Skip to content

Commit

Permalink
feat(stream): add upstream ssl ffi function and stream client ssl ffi…
Browse files Browse the repository at this point in the history
… function (#50)

1. extend stream module upstream ssl client function to support dynamic  upstream ssl cert
2. extend stream tls request client_certificate_chain
  • Loading branch information
oowl authored Jan 3, 2023
1 parent d6ce64d commit fec7331
Show file tree
Hide file tree
Showing 12 changed files with 2,049 additions and 549 deletions.
22 changes: 11 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ resty.kong.tls.disable\_session\_reuse

**context:** *ssl_certificate_by_lua**

**subsystems:** *http*
**subsystems:** *http* *stream*

Prevents the TLS session for the current connection from being reused by
disabling session ticket and session ID for the current TLS connection.
Expand All @@ -162,9 +162,9 @@ resty.kong.tls.get\_full\_client\_certificate\_chain
----------------------------------------------------
**syntax:** *pem_chain, err = resty.kong.tls.get\_full\_client\_certificate\_chain()*

**context:** *rewrite_by_lua*, access_by_lua*, content_by_lua*, log_by_lua**
**context:** *rewrite_by_lua*, access_by_lua*, content_by_lua*, log_by_lua**, *preread_by_lua**

**subsystems:** *http*
**subsystems:** *http* *stream*

Returns the PEM encoded downstream client certificate chain with the client certificate
at the top and intermediate certificates (if any) at the bottom.
Expand Down Expand Up @@ -192,9 +192,9 @@ resty.kong.tls.set\_upstream\_cert\_and\_key
--------------------------------------------
**syntax:** *ok, err = resty.kong.tls.set\_upstream\_cert\_and\_key(chain, key)*

**context:** *rewrite_by_lua*, access_by_lua*, balancer_by_lua**
**context:** *rewrite_by_lua*, access_by_lua*, balancer_by_lua**, *preread_by_lua**

**subsystems:** *http*
**subsystems:** *http* *stream*

Overrides and enables sending client certificate while connecting to the
upstream in the current request.
Expand All @@ -218,9 +218,9 @@ resty.kong.tls.set\_upstream\_ssl\_trusted\_store
-------------------------------------------------
**syntax:** *ok, err = resty.kong.tls.set\_upstream\_ssl\_trusted\_store(store)*

**context:** *rewrite_by_lua*, access_by_lua*, balancer_by_lua**
**context:** *rewrite_by_lua*, access_by_lua*, balancer_by_lua**, *preread_by_lua**

**subsystems:** *http*
**subsystems:** *http* *stream*

Set upstream ssl verification trusted store of current request. Global setting set by
`proxy_ssl_trusted_certificate` will be overwritten for the current request.
Expand Down Expand Up @@ -280,9 +280,9 @@ resty.kong.tls.set\_upstream\_ssl\_verify
-----------------------------------------
**syntax:** *ok, err = resty.kong.tls.set\_upstream\_ssl\_verify(verify)*

**context:** *rewrite_by_lua*, access_by_lua*, balancer_by_lua**
**context:** *rewrite_by_lua*, access_by_lua*, balancer_by_lua**, *preread_by_lua**

**subsystems:** *http*
**subsystems:** *http* *stream*

Set upstream ssl verification enablement of current request to the given boolean
argument `verify`. Global setting set by `proxy_ssl_verify` will be overwritten.
Expand All @@ -299,9 +299,9 @@ resty.kong.tls.set\_upstream\_ssl\_verify\_depth
------------------------------------------------
**syntax:** *ok, err = resty.kong.tls.set\_upstream\_ssl\_verify\_depth(depth)*

**context:** *rewrite_by_lua*, access_by_lua*, balancer_by_lua**
**context:** *rewrite_by_lua*, access_by_lua*, balancer_by_lua**, *preread_by_lua**

**subsystems:** *http*
**subsystems:** *http* *stream*

Set upstream ssl verification depth of current request to the given non-negative integer
argument `depth`. Global setting set by `proxy_ssl_verify_depth` will be overwritten.
Expand Down
1 change: 1 addition & 0 deletions config
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ ngx_module_srcs=" \
$ngx_addon_dir/src/ngx_http_lua_kong_tag.c \
$ngx_addon_dir/src/ngx_http_lua_kong_module.c \
$ngx_addon_dir/src/ngx_http_lua_kong_log.c \
$ngx_addon_dir/src/ssl/ngx_lua_kong_ssl.c \
"

ngx_module_incs="$ngx_addon_dir/src"
Expand Down
Loading

0 comments on commit fec7331

Please sign in to comment.