bugfix: failed to build with old ssl.

Author: zhuizhuhaomeng

src/ngx_stream_lua_common.h

@@ -31,6 +31,23 @@
 #include <lualib.h>
 #include <lauxlib.h>
 
+#if (NGX_STREAM_SSL)
+
+#include <openssl/ssl.h>
+
+#ifdef HAVE_PROXY_SSL_PATCH
+
+#if defined(LIBRESSL_VERSION_NUMBER)
+/* do nothing */
+#elif defined(OPENSSL_IS_BORINGSSL)
+/* do nothing */
+#elif defined(SSL_ERROR_WANT_RETRY_VERIFY) &&                                \
+    OPENSSL_VERSION_NUMBER >= 0x30000020uL
+#define  HAVE_LUA_PROXY_SSL 1
+#endif
+
+#endif /* HAVE_PROXY_SSL_PATCH */
+#endif /* NGX_STREAM_SSL */
 
 #include "ngx_stream_lua_request.h"
 

src/ngx_stream_lua_control.c

@@ -116,7 +116,7 @@ ngx_stream_lua_ffi_exit(ngx_stream_lua_request_t *r, int status, u_char *err,
         | NGX_STREAM_LUA_CONTEXT_BALANCER
         | NGX_STREAM_LUA_CONTEXT_SSL_CLIENT_HELLO
         | NGX_STREAM_LUA_CONTEXT_SSL_CERT
-#ifdef HAVE_PROXY_SSL_PATCH
+#ifdef HAVE_LUA_PROXY_SSL
         | NGX_STREAM_LUA_CONTEXT_PROXY_SSL_CERT
         | NGX_STREAM_LUA_CONTEXT_PROXY_SSL_VERIFY
 #endif
@@ -127,7 +127,7 @@ ngx_stream_lua_ffi_exit(ngx_stream_lua_request_t *r, int status, u_char *err,
     }
 
     if (ctx->context & (NGX_STREAM_LUA_CONTEXT_SSL_CERT
-#ifdef HAVE_PROXY_SSL_PATCH
+#ifdef HAVE_LUA_PROXY_SSL
                         | NGX_STREAM_LUA_CONTEXT_PROXY_SSL_CERT
                         | NGX_STREAM_LUA_CONTEXT_PROXY_SSL_VERIFY
 #endif

src/ngx_stream_lua_coroutine.c

@@ -205,7 +205,7 @@ ngx_stream_lua_coroutine_resume(lua_State *L)
                                  | NGX_STREAM_LUA_CONTEXT_TIMER
                                  | NGX_STREAM_LUA_CONTEXT_SSL_CLIENT_HELLO
                                  | NGX_STREAM_LUA_CONTEXT_SSL_CERT
-#ifdef HAVE_PROXY_SSL_PATCH
+#ifdef HAVE_LUA_PROXY_SSL
                                  | NGX_STREAM_LUA_CONTEXT_PROXY_SSL_CERT
                                  | NGX_STREAM_LUA_CONTEXT_PROXY_SSL_VERIFY
 #endif
@@ -270,7 +270,7 @@ ngx_stream_lua_coroutine_yield(lua_State *L)
                                  | NGX_STREAM_LUA_CONTEXT_TIMER
                                  | NGX_STREAM_LUA_CONTEXT_SSL_CLIENT_HELLO
                                  | NGX_STREAM_LUA_CONTEXT_SSL_CERT
-#ifdef HAVE_PROXY_SSL_PATCH
+#ifdef HAVE_LUA_PROXY_SSL
                                  | NGX_STREAM_LUA_CONTEXT_PROXY_SSL_CERT
                                  | NGX_STREAM_LUA_CONTEXT_PROXY_SSL_VERIFY
 #endif
@@ -434,7 +434,7 @@ ngx_stream_lua_coroutine_status(lua_State *L)
                                  | NGX_STREAM_LUA_CONTEXT_TIMER
                                  | NGX_STREAM_LUA_CONTEXT_SSL_CLIENT_HELLO
                                  | NGX_STREAM_LUA_CONTEXT_SSL_CERT
-#ifdef HAVE_PROXY_SSL_PATCH
+#ifdef HAVE_LUA_PROXY_SSL
                                  | NGX_STREAM_LUA_CONTEXT_PROXY_SSL_CERT
                                  | NGX_STREAM_LUA_CONTEXT_PROXY_SSL_VERIFY
 #endif

src/ngx_stream_lua_module.c

@@ -31,7 +31,7 @@
 #include "ngx_stream_lua_ssl_client_helloby.h"
 #include "ngx_stream_lua_ssl_certby.h"
 
-#ifdef HAVE_PROXY_SSL_PATCH
+#ifdef HAVE_LUA_PROXY_SSL
 #include "ngx_stream_lua_proxy_ssl_certby.h"
 #include "ngx_stream_lua_proxy_ssl_verifyby.h"
 #endif
@@ -433,7 +433,7 @@ static ngx_command_t ngx_stream_lua_cmds[] = {
       0,
       (void *) ngx_stream_lua_ssl_cert_handler_file },
 
-#if HAVE_PROXY_SSL_PATCH
+#if HAVE_LUA_PROXY_SSL
     /* same context as proxy_pass directive */
     { ngx_string("proxy_ssl_certificate_by_lua_block"),
       NGX_STREAM_SRV_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS,
@@ -921,13 +921,11 @@ ngx_stream_lua_create_srv_conf(ngx_conf_t *cf)
 
     conf->log_socket_errors = NGX_CONF_UNSET;
 
-#if (NGX_STREAM_SSL)
+#ifdef HAVE_LUA_PROXY_SSL
     conf->ssl_verify_depth = NGX_CONF_UNSET_UINT;
     conf->ssl_certificates = NGX_CONF_UNSET_PTR;
     conf->ssl_certificate_keys = NGX_CONF_UNSET_PTR;
-#ifdef HAVE_PROXY_SSL_PATCH
     conf->ups.upstream_skip_openssl_default_verify = NGX_CONF_UNSET;
-#endif
 #endif
 
     return conf;
@@ -1061,7 +1059,7 @@ ngx_stream_lua_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
                              NULL);
 #endif
 
-#ifdef HAVE_PROXY_SSL_PATCH
+#ifdef HAVE_LUA_PROXY_SSL
     if (conf->ups.proxy_ssl_cert_src.len == 0) {
         conf->ups.proxy_ssl_cert_src = prev->ups.proxy_ssl_cert_src;
         conf->ups.proxy_ssl_cert_handler = prev->ups.proxy_ssl_cert_handler;

src/ngx_stream_lua_phase.c

@@ -66,7 +66,7 @@ ngx_stream_lua_ngx_get_phase(lua_State *L)
         lua_pushliteral(L, "content");
         break;
 
-#ifdef HAVE_PROXY_SSL_PATCH
+#ifdef HAVE_LUA_PROXY_SSL
     case NGX_STREAM_LUA_CONTEXT_PROXY_SSL_CERT:
         lua_pushliteral(L, "proxy_ssl_cert");
         break;

src/ngx_stream_lua_proxy_ssl_certby.c

@@ -5,11 +5,11 @@
 #ifndef DDEBUG
 #define DDEBUG 0
 #endif
-#include "ddebug.h"
-
 
-#if (NGX_STREAM_SSL)
+#include "ddebug.h"
+#include "ngx_stream_lua_proxy_ssl_certby.h"
 
+#ifdef HAVE_LUA_PROXY_SSL
 #include "ngx_stream_lua_cache.h"
 #include "ngx_stream_lua_initworkerby.h"
 #include "ngx_stream_lua_util.h"
@@ -18,9 +18,6 @@
 #include "ngx_stream_lua_directive.h"
 #include "ngx_stream_lua_ssl.h"
 
-#ifdef HAVE_PROXY_SSL_PATCH
-#include "ngx_stream_lua_proxy_ssl_certby.h"
-
 
 static void ngx_stream_lua_proxy_ssl_cert_done(void *data);
 static void ngx_stream_lua_proxy_ssl_cert_aborted(void *data);
@@ -31,16 +28,6 @@ static ngx_int_t ngx_stream_lua_proxy_ssl_cert_by_chunk(lua_State *L,
 ngx_int_t
 ngx_stream_lua_proxy_ssl_cert_set_callback(ngx_conf_t *cf)
 {
-
-#ifdef LIBRESSL_VERSION_NUMBER
-
-    ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
-                  "LibreSSL does not support by proxy_ssl_certificate_by_lua*");
-
-    return NGX_ERROR;
-
-#else
-
     ngx_flag_t           proxy_ssl = 0;
     ngx_pool_cleanup_t  *cln;
     ngx_ssl_t           *ssl;
@@ -76,22 +63,9 @@ ngx_stream_lua_proxy_ssl_cert_set_callback(ngx_conf_t *cf)
         return NGX_ERROR;
     }
 
-#if OPENSSL_VERSION_NUMBER >= 0x1000205fL
-
     SSL_CTX_set_cert_cb(ssl->ctx, ngx_stream_lua_proxy_ssl_cert_handler, NULL);
 
     return NGX_OK;
-
-#else
-
-    ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "OpenSSL too old to support "
-                  "proxy_ssl_certificate_by_lua*");
-
-    return NGX_ERROR;
-
-#endif
-
-#endif
 }
 
 
@@ -160,16 +134,6 @@ char *
 ngx_stream_lua_proxy_ssl_cert_by_lua(ngx_conf_t *cf, ngx_command_t *cmd,
     void *conf)
 {
-#if OPENSSL_VERSION_NUMBER < 0x1000205fL
-
-    ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
-                  "at least OpenSSL 1.0.2e required but found "
-                  OPENSSL_VERSION_TEXT);
-
-    return NGX_CONF_ERROR;
-
-#else
-
     u_char                           *p;
     u_char                           *name;
     ngx_str_t                        *value;
@@ -239,8 +203,6 @@ ngx_stream_lua_proxy_ssl_cert_by_lua(ngx_conf_t *cf, ngx_command_t *cmd,
     }
 
     return NGX_CONF_OK;
-
-#endif  /* OPENSSL_VERSION_NUMBER < 0x1000205fL */
 }
 
 
@@ -582,20 +544,6 @@ int
 ngx_stream_lua_ffi_proxy_ssl_clear_certs(ngx_stream_lua_request_t *r,
     char **err)
 {
-#ifdef LIBRESSL_VERSION_NUMBER
-
-    *err = "LibreSSL not supported";
-    return NGX_ERROR;
-
-#else
-
-#   if OPENSSL_VERSION_NUMBER < 0x1000205fL
-
-    *err = "at least OpenSSL 1.0.2e required but found " OPENSSL_VERSION_TEXT;
-    return NGX_ERROR;
-
-#   else
-
     ngx_stream_upstream_t           *u;
     ngx_ssl_conn_t                  *ssl_conn;
     ngx_connection_t                *c;
@@ -620,30 +568,13 @@ ngx_stream_lua_ffi_proxy_ssl_clear_certs(ngx_stream_lua_request_t *r,
 
     SSL_certs_clear(ssl_conn);
     return NGX_OK;
-
-#   endif  /* OPENSSL_VERSION_NUMBER < 0x1000205fL */
-#endif
 }
 
 
 int
 ngx_stream_lua_ffi_proxy_ssl_set_der_certificate(ngx_stream_lua_request_t *r,
     const char *data, size_t len, char **err)
 {
-#ifdef LIBRESSL_VERSION_NUMBER
-
-    *err = "LibreSSL not supported";
-    return NGX_ERROR;
-
-#else
-
-#   if OPENSSL_VERSION_NUMBER < 0x1000205fL
-
-    *err = "at least OpenSSL 1.0.2e required but found " OPENSSL_VERSION_TEXT;
-    return NGX_ERROR;
-
-#   else
-
     ngx_stream_upstream_t           *u;
     ngx_ssl_conn_t                  *ssl_conn;
     ngx_connection_t                *c;
@@ -722,9 +653,6 @@ ngx_stream_lua_ffi_proxy_ssl_set_der_certificate(ngx_stream_lua_request_t *r,
     ERR_clear_error();
 
     return NGX_ERROR;
-
-#   endif  /* OPENSSL_VERSION_NUMBER < 0x1000205fL */
-#endif
 }
 
 
@@ -798,20 +726,6 @@ int
 ngx_stream_lua_ffi_proxy_ssl_set_cert(ngx_stream_lua_request_t *r,
     void *cdata, char **err)
 {
-#ifdef LIBRESSL_VERSION_NUMBER
-
-    *err = "LibreSSL not supported";
-    return NGX_ERROR;
-
-#else
-
-#   if OPENSSL_VERSION_NUMBER < 0x1000205fL
-
-    *err = "at least OpenSSL 1.0.2e required but found " OPENSSL_VERSION_TEXT;
-    return NGX_ERROR;
-
-#   else
-
 #ifdef OPENSSL_IS_BORINGSSL
     size_t             i;
 #else
@@ -883,9 +797,6 @@ ngx_stream_lua_ffi_proxy_ssl_set_cert(ngx_stream_lua_request_t *r,
     ERR_clear_error();
 
     return NGX_ERROR;
-
-#   endif  /* OPENSSL_VERSION_NUMBER < 0x1000205fL */
-#endif
 }
 
 
@@ -936,69 +847,4 @@ ngx_stream_lua_ffi_proxy_ssl_set_priv_key(ngx_stream_lua_request_t *r,
     return NGX_ERROR;
 }
 
-
-#else  /* HAVE_PROXY_SSL_PATCH */
-
-
-int
-ngx_stream_lua_ffi_proxy_ssl_get_tls1_version(ngx_stream_lua_request_t *r,
-    char **err)
-{
-    *err = "Does not have HAVE_PROXY_SSL_PATCH to support this function";
-
-    return NGX_ERROR;
-}
-
-
-int
-ngx_stream_lua_ffi_proxy_ssl_clear_certs(ngx_stream_lua_request_t *r,
-    char **err)
-{
-    *err = "Does not have HAVE_PROXY_SSL_PATCH to support this function";
-
-    return NGX_ERROR;
-}
-
-
-int
-ngx_stream_lua_ffi_proxy_ssl_set_der_certificate(ngx_stream_lua_request_t *r,
-    const char *data, size_t len, char **err)
-{
-    *err = "Does not have HAVE_PROXY_SSL_PATCH to support this function";
-
-    return NGX_ERROR;
-}
-
-
-int
-ngx_stream_lua_ffi_proxy_ssl_set_der_private_key(ngx_stream_lua_request_t *r,
-    const char *data, size_t len, char **err)
-{
-    *err = "Does not have HAVE_PROXY_SSL_PATCH to support this function";
-
-    return NGX_ERROR;
-}
-
-
-int
-ngx_stream_lua_ffi_proxy_ssl_set_cert(ngx_stream_lua_request_t *r,
-    void *cdata, char **err)
-{
-    *err = "Does not have HAVE_PROXY_SSL_PATCH to support this function";
-
-    return NGX_ERROR;
-}
-
-
-int
-ngx_stream_lua_ffi_proxy_ssl_set_priv_key(ngx_stream_lua_request_t *r,
-    void *cdata, char **err)
-{
-    *err = "Does not have HAVE_PROXY_SSL_PATCH to support this function";
-
-    return NGX_ERROR;
-}
-
-
-#endif /* HAVE_PROXY_SSL_PATCH */
-#endif /* NGX_STREAM_SSL */
+#endif /* HAVE_LUA_PROXY_SSL */

src/ngx_stream_lua_proxy_ssl_certby.h

@@ -9,8 +9,7 @@
 #include "ngx_stream_lua_common.h"
 
 
-#if (NGX_STREAM_SSL)
-#ifdef HAVE_PROXY_SSL_PATCH
+#ifdef HAVE_LUA_PROXY_SSL
 
 /* do not introduce ngx_stream_proxy_module
  * to pollute ngx_stream_lua_module.c
@@ -33,8 +32,7 @@ int ngx_stream_lua_proxy_ssl_cert_handler(ngx_ssl_conn_t *ssl_conn, void *data);
 
 ngx_int_t ngx_stream_lua_proxy_ssl_cert_set_callback(ngx_conf_t *cf);
 
-#endif  /* HAVE_PROXY_SSL_PATCH */
-#endif  /* NGX_STREAM_SSL */
+#endif  /* HAVE_LUA_PROXY_SSL */
 #endif /* _NGX_STREAM_LUA_PROXY_SSL_CERTBY_H_INCLUDED_ */
 
 /* vi:set ft=c ts=4 sw=4 et fdm=marker: */