Skip to content

feature: add ssl.set_http_version API #147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
vislee wants to merge 5 commits into from
Closed

feature: add ssl.set_http_version API #147

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
afd19f3
add the set_http_version
Feb 12, 2017
c31d551
modify the set_http_version
Feb 12, 2017
f0dba8b
modify the Synopsis
Feb 12, 2017
df78a98
note http version
Sep 21, 2017
fa2f5bf
add test http2
Sep 23, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions lib/ngx/ssl.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,8 @@ int ngx_http_lua_ffi_set_priv_key(void *r, void *cdata, char **err);
void ngx_http_lua_ffi_free_cert(void *cdata);

void ngx_http_lua_ffi_free_priv_key(void *cdata);

int ngx_http_lua_ffi_set_httpv(ngx_http_request_t *r, int hv, char **err);
]]


Expand Down Expand Up @@ -284,4 +286,23 @@ do
end


function _M.set_http_version(hv)
local r = getfenv(0).__ngx_req
if not r then
return error("no request found")
end

local v = tonumber(hv)
if v < 0 then
return error("no negative number")
end

local rc = C.ngx_http_lua_ffi_set_httpv(r, v, errmsg)
if rc == FFI_OK then
return true
end

return nil, ffi_str(errmsg[0])
end

return _M
31 changes: 29 additions & 2 deletions lib/ngx/ssl.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ Table of Contents
* [parse_pem_priv_key](#parse_pem_priv_key)
* [set_cert](#set_cert)
* [set_priv_key](#set_priv_key)
* [set_http_version](#set_http_version)
* [Community](#community)
* [English Mailing List](#english-mailing-list)
* [Chinese Mailing List](#chinese-mailing-list)
Expand All @@ -45,8 +46,8 @@ Synopsis
lua_package_path "/path/to/lua-resty-core/lib/?.lua;;";

server {
listen 443 ssl;
server_name test.com;
listen 443 ssl http2;
server_name test.com hello.com;

# useless placeholders: just to shut up NGINX configuration
# loader errors:
Expand Down Expand Up @@ -91,6 +92,15 @@ server {
ngx.log(ngx.ERR, "failed to set DER private key: ", err)
return ngx.exit(ngx.ERROR)
end

local sn, err = ssl.server_name()
if not sn then
ngx.log(ngx.ERR, "failed to get server name: ", err)
return ngx.exit(ngx.ERROR)
end
if sn == "test.com" then
ssl.set_http_version(1)
end
}

location / {
Expand Down Expand Up @@ -381,6 +391,23 @@ This function was first added in version `0.1.7`.

[Back to TOC](#table-of-contents)

set_http_version
------------
**syntax:** *ok, err = ssl.set_http_version(http_version)*

**context:** *ssl_certificate_by_lua&#42;*

Sets the ALPN(NPN) http version.

http_version:

* 1 - http1.1
* 2 - http2

Returns `true` on success, or a `nil` value and a string describing the error otherwise.

[Back to TOC](#table-of-contents)

Community
=========

Expand Down
80 changes: 80 additions & 0 deletions t/http2.t
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
# vim:set ft= ts=4 sw=4 et fdm=marker:

use Test::Nginx::Socket::Lua;
use Cwd qw(cwd);

log_level('debug');
# server_port('443');
server_name('test.com');

repeat_each(2);

plan tests => repeat_each() * blocks();

our $CWD = cwd();

#no_diff();
#no_long_string();
no_shuffle();

$ENV{TEST_NGINX_USE_HTTP2} = 1;
$ENV{TEST_NGINX_LUA_PACKAGE_PATH} = "$::CWD/lib/?.lua;;";

run_tests();


__DATA__


=== TEST 1: test set http2
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH/?.lua;;";


--- config
ssl_certificate ../../cert/test.crt;
ssl_certificate_key ../../cert/test.key;
Copy link
Copy Markdown
Member

@agentzh agentzh Sep 23, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Better let the test scaffold automatically generate these under the hood. It's too much a burden for us test writers to write these in every HTTP/2 over TLS test cases ;)


ssl_certificate_by_lua_block {
local ssl = require "ngx.ssl";
ssl.set_http_version(2);
Copy link
Copy Markdown
Member

@agentzh agentzh Sep 23, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's better to use the ssl.use_http2(true) and ssl.use_http2(false) here instead. We cannot really set other HTTP version numbers like 0.9, 1.0, and 1.1 here anyway.

}
location /t {
return 200 "ok";
}

--- http2
--- sni
--- request
GET /t
--- ignore_response
--- error_log
LUA SSL ALPN selected: h2



=== TEST 2: test set http1.1
--- http_config
lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH/?.lua;;";


--- config
ssl_certificate ../../cert/test.crt;
ssl_certificate_key ../../cert/test.key;

ssl_certificate_by_lua_block {
local ssl = require "ngx.ssl";
ssl.set_http_version(1);
}
location /t {
return 200 "ok";
}

--- http2
--- sni
--- request
GET /t
--- ignore_response
--- error_log
LUA SSL ALPN selected: http/1.1