From b1dfa9fd18ec59265f2f8a00da9655ab8eb8e75f Mon Sep 17 00:00:00 2001 From: Gabriel Clima Date: Thu, 8 May 2025 11:22:43 +0000 Subject: [PATCH 1/2] feature: use the actual ngx_connection_t * in ssl_client_hello_by Do we really need to create a fake connection here? Sure, the request struct wasn't even created yet but the conneciton does exist. I personally need it because I need to allocate memory that will live for as long as the connection exists, not until the Lua chunk returns. --- src/ngx_http_lua_ssl_client_helloby.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/ngx_http_lua_ssl_client_helloby.c b/src/ngx_http_lua_ssl_client_helloby.c index 26c84345d9..f49b8cbc08 100644 --- a/src/ngx_http_lua_ssl_client_helloby.c +++ b/src/ngx_http_lua_ssl_client_helloby.c @@ -670,8 +670,7 @@ ngx_http_lua_ffi_ssl_get_client_hello_ext_present(ngx_http_request_t *r, int got_extensions; size_t ext_len; int *ext_out; - /* OPENSSL will allocate memory for us and make the ext_out point to it */ - + ngx_connection_t *c; if (r->connection == NULL || r->connection->ssl == NULL) { *err = "bad request"; @@ -684,6 +683,13 @@ ngx_http_lua_ffi_ssl_get_client_hello_ext_present(ngx_http_request_t *r, return NGX_ERROR; } + c = ngx_ssl_get_connection(ssl_conn); + if (c == NULL) { + *err = "bad ssl conn"; + return NGX_ERROR; + } + + #ifdef SSL_ERROR_WANT_CLIENT_HELLO_CB got_extensions = SSL_client_hello_get1_extensions_present(ssl_conn, &ext_out, &ext_len); @@ -692,7 +698,7 @@ ngx_http_lua_ffi_ssl_get_client_hello_ext_present(ngx_http_request_t *r, return NGX_DECLINED; } - *extensions = ngx_palloc(r->connection->pool, sizeof(int) * ext_len); + *extensions = ngx_palloc(c->pool, sizeof(int) * ext_len); if (*extensions != NULL) { ngx_memcpy(*extensions, ext_out, sizeof(int) * ext_len); *extensions_len = ext_len; From ebd54b40847b50cc3015096f1ac452dd32155ee6 Mon Sep 17 00:00:00 2001 From: Gabriel Clima Date: Thu, 8 May 2025 14:50:31 +0300 Subject: [PATCH 2/2] err message --- src/ngx_http_lua_ssl_client_helloby.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ngx_http_lua_ssl_client_helloby.c b/src/ngx_http_lua_ssl_client_helloby.c index f49b8cbc08..eec31a0b97 100644 --- a/src/ngx_http_lua_ssl_client_helloby.c +++ b/src/ngx_http_lua_ssl_client_helloby.c @@ -685,7 +685,7 @@ ngx_http_lua_ffi_ssl_get_client_hello_ext_present(ngx_http_request_t *r, c = ngx_ssl_get_connection(ssl_conn); if (c == NULL) { - *err = "bad ssl conn"; + *err = "couldn't get real ngx_connection_t pointer"; return NGX_ERROR; }