@@ -760,4 +760,84 @@ ngx_http_lua_ffi_balancer_get_last_failure(ngx_http_request_t *r,
760760 return bp -> last_peer_state ;
761761}
762762
763+
764+ #if NGX_HTTP_SSL
765+
766+ int
767+ ngx_http_lua_ffi_balancer_set_ssl_ctx (ngx_http_request_t * r ,
768+ SSL_CTX * ssl_ctx , char * * err )
769+ {
770+ ngx_http_lua_ctx_t * ctx ;
771+ ngx_http_upstream_t * u ;
772+ ngx_ssl_t * ssl ;
773+ ngx_pool_cleanup_t * cln ;
774+
775+ if (r == NULL ) {
776+ * err = "no request found" ;
777+ return NGX_ERROR ;
778+ }
779+
780+ u = r -> upstream ;
781+
782+ if (u == NULL ) {
783+ * err = "no upstream found" ;
784+ return NGX_ERROR ;
785+ }
786+
787+ ctx = ngx_http_get_module_ctx (r , ngx_http_lua_module );
788+ if (ctx == NULL ) {
789+ * err = "no ctx found" ;
790+ return NGX_ERROR ;
791+ }
792+
793+ if ((ctx -> context & NGX_HTTP_LUA_CONTEXT_BALANCER ) == 0 ) {
794+ * err = "API disabled in the current context" ;
795+ return NGX_ERROR ;
796+ }
797+
798+ ssl = u -> conf -> ssl ;
799+
800+ /* Early exit if SSL_CTX* is already correct value */
801+ if (ssl != NULL && ssl -> ctx == ssl_ctx ) {
802+ return NGX_OK ;
803+ }
804+
805+ if (!SSL_CTX_up_ref (ssl_ctx )) {
806+ * err = "unable to take reference to SSL_CTX*" ;
807+ return NGX_ERROR ;
808+ }
809+
810+ if (ssl != NULL ) {
811+ /* Free old SSL_CTX* */
812+ ngx_ssl_cleanup_ctx (ssl );
813+
814+ } else {
815+ ssl = ngx_pcalloc (ngx_cycle -> pool , sizeof (ngx_ssl_t ));
816+ if (ssl == NULL ) {
817+ * err = "no memory" ;
818+ SSL_CTX_free (ssl_ctx );
819+ return NGX_ERROR ;
820+ }
821+
822+ cln = ngx_pool_cleanup_add (ngx_cycle -> pool , 0 );
823+ if (cln == NULL ) {
824+ * err = "no memory" ;
825+ SSL_CTX_free (ssl_ctx );
826+ return NGX_ERROR ;
827+ }
828+
829+ cln -> handler = ngx_ssl_cleanup_ctx ;
830+ cln -> data = ssl ;
831+
832+ u -> conf -> ssl = ssl ;
833+ ssl -> log = ngx_cycle -> log ;
834+ }
835+
836+ ssl -> ctx = ssl_ctx ;
837+
838+ return NGX_OK ;
839+ }
840+
841+ #endif /* NGX_HTTP_SSL */
842+
763843#endif /* NGX_LUA_NO_FFI_API */
0 commit comments