Implement Nginx::SSL.errlogger (and Nginx::SSL.log)

matsumotory · Sep 26, 2016 · 5f001fd · 5f001fd
1 parent 87c1d42
commit 5f001fd
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 0 deletions.
diff --git a/src/http/ngx_http_mruby_ssl.c b/src/http/ngx_http_mruby_ssl.c
@@ -61,6 +61,44 @@ NGX_MRUBY_DEFINE_METHOD_NGX_SET_SSL_MEMBER(cert_key, cert_key_path);
 NGX_MRUBY_DEFINE_METHOD_NGX_SET_SSL_MEMBER(cert_data, cert_data);
 NGX_MRUBY_DEFINE_METHOD_NGX_SET_SSL_MEMBER(cert_key_data, cert_key_data);
 
+static mrb_value ngx_mrb_ssl_errlogger(mrb_state *mrb, mrb_value self)
+{
+  mrb_value *argv;
+  mrb_value msg;
+  mrb_int argc;
+  mrb_int log_level;
+  ngx_http_mruby_srv_conf_t *mscf = mrb->ud;
+  ngx_connection_t *c = mscf->connection;
+
+  if (c == NULL) {
+    mrb_raise(mrb, E_RUNTIME_ERROR, "can't use logger at this phase. only use at request phase");
+  }
+
+  mrb_get_args(mrb, "*", &argv, &argc);
+  if (argc != 2) {
+    ngx_log_error(NGX_LOG_ERR, c->log, 0, "%s ERROR %s: argument is not 2", MODULE_NAME, __func__);
+    return self;
+  }
+  if (mrb_type(argv[0]) != MRB_TT_FIXNUM) {
+    ngx_log_error(NGX_LOG_ERR, c->log, 0, "%s ERROR %s: argv[0] is not integer", MODULE_NAME, __func__);
+    return self;
+  }
+  log_level = mrb_fixnum(argv[0]);
+  if (log_level < 0) {
+    ngx_log_error(NGX_LOG_ERR, c->log, 0, "%s ERROR %s: log level is not positive number", MODULE_NAME,
+                  __func__);
+    return self;
+  }
+  if (mrb_type(argv[1]) != MRB_TT_STRING) {
+    msg = mrb_funcall(mrb, argv[1], "to_s", 0, NULL);
+  } else {
+    msg = mrb_str_dup(mrb, argv[1]);
+  }
+  ngx_log_error((ngx_uint_t)log_level, c->log, 0, "%s", mrb_str_to_cstr(mrb, msg));
+
+  return self;
+}
+
 void ngx_mrb_ssl_class_init(mrb_state *mrb, struct RClass *class)
 {
   struct RClass *class_ssl;
@@ -71,6 +109,18 @@ void ngx_mrb_ssl_class_init(mrb_state *mrb, struct RClass *class)
   mrb_define_method(mrb, class_ssl, "certificate_key=", ngx_mrb_ssl_set_cert_key, MRB_ARGS_REQ(1));
   mrb_define_method(mrb, class_ssl, "certificate_data=", ngx_mrb_ssl_set_cert_data, MRB_ARGS_REQ(1));
   mrb_define_method(mrb, class_ssl, "certificate_key_data=", ngx_mrb_ssl_set_cert_key_data, MRB_ARGS_REQ(1));
+
+  mrb_define_const(mrb, class_ssl, "LOG_STDERR", mrb_fixnum_value(NGX_LOG_STDERR));
+  mrb_define_const(mrb, class_ssl, "LOG_EMERG", mrb_fixnum_value(NGX_LOG_EMERG));
+  mrb_define_const(mrb, class_ssl, "LOG_ALERT", mrb_fixnum_value(NGX_LOG_ALERT));
+  mrb_define_const(mrb, class_ssl, "LOG_CRIT", mrb_fixnum_value(NGX_LOG_CRIT));
+  mrb_define_const(mrb, class_ssl, "LOG_ERR", mrb_fixnum_value(NGX_LOG_ERR));
+  mrb_define_const(mrb, class_ssl, "LOG_WARN", mrb_fixnum_value(NGX_LOG_WARN));
+  mrb_define_const(mrb, class_ssl, "LOG_NOTICE", mrb_fixnum_value(NGX_LOG_NOTICE));
+  mrb_define_const(mrb, class_ssl, "LOG_INFO", mrb_fixnum_value(NGX_LOG_INFO));
+  mrb_define_const(mrb, class_ssl, "LOG_DEBUG", mrb_fixnum_value(NGX_LOG_DEBUG));
+  mrb_define_class_method(mrb, class_ssl, "errlogger", ngx_mrb_ssl_errlogger, MRB_ARGS_ANY());
+  mrb_define_class_method(mrb, class_ssl, "log", ngx_mrb_ssl_errlogger, MRB_ARGS_ANY());
 }
 
 #endif /* NGX_HTTP_SSL */
diff --git a/test/conf/nginx.conf b/test/conf/nginx.conf
@@ -93,6 +93,24 @@ http {
         }
     }
 
+    server {
+        listen       58087 ssl;
+        server_name  _;
+        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+        ssl_ciphers         HIGH:!aNULL:!MD5;
+        ssl_certificate     __NGXDOCROOT__/dummy.crt;
+        ssl_certificate_key __NGXDOCROOT__/dummy.key;
+
+        mruby_ssl_handshake_handler_code '
+          ssl = Nginx::SSL.new
+          Nginx::SSL.errlogger Nginx::SSL::LOG_NOTICE, "Servername is #{ssl.servername}"
+        ';
+
+        location / {
+            mruby_content_handler_code "Nginx.rputs 'ssl test ok'";
+        }
+    }
+
     server {
         listen       58081;
         server_name  localhost;

diff --git a/test/t/ngx_mruby.rb b/test/t/ngx_mruby.rb
@@ -470,6 +470,12 @@ def base_ssl(port)
   t.assert_equal "", `#{cmd_h}`.chomp
 end
 
+t.assert('ngx_mruby - Nginx::SSL.errlogger') do
+  `openssl s_client -servername localhost -connect localhost:58086 < /dev/null`
+  error_log = File.read File.expand_path('../../../build/nginx/logs/error.log', __FILE__)
+  t.assert_true error_log.include? 'Servername is localhost while SSL handshaking'
+end
+
 t.assert('ngx_mruby - issue_172', 'location /issue_172') do
   res = HttpRequest.new.get base + '/issue_172/index.html'
   expect_content = 'hello world'.upcase