refactor(conf) use cipher suites from lua-http

Kong · Feb 14, 2019 · dffdd54 · dffdd54
1 parent ee78639
commit dffdd54
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 124 deletions.
diff --git a/kong-1.0.3-0.rockspec b/kong-1.0.3-0.rockspec
@@ -108,7 +108,6 @@ build = {
     ["kong.api.routes.tags"] = "kong/api/routes/tags.lua",
 
     ["kong.tools.cluster_ca"] = "kong/tools/cluster_ca.lua",
-    ["kong.tools.ciphers"] = "kong/tools/ciphers.lua",
     ["kong.tools.dns"] = "kong/tools/dns.lua",
     ["kong.tools.utils"] = "kong/tools/utils.lua",
     ["kong.tools.printable"] = "kong/tools/printable.lua",

diff --git a/kong/conf_loader.lua b/kong/conf_loader.lua
@@ -4,7 +4,7 @@ local pl_stringx = require "pl.stringx"
 local constants = require "kong.constants"
 local pl_pretty = require "pl.pretty"
 local pl_config = require "pl.config"
-local ciphers = require "kong.tools.ciphers"
+local http_tls = require "http.tls"
 local pl_file = require "pl.file"
 local pl_path = require "pl.path"
 local tablex = require "pl.tablex"
@@ -18,6 +18,13 @@ local fmt = string.format
 local concat = table.concat
 
 
+local cipher_suites = {
+  modern = http_tls.modern_cipher_list,
+  intermediate = http_tls.intermediate_cipher_list,
+  old = http_tls.old_cipher_list,
+}
+
+
 local DEFAULT_PATHS = {
   "/etc/kong/kong.conf",
   "/etc/kong.conf",
@@ -369,11 +376,11 @@ local function check_and_infer(conf)
   end
 
   if conf.ssl_cipher_suite ~= "custom" then
-    local pok, perr = pcall(function()
-      conf.ssl_ciphers = ciphers(conf.ssl_cipher_suite)
-    end)
-    if not pok then
-      errors[#errors + 1] = perr
+    local list = cipher_suites[conf.ssl_cipher_suite]
+    if list then
+      conf.ssl_ciphers = list
+    else
+      errors[#errors + 1] = "Undefined cipher suite " .. tostring(conf.ssl_cipher_suite)
     end
   end
 

diff --git a/kong/tools/ciphers.lua b/kong/tools/ciphers.lua
diff --git a/spec/01-unit/03-conf_loader_spec.lua b/spec/01-unit/03-conf_loader_spec.lua
@@ -636,12 +636,12 @@ describe("Configuration loader", function()
           assert.equals("foo:bar", conf.ssl_ciphers)
         end)
         it("doesn't override ssl_ciphers when undefined", function()
-          local ciphers = require "kong.tools.ciphers"
+          local http_tls = require "http.tls"
           local conf, err = conf_loader(nil, {
             ssl_cipher_suite = "custom",
           })
           assert.is_nil(err)
-          assert.same(ciphers("modern"), conf.ssl_ciphers)
+          assert.same(http_tls.modern_cipher_list, conf.ssl_ciphers)
         end)
       end)
       describe("client", function()