From afd19f3e9179481515e3b8f0d98cf8ad636c4536 Mon Sep 17 00:00:00 2001 From: wenqiang3 Date: Sun, 12 Feb 2017 18:45:25 +0800 Subject: [PATCH 1/5] add the set_http_version --- lib/ngx/ssl.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/lib/ngx/ssl.md b/lib/ngx/ssl.md index fc7ecae5f..1677cd16e 100644 --- a/lib/ngx/ssl.md +++ b/lib/ngx/ssl.md @@ -23,6 +23,7 @@ Table of Contents * [parse_pem_priv_key](#parse_pem_priv_key) * [set_cert](#set_cert) * [set_priv_key](#set_priv_key) + * [set_http_version](#set_http_version) * [Community](#community) * [English Mailing List](#english-mailing-list) * [Chinese Mailing List](#chinese-mailing-list) @@ -381,6 +382,23 @@ This function was first added in version `0.1.7`. [Back to TOC](#table-of-contents) +set_http_version +------------ +**syntax:** *ok, err = ssl.set_http_version(http_version)* + +**context:** *ssl_certificate_by_lua** + +Mondify the http version. + +http_version: + +* 1 - http1.1 +* 2 - http2 + +Returns `true` on success, or a `nil` value and a string describing the error otherwise. + +[Back to TOC](#table-of-contents) + Community ========= From c31d55193c240a21237b94ae4839b82f019d4ee0 Mon Sep 17 00:00:00 2001 From: wenqiang3 Date: Sun, 12 Feb 2017 19:33:48 +0800 Subject: [PATCH 2/5] modify the set_http_version --- lib/ngx/ssl.lua | 21 +++++++++++++++++++++ lib/ngx/ssl.md | 2 +- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/lib/ngx/ssl.lua b/lib/ngx/ssl.lua index 89d42a533..1c68a03bf 100644 --- a/lib/ngx/ssl.lua +++ b/lib/ngx/ssl.lua @@ -58,6 +58,8 @@ int ngx_http_lua_ffi_set_priv_key(void *r, void *cdata, char **err); void ngx_http_lua_ffi_free_cert(void *cdata); void ngx_http_lua_ffi_free_priv_key(void *cdata); + +int ngx_http_lua_ffi_set_httpv(ngx_http_request_t *r, int hv, char **err); ]] @@ -284,4 +286,23 @@ do end +function _M.set_http_version(hv) + local r = getfenv(0).__ngx_req + if not r then + return error("no request found") + end + + local v = tonumber(hv) + if v < 0 then + return error("no negative number") + end + + local rc = C.ngx_http_lua_ffi_set_httpv(r, v, errmsg) + if rc == FFI_OK then + return true + end + + return nil, ffi_str(errmsg[0]) +end + return _M diff --git a/lib/ngx/ssl.md b/lib/ngx/ssl.md index 1677cd16e..e5f97bda8 100644 --- a/lib/ngx/ssl.md +++ b/lib/ngx/ssl.md @@ -388,7 +388,7 @@ set_http_version **context:** *ssl_certificate_by_lua** -Mondify the http version. +Modify the http version. http_version: From f0dba8b634649e1b120dbd11ab10ba11f2c02762 Mon Sep 17 00:00:00 2001 From: wenqiang3 Date: Sun, 12 Feb 2017 19:37:30 +0800 Subject: [PATCH 3/5] modify the Synopsis --- lib/ngx/ssl.md | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/lib/ngx/ssl.md b/lib/ngx/ssl.md index e5f97bda8..4584a7f0b 100644 --- a/lib/ngx/ssl.md +++ b/lib/ngx/ssl.md @@ -46,8 +46,8 @@ Synopsis lua_package_path "/path/to/lua-resty-core/lib/?.lua;;"; server { - listen 443 ssl; - server_name test.com; + listen 443 ssl http2; + server_name test.com hello.com; # useless placeholders: just to shut up NGINX configuration # loader errors: @@ -92,6 +92,15 @@ server { ngx.log(ngx.ERR, "failed to set DER private key: ", err) return ngx.exit(ngx.ERROR) end + + local sn, err = ssl.server_name() + if not sn then + ngx.log(ngx.ERR, "failed to get server name: ", err) + return ngx.exit(ngx.ERROR) + end + if sn == "test.com" then + ssl.set_http_version(1) + end } location / { From df78a989f1d518c1f0e7095be8d6c50248af7e9d Mon Sep 17 00:00:00 2001 From: wenqiang3 Date: Thu, 21 Sep 2017 19:24:16 +0800 Subject: [PATCH 4/5] note http version --- lib/ngx/ssl.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ngx/ssl.md b/lib/ngx/ssl.md index 4584a7f0b..e6f4ffc21 100644 --- a/lib/ngx/ssl.md +++ b/lib/ngx/ssl.md @@ -397,7 +397,7 @@ set_http_version **context:** *ssl_certificate_by_lua** -Modify the http version. +Sets the ALPN(NPN) http version. http_version: From fa2f5bf3d4c0f4c9af3b2d587bc1fe3e04543207 Mon Sep 17 00:00:00 2001 From: wenqiang3 Date: Sat, 23 Sep 2017 10:52:37 +0800 Subject: [PATCH 5/5] add test http2 --- t/http2.t | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 t/http2.t diff --git a/t/http2.t b/t/http2.t new file mode 100644 index 000000000..02d228a34 --- /dev/null +++ b/t/http2.t @@ -0,0 +1,80 @@ +# vim:set ft= ts=4 sw=4 et fdm=marker: + +use Test::Nginx::Socket::Lua; +use Cwd qw(cwd); + +log_level('debug'); +# server_port('443'); +server_name('test.com'); + +repeat_each(2); + +plan tests => repeat_each() * blocks(); + +our $CWD = cwd(); + +#no_diff(); +#no_long_string(); +no_shuffle(); + +$ENV{TEST_NGINX_USE_HTTP2} = 1; +$ENV{TEST_NGINX_LUA_PACKAGE_PATH} = "$::CWD/lib/?.lua;;"; + +run_tests(); + + +__DATA__ + + +=== TEST 1: test set http2 +--- http_config + lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH/?.lua;;"; + + +--- config + ssl_certificate ../../cert/test.crt; + ssl_certificate_key ../../cert/test.key; + + ssl_certificate_by_lua_block { + local ssl = require "ngx.ssl"; + ssl.set_http_version(2); + } + location /t { + return 200 "ok"; + } + +--- http2 +--- sni +--- request +GET /t +--- ignore_response +--- error_log +LUA SSL ALPN selected: h2 + + + +=== TEST 2: test set http1.1 +--- http_config + lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH/?.lua;;"; + + +--- config + ssl_certificate ../../cert/test.crt; + ssl_certificate_key ../../cert/test.key; + + ssl_certificate_by_lua_block { + local ssl = require "ngx.ssl"; + ssl.set_http_version(1); + } + location /t { + return 200 "ok"; + } + +--- http2 +--- sni +--- request +GET /t +--- ignore_response +--- error_log +LUA SSL ALPN selected: http/1.1 +