About lua_ssl question? #638
Comments
|
@laozi2 Correct. Right now all the cosockets in a single location share the same lua_ssl_* configurations. To solve this, I think we can implement cosocket object level SSL ctx API, as in local ngx_ssl_ctx = require "ngx.ssl.ctx"
local ssl_ctx = ngx_ssl_ctx.new{ ciphers = "...", protocols = "..." }And then just reference the SSL ctx on a particular cosocket object before calling local ok, err = cosocket:setsslctx(ssl_ctx)
if not ok then
return error("failed to set ssl ctx: ", err)
end
ok, err = cosocket:sslhandshake(...)What do you think of it? Are you interested in contributing an implementation for this? You can check how the existing ngx.ssl module is implemented in the following PRs, for example. Thanks! |
|
Cool, it seems like a good soultion, I would like to think about it, thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Because lua_ssl_*(such as lua_ssl_ciphers) are configured in the http/server/location context,
but if there is more than one cosockets will request to diffent SSL/TLS servers in one lua script( or nignx http request), such as sock1 is used for http upstream server, sock2 is used for mysql upstream server, but they use diffent SSL/TLS configure.
And the question is, is it a problem or how to sovle it ?
The text was updated successfully, but these errors were encountered: