandshake(false, host, ssl_verify) -+ -+ if client_cert then -+ ok, err = sock:setclientcert(client_cert, client_priv_key) -+ if not ok then -+ return nil, "ssl client cert failued: " .. err -+ end -+ end -+ -+ ok, err = sock:sslhandshake(false, server_name, ssl_verify) - if not ok then - return nil, "ssl handshake failed: " .. err - end --- -2.32.0 (Apple Git-132) - - -From fcf3370eef554cd4e1791ac92c43b420d25d66a1 Mon Sep 17 00:00:00 2001 -From: James Hurst -Date: Mon, 7 Feb 2022 15:20:48 +0000 -Subject: [PATCH 2/2] fix(client) fix typo in error message - ---- - lib/resty/websocket/client.lua | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bundle/lua-resty-websocket-0.09/lib/resty/websocket/client.lua b/bundle/lua-resty-websocket-0.09/lib/resty/websocket/client.lua -index 2ec96dd..598543f 100644 ---- a/bundle/lua-resty-websocket-0.09/lib/resty/websocket/client.lua -+++ b/bundle/lua-resty-websocket-0.09/lib/resty/websocket/client.lua -@@ -165,7 +165,7 @@ function _M.connect(self, uri, opts) - if client_cert then - ok, err = sock:setclientcert(client_cert, client_priv_key) - if not ok then -- return nil, "ssl client cert failued: " .. err -+ return nil, "ssl client cert failed: " .. err - end - end - --- -2.32.0 (Apple Git-132) - diff --git a/build/openresty/patches/nginx-cross.patch b/build/openresty/patches/nginx-1.21.4_07-cross.patch similarity index 100% rename from build/openresty/patches/nginx-cross.patch rename to build/openresty/patches/nginx-1.21.4_07-cross.patch diff --git a/build/openresty/patches/nginx-cross-endianness-fix.patch b/build/openresty/patches/nginx-1.21.4_08-cross-endianness-fix.patch similarity index 99% rename from build/openresty/patches/nginx-cross-endianness-fix.patch rename to build/openresty/patches/nginx-1.21.4_08-cross-endianness-fix.patch index 6dcf74d214db..6d9e2e5d7092 100644 --- a/build/openresty/patches/nginx-cross-endianness-fix.patch +++ b/build/openresty/patches/nginx-1.21.4_08-cross-endianness-fix.patch @@ -76,4 +76,4 @@ index 1b552b6..be84487 100644 + fi fi -- -2.7.4 \ No newline at end of file +2.7.4 diff --git a/build/openresty/patches/ngx_lua-0.10.21_01-cosocket-mtls.patch b/build/openresty/patches/ngx_lua-0.10.21_01-cosocket-mtls.patch deleted file mode 100644 index 0a27abf866b8..000000000000 --- a/build/openresty/patches/ngx_lua-0.10.21_01-cosocket-mtls.patch +++ /dev/null @@ -1,1433 +0,0 @@ -From 287d58810c450f912a8d31a94a1c86ccc039c0e1 Mon Sep 17 00:00:00 2001 -From: Datong Sun -Date: Wed, 18 Sep 2019 16:39:05 -0700 -Subject: [PATCH 04/17] cosocket: add function `tcpsock:tlshandshake`, retired - the Lua C API based `tcpsock:sslhandshake` implementation. - ---- - src/ngx_http_lua_socket_tcp.c | 387 +++++++++++++++------------------- - src/ngx_http_lua_socket_tcp.h | 3 + - 2 files changed, 177 insertions(+), 213 deletions(-) - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -index 26467fdd..4ef22c11 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -@@ -23,6 +23,9 @@ static int ngx_http_lua_socket_tcp(lua_State *L); - static int ngx_http_lua_socket_tcp_connect(lua_State *L); - #if (NGX_HTTP_SSL) - static int ngx_http_lua_socket_tcp_sslhandshake(lua_State *L); -+static void ngx_http_lua_tls_handshake_handler(ngx_connection_t *c); -+static int ngx_http_lua_tls_handshake_retval_handler(ngx_http_request_t *r, -+ ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L); - #endif - static int ngx_http_lua_socket_tcp_receive(lua_State *L); - static int ngx_http_lua_socket_tcp_receiveany(lua_State *L); -@@ -149,12 +152,6 @@ static void ngx_http_lua_socket_shutdown_pool_helper( - ngx_http_lua_socket_pool_t *spool); - static int ngx_http_lua_socket_prepare_error_retvals(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L, ngx_uint_t ft_type); --#if (NGX_HTTP_SSL) --static int ngx_http_lua_ssl_handshake_retval_handler(ngx_http_request_t *r, -- ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L); --static void ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c); --static int ngx_http_lua_ssl_free_session(lua_State *L); --#endif - static void ngx_http_lua_socket_tcp_close_connection(ngx_connection_t *c); - - -@@ -324,13 +321,6 @@ ngx_http_lua_inject_socket_tcp_api(ngx_log_t *log, lua_State *L) - lua_pushcfunction(L, ngx_http_lua_socket_tcp_connect); - lua_setfield(L, -2, "connect"); - --#if (NGX_HTTP_SSL) -- -- lua_pushcfunction(L, ngx_http_lua_socket_tcp_sslhandshake); -- lua_setfield(L, -2, "sslhandshake"); -- --#endif -- - lua_pushcfunction(L, ngx_http_lua_socket_tcp_receive); - lua_setfield(L, -2, "receive"); - -@@ -404,19 +394,6 @@ ngx_http_lua_inject_socket_tcp_api(ngx_log_t *log, lua_State *L) - lua_setfield(L, -2, "__gc"); - lua_rawset(L, LUA_REGISTRYINDEX); - /* }}} */ -- --#if (NGX_HTTP_SSL) -- -- /* {{{ssl session userdata metatable */ -- lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( -- ssl_session_metatable_key)); -- lua_createtable(L, 0 /* narr */, 1 /* nrec */); /* metatable */ -- lua_pushcfunction(L, ngx_http_lua_ssl_free_session); -- lua_setfield(L, -2, "__gc"); -- lua_rawset(L, LUA_REGISTRYINDEX); -- /* }}} */ -- --#endif - } - - -@@ -1559,64 +1536,69 @@ ngx_http_lua_socket_conn_error_retval_handler(ngx_http_request_t *r, - - #if (NGX_HTTP_SSL) - --static int --ngx_http_lua_socket_tcp_sslhandshake(lua_State *L) -+static const char * -+ngx_http_lua_socket_tcp_check_busy(ngx_http_request_t *r, -+ ngx_http_lua_socket_tcp_upstream_t *u, unsigned int ops) - { -- int n, top; -- ngx_int_t rc; -- ngx_str_t name = ngx_null_string; -- ngx_connection_t *c; -- ngx_ssl_session_t **psession; -- ngx_http_request_t *r; -- ngx_http_lua_ctx_t *ctx; -- ngx_http_lua_co_ctx_t *coctx; -- -- ngx_http_lua_socket_tcp_upstream_t *u; -- -- /* Lua function arguments: self [,session] [,host] [,verify] -- [,send_status_req] */ -+ if (ops & SOCKET_OP_CONNECT && u->conn_waiting) { -+ return "socket busy connecting"; -+ } - -- n = lua_gettop(L); -- if (n < 1 || n > 5) { -- return luaL_error(L, "ngx.socket sslhandshake: expecting 1 ~ 5 " -- "arguments (including the object), but seen %d", n); -+ if (ops & SOCKET_OP_READ && u->read_waiting) { -+ return "socket busy reading"; - } - -- r = ngx_http_lua_get_req(L); -- if (r == NULL) { -- return luaL_error(L, "no request found"); -+ if (ops & SOCKET_OP_WRITE -+ && (u->write_waiting -+ || (u->raw_downstream -+ && (r->connection->buffered & NGX_HTTP_LOWLEVEL_BUFFERED)))) -+ { -+ return "socket busy writing"; - } - -- ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -- "lua tcp socket ssl handshake"); -+ return NULL; -+} - -- luaL_checktype(L, 1, LUA_TTABLE); -+int -+ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, -+ ngx_http_lua_socket_tcp_upstream_t *u, ngx_ssl_session_t *sess, -+ int enable_session_reuse, ngx_str_t *server_name, int verify, -+ int ocsp_status_req, const char **errmsg) -+{ -+ ngx_int_t rc; -+ ngx_connection_t *c; -+ ngx_http_lua_ctx_t *ctx; -+ ngx_http_lua_co_ctx_t *coctx; -+ const char *busy_rc; - -- lua_rawgeti(L, 1, SOCKET_CTX_INDEX); -- u = lua_touserdata(L, -1); -+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -+ "lua tcp socket tls handshake"); - - if (u == NULL - || u->peer.connection == NULL - || u->read_closed - || u->write_closed) - { -- lua_pushnil(L); -- lua_pushliteral(L, "closed"); -- return 2; -+ *errmsg = "closed"; -+ return NGX_ERROR; - } - - if (u->request != r) { -- return luaL_error(L, "bad request"); -+ *errmsg = "bad request"; -+ return NGX_ERROR; - } - -- ngx_http_lua_socket_check_busy_connecting(r, u, L); -- ngx_http_lua_socket_check_busy_reading(r, u, L); -- ngx_http_lua_socket_check_busy_writing(r, u, L); -+ busy_rc = ngx_http_lua_socket_tcp_check_busy(r, u, SOCKET_OP_CONNECT -+ | SOCKET_OP_READ -+ | SOCKET_OP_WRITE); -+ if (busy_rc != NULL) { -+ *errmsg = busy_rc; -+ return NGX_ERROR; -+ } - - if (u->raw_downstream || u->body_downstream) { -- lua_pushnil(L); -- lua_pushliteral(L, "not supported for downstream"); -- return 2; -+ *errmsg = "not supported for downstream"; -+ return NGX_ERROR; - } - - c = u->peer.connection; -@@ -1624,122 +1606,96 @@ ngx_http_lua_socket_tcp_sslhandshake(lua_State *L) - u->ssl_session_reuse = 1; - - if (c->ssl && c->ssl->handshaked) { -- switch (lua_type(L, 2)) { -- case LUA_TUSERDATA: -- lua_pushvalue(L, 2); -- break; -+ if (sess != NULL) { -+ return NGX_DONE; -+ } - -- case LUA_TBOOLEAN: -- if (!lua_toboolean(L, 2)) { -- /* avoid generating the ssl session */ -- lua_pushboolean(L, 1); -- break; -- } -- /* fall through */ -+ u->ssl_session_reuse = enable_session_reuse; - -- default: -- ngx_http_lua_ssl_handshake_retval_handler(r, u, L); -- break; -- } -+ (void) ngx_http_lua_tls_handshake_retval_handler(r, u, NULL); - -- return 1; -+ return NGX_OK; - } - - if (ngx_ssl_create_connection(u->conf->ssl, c, - NGX_SSL_BUFFER|NGX_SSL_CLIENT) - != NGX_OK) - { -- lua_pushnil(L); -- lua_pushliteral(L, "failed to create ssl connection"); -- return 2; -+ *errmsg = "failed to create ssl connection"; -+ return NGX_ERROR; - } - - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); - if (ctx == NULL) { -- return luaL_error(L, "no ctx found"); -+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, -+ "no ngx_lua ctx found while TLS handshaking"); -+ -+ ngx_http_lua_assert(NULL); -+ -+ *errmsg = "no ctx found"; -+ return NGX_ERROR; - } - - coctx = ctx->cur_co_ctx; - - c->sendfile = 0; - -- if (n >= 2) { -- if (lua_type(L, 2) == LUA_TBOOLEAN) { -- u->ssl_session_reuse = lua_toboolean(L, 2); -- -- } else { -- psession = lua_touserdata(L, 2); -- -- if (psession != NULL && *psession != NULL) { -- if (ngx_ssl_set_session(c, *psession) != NGX_OK) { -- lua_pushnil(L); -- lua_pushliteral(L, "lua ssl set session failed"); -- return 2; -- } -- -- ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, -- "lua ssl set session: %p", *psession); -- } -+ if (sess != NULL) { -+ if (ngx_ssl_set_session(c, sess) != NGX_OK) { -+ *errmsg = "lua tls set session failed"; -+ return NGX_ERROR; - } - -- if (n >= 3) { -- name.data = (u_char *) lua_tolstring(L, 3, &name.len); -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, -+ "lua tls set session: %p", sess); - -- if (name.data) { -- ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -- "lua ssl server name: \"%*s\"", name.len, -- name.data); -+ } else { -+ u->ssl_session_reuse = enable_session_reuse; -+ } - --#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME -+ if (server_name != NULL && server_name->data != NULL) { -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -+ "lua tls server name: \"%V\"", server_name); - -- if (SSL_set_tlsext_host_name(c->ssl->connection, -- (char *) name.data) -- == 0) -- { -- lua_pushnil(L); -- lua_pushliteral(L, "SSL_set_tlsext_host_name failed"); -- return 2; -- } -+#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME -+ if (SSL_set_tlsext_host_name(c->ssl->connection, -+ (char *) server_name->data) -+ == 0) -+ { -+ *errmsg = "SSL_set_tlsext_host_name failed"; -+ return NGX_ERROR; -+ } - - #else -- -- ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, -- "lua socket SNI disabled because the current " -- "version of OpenSSL lacks the support"); -- -+ *errmsg = "OpenSSL has no SNI support"; -+ return NGX_ERROR; - #endif -- } -+ } - -- if (n >= 4) { -- u->ssl_verify = lua_toboolean(L, 4); -+ u->ssl_verify = verify; - -- if (n >= 5) { -- if (lua_toboolean(L, 5)) { -+ if (ocsp_status_req) { - #ifdef NGX_HTTP_LUA_USE_OCSP -- SSL_set_tlsext_status_type(c->ssl->connection, -- TLSEXT_STATUSTYPE_ocsp); -+ SSL_set_tlsext_status_type(c->ssl->connection, -+ TLSEXT_STATUSTYPE_ocsp); -+ - #else -- return luaL_error(L, "no OCSP support"); -+ *errmsg = "no OCSP support"; -+ return NGX_ERROR; - #endif -- } -- } -- } -- } - } - -- dd("found sni name: %.*s %p", (int) name.len, name.data, name.data); -- -- if (name.len == 0) { -+ if (server_name->len == 0) { - u->ssl_name.len = 0; - - } else { - if (u->ssl_name.data) { - /* buffer already allocated */ - -- if (u->ssl_name.len >= name.len) { -+ if (u->ssl_name.len >= server_name->len) { - /* reuse it */ -- ngx_memcpy(u->ssl_name.data, name.data, name.len); -- u->ssl_name.len = name.len; -+ ngx_memcpy(u->ssl_name.data, server_name->data, server_name->len); -+ u->ssl_name.len = server_name->len; - - } else { - ngx_free(u->ssl_name.data); -@@ -1750,17 +1706,16 @@ ngx_http_lua_socket_tcp_sslhandshake(lua_State *L) - - new_ssl_name: - -- u->ssl_name.data = ngx_alloc(name.len, ngx_cycle->log); -+ u->ssl_name.data = ngx_alloc(server_name->len, ngx_cycle->log); - if (u->ssl_name.data == NULL) { - u->ssl_name.len = 0; - -- lua_pushnil(L); -- lua_pushliteral(L, "no memory"); -- return 2; -+ *errmsg = "no memory"; -+ return NGX_ERROR; - } - -- ngx_memcpy(u->ssl_name.data, name.data, name.len); -- u->ssl_name.len = name.len; -+ ngx_memcpy(u->ssl_name.data, server_name->data, server_name->len); -+ u->ssl_name.len = server_name->len; - } - } - -@@ -1774,7 +1729,8 @@ new_ssl_name: - - rc = ngx_ssl_handshake(c); - -- dd("ngx_ssl_handshake returned %d", (int) rc); -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -+ "ngx_ssl_handshake returned %d", rc); - - if (rc == NGX_AGAIN) { - if (c->write->timer_set) { -@@ -1784,13 +1740,13 @@ new_ssl_name: - ngx_add_timer(c->read, u->connect_timeout); - - u->conn_waiting = 1; -- u->write_prepare_retvals = ngx_http_lua_ssl_handshake_retval_handler; -+ u->write_prepare_retvals = ngx_http_lua_tls_handshake_retval_handler; - - ngx_http_lua_cleanup_pending_operation(coctx); - coctx->cleanup = ngx_http_lua_coctx_cleanup; - coctx->data = u; - -- c->ssl->handler = ngx_http_lua_ssl_handshake_handler; -+ c->ssl->handler = ngx_http_lua_tls_handshake_handler; - - if (ctx->entered_content_phase) { - r->write_event_handler = ngx_http_lua_content_wev_handler; -@@ -1799,21 +1755,25 @@ new_ssl_name: - r->write_event_handler = ngx_http_core_run_phases; - } - -- return lua_yield(L, 0); -+ return NGX_AGAIN; -+ } -+ -+ ngx_http_lua_tls_handshake_handler(c); -+ -+ if (rc == NGX_ERROR) { -+ *errmsg = u->error_ret; -+ -+ return NGX_ERROR; - } - -- top = lua_gettop(L); -- ngx_http_lua_ssl_handshake_handler(c); -- return lua_gettop(L) - top; -+ return NGX_OK; - } - - - static void --ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c) -+ngx_http_lua_tls_handshake_handler(ngx_connection_t *c) - { -- const char *err; - int waiting; -- lua_State *L; - ngx_int_t rc; - ngx_connection_t *dc; /* downstream connection */ - ngx_http_request_t *r; -@@ -1836,11 +1796,9 @@ ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c) - waiting = u->conn_waiting; - - dc = r->connection; -- L = u->write_co_ctx->co; - - if (c->read->timedout) { -- lua_pushnil(L); -- lua_pushliteral(L, "timeout"); -+ u->error_ret = "timeout"; - goto failed; - } - -@@ -1849,19 +1807,18 @@ ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c) - } - - if (c->ssl->handshaked) { -- - if (u->ssl_verify) { - rc = SSL_get_verify_result(c->ssl->connection); - - if (rc != X509_V_OK) { -- lua_pushnil(L); -- err = lua_pushfstring(L, "%d: %s", (int) rc, -- X509_verify_cert_error_string(rc)); -+ u->error_ret = X509_verify_cert_error_string(rc); -+ u->openssl_error_code_ret = rc; - - llcf = ngx_http_get_module_loc_conf(r, ngx_http_lua_module); - if (llcf->log_socket_errors) { -- ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua ssl " -- "certificate verify error: (%s)", err); -+ ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua tls " -+ "certificate verify error: (%d: %s)", -+ rc, u->error_ret); - } - - goto failed; -@@ -1872,12 +1829,11 @@ ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c) - if (u->ssl_name.len - && ngx_ssl_check_host(c, &u->ssl_name) != NGX_OK) - { -- lua_pushnil(L); -- lua_pushliteral(L, "certificate host mismatch"); -+ u->error_ret = "certificate host mismatch"; - - llcf = ngx_http_get_module_loc_conf(r, ngx_http_lua_module); - if (llcf->log_socket_errors) { -- ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua ssl " -+ ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua tls " - "certificate does not match host \"%V\"", - &u->ssl_name); - } -@@ -1892,7 +1848,7 @@ ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c) - ngx_http_lua_socket_handle_conn_success(r, u); - - } else { -- (void) ngx_http_lua_ssl_handshake_retval_handler(r, u, L); -+ (void) ngx_http_lua_tls_handshake_retval_handler(r, u, NULL); - } - - if (waiting) { -@@ -1902,60 +1858,84 @@ ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c) - return; - } - -- lua_pushnil(L); -- lua_pushliteral(L, "handshake failed"); -+ u->error_ret = "handshake failed"; - - failed: - - if (waiting) { - u->write_prepare_retvals = -- ngx_http_lua_socket_conn_error_retval_handler; -- ngx_http_lua_socket_handle_conn_error(r, u, -- NGX_HTTP_LUA_SOCKET_FT_SSL); -+ ngx_http_lua_socket_conn_error_retval_handler; -+ ngx_http_lua_socket_handle_conn_error(r, u, NGX_HTTP_LUA_SOCKET_FT_SSL); - ngx_http_run_posted_requests(dc); - - } else { -- (void) ngx_http_lua_socket_conn_error_retval_handler(r, u, L); -+ u->ft_type |= NGX_HTTP_LUA_SOCKET_FT_SSL; -+ -+ (void) ngx_http_lua_socket_conn_error_retval_handler(r, u, NULL); -+ } -+} -+ -+ -+ -+int -+ngx_http_lua_ffi_socket_tcp_get_tlshandshake_result(ngx_http_request_t *r, -+ ngx_http_lua_socket_tcp_upstream_t *u, ngx_ssl_session_t **sess, -+ const char **errmsg, int *openssl_error_code) -+{ -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -+ "lua cosocket get TLS handshake result for upstream: %p", u); -+ -+ if (u->error_ret != NULL) { -+ *errmsg = u->error_ret; -+ *openssl_error_code = u->openssl_error_code_ret; -+ -+ return NGX_ERROR; - } -+ -+ *sess = u->ssl_session_ret; -+ -+ return NGX_OK; - } - - - static int --ngx_http_lua_ssl_handshake_retval_handler(ngx_http_request_t *r, -+ngx_http_lua_tls_handshake_retval_handler(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L) - { - ngx_connection_t *c; -- ngx_ssl_session_t *ssl_session, **ud; -+ ngx_ssl_session_t *ssl_session; - - if (!u->ssl_session_reuse) { -- lua_pushboolean(L, 1); -- return 1; -+ return 0; - } - -- ud = lua_newuserdata(L, sizeof(ngx_ssl_session_t *)); -- - c = u->peer.connection; - - ssl_session = ngx_ssl_get_session(c); - if (ssl_session == NULL) { -- *ud = NULL; -+ u->ssl_session_ret = NULL; - - } else { -- *ud = ssl_session; -+ u->ssl_session_ret = ssl_session; - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, -- "lua ssl save session: %p", ssl_session); -- -- /* set up the __gc metamethod */ -- lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( -- ssl_session_metatable_key)); -- lua_rawget(L, LUA_REGISTRYINDEX); -- lua_setmetatable(L, -2); -+ "lua tls save session: %p", ssl_session); - } - -- return 1; -+ return 0; -+} -+ -+ -+void -+ngx_http_lua_ffi_tls_free_session(ngx_ssl_session_t *sess) -+{ -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, -+ "lua tls free session: %p", sess); -+ -+ ngx_ssl_free_session(sess); - } - -+ - #endif /* NGX_HTTP_SSL */ - - -@@ -2008,12 +1988,14 @@ ngx_http_lua_socket_prepare_error_retvals(ngx_http_request_t *r, - u_char errstr[NGX_MAX_ERROR_STR]; - u_char *p; - -- if (ft_type & (NGX_HTTP_LUA_SOCKET_FT_RESOLVER -- | NGX_HTTP_LUA_SOCKET_FT_SSL)) -- { -+ if (ft_type & NGX_HTTP_LUA_SOCKET_FT_RESOLVER) { - return 2; - } - -+ if (ft_type & NGX_HTTP_LUA_SOCKET_FT_SSL) { -+ return 0; -+ } -+ - lua_pushnil(L); - - if (ft_type & NGX_HTTP_LUA_SOCKET_FT_TIMEOUT) { -@@ -6101,27 +6083,6 @@ ngx_http_lua_coctx_cleanup(void *data) - } - - --#if (NGX_HTTP_SSL) -- --static int --ngx_http_lua_ssl_free_session(lua_State *L) --{ -- ngx_ssl_session_t **psession; -- -- psession = lua_touserdata(L, 1); -- if (psession && *psession != NULL) { -- ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, -- "lua ssl free session: %p", *psession); -- -- ngx_ssl_free_session(*psession); -- } -- -- return 0; --} -- --#endif /* NGX_HTTP_SSL */ -- -- - void - ngx_http_lua_cleanup_conn_pools(lua_State *L) - { -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.h b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.h -index a0a5a518..ee9411bc 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.h -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.h -@@ -120,6 +120,9 @@ struct ngx_http_lua_socket_tcp_upstream_s { - - #if (NGX_HTTP_SSL) - ngx_str_t ssl_name; -+ ngx_ssl_session_t *ssl_session_ret; -+ const char *error_ret; -+ int openssl_error_code_ret; - #endif - - unsigned ft_type:16; --- -2.32.0 (Apple Git-132) - - -From f5ba21d6f742e6b169d972a81b6124b27c076016 Mon Sep 17 00:00:00 2001 -From: Datong Sun -Date: Wed, 18 Sep 2019 16:54:32 -0700 -Subject: [PATCH 05/17] change: better error when request context couldn't be - found. - ---- - src/ngx_http_lua_socket_tcp.c | 8 +------- - 1 file changed, 1 insertion(+), 7 deletions(-) - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -index 4ef22c11..abd487fa 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -@@ -1627,13 +1627,7 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); - if (ctx == NULL) { -- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, -- "no ngx_lua ctx found while TLS handshaking"); -- -- ngx_http_lua_assert(NULL); -- -- *errmsg = "no ctx found"; -- return NGX_ERROR; -+ return NGX_HTTP_LUA_FFI_NO_REQ_CTX; - } - - coctx = ctx->cur_co_ctx; --- -2.32.0 (Apple Git-132) - - -From 78a450d571febf7ba918ecc13369144925d02bcb Mon Sep 17 00:00:00 2001 -From: Datong Sun -Date: Wed, 18 Sep 2019 17:24:07 -0700 -Subject: [PATCH 06/17] feature: TCP cosocket client certificate support. - closes #534 - ---- - src/ngx_http_lua_socket_tcp.c | 60 +++++++++++++++++++++++++++++++---- - 1 file changed, 54 insertions(+), 6 deletions(-) - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -index abd487fa..61671b70 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -@@ -22,7 +22,6 @@ - static int ngx_http_lua_socket_tcp(lua_State *L); - static int ngx_http_lua_socket_tcp_connect(lua_State *L); - #if (NGX_HTTP_SSL) --static int ngx_http_lua_socket_tcp_sslhandshake(lua_State *L); - static void ngx_http_lua_tls_handshake_handler(ngx_connection_t *c); - static int ngx_http_lua_tls_handshake_retval_handler(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L); -@@ -219,9 +218,6 @@ static char ngx_http_lua_upstream_udata_metatable_key; - static char ngx_http_lua_downstream_udata_metatable_key; - static char ngx_http_lua_pool_udata_metatable_key; - static char ngx_http_lua_pattern_udata_metatable_key; --#if (NGX_HTTP_SSL) --static char ngx_http_lua_ssl_session_metatable_key; --#endif - - - #define ngx_http_lua_tcp_socket_metatable_literal_key "__tcp_cosocket_mt" -@@ -1563,13 +1559,16 @@ int - ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, ngx_ssl_session_t *sess, - int enable_session_reuse, ngx_str_t *server_name, int verify, -- int ocsp_status_req, const char **errmsg) -+ int ocsp_status_req, STACK_OF(X509) *chain, EVP_PKEY *pkey, -+ const char **errmsg) - { -- ngx_int_t rc; -+ ngx_int_t rc, i; - ngx_connection_t *c; - ngx_http_lua_ctx_t *ctx; - ngx_http_lua_co_ctx_t *coctx; - const char *busy_rc; -+ ngx_ssl_conn_t *ssl_conn; -+ X509 *x509; - - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "lua tcp socket tls handshake"); -@@ -1625,6 +1624,8 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - return NGX_ERROR; - } - -+ ssl_conn = c->ssl->connection; -+ - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); - if (ctx == NULL) { - return NGX_HTTP_LUA_FFI_NO_REQ_CTX; -@@ -1647,6 +1648,53 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - u->ssl_session_reuse = enable_session_reuse; - } - -+ if (chain != NULL) { -+ ngx_http_lua_assert(pkey != NULL); /* ensured by resty.core */ -+ -+ if (sk_X509_num(chain) < 1) { -+ ERR_clear_error(); -+ *errmsg = "invalid client certificate chain"; -+ return NGX_ERROR; -+ } -+ -+ x509 = sk_X509_value(chain, 0); -+ if (x509 == NULL) { -+ ERR_clear_error(); -+ *errmsg = "lua tls fetch client certificate from chain failed"; -+ return NGX_ERROR; -+ } -+ -+ if (SSL_use_certificate(ssl_conn, x509) == 0) { -+ ERR_clear_error(); -+ *errmsg = "lua tls set client certificate failed"; -+ return NGX_ERROR; -+ } -+ -+ /* read rest of the chain */ -+ -+ for (i = 1; i < sk_X509_num(chain); i++) { -+ x509 = sk_X509_value(chain, i); -+ if (x509 == NULL) { -+ ERR_clear_error(); -+ *errmsg = "lua tls fetch client intermediate certificate " -+ "from chain failed"; -+ return NGX_ERROR; -+ } -+ -+ if (SSL_add1_chain_cert(ssl_conn, x509) == 0) { -+ ERR_clear_error(); -+ *errmsg = "lua tls set client intermediate certificate failed"; -+ return NGX_ERROR; -+ } -+ } -+ -+ if (SSL_use_PrivateKey(ssl_conn, pkey) == 0) { -+ ERR_clear_error(); -+ *errmsg = "lua ssl set client private key failed"; -+ return NGX_ERROR; -+ } -+ } -+ - if (server_name != NULL && server_name->data != NULL) { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "lua tls server name: \"%V\"", server_name); --- -2.32.0 (Apple Git-132) - - -From 6cc0c89e946ef42adfbc55e8a461ccc2f367254a Mon Sep 17 00:00:00 2001 -From: Datong Sun -Date: Wed, 18 Sep 2019 17:25:20 -0700 -Subject: [PATCH 07/17] style: style fixes. - ---- - src/ngx_http_lua_socket_tcp.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -index 61671b70..a7d410c9 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -@@ -1736,7 +1736,8 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - - if (u->ssl_name.len >= server_name->len) { - /* reuse it */ -- ngx_memcpy(u->ssl_name.data, server_name->data, server_name->len); -+ ngx_memcpy(u->ssl_name.data, server_name->data, -+ server_name->len); - u->ssl_name.len = server_name->len; - - } else { --- -2.32.0 (Apple Git-132) - - -From 21cd7779252732a02fa0e596b66a1d4663d2fd64 Mon Sep 17 00:00:00 2001 -From: Thibault Charbonnier -Date: Mon, 6 Jan 2020 17:56:10 -0800 -Subject: [PATCH 08/17] cleanup - ---- - src/ngx_http_lua_socket_tcp.c | 24 +++++++++++------------- - 1 file changed, 11 insertions(+), 13 deletions(-) - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -index a7d410c9..bd7cc7ca 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -@@ -1555,6 +1555,7 @@ ngx_http_lua_socket_tcp_check_busy(ngx_http_request_t *r, - return NULL; - } - -+ - int - ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, ngx_ssl_session_t *sess, -@@ -1596,7 +1597,7 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - } - - if (u->raw_downstream || u->body_downstream) { -- *errmsg = "not supported for downstream"; -+ *errmsg = "not supported for downstream sockets"; - return NGX_ERROR; - } - -@@ -1637,7 +1638,7 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - - if (sess != NULL) { - if (ngx_ssl_set_session(c, sess) != NGX_OK) { -- *errmsg = "lua tls set session failed"; -+ *errmsg = "tls set session failed"; - return NGX_ERROR; - } - -@@ -1660,13 +1661,13 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - x509 = sk_X509_value(chain, 0); - if (x509 == NULL) { - ERR_clear_error(); -- *errmsg = "lua tls fetch client certificate from chain failed"; -+ *errmsg = "tls fetch client certificate from chain failed"; - return NGX_ERROR; - } - - if (SSL_use_certificate(ssl_conn, x509) == 0) { - ERR_clear_error(); -- *errmsg = "lua tls set client certificate failed"; -+ *errmsg = "tls set client certificate failed"; - return NGX_ERROR; - } - -@@ -1676,21 +1677,21 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - x509 = sk_X509_value(chain, i); - if (x509 == NULL) { - ERR_clear_error(); -- *errmsg = "lua tls fetch client intermediate certificate " -- "from chain failed"; -+ *errmsg = "tls fetch client intermediate certificate from " -+ "chain failed"; - return NGX_ERROR; - } - - if (SSL_add1_chain_cert(ssl_conn, x509) == 0) { - ERR_clear_error(); -- *errmsg = "lua tls set client intermediate certificate failed"; -+ *errmsg = "tls set client intermediate certificate failed"; - return NGX_ERROR; - } - } - - if (SSL_use_PrivateKey(ssl_conn, pkey) == 0) { - ERR_clear_error(); -- *errmsg = "lua ssl set client private key failed"; -+ *errmsg = "tls set client private key failed"; - return NGX_ERROR; - } - } -@@ -1709,7 +1710,7 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - } - - #else -- *errmsg = "OpenSSL has no SNI support"; -+ *errmsg = "no TLS extension support"; - return NGX_ERROR; - #endif - } -@@ -1752,7 +1753,6 @@ new_ssl_name: - u->ssl_name.data = ngx_alloc(server_name->len, ngx_cycle->log); - if (u->ssl_name.data == NULL) { - u->ssl_name.len = 0; -- - *errmsg = "no memory"; - return NGX_ERROR; - } -@@ -1773,7 +1773,7 @@ new_ssl_name: - rc = ngx_ssl_handshake(c); - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -- "ngx_ssl_handshake returned %d", rc); -+ "ngx_ssl_handshake returned: %d", rc); - - if (rc == NGX_AGAIN) { - if (c->write->timer_set) { -@@ -1805,7 +1805,6 @@ new_ssl_name: - - if (rc == NGX_ERROR) { - *errmsg = u->error_ret; -- - return NGX_ERROR; - } - -@@ -1919,7 +1918,6 @@ failed: - } - - -- - int - ngx_http_lua_ffi_socket_tcp_get_tlshandshake_result(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, ngx_ssl_session_t **sess, --- -2.32.0 (Apple Git-132) - - -From 0bcf4d1a955db9218e8b0e50685c1d0de8c90b9a Mon Sep 17 00:00:00 2001 -From: Datong Sun -Date: Tue, 24 Nov 2020 01:49:28 -0800 -Subject: [PATCH 09/17] fixed style according to @spacewander's review - ---- - src/ngx_http_lua_socket_tcp.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -index bd7cc7ca..1aa37627 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -@@ -1536,15 +1536,15 @@ static const char * - ngx_http_lua_socket_tcp_check_busy(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, unsigned int ops) - { -- if (ops & SOCKET_OP_CONNECT && u->conn_waiting) { -+ if ((ops & SOCKET_OP_CONNECT) && u->conn_waiting) { - return "socket busy connecting"; - } - -- if (ops & SOCKET_OP_READ && u->read_waiting) { -+ if ((ops & SOCKET_OP_READ) && u->read_waiting) { - return "socket busy reading"; - } - -- if (ops & SOCKET_OP_WRITE -+ if ((ops & SOCKET_OP_WRITE) - && (u->write_waiting - || (u->raw_downstream - && (r->connection->buffered & NGX_HTTP_LOWLEVEL_BUFFERED)))) --- -2.32.0 (Apple Git-132) - - -From 9b010940f77bbd486c1192eed23af7c35baf4cdb Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 21 Jan 2022 13:42:06 +0800 -Subject: [PATCH 10/17] resize tcp_socket_metatable to 7 - ---- - src/ngx_http_lua_socket_tcp.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -index 1aa37627..7cdc45c4 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -@@ -160,6 +160,8 @@ enum { - SOCKET_CONNECT_TIMEOUT_INDEX = 2, - SOCKET_SEND_TIMEOUT_INDEX = 4, - SOCKET_READ_TIMEOUT_INDEX = 5, -+ SOCKET_CLIENT_CERT_INDEX = 6, -+ SOCKET_CLIENT_KEY_INDEX = 7, - }; - - -@@ -424,7 +426,7 @@ ngx_http_lua_socket_tcp(lua_State *L) - - ngx_http_lua_check_context(L, ctx, NGX_HTTP_LUA_CONTEXT_YIELDABLE); - -- lua_createtable(L, 5 /* narr */, 1 /* nrec */); -+ lua_createtable(L, 7 /* narr */, 1 /* nrec */); - lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( - tcp_socket_metatable_key)); - lua_rawget(L, LUA_REGISTRYINDEX); --- -2.32.0 (Apple Git-132) - - -From 36245613be1031b22b0e6b2eec398dac288fe9a5 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 21 Jan 2022 14:12:13 +0800 -Subject: [PATCH 11/17] change errms tls to ssl - ---- - src/ngx_http_lua_socket_tcp.c | 24 ++++++++++++------------ - 1 file changed, 12 insertions(+), 12 deletions(-) - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -index 7cdc45c4..af986364 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -@@ -1574,7 +1574,7 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - X509 *x509; - - ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -- "lua tcp socket tls handshake"); -+ "lua tcp socket ssl handshake"); - - if (u == NULL - || u->peer.connection == NULL -@@ -1640,12 +1640,12 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - - if (sess != NULL) { - if (ngx_ssl_set_session(c, sess) != NGX_OK) { -- *errmsg = "tls set session failed"; -+ *errmsg = "ssl set session failed"; - return NGX_ERROR; - } - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, -- "lua tls set session: %p", sess); -+ "lua ssl set session: %p", sess); - - } else { - u->ssl_session_reuse = enable_session_reuse; -@@ -1663,13 +1663,13 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - x509 = sk_X509_value(chain, 0); - if (x509 == NULL) { - ERR_clear_error(); -- *errmsg = "tls fetch client certificate from chain failed"; -+ *errmsg = "ssl fetch client certificate from chain failed"; - return NGX_ERROR; - } - - if (SSL_use_certificate(ssl_conn, x509) == 0) { - ERR_clear_error(); -- *errmsg = "tls set client certificate failed"; -+ *errmsg = "ssl set client certificate failed"; - return NGX_ERROR; - } - -@@ -1679,28 +1679,28 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - x509 = sk_X509_value(chain, i); - if (x509 == NULL) { - ERR_clear_error(); -- *errmsg = "tls fetch client intermediate certificate from " -+ *errmsg = "ssl fetch client intermediate certificate from " - "chain failed"; - return NGX_ERROR; - } - - if (SSL_add1_chain_cert(ssl_conn, x509) == 0) { - ERR_clear_error(); -- *errmsg = "tls set client intermediate certificate failed"; -+ *errmsg = "ssl set client intermediate certificate failed"; - return NGX_ERROR; - } - } - - if (SSL_use_PrivateKey(ssl_conn, pkey) == 0) { - ERR_clear_error(); -- *errmsg = "tls set client private key failed"; -+ *errmsg = "ssl set client private key failed"; - return NGX_ERROR; - } - } - - if (server_name != NULL && server_name->data != NULL) { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -- "lua tls server name: \"%V\"", server_name); -+ "lua ssl server name: \"%V\"", server_name); - - #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME - if (SSL_set_tlsext_host_name(c->ssl->connection, -@@ -1926,7 +1926,7 @@ ngx_http_lua_ffi_socket_tcp_get_tlshandshake_result(ngx_http_request_t *r, - const char **errmsg, int *openssl_error_code) - { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -- "lua cosocket get TLS handshake result for upstream: %p", u); -+ "lua cosocket get SSL handshake result for upstream: %p", u); - - if (u->error_ret != NULL) { - *errmsg = u->error_ret; -@@ -1962,7 +1962,7 @@ ngx_http_lua_tls_handshake_retval_handler(ngx_http_request_t *r, - u->ssl_session_ret = ssl_session; - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, -- "lua tls save session: %p", ssl_session); -+ "lua ssl save session: %p", ssl_session); - } - - return 0; -@@ -1973,7 +1973,7 @@ void - ngx_http_lua_ffi_tls_free_session(ngx_ssl_session_t *sess) - { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, -- "lua tls free session: %p", sess); -+ "lua ssl free session: %p", sess); - - ngx_ssl_free_session(sess); - } --- -2.32.0 (Apple Git-132) - - -From 1f12b89485da6b7ac5dd23810bf094f214dc324e Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 21 Jan 2022 14:38:49 +0800 -Subject: [PATCH 12/17] rename function name from tls to ssl - ---- - src/ngx_http_lua_socket_tcp.c | 28 ++++++++++++++-------------- - 1 file changed, 14 insertions(+), 14 deletions(-) - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -index af986364..76e98597 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -@@ -22,8 +22,8 @@ - static int ngx_http_lua_socket_tcp(lua_State *L); - static int ngx_http_lua_socket_tcp_connect(lua_State *L); - #if (NGX_HTTP_SSL) --static void ngx_http_lua_tls_handshake_handler(ngx_connection_t *c); --static int ngx_http_lua_tls_handshake_retval_handler(ngx_http_request_t *r, -+static void ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c); -+static int ngx_http_lua_ssl_handshake_retval_handler(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L); - #endif - static int ngx_http_lua_socket_tcp_receive(lua_State *L); -@@ -1559,7 +1559,7 @@ ngx_http_lua_socket_tcp_check_busy(ngx_http_request_t *r, - - - int --ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, -+ngx_http_lua_ffi_socket_tcp_sslhandshake(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, ngx_ssl_session_t *sess, - int enable_session_reuse, ngx_str_t *server_name, int verify, - int ocsp_status_req, STACK_OF(X509) *chain, EVP_PKEY *pkey, -@@ -1614,7 +1614,7 @@ ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, - - u->ssl_session_reuse = enable_session_reuse; - -- (void) ngx_http_lua_tls_handshake_retval_handler(r, u, NULL); -+ (void) ngx_http_lua_ssl_handshake_retval_handler(r, u, NULL); - - return NGX_OK; - } -@@ -1785,13 +1785,13 @@ new_ssl_name: - ngx_add_timer(c->read, u->connect_timeout); - - u->conn_waiting = 1; -- u->write_prepare_retvals = ngx_http_lua_tls_handshake_retval_handler; -+ u->write_prepare_retvals = ngx_http_lua_ssl_handshake_retval_handler; - - ngx_http_lua_cleanup_pending_operation(coctx); - coctx->cleanup = ngx_http_lua_coctx_cleanup; - coctx->data = u; - -- c->ssl->handler = ngx_http_lua_tls_handshake_handler; -+ c->ssl->handler = ngx_http_lua_ssl_handshake_handler; - - if (ctx->entered_content_phase) { - r->write_event_handler = ngx_http_lua_content_wev_handler; -@@ -1803,7 +1803,7 @@ new_ssl_name: - return NGX_AGAIN; - } - -- ngx_http_lua_tls_handshake_handler(c); -+ ngx_http_lua_ssl_handshake_handler(c); - - if (rc == NGX_ERROR) { - *errmsg = u->error_ret; -@@ -1815,7 +1815,7 @@ new_ssl_name: - - - static void --ngx_http_lua_tls_handshake_handler(ngx_connection_t *c) -+ngx_http_lua_ssl_handshake_handler(ngx_connection_t *c) - { - int waiting; - ngx_int_t rc; -@@ -1860,7 +1860,7 @@ ngx_http_lua_tls_handshake_handler(ngx_connection_t *c) - - llcf = ngx_http_get_module_loc_conf(r, ngx_http_lua_module); - if (llcf->log_socket_errors) { -- ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua tls " -+ ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua ssl " - "certificate verify error: (%d: %s)", - rc, u->error_ret); - } -@@ -1877,7 +1877,7 @@ ngx_http_lua_tls_handshake_handler(ngx_connection_t *c) - - llcf = ngx_http_get_module_loc_conf(r, ngx_http_lua_module); - if (llcf->log_socket_errors) { -- ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua tls " -+ ngx_log_error(NGX_LOG_ERR, dc->log, 0, "lua ssl " - "certificate does not match host \"%V\"", - &u->ssl_name); - } -@@ -1892,7 +1892,7 @@ ngx_http_lua_tls_handshake_handler(ngx_connection_t *c) - ngx_http_lua_socket_handle_conn_success(r, u); - - } else { -- (void) ngx_http_lua_tls_handshake_retval_handler(r, u, NULL); -+ (void) ngx_http_lua_ssl_handshake_retval_handler(r, u, NULL); - } - - if (waiting) { -@@ -1921,7 +1921,7 @@ failed: - - - int --ngx_http_lua_ffi_socket_tcp_get_tlshandshake_result(ngx_http_request_t *r, -+ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, ngx_ssl_session_t **sess, - const char **errmsg, int *openssl_error_code) - { -@@ -1942,7 +1942,7 @@ ngx_http_lua_ffi_socket_tcp_get_tlshandshake_result(ngx_http_request_t *r, - - - static int --ngx_http_lua_tls_handshake_retval_handler(ngx_http_request_t *r, -+ngx_http_lua_ssl_handshake_retval_handler(ngx_http_request_t *r, - ngx_http_lua_socket_tcp_upstream_t *u, lua_State *L) - { - ngx_connection_t *c; -@@ -1970,7 +1970,7 @@ ngx_http_lua_tls_handshake_retval_handler(ngx_http_request_t *r, - - - void --ngx_http_lua_ffi_tls_free_session(ngx_ssl_session_t *sess) -+ngx_http_lua_ffi_ssl_free_session(ngx_ssl_session_t *sess) - { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, - "lua ssl free session: %p", sess); --- -2.32.0 (Apple Git-132) - - -From 84242561aa54ffed3bfab433cfef6f7797e01a47 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 21 Jan 2022 14:46:38 +0800 -Subject: [PATCH 13/17] rename to SOCKET_CLIENT_PRIV_INDEX - ---- - src/ngx_http_lua_socket_tcp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -index 76e98597..90da45fc 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -@@ -160,8 +160,8 @@ enum { - SOCKET_CONNECT_TIMEOUT_INDEX = 2, - SOCKET_SEND_TIMEOUT_INDEX = 4, - SOCKET_READ_TIMEOUT_INDEX = 5, -- SOCKET_CLIENT_CERT_INDEX = 6, -- SOCKET_CLIENT_KEY_INDEX = 7, -+ SOCKET_CLIENT_CERT_INDEX = 6, -+ SOCKET_CLIENT_PRIV_INDEX = 7, - }; - - --- -2.32.0 (Apple Git-132) - - -From 555166646c525167f9e1e5bb81b6cb100a4834f9 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 21 Jan 2022 14:49:18 +0800 -Subject: [PATCH 14/17] rename to SOCKET_CLIENT_PKEY_INDEX - ---- - src/ngx_http_lua_socket_tcp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -index 90da45fc..494486de 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -@@ -161,7 +161,7 @@ enum { - SOCKET_SEND_TIMEOUT_INDEX = 4, - SOCKET_READ_TIMEOUT_INDEX = 5, - SOCKET_CLIENT_CERT_INDEX = 6, -- SOCKET_CLIENT_PRIV_INDEX = 7, -+ SOCKET_CLIENT_PKEY_INDEX = 7, - }; - - --- -2.32.0 (Apple Git-132) - - -From e9b54c43c05b064b831fe67d0e0aaff45b2ec505 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Fri, 21 Jan 2022 17:17:09 +0800 -Subject: [PATCH 15/17] need not to change tcp_socket_metatable - ---- - src/ngx_http_lua_socket_tcp.c | 4 +--- - 1 file changed, 1 insertion(+), 3 deletions(-) - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -index 494486de..152d8cbd 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -@@ -160,8 +160,6 @@ enum { - SOCKET_CONNECT_TIMEOUT_INDEX = 2, - SOCKET_SEND_TIMEOUT_INDEX = 4, - SOCKET_READ_TIMEOUT_INDEX = 5, -- SOCKET_CLIENT_CERT_INDEX = 6, -- SOCKET_CLIENT_PKEY_INDEX = 7, - }; - - -@@ -426,7 +424,7 @@ ngx_http_lua_socket_tcp(lua_State *L) - - ngx_http_lua_check_context(L, ctx, NGX_HTTP_LUA_CONTEXT_YIELDABLE); - -- lua_createtable(L, 7 /* narr */, 1 /* nrec */); -+ lua_createtable(L, 5 /* narr */, 1 /* nrec */); - lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( - tcp_socket_metatable_key)); - lua_rawget(L, LUA_REGISTRYINDEX); --- -2.32.0 (Apple Git-132) - - -From 6c47356ddc327a8692260bd6f43ea67cf2787a73 Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Wed, 26 Jan 2022 19:55:29 +0800 -Subject: [PATCH 16/17] increase nrec to 3 in the socket object - ---- - src/ngx_http_lua_socket_tcp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -index 152d8cbd..8d71f8b4 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -@@ -424,7 +424,7 @@ ngx_http_lua_socket_tcp(lua_State *L) - - ngx_http_lua_check_context(L, ctx, NGX_HTTP_LUA_CONTEXT_YIELDABLE); - -- lua_createtable(L, 5 /* narr */, 1 /* nrec */); -+ lua_createtable(L, 5 /* narr */, 3 /* nrec */); - lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( - tcp_socket_metatable_key)); - lua_rawget(L, LUA_REGISTRYINDEX); --- -2.32.0 (Apple Git-132) - - -From 1d538552c7629310d850d4360408ddb555afcbcc Mon Sep 17 00:00:00 2001 -From: chronolaw -Date: Sat, 29 Jan 2022 09:18:52 +0800 -Subject: [PATCH 17/17] change tcp_socket_metatable nrec to 15 - ---- - src/ngx_http_lua_socket_tcp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -index 8d71f8b4..5dcdef0e 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_tcp.c -@@ -312,7 +312,7 @@ ngx_http_lua_inject_socket_tcp_api(ngx_log_t *log, lua_State *L) - /* {{{tcp object metatable */ - lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( - tcp_socket_metatable_key)); -- lua_createtable(L, 0 /* narr */, 14 /* nrec */); -+ lua_createtable(L, 0 /* narr */, 15 /* nrec */); - - lua_pushcfunction(L, ngx_http_lua_socket_tcp_connect); - lua_setfield(L, -2, "connect"); --- -2.32.0 (Apple Git-132) - diff --git a/build/openresty/patches/ngx_lua-0.10.21_08-print-body-double-free.patch b/build/openresty/patches/ngx_lua-0.10.21_08-print-body-double-free.patch deleted file mode 100644 index ad8ff6108636..000000000000 --- a/build/openresty/patches/ngx_lua-0.10.21_08-print-body-double-free.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_bodyfilterby.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_bodyfilterby.c -index 9024889..604702c 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_bodyfilterby.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_bodyfilterby.c -@@ -298,7 +298,7 @@ ngx_http_lua_body_filter(ngx_http_request_t *r, ngx_chain_t *in) - out = NULL; - ngx_chain_update_chains(r->pool, - &ctx->free_bufs, &ctx->filter_busy_bufs, &out, -- (ngx_buf_tag_t) &ngx_http_lua_module); -+ (ngx_buf_tag_t) &ngx_http_lua_body_filter); - if (rc != NGX_OK - && ctx->filter_busy_bufs != NULL - && (r->connection->buffered -@@ -377,7 +377,7 @@ ngx_http_lua_body_filter(ngx_http_request_t *r, ngx_chain_t *in) - - ngx_chain_update_chains(r->pool, - &ctx->free_bufs, &ctx->filter_busy_bufs, &out, -- (ngx_buf_tag_t) &ngx_http_lua_module); -+ (ngx_buf_tag_t) &ngx_http_lua_body_filter); - - return rc; - } -@@ -640,6 +640,7 @@ ngx_http_lua_body_filter_param_set(lua_State *L, ngx_http_request_t *r, - return luaL_error(L, "no memory"); - } - -+ cl->buf->tag = (ngx_buf_tag_t) &ngx_http_lua_body_filter; - if (type == LUA_TTABLE) { - cl->buf->last = ngx_http_lua_copy_str_in_table(L, 3, cl->buf->last); - -@@ -657,6 +658,8 @@ done: - if (cl == NULL) { - return luaL_error(L, "no memory"); - } -+ -+ cl->buf->tag = (ngx_buf_tag_t) &ngx_http_lua_body_filter; - } - - if (last) { diff --git a/build/openresty/patches/ngx_lua-0.10.21_09-crash-when-buffering-with-invalid-if-match-header.patch b/build/openresty/patches/ngx_lua-0.10.21_09-crash-when-buffering-with-invalid-if-match-header.patch deleted file mode 100644 index f29a207094c2..000000000000 --- a/build/openresty/patches/ngx_lua-0.10.21_09-crash-when-buffering-with-invalid-if-match-header.patch +++ /dev/null @@ -1,261 +0,0 @@ -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_accessby.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_accessby.c -index 58c2514..d40eab1 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_accessby.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_accessby.c -@@ -240,7 +240,7 @@ ngx_http_lua_access_by_chunk(lua_State *L, ngx_http_request_t *r) - ngx_event_t *rev; - ngx_connection_t *c; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - - ngx_http_lua_loc_conf_t *llcf; - -@@ -291,9 +291,9 @@ ngx_http_lua_access_by_chunk(lua_State *L, ngx_http_request_t *r) - - /* }}} */ - -- /* {{{ register request cleanup hooks */ -+ /* {{{ register nginx pool cleanup hooks */ - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_bodyfilterby.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_bodyfilterby.c -index 604702c..d6fe248 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_bodyfilterby.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_bodyfilterby.c -@@ -233,7 +233,7 @@ ngx_http_lua_body_filter(ngx_http_request_t *r, ngx_chain_t *in) - ngx_http_lua_ctx_t *ctx; - ngx_int_t rc; - uint16_t old_context; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - ngx_chain_t *out; - ngx_chain_t *cl, *ln; - ngx_http_lua_main_conf_t *lmcf; -@@ -313,7 +313,7 @@ ngx_http_lua_body_filter(ngx_http_request_t *r, ngx_chain_t *in) - } - - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - return NGX_ERROR; - } -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_common.h b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_common.h -index 97d1942..958c906 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_common.h -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_common.h -@@ -554,7 +554,7 @@ typedef struct ngx_http_lua_ctx_s { - ngx_chain_t *filter_in_bufs; /* for the body filter */ - ngx_chain_t *filter_busy_bufs; /* for the body filter */ - -- ngx_http_cleanup_pt *cleanup; -+ ngx_pool_cleanup_pt *cleanup; - - ngx_http_cleanup_t *free_cleanup; /* free list of cleanup records */ - -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_contentby.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_contentby.c -index 76e6a07..5e2ae55 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_contentby.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_contentby.c -@@ -29,7 +29,7 @@ ngx_http_lua_content_by_chunk(lua_State *L, ngx_http_request_t *r) - lua_State *co; - ngx_event_t *rev; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - - ngx_http_lua_loc_conf_t *llcf; - -@@ -83,7 +83,7 @@ ngx_http_lua_content_by_chunk(lua_State *L, ngx_http_request_t *r) - - /* {{{ register request cleanup hooks */ - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_directive.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_directive.c -index 831132f..6fda61b 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_directive.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_directive.c -@@ -1265,7 +1265,7 @@ ngx_http_lua_set_by_lua_init(ngx_http_request_t *r) - { - lua_State *L; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); - if (ctx == NULL) { -@@ -1280,7 +1280,7 @@ ngx_http_lua_set_by_lua_init(ngx_http_request_t *r) - } - - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - return NGX_ERROR; - } -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_headerfilterby.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_headerfilterby.c -index 4741c72..9f49a8e 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_headerfilterby.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_headerfilterby.c -@@ -230,7 +230,7 @@ ngx_http_lua_header_filter(ngx_http_request_t *r) - ngx_http_lua_loc_conf_t *llcf; - ngx_http_lua_ctx_t *ctx; - ngx_int_t rc; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - uint16_t old_context; - - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, -@@ -259,7 +259,7 @@ ngx_http_lua_header_filter(ngx_http_request_t *r) - } - - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - return NGX_ERROR; - } -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_rewriteby.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_rewriteby.c -index d1eabec..4109f28 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_rewriteby.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_rewriteby.c -@@ -241,7 +241,7 @@ ngx_http_lua_rewrite_by_chunk(lua_State *L, ngx_http_request_t *r) - ngx_event_t *rev; - ngx_connection_t *c; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - - ngx_http_lua_loc_conf_t *llcf; - -@@ -291,9 +291,9 @@ ngx_http_lua_rewrite_by_chunk(lua_State *L, ngx_http_request_t *r) - - /* }}} */ - -- /* {{{ register request cleanup hooks */ -+ /* {{{ register nginx pool cleanup hooks */ - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_udp.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_udp.c -index 4f970e6..f939b40 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_udp.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_socket_udp.c -@@ -591,7 +591,7 @@ ngx_http_lua_socket_resolve_retval_handler(ngx_http_request_t *r, - ngx_http_lua_ctx_t *ctx; - ngx_http_lua_co_ctx_t *coctx; - ngx_connection_t *c; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - ngx_http_upstream_resolved_t *ur; - ngx_int_t rc; - ngx_http_lua_udp_connection_t *uc; -@@ -625,7 +625,7 @@ ngx_http_lua_socket_resolve_retval_handler(ngx_http_request_t *r, - } - - if (u->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - u->ft_type |= NGX_HTTP_LUA_SOCKET_FT_ERROR; - lua_pushnil(L); -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_ssl_certby.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_ssl_certby.c -index b561122..339fde2 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_ssl_certby.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_ssl_certby.c -@@ -443,7 +443,7 @@ ngx_http_lua_ssl_cert_by_chunk(lua_State *L, ngx_http_request_t *r) - ngx_int_t rc; - lua_State *co; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); - -@@ -497,7 +497,7 @@ ngx_http_lua_ssl_cert_by_chunk(lua_State *L, ngx_http_request_t *r) - - /* register request cleanup hooks */ - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - rc = NGX_ERROR; - ngx_http_lua_finalize_request(r, rc); -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_ssl_client_helloby.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_ssl_client_helloby.c -index a65b6e8..c128bb3 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_ssl_client_helloby.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_ssl_client_helloby.c -@@ -438,7 +438,7 @@ ngx_http_lua_ssl_client_hello_by_chunk(lua_State *L, ngx_http_request_t *r) - ngx_int_t rc; - lua_State *co; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); - -@@ -492,7 +492,7 @@ ngx_http_lua_ssl_client_hello_by_chunk(lua_State *L, ngx_http_request_t *r) - - /* register request cleanup hooks */ - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - rc = NGX_ERROR; - ngx_http_lua_finalize_request(r, rc); -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_ssl_session_fetchby.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_ssl_session_fetchby.c -index 6584e6a..2107917 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_ssl_session_fetchby.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_ssl_session_fetchby.c -@@ -468,7 +468,7 @@ ngx_http_lua_ssl_sess_fetch_by_chunk(lua_State *L, ngx_http_request_t *r) - ngx_int_t rc; - lua_State *co; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - - ctx = ngx_http_get_module_ctx(r, ngx_http_lua_module); - -@@ -522,7 +522,7 @@ ngx_http_lua_ssl_sess_fetch_by_chunk(lua_State *L, ngx_http_request_t *r) - - /* register request cleanup hooks */ - if (ctx->cleanup == NULL) { -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - rc = NGX_ERROR; - ngx_http_lua_finalize_request(r, rc); -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_timer.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_timer.c -index e82e340..6e670cb 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_timer.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_timer.c -@@ -519,7 +519,7 @@ ngx_http_lua_timer_handler(ngx_event_t *ev) - ngx_connection_t *c = NULL; - ngx_http_request_t *r = NULL; - ngx_http_lua_ctx_t *ctx; -- ngx_http_cleanup_t *cln; -+ ngx_pool_cleanup_t *cln; - ngx_pool_cleanup_t *pcln; - - ngx_http_lua_timer_ctx_t tctx; -@@ -618,7 +618,7 @@ ngx_http_lua_timer_handler(ngx_event_t *ev) - - L = ngx_http_lua_get_lua_vm(r, ctx); - -- cln = ngx_http_cleanup_add(r, 0); -+ cln = ngx_pool_cleanup_add(r->pool, 0); - if (cln == NULL) { - errmsg = "could not add request cleanup"; - goto failed; diff --git a/build/openresty/patches/ngx_lua-0.10.21_02-dyn_upstream_keepalive.patch b/build/openresty/patches/ngx_lua-0.10.25_01-dyn_upstream_keepalive.patch similarity index 91% rename from build/openresty/patches/ngx_lua-0.10.21_02-dyn_upstream_keepalive.patch rename to build/openresty/patches/ngx_lua-0.10.25_01-dyn_upstream_keepalive.patch index 23117eb0044d..f0b20bdd12d1 100644 --- a/build/openresty/patches/ngx_lua-0.10.21_02-dyn_upstream_keepalive.patch +++ b/build/openresty/patches/ngx_lua-0.10.25_01-dyn_upstream_keepalive.patch @@ -1,6 +1,7 @@ -diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c 2022-12-02 10:58:50.054203731 +0800 -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c 2022-12-05 18:22:15.351308080 +0800 +diff --git a/bundle/ngx_lua-0.10.25/src/ngx_http_lua_balancer.c b/bundle/ngx_lua-0.10.25/src/ngx_http_lua_balancer.c +index af4da73..407c115 100644 +--- a/bundle/ngx_lua-0.10.25/src/ngx_http_lua_balancer.c ++++ b/bundle/ngx_lua-0.10.25/src/ngx_http_lua_balancer.c @@ -16,46 +16,104 @@ #include "ngx_http_lua_directive.h" @@ -37,34 +38,34 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- + ngx_uint_t total_tries; + + int last_peer_state; -+ -+ ngx_str_t cpool_name; - ngx_http_lua_srv_conf_t *conf; - ngx_http_request_t *request; -+ void *data; ++ ngx_str_t cpool_name; - ngx_uint_t more_tries; - ngx_uint_t total_tries; -+ ngx_event_get_peer_pt original_get_peer; -+ ngx_event_free_peer_pt original_free_peer; ++ void *data; - struct sockaddr *sockaddr; - socklen_t socklen; ++ ngx_event_get_peer_pt original_get_peer; ++ ngx_event_free_peer_pt original_free_peer; ++ +#if (NGX_HTTP_SSL) + ngx_event_set_peer_session_pt original_set_session; + ngx_event_save_peer_session_pt original_save_session; +#endif -+ -+ ngx_http_request_t *request; -+ ngx_http_lua_srv_conf_t *conf; -+ ngx_http_lua_balancer_keepalive_pool_t *cpool; - ngx_str_t *host; - in_port_t port; -+ ngx_str_t *host; ++ ngx_http_request_t *request; ++ ngx_http_lua_srv_conf_t *conf; ++ ngx_http_lua_balancer_keepalive_pool_t *cpool; - int last_peer_state; ++ ngx_str_t *host; ++ + struct sockaddr *sockaddr; + socklen_t socklen; + @@ -126,7 +127,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- ngx_int_t -@@ -102,6 +160,61 @@ +@@ -102,6 +160,61 @@ ngx_http_lua_balancer_handler_inline(ngx_http_request_t *r, } @@ -188,15 +189,19 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- char * ngx_http_lua_balancer_by_lua_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) -@@ -125,16 +238,18 @@ +@@ -125,18 +238,20 @@ char * ngx_http_lua_balancer_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { +- size_t chunkname_len; +- u_char *chunkname; - u_char *cache_key = NULL; - u_char *name; - ngx_str_t *value; - ngx_http_lua_srv_conf_t *lscf = conf; - ++ size_t chunkname_len; ++ u_char *chunkname; + u_char *cache_key = NULL; + u_char *name; + ngx_str_t *value; @@ -213,7 +218,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- if (cmd->post == NULL) { return NGX_CONF_ERROR; } -@@ -178,11 +293,42 @@ +@@ -188,11 +303,42 @@ ngx_http_lua_balancer_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, lscf->balancer.src_key = cache_key; @@ -256,7 +261,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- } uscf->peer.init_upstream = ngx_http_lua_balancer_init; -@@ -198,14 +344,18 @@ +@@ -208,14 +354,18 @@ ngx_http_lua_balancer_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, static ngx_int_t @@ -279,7 +284,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- us->peer.init = ngx_http_lua_balancer_init_peer; return NGX_OK; -@@ -216,33 +366,38 @@ +@@ -226,33 +376,38 @@ static ngx_int_t ngx_http_lua_balancer_init_peer(ngx_http_request_t *r, ngx_http_upstream_srv_conf_t *us) { @@ -329,7 +334,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- return NGX_OK; } -@@ -250,25 +405,26 @@ +@@ -260,25 +415,26 @@ ngx_http_lua_balancer_init_peer(ngx_http_request_t *r, static ngx_int_t ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, void *data) { @@ -367,7 +372,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- if (ctx == NULL) { ctx = ngx_http_lua_create_ctx(r); if (ctx == NULL) { -@@ -286,21 +442,23 @@ +@@ -296,21 +452,23 @@ ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, void *data) ctx->context = NGX_HTTP_LUA_CONTEXT_BALANCER; @@ -398,7 +403,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- if (rc == NGX_ERROR) { return NGX_ERROR; } -@@ -322,105 +480,444 @@ +@@ -332,79 +490,88 @@ ngx_http_lua_balancer_get_peer(ngx_peer_connection_t *pc, void *data) } } @@ -418,11 +423,17 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- } - dd("tries: %d", (int) r->upstream->peer.tries); +- +- return NGX_OK; +- } +- +- return ngx_http_upstream_get_round_robin_peer(pc, &bp->rrp); +-} + if (ngx_http_lua_balancer_keepalive_is_enabled(bp)) { + ngx_http_lua_balancer_get_keepalive_pool(L, pc->log, + &bp->cpool_name, + &bp->cpool); -+ + + if (bp->cpool == NULL + && ngx_http_lua_balancer_create_keepalive_pool(L, pc->log, + &bp->cpool_name, @@ -432,52 +443,84 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- + { + return NGX_ERROR; + } -+ + +-static ngx_int_t +-ngx_http_lua_balancer_by_chunk(lua_State *L, ngx_http_request_t *r) +-{ +- u_char *err_msg; +- size_t len; +- ngx_int_t rc; + ngx_http_lua_assert(bp->cpool); -+ + +- /* init nginx context in Lua VM */ +- ngx_http_lua_set_req(L, r); + if (!ngx_queue_empty(&bp->cpool->cache)) { + q = ngx_queue_head(&bp->cpool->cache); -+ + +-#ifndef OPENRESTY_LUAJIT +- ngx_http_lua_create_new_globals_table(L, 0 /* narr */, 1 /* nrec */); + item = ngx_queue_data(q, ngx_http_lua_balancer_keepalive_item_t, + queue); + c = item->connection; -+ + +- /* {{{ make new env inheriting main thread's globals table */ +- lua_createtable(L, 0, 1 /* nrec */); /* the metatable for the new env */ +- ngx_http_lua_get_globals_table(L); +- lua_setfield(L, -2, "__index"); +- lua_setmetatable(L, -2); /* setmetatable({}, {__index = _G}) */ +- /* }}} */ + ngx_queue_remove(q); + ngx_queue_insert_head(&bp->cpool->free, q); -+ + +- lua_setfenv(L, -2); /* set new running env for the code closure */ +-#endif /* OPENRESTY_LUAJIT */ + c->idle = 0; + c->sent = 0; + c->log = pc->log; + c->read->log = pc->log; + c->write->log = pc->log; + c->pool->log = pc->log; -+ + +- lua_pushcfunction(L, ngx_http_lua_traceback); +- lua_insert(L, 1); /* put it under chunk and args */ + if (c->read->timer_set) { + ngx_del_timer(c->read); + } -+ + +- /* protected call user code */ +- rc = lua_pcall(L, 0, 1, 1); + pc->cached = 1; + pc->connection = c; -+ + +- lua_remove(L, 1); /* remove traceback function */ + ngx_log_debug3(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "lua balancer: keepalive reusing connection %p, " + "requests: %ui, cpool: %p", + c, c->requests, bp->cpool); -+ + +- dd("rc == %d", (int) rc); + return NGX_DONE; + } -+ + +- if (rc != 0) { +- /* error occurred when running loaded code */ +- err_msg = (u_char *) lua_tolstring(L, -1, &len); + bp->cpool->connections++; -+ + +- if (err_msg == NULL) { +- err_msg = (u_char *) "unknown reason"; +- len = sizeof("unknown reason") - 1; + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "lua balancer: keepalive no free connection, " + "cpool: %p", bp->cpool); -+ } + } - return NGX_OK; - } +- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, +- "failed to run balancer_by_lua*: %*s", len, err_msg); ++ return NGX_OK; ++ } -- return ngx_http_upstream_get_round_robin_peer(pc, &bp->rrp); +- lua_settop(L, 0); /* clear remaining elems on stack */ + rc = bp->original_get_peer(pc, bp->data); + if (rc == NGX_ERROR) { + return rc; @@ -486,23 +529,19 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- + if (pc->sockaddr == ngx_http_lua_balancer_default_server_sockaddr) { + ngx_log_error(NGX_LOG_ERR, pc->log, 0, + "lua balancer: no peer set"); -+ -+ return NGX_ERROR; -+ } -+ -+ return rc; - } + return NGX_ERROR; + } + +- lua_settop(L, 0); /* clear remaining elems on stack */ + return rc; + } --static ngx_int_t --ngx_http_lua_balancer_by_chunk(lua_State *L, ngx_http_request_t *r) -+static void -+ngx_http_lua_balancer_free_peer(ngx_peer_connection_t *pc, void *data, -+ ngx_uint_t state) +@@ -413,24 +580,354 @@ static void + ngx_http_lua_balancer_free_peer(ngx_peer_connection_t *pc, void *data, + ngx_uint_t state) { -- u_char *err_msg; -- size_t len; -- ngx_int_t rc; +- ngx_http_lua_balancer_peer_data_t *bp = data; + ngx_queue_t *q; + ngx_connection_t *c; + ngx_http_upstream_t *u; @@ -510,38 +549,24 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- + ngx_http_lua_balancer_keepalive_pool_t *cpool; + ngx_http_lua_balancer_peer_data_t *bp = data; -- /* init nginx context in Lua VM */ -- ngx_http_lua_set_req(L, r); -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, +- "lua balancer free peer, tries: %ui", pc->tries); + "lua balancer: free peer, tries: %ui", pc->tries); - --#ifndef OPENRESTY_LUAJIT -- ngx_http_lua_create_new_globals_table(L, 0 /* narr */, 1 /* nrec */); ++ + u = bp->request->upstream; + c = pc->connection; -- /* {{{ make new env inheriting main thread's globals table */ -- lua_createtable(L, 0, 1 /* nrec */); /* the metatable for the new env */ -- ngx_http_lua_get_globals_table(L); -- lua_setfield(L, -2, "__index"); -- lua_setmetatable(L, -2); /* setmetatable({}, {__index = _G}) */ -- /* }}} */ +- if (bp->sockaddr && bp->socklen) { + if (ngx_http_lua_balancer_peer_set(bp)) { -+ bp->last_peer_state = (int) state; + bp->last_peer_state = (int) state; -- lua_setfenv(L, -2); /* set new running env for the code closure */ --#endif /* OPENRESTY_LUAJIT */ -+ if (pc->tries) { -+ pc->tries--; -+ } + if (pc->tries) { + pc->tries--; + } -- lua_pushcfunction(L, ngx_http_lua_traceback); -- lua_insert(L, 1); /* put it under chunk and args */ + if (ngx_http_lua_balancer_keepalive_is_enabled(bp)) { + cpool = bp->cpool; - -- /* protected call user code */ -- rc = lua_pcall(L, 0, 1, 1); ++ + if (state & NGX_PEER_FAILED + || c == NULL + || c->read->eof @@ -644,23 +669,14 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- + ngx_http_lua_balancer_free_keepalive_pool(pc->log, cpool); + } + } - -- lua_remove(L, 1); /* remove traceback function */ ++ + return; + } - -- dd("rc == %d", (int) rc); ++ + bp->original_free_peer(pc, bp->data, state); +} - -- if (rc != 0) { -- /* error occurred when running loaded code */ -- err_msg = (u_char *) lua_tolstring(L, -1, &len); - -- if (err_msg == NULL) { -- err_msg = (u_char *) "unknown reason"; -- len = sizeof("unknown reason") - 1; -- } ++ ++ +static ngx_int_t +ngx_http_lua_balancer_create_keepalive_pool(lua_State *L, ngx_log_t *log, + ngx_str_t *cpool_name, ngx_uint_t cpool_size, @@ -670,29 +686,24 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- + ngx_uint_t i; + ngx_http_lua_balancer_keepalive_pool_t *upool; + ngx_http_lua_balancer_keepalive_item_t *items; - -- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, -- "failed to run balancer_by_lua*: %*s", len, err_msg); ++ + /* get upstream connection pools table */ + lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( + balancer_keepalive_pools_table_key)); + lua_rawget(L, LUA_REGISTRYINDEX); /* pools? */ - -- lua_settop(L, 0); /* clear remaining elems on stack */ ++ + ngx_http_lua_assert(lua_istable(L, -1)); + + lua_pushlstring(L, (const char *)cpool_name->data, cpool_name->len); - ++ + size = sizeof(ngx_http_lua_balancer_keepalive_pool_t) + + sizeof(ngx_http_lua_balancer_keepalive_item_t) * cpool_size; + + upool = lua_newuserdata(L, size + cpool_name->len); /* pools upool */ + if (upool == NULL) { - return NGX_ERROR; - } - -- lua_settop(L, 0); /* clear remaining elems on stack */ -- return rc; ++ return NGX_ERROR; ++ } ++ + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, log, 0, + "lua balancer: keepalive create pool, " + "name: %V, size: %ui", @@ -724,33 +735,24 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- + *cpool = upool; + + return NGX_OK; - } - - - static void --ngx_http_lua_balancer_free_peer(ngx_peer_connection_t *pc, void *data, -- ngx_uint_t state) ++} ++ ++ ++static void +ngx_http_lua_balancer_get_keepalive_pool(lua_State *L, + ngx_log_t *log, ngx_str_t *cpool_name, + ngx_http_lua_balancer_keepalive_pool_t **cpool) - { -- ngx_http_lua_balancer_peer_data_t *bp = data; ++{ + ngx_http_lua_balancer_keepalive_pool_t *upool; - -- ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -- "lua balancer free peer, tries: %ui", pc->tries); ++ + /* get upstream connection pools table */ + lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( + balancer_keepalive_pools_table_key)); + lua_rawget(L, LUA_REGISTRYINDEX); /* pools? */ - -- if (bp->sockaddr && bp->socklen) { -- bp->last_peer_state = (int) state; ++ + if (lua_isnil(L, -1)) { + lua_pop(L, 1); /* orig stack */ - -- if (pc->tries) { -- pc->tries--; ++ + /* create upstream connection pools table */ + lua_createtable(L, 0, 0); /* pools */ + lua_pushlightuserdata(L, ngx_http_lua_lightudata_mask( @@ -872,8 +874,8 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- + + if (ngx_handle_read_event(c->read, 0) != NGX_OK) { + goto close; - } - ++ } ++ return; } @@ -882,10 +884,10 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- + + item = c->data; + c->log = ev->log; -+ -+ ngx_http_lua_balancer_close(c); - ngx_http_upstream_free_round_robin_peer(pc, data, state); ++ ngx_http_lua_balancer_close(c); ++ + ngx_queue_remove(&item->queue); + ngx_queue_insert_head(&item->cpool->free, &item->queue); + @@ -895,7 +897,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- } -@@ -431,12 +928,12 @@ +@@ -441,12 +938,12 @@ ngx_http_lua_balancer_set_session(ngx_peer_connection_t *pc, void *data) { ngx_http_lua_balancer_peer_data_t *bp = data; @@ -910,7 +912,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- } -@@ -445,13 +942,12 @@ +@@ -455,13 +952,12 @@ ngx_http_lua_balancer_save_session(ngx_peer_connection_t *pc, void *data) { ngx_http_lua_balancer_peer_data_t *bp = data; @@ -926,7 +928,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- } #endif -@@ -459,14 +955,14 @@ +@@ -469,14 +965,14 @@ ngx_http_lua_balancer_save_session(ngx_peer_connection_t *pc, void *data) int ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, @@ -948,7 +950,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- if (r == NULL) { *err = "no request found"; -@@ -491,18 +987,6 @@ +@@ -501,18 +997,6 @@ ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, return NGX_ERROR; } @@ -967,7 +969,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- ngx_memzero(&url, sizeof(ngx_url_t)); url.url.data = ngx_palloc(r->pool, addr_len); -@@ -526,6 +1010,8 @@ +@@ -536,6 +1020,8 @@ ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, return NGX_ERROR; } @@ -976,7 +978,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- if (url.addrs && url.addrs[0].sockaddr) { bp->sockaddr = url.addrs[0].sockaddr; bp->socklen = url.addrs[0].socklen; -@@ -536,6 +1022,72 @@ +@@ -546,6 +1032,72 @@ ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, return NGX_ERROR; } @@ -1049,7 +1051,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- return NGX_OK; } -@@ -545,14 +1097,13 @@ +@@ -555,14 +1107,13 @@ ngx_http_lua_ffi_balancer_set_timeouts(ngx_http_request_t *r, long connect_timeout, long send_timeout, long read_timeout, char **err) { @@ -1067,7 +1069,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- if (r == NULL) { *err = "no request found"; -@@ -577,15 +1128,9 @@ +@@ -587,15 +1138,9 @@ ngx_http_lua_ffi_balancer_set_timeouts(ngx_http_request_t *r, return NGX_ERROR; } @@ -1085,7 +1087,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- if (!bp->cloned_upstream_conf) { /* we clone the upstream conf for the current request so that * we do not affect other requests at all. */ -@@ -640,12 +1185,10 @@ +@@ -650,12 +1195,10 @@ ngx_http_lua_ffi_balancer_set_more_tries(ngx_http_request_t *r, int count, char **err) { #if (nginx_version >= 1007005) @@ -1101,7 +1103,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- ngx_http_lua_balancer_peer_data_t *bp; if (r == NULL) { -@@ -671,13 +1214,7 @@ +@@ -681,13 +1224,7 @@ ngx_http_lua_ffi_balancer_set_more_tries(ngx_http_request_t *r, return NGX_ERROR; } @@ -1116,7 +1118,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- #if (nginx_version >= 1007005) max_tries = r->upstream->conf->next_upstream_tries; -@@ -703,12 +1240,10 @@ +@@ -713,12 +1250,10 @@ int ngx_http_lua_ffi_balancer_get_last_failure(ngx_http_request_t *r, int *status, char **err) { @@ -1132,7 +1134,7 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- if (r == NULL) { *err = "no request found"; -@@ -733,13 +1268,7 @@ +@@ -743,13 +1278,7 @@ ngx_http_lua_ffi_balancer_get_last_failure(ngx_http_request_t *r, return NGX_ERROR; } @@ -1147,12 +1149,13 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_balancer.c b/bundle/ngx_lua- if (r->upstream_states && r->upstream_states->nelts > 1) { state = r->upstream_states->elts; -diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_common.h b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_common.h ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_common.h 2022-12-02 10:58:50.050203715 +0800 -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_common.h 2022-12-05 07:01:11.798290942 +0800 -@@ -240,13 +240,6 @@ - ngx_http_lua_main_conf_handler_pt exit_worker_handler; +diff --git a/bundle/ngx_lua-0.10.25/src/ngx_http_lua_common.h b/bundle/ngx_lua-0.10.25/src/ngx_http_lua_common.h +index 8435045..ea45f3a 100644 +--- a/bundle/ngx_lua-0.10.25/src/ngx_http_lua_common.h ++++ b/bundle/ngx_lua-0.10.25/src/ngx_http_lua_common.h +@@ -247,13 +247,6 @@ struct ngx_http_lua_main_conf_s { ngx_str_t exit_worker_src; + u_char *exit_worker_chunkname; - ngx_http_lua_balancer_peer_data_t *balancer_peer_data; - /* neither yielding nor recursion is possible in @@ -1164,8 +1167,8 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_common.h b/bundle/ngx_lua-0. ngx_chain_t *body_filter_chain; /* neither yielding nor recursion is possible in * body_filter_by_lua*, so there cannot be any races among -@@ -328,6 +321,10 @@ - #endif +@@ -348,6 +341,10 @@ union ngx_http_lua_srv_conf_u { + } srv; struct { + ngx_http_upstream_init_pt original_init_upstream; @@ -1175,11 +1178,12 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_common.h b/bundle/ngx_lua-0. ngx_http_lua_srv_conf_handler_pt handler; ngx_str_t src; u_char *src_key; -diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_module.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_module.c ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_module.c 2022-12-02 10:58:50.050203715 +0800 -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_module.c 2022-12-05 18:22:15.351308080 +0800 -@@ -1117,6 +1117,9 @@ - * lscf->srv.ssl_session_fetch_src = { 0, NULL }; +diff --git a/bundle/ngx_lua-0.10.25/src/ngx_http_lua_module.c b/bundle/ngx_lua-0.10.25/src/ngx_http_lua_module.c +index 16f4424..b3b0d72 100644 +--- a/bundle/ngx_lua-0.10.25/src/ngx_http_lua_module.c ++++ b/bundle/ngx_lua-0.10.25/src/ngx_http_lua_module.c +@@ -1158,6 +1158,9 @@ ngx_http_lua_create_srv_conf(ngx_conf_t *cf) + * lscf->srv.ssl_session_fetch_chunkname = NULL; * lscf->srv.ssl_session_fetch_src_key = NULL; * + * lscf->balancer.original_init_upstream = NULL; @@ -1187,4 +1191,4 @@ diff -ruN a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_module.c b/bundle/ngx_lua-0. + * lscf->balancer.data = NULL; * lscf->balancer.handler = NULL; * lscf->balancer.src = { 0, NULL }; - * lscf->balancer.src_key = NULL; + * lscf->balancer.chunkname = NULL; diff --git a/build/openresty/patches/ngx_lua-0.10.21_07-dynamic_log_level.patch b/build/openresty/patches/ngx_lua-0.10.25_02-dynamic_log_level.patch similarity index 77% rename from build/openresty/patches/ngx_lua-0.10.21_07-dynamic_log_level.patch rename to build/openresty/patches/ngx_lua-0.10.25_02-dynamic_log_level.patch index 44d9d093fb68..3bf625a043ff 100644 --- a/build/openresty/patches/ngx_lua-0.10.21_07-dynamic_log_level.patch +++ b/build/openresty/patches/ngx_lua-0.10.25_02-dynamic_log_level.patch @@ -1,7 +1,7 @@ -diff --git a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_log.c b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_log.c +diff --git a/bundle/ngx_lua-0.10.25/src/ngx_http_lua_log.c b/bundle/ngx_lua-0.10.25/src/ngx_http_lua_log.c index 43ab820..d18fd05 100644 ---- a/bundle/ngx_lua-0.10.21/src/ngx_http_lua_log.c -+++ b/bundle/ngx_lua-0.10.21/src/ngx_http_lua_log.c +--- a/bundle/ngx_lua-0.10.25/src/ngx_http_lua_log.c ++++ b/bundle/ngx_lua-0.10.25/src/ngx_http_lua_log.c @@ -101,7 +101,11 @@ log_wrapper(ngx_log_t *log, const char *ident, ngx_uint_t level, const char *msg; lua_Debug ar; diff --git a/build/openresty/patches/ngx_stream_lua-0.0.11_01-expose_request_struct.patch b/build/openresty/patches/ngx_stream_lua-0.0.13_01-expose_request_struct.patch similarity index 58% rename from build/openresty/patches/ngx_stream_lua-0.0.11_01-expose_request_struct.patch rename to build/openresty/patches/ngx_stream_lua-0.0.13_01-expose_request_struct.patch index 0c307318acc4..5cd8001ec568 100644 --- a/build/openresty/patches/ngx_stream_lua-0.0.11_01-expose_request_struct.patch +++ b/build/openresty/patches/ngx_stream_lua-0.0.13_01-expose_request_struct.patch @@ -5,13 +5,13 @@ Subject: [PATCH] Sync with meta-lua-nginx-module 1330009671cd86eaf045f9f2c5cda3727a94570f. --- - ngx_stream_lua-0.0.11/src/api/ngx_stream_lua_api.h | 3 +++ + ngx_stream_lua-0.0.13/src/api/ngx_stream_lua_api.h | 3 +++ 1 file changed, 3 insertions(+) -diff --git a/bundle/ngx_stream_lua-0.0.11/src/api/ngx_stream_lua_api.h b/bundle/ngx_stream_lua-0.0.11/src/api/ngx_stream_lua_api.h +diff --git a/bundle/ngx_stream_lua-0.0.13/src/api/ngx_stream_lua_api.h b/bundle/ngx_stream_lua-0.0.13/src/api/ngx_stream_lua_api.h index 0e5a18f..040ef84 100644 ---- a/bundle/ngx_stream_lua-0.0.11/src/api/ngx_stream_lua_api.h -+++ b/bundle/ngx_stream_lua-0.0.11/src/api/ngx_stream_lua_api.h +--- a/bundle/ngx_stream_lua-0.0.13/src/api/ngx_stream_lua_api.h ++++ b/bundle/ngx_stream_lua-0.0.13/src/api/ngx_stream_lua_api.h @@ -21,6 +21,9 @@ diff --git a/build/openresty/patches/openresty-custom_prefix_and_cc.patch b/build/openresty/patches/openresty_01-custom_prefix_and_cc.patch similarity index 100% rename from build/openresty/patches/openresty-custom_prefix_and_cc.patch rename to build/openresty/patches/openresty_01-custom_prefix_and_cc.patch diff --git a/build/openresty/repositories.bzl b/build/openresty/repositories.bzl index d1bb6f53cacc..4c29e63a6de1 100644 --- a/build/openresty/repositories.bzl +++ b/build/openresty/repositories.bzl @@ -30,7 +30,7 @@ def openresty_repositories(): openresty_http_archive_wrapper, name = "openresty", build_file = "//build/openresty:BUILD.openresty.bazel", - sha256 = "0c5093b64f7821e85065c99e5d4e6cc31820cfd7f37b9a0dec84209d87a2af99", + sha256 = "5b1eded25c1d4ed76c0336dfae50bd94d187af9c85ead244135dd5ae363b2e2a", strip_prefix = "openresty-" + openresty_version, urls = [ "https://openresty.org/download/openresty-" + openresty_version + ".tar.gz", diff --git a/kong/meta.lua b/kong/meta.lua index 3d50e8cc0fd5..6b8b53b7b604 100644 --- a/kong/meta.lua +++ b/kong/meta.lua @@ -24,6 +24,6 @@ return { -- third-party dependencies' required version, as they would be specified -- to lua-version's `set()` in the form {from, to} _DEPENDENCIES = { - nginx = { "1.21.4.1" }, + nginx = { "1.21.4.2" }, } } diff --git a/t/05-mlcache/00-ipc.t b/t/05-mlcache/00-ipc.t index a808ead53004..21b986e1c31b 100644 --- a/t/05-mlcache/00-ipc.t +++ b/t/05-mlcache/00-ipc.t @@ -119,7 +119,7 @@ GET /t --- response_body --- error_log eval -qr/\[error\] .*? \[ipc\] callback for channel 'my_channel' threw a Lua error: init_worker_by_lua:\d: my callback had an error/ +qr/\[error\] .*? \[ipc\] callback for channel 'my_channel' threw a Lua error: .*?my callback had an error/ --- no_error_log lua entry thread aborted: runtime error