From ad784258522fb34fb81e65d17f8b8066cb86d045 Mon Sep 17 00:00:00 2001 From: Elvin Efendi Date: Wed, 19 Feb 2020 13:41:50 -0500 Subject: [PATCH] also expose pem cert uid in certificate.call function --- rootfs/etc/nginx/lua/certificate.lua | 35 +++++++++++++++----------- rootfs/etc/nginx/lua/configuration.lua | 4 +-- 2 files changed, 23 insertions(+), 16 deletions(-) diff --git a/rootfs/etc/nginx/lua/certificate.lua b/rootfs/etc/nginx/lua/certificate.lua index 1f0672c8d..dc5dbf7b7 100644 --- a/rootfs/etc/nginx/lua/certificate.lua +++ b/rootfs/etc/nginx/lua/certificate.lua @@ -1,11 +1,13 @@ local ssl = require("ngx.ssl") -local configuration = require("configuration") local re_sub = ngx.re.sub local _M = {} local DEFAULT_CERT_HOSTNAME = "_" +local certificate_data = ngx.shared.certificate_data +local certificate_servers = ngx.shared.certificate_servers + local function get_der_cert_and_priv_key(pem_cert_key) local der_cert, der_cert_err = ssl.cert_pem_to_der(pem_cert_key) if not der_cert then @@ -32,24 +34,25 @@ local function set_der_cert_and_key(der_cert, der_priv_key) end end -local function get_pem_cert_key(raw_hostname) +local function get_pem_cert_uid(raw_hostname) local hostname = re_sub(raw_hostname, "\\.$", "", "jo") - local pem_cert_key = configuration.get_pem_cert_key(hostname) - if pem_cert_key then - return pem_cert_key + local uid = certificate_servers:get(hostname) + if uid then + return uid end local wildcard_hosatname, _, err = re_sub(hostname, "^[^\\.]+\\.", "*.", "jo") if err then ngx.log(ngx.ERR, "error: ", err) - return pem_cert_key + return uid end if wildcard_hosatname then - pem_cert_key = configuration.get_pem_cert_key(wildcard_hosatname) + uid = ngx.shared.certificate_servers:get(wildcard_hosatname) end - return pem_cert_key + + return uid end function _M.configured_for_current_request() @@ -57,7 +60,7 @@ function _M.configured_for_current_request() return ngx.ctx.configured_for_current_request end - ngx.ctx.configured_for_current_request = get_pem_cert_key(ngx.var.host) ~= nil + ngx.ctx.configured_for_current_request = get_pem_cert_uid(ngx.var.host) ~= nil return ngx.ctx.configured_for_current_request end @@ -73,11 +76,15 @@ function _M.call() hostname = DEFAULT_CERT_HOSTNAME end - local pem_cert_key = get_pem_cert_key(hostname) - if not pem_cert_key then - pem_cert_key = get_pem_cert_key(DEFAULT_CERT_HOSTNAME) + local pem_cert + local pem_cert_uid = get_pem_cert_uid(hostname) + if not pem_cert_uid then + pem_cert_uid = get_pem_cert_uid(DEFAULT_CERT_HOSTNAME) end - if not pem_cert_key then + if pem_cert_uid then + pem_cert = certificate_data:get(pem_cert_uid) + end + if not pem_cert then ngx.log(ngx.ERR, "certificate not found, falling back to fake certificate for hostname: " .. tostring(hostname)) return end @@ -88,7 +95,7 @@ function _M.call() return ngx.exit(ngx.ERROR) end - local der_cert, der_priv_key, der_err = get_der_cert_and_priv_key(pem_cert_key) + local der_cert, der_priv_key, der_err = get_der_cert_and_priv_key(pem_cert) if der_err then ngx.log(ngx.ERR, der_err) return ngx.exit(ngx.ERROR) diff --git a/rootfs/etc/nginx/lua/configuration.lua b/rootfs/etc/nginx/lua/configuration.lua index 7609117a2..3747c99ad 100644 --- a/rootfs/etc/nginx/lua/configuration.lua +++ b/rootfs/etc/nginx/lua/configuration.lua @@ -37,7 +37,7 @@ local function fetch_request_body() return body end -function _M.get_pem_cert_key(hostname) +local function get_pem_cert(hostname) local uid = certificate_servers:get(hostname) if not uid then return nil @@ -143,7 +143,7 @@ local function handle_certs() return end - local key = _M.get_pem_cert_key(query["hostname"]) + local key = get_pem_cert(query["hostname"]) if key then ngx.status = ngx.HTTP_OK ngx.print(key)