diff --git a/lualib/resty/kong/tls.lua b/lualib/resty/kong/tls.lua
index c56b0085..74e83a54 100644
--- a/lualib/resty/kong/tls.lua
+++ b/lualib/resty/kong/tls.lua
@@ -37,6 +37,7 @@ local kong_lua_kong_ffi_set_upstream_client_cert_and_key
 local kong_lua_kong_ffi_set_upstream_ssl_trusted_store
 local kong_lua_kong_ffi_set_upstream_ssl_verify
 local kong_lua_kong_ffi_set_upstream_ssl_verify_depth
+local kong_lua_kong_ffi_get_request_ssl
 
 if subsystem == "http" then
     ffi.cdef([[
@@ -51,6 +52,7 @@ if subsystem == "http" then
         int verify);
     int ngx_http_lua_kong_ffi_set_upstream_ssl_verify_depth(ngx_http_request_t *r,
         int depth);
+    int ngx_http_lua_kong_ffi_get_request_ssl(ngx_http_request_t *r, void **ssl_conn);
     ]])
 
     kong_lua_kong_ffi_get_full_client_certificate_chain = C.ngx_http_lua_kong_ffi_get_full_client_certificate_chain
@@ -59,6 +61,7 @@ if subsystem == "http" then
     kong_lua_kong_ffi_set_upstream_ssl_trusted_store = C.ngx_http_lua_kong_ffi_set_upstream_ssl_trusted_store
     kong_lua_kong_ffi_set_upstream_ssl_verify = C.ngx_http_lua_kong_ffi_set_upstream_ssl_verify
     kong_lua_kong_ffi_set_upstream_ssl_verify_depth = C.ngx_http_lua_kong_ffi_set_upstream_ssl_verify_depth
+    kong_lua_kong_ffi_get_request_ssl = C.ngx_http_lua_kong_ffi_get_request_ssl
 
 elseif subsystem == 'stream' then
     ffi.cdef([[
@@ -121,6 +124,23 @@ function _M.disable_session_reuse()
 end
 
 
+local void_pp = ffi.new("void *[1]")
+
+function _M.get_ssl_pointer()
+    local r = get_request()
+    if not r then
+        error("no request found")
+    end
+
+    local ret = kong_lua_kong_ffi_get_request_ssl(r, void_pp)
+    if ret ~= NGX_OK then
+        return nil, "no ssl object"
+    end
+
+    return void_pp[0]
+end
+
+
 do
     local ALLOWED_PHASES = {
         ['rewrite'] = true,