feature: add ngx_stream_lua_ffi_ssl_client_random.

xuruidong · web-flow · commit ff9dea82f360 · 2024-03-06T12:14:40.000+08:00
diff --git a/src/ngx_stream_lua_ssl_certby.c b/src/ngx_stream_lua_ssl_certby.c
@@ -1603,4 +1603,27 @@ ngx_stream_lua_ffi_ssl_verify_client(ngx_stream_lua_request_t *r,
 }
 
 
+int
+ngx_stream_lua_ffi_ssl_client_random(ngx_stream_lua_request_t *r,
+    unsigned char *out, size_t *outlen, char **err)
+{
+    ngx_ssl_conn_t          *ssl_conn;
+
+    if (r->connection == NULL || r->connection->ssl == NULL) {
+        *err = "bad request";
+        return NGX_ERROR;
+    }
+
+    ssl_conn = r->connection->ssl->connection;
+    if (ssl_conn == NULL) {
+        *err = "bad ssl conn";
+        return NGX_ERROR;
+    }
+
+    *outlen = SSL_get_client_random(ssl_conn, out, *outlen);
+
+    return NGX_OK;
+}
+
+
 #endif /* NGX_STREAM_SSL */
diff --git a/t/140-ssl-c-api.t b/t/140-ssl-c-api.t
@@ -69,6 +69,9 @@ ffi.cdef[[
 
     int ngx_stream_lua_ffi_ssl_verify_client(void *r, void *cdata, int depth, char **err);
 
+    int ngx_stream_lua_ffi_ssl_client_random(ngx_stream_lua_request_t *r,
+        unsigned char *out, size_t *outlen, char **err);
+
 ]]
 _EOC_
     }
@@ -1119,3 +1122,117 @@ lua ssl server name: "test.com"
 --- no_error_log
 [error]
 [alert]
+
+
+
+=== TEST 11: client random
+--- stream_config
+    server {
+        listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+
+        ssl_certificate_by_lua_block {
+            collectgarbage()
+
+            local ffi = require "ffi"
+            require "defines"
+
+            local errmsg = ffi.new("char *[1]")
+
+            local r = require "resty.core.base" .get_request()
+            if not r then
+                ngx.log(ngx.ERR, "no request found")
+                return
+            end
+
+            -- test client random length
+            local out = ffi.new("unsigned char[?]", 0)
+            local sizep = ffi.new("size_t[1]", 0)
+
+            local rc = ffi.C.ngx_stream_lua_ffi_ssl_client_random(r, out, sizep, errmsg)
+            if rc ~= 0 then
+                ngx.log(ngx.ERR, "failed to get client random length: ",
+                        ffi.string(errmsg[0]))
+                return
+            end
+
+            if tonumber(sizep[0]) ~= 32 then
+                ngx.log(ngx.ERR, "client random length does not equal 32")
+                return
+            end
+
+            -- test client random value
+            out = ffi.new("unsigned char[?]", 50)
+            sizep = ffi.new("size_t[1]", 50)
+
+            rc = ffi.C.ngx_stream_lua_ffi_ssl_client_random(r, out, sizep, errmsg)
+            if rc ~= 0 then
+                ngx.log(ngx.ERR, "failed to get client random: ",
+                        ffi.string(errmsg[0]))
+                return
+            end
+
+            local init_v = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
+            if ffi.string(out, sizep[0]) == init_v then
+                ngx.log(ngx.ERR, "maybe the client random value is incorrect")
+                return
+            end
+        }
+
+        ssl_certificate ../../cert/test.crt;
+        ssl_certificate_key ../../cert/test.key;
+
+        return 'it works!\n';
+    }
+--- stream_server_config
+    lua_ssl_trusted_certificate ../../cert/test.crt;
+
+    content_by_lua_block {
+        do
+            local sock = ngx.socket.tcp()
+
+            sock:settimeout(2000)
+
+            local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
+            if not ok then
+                ngx.say("failed to connect: ", err)
+                return
+            end
+
+            ngx.say("connected: ", ok)
+
+            local sess, err = sock:sslhandshake(nil, "test.com", true)
+            if not sess then
+                ngx.say("failed to do SSL handshake: ", err)
+                return
+            end
+
+            ngx.say("ssl handshake: ", type(sess))
+
+            while true do
+                local line, err = sock:receive()
+                if not line then
+                    -- ngx.say("failed to receive response status line: ", err)
+                    break
+                end
+
+                ngx.say("received: ", line)
+            end
+
+            local ok, err = sock:close()
+            ngx.say("close: ", ok, " ", err)
+        end  -- do
+        -- collectgarbage()
+    }
+
+--- stream_response
+connected: 1
+ssl handshake: userdata
+received: it works!
+close: 1 nil
+
+--- error_log
+lua ssl server name: "test.com"
+
+--- no_error_log
+[error]
+[alert]
