summaryrefslogtreecommitdiff
path: root/meta/3rd/OpenResty/library/ngx/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'meta/3rd/OpenResty/library/ngx/ssl')
-rw-r--r--meta/3rd/OpenResty/library/ngx/ssl/clienthello.lua102
-rw-r--r--meta/3rd/OpenResty/library/ngx/ssl/session.lua52
2 files changed, 154 insertions, 0 deletions
diff --git a/meta/3rd/OpenResty/library/ngx/ssl/clienthello.lua b/meta/3rd/OpenResty/library/ngx/ssl/clienthello.lua
new file mode 100644
index 00000000..d2e40665
--- /dev/null
+++ b/meta/3rd/OpenResty/library/ngx/ssl/clienthello.lua
@@ -0,0 +1,102 @@
+---@meta
+local clienthello = {}
+
+clienthello.version = require("resty.core.base").version
+
+---Returns the TLS SNI (Server Name Indication) name set by the client.
+---
+---Return `nil` when then the extension does not exist.
+---
+---In case of errors, it returns `nil` and a string describing the error.
+---
+---Note that the SNI name is gotten from the raw extensions of the client hello message associated with the current downstream SSL connection.
+---
+---So this function can only be called in the context of `ssl_client_hello_by_lua*`.
+---@return string? host
+---@return string? error
+function clienthello.get_client_hello_server_name() end
+
+
+--- Returns raw data of arbitrary SSL client hello extension including custom extensions.
+---
+--- Returns `nil` if the specified extension type does not exist.
+---
+--- In case of errors, it returns `nil` and a string describing the error.
+---
+--- Note that the ext is gotten from the raw extensions of the client hello message associated with the current downstream SSL connection.
+---
+--- So this function can only be called in the context of `ssl_client_hello_by_lua*`.
+---
+--- Example:
+---
+--- Gets server name from raw extension data. The `0` in `ssl_clt.get_client_hello_ext(0)` denotes `TLSEXT_TYPE_server_name`, and the `0` in `byte(ext, 3) ~= 0` denotes `TLSEXT_NAMETYPE_host_name`.
+---
+--- ```nginx
+--- # nginx.conf
+--- server {
+--- listen 443 ssl;
+--- server_name test.com;
+--- ssl_client_hello_by_lua_block {
+--- local ssl_clt = require "ngx.ssl.clienthello"
+--- local byte = string.byte
+--- local ext = ssl_clt.get_client_hello_ext(0)
+--- if not ext then
+--- print("failed to get_client_hello_ext(0)")
+--- ngx.exit(ngx.ERROR)
+--- end
+--- local total_len = string.len(ext)
+--- if total_len <= 2 then
+--- print("bad SSL Client Hello Extension")
+--- ngx.exit(ngx.ERROR)
+--- end
+--- local len = byte(ext, 1) * 256 + byte(ext, 2)
+--- if len + 2 ~= total_len then
+--- print("bad SSL Client Hello Extension")
+--- ngx.exit(ngx.ERROR)
+--- end
+--- if byte(ext, 3) ~= 0 then
+--- print("bad SSL Client Hello Extension")
+--- ngx.exit(ngx.ERROR)
+--- end
+--- if total_len <= 5 then
+--- print("bad SSL Client Hello Extension")
+--- ngx.exit(ngx.ERROR)
+--- end
+--- len = byte(ext, 4) * 256 + byte(ext, 5)
+--- if len + 5 > total_len then
+--- print("bad SSL Client Hello Extension")
+--- ngx.exit(ngx.ERROR)
+--- end
+--- local name = string.sub(ext, 6, 6 + len -1)
+---
+--- print("read SNI name from Lua: ", name)
+--- }
+--- ssl_certificate test.crt;
+--- ssl_certificate_key test.key;
+--- }
+--- ```
+---
+---@param ext_type number
+---@return string? ext
+function clienthello.get_client_hello_ext(ext_type) end
+
+
+--- Sets the SSL protocols supported by the current downstream SSL connection.
+---
+--- Returns `true` on success, or a `nil` value and a string describing the error otherwise.
+---
+--- Considering it is meaningless to set ssl protocols after the protocol is determined,
+--- so this function may only be called in the context of `ssl_client_hello_by_lua*`.
+---
+--- Example:
+--- ```lua
+--- ssl_clt.set_protocols({"TLSv1.1", "TLSv1.2", "TLSv1.3"})`
+--- ```
+---
+---@param protocols string[]
+---@return boolean ok
+---@return string? error
+function clienthello.set_protocols(protocols) end
+
+
+return clienthello
diff --git a/meta/3rd/OpenResty/library/ngx/ssl/session.lua b/meta/3rd/OpenResty/library/ngx/ssl/session.lua
new file mode 100644
index 00000000..7307b00c
--- /dev/null
+++ b/meta/3rd/OpenResty/library/ngx/ssl/session.lua
@@ -0,0 +1,52 @@
+---@meta
+local session={}
+
+session.version = require("resty.core.base").version
+
+
+--- Sets the serialized SSL session provided as the argument to the current SSL connection.
+--- If the SSL session is successfully set, the current SSL connection can resume the session
+--- directly without going through the full SSL handshake process (which is very expensive in terms of CPU time).
+---
+--- This API is usually used in the context of `ssl_session_fetch_by_lua*`
+--- when a cache hit is found with the current SSL session ID.
+---
+--- The serialized SSL session used as the argument should be originally returned by the
+--- `get_serialized_session` function.
+---
+---@param session string
+---@return boolean ok
+---@return string? error
+function session.set_serialized_session(session) end
+
+--- Returns the serialized form of the SSL session data of the current SSL connection, in a Lua string.
+---
+--- This session can be cached in `lua-resty-lrucache`, `lua_shared_dict`,
+--- and/or external data storage services like `memcached` and `redis`. The SSL session ID returned
+--- by the `get_session_id` function is usually used as the cache key.
+---
+--- The returned SSL session data can later be loaded into other SSL connections using the same
+--- session ID via the `set_serialized_session` function.
+---
+--- In case of errors, it returns `nil` and a string describing the error.
+---
+--- This API function is usually called in the context of `ssl_session_store_by_lua*`
+--- where the SSL handshake has just completed.
+---
+---@return string? session
+---@return string? error
+function session.get_serialized_session() end
+
+--- Fetches the SSL session ID associated with the current downstream SSL connection.
+--- The ID is returned as a Lua string.
+---
+--- In case of errors, it returns `nil` and a string describing the error.
+---
+--- This API function is usually called in the contexts of
+--- `ssl_session_store_by_lua*` and `ssl_session_fetch_by_lua*`.
+---
+---@return string? id
+---@return string? error
+function session.get_session_id() end
+
+return session \ No newline at end of file