diff --git a/apisix/ssl/router/radixtree_sni.lua b/apisix/ssl/router/radixtree_sni.lua index 968539005491..6f44a2fe1bf0 100644 --- a/apisix/ssl/router/radixtree_sni.lua +++ b/apisix/ssl/router/radixtree_sni.lua @@ -171,8 +171,6 @@ function _M.match_and_set(api_ctx) end end - api_ctx.sni_rev = sni_rev - local matched_ssl = api_ctx.matched_ssl core.log.info("debug - matched: ", core.json.delay_encode(matched_ssl, true)) diff --git a/apisix/stream/router/ip_port.lua b/apisix/stream/router/ip_port.lua index 9d72334557d1..44b0ab3e1058 100644 --- a/apisix/stream/router/ip_port.lua +++ b/apisix/stream/router/ip_port.lua @@ -19,7 +19,6 @@ local config_util = require("apisix.core.config_util") local plugin_checker = require("apisix.plugin").stream_plugin_checker local router_new = require("apisix.utils.router").new local ngx_ssl = require("ngx.ssl") -local ngx_lua_version = ngx.config.ngx_lua_version -- get the version of stream-lua-nginx-module local error = error local tonumber = tonumber local ipairs = ipairs @@ -135,17 +134,9 @@ do router_ver = user_routes.conf_version end - if ngx_lua_version < 9 then - -- be compatible with old OpenResty - local sni = ngx_ssl.server_name() - if sni then - local sni_rev = sni:reverse() - api_ctx.sni_rev = sni_rev - end - end - - if api_ctx.sni_rev and tls_router then - local sni_rev = api_ctx.sni_rev + local sni = ngx_ssl.server_name() + if sni and tls_router then + local sni_rev = sni:reverse() core.table.clear(match_opts) match_opts.vars = api_ctx.var diff --git a/t/APISIX.pm b/t/APISIX.pm index 82ca1b463a00..e1c5557b0078 100644 --- a/t/APISIX.pm +++ b/t/APISIX.pm @@ -258,34 +258,43 @@ _EOC_ } chomp $stream_tls_request; + my $repeat = "1"; + if (defined $block->stream_session_reuse) { + $repeat = "2"; + } + my $config = <<_EOC_; location /stream_tls_request { content_by_lua_block { - local sock = ngx.socket.tcp() - local ok, err = sock:connect("127.0.0.1", 2005) - if not ok then - ngx.say("failed to connect: ", err) - return - end - - local sess, err = sock:sslhandshake(nil, $sni, false) - if not sess then - ngx.say("failed to do SSL handshake: ", err) - return - end - - local bytes, err = sock:send("$stream_tls_request") - if not bytes then - ngx.say("send stream request error: ", err) - return - end - local data, err = sock:receive("*a") - if not data then + local sess + for _ = 1, $repeat do + local sock = ngx.socket.tcp() + local ok, err = sock:connect("127.0.0.1", 2005) + if not ok then + ngx.say("failed to connect: ", err) + return + end + + sess, err = sock:sslhandshake(sess, $sni, false) + if not sess then + ngx.say("failed to do SSL handshake: ", err) + return + end + + local bytes, err = sock:send("$stream_tls_request") + if not bytes then + ngx.say("send stream request error: ", err) + return + end + local data, err = sock:receive("*a") + if not data then + sock:close() + ngx.say("receive stream response error: ", err) + return + end + ngx.print(data) sock:close() - ngx.say("receive stream response error: ", err) - return end - ngx.print(data) } } _EOC_ diff --git a/t/stream-node/sni.t b/t/stream-node/sni.t index 4ff54c19f0a0..ab7011720663 100644 --- a/t/stream-node/sni.t +++ b/t/stream-node/sni.t @@ -128,7 +128,23 @@ proxy request to 127.0.0.1:1995 -=== TEST 3: hit route, wildcard SNI +=== TEST 3: hit route (session reuse) +--- stream_tls_request +mmm +--- stream_sni: a.test.com +--- stream_session_reuse +--- response_body +hello world +hello world +--- grep_error_log eval +qr/proxy request to 127.0.0.\d:1995/ +--- grep_error_log_out +proxy request to 127.0.0.1:1995 +proxy request to 127.0.0.1:1995 + + + +=== TEST 4: hit route, wildcard SNI --- stream_tls_request mmm --- stream_sni: b.test.com @@ -139,7 +155,7 @@ proxy request to 127.0.0.2:1995 -=== TEST 4: hit route, no TLS +=== TEST 5: hit route, no TLS --- stream_enable --- stream_request mmm @@ -150,7 +166,7 @@ proxy request to 127.0.0.3:1995 -=== TEST 5: set different stream route with the same sni +=== TEST 6: set different stream route with the same sni --- config location /t { content_by_lua_block { @@ -204,7 +220,7 @@ passed -=== TEST 6: hit route +=== TEST 7: hit route --- stream_tls_request mmm --- stream_sni: a.test.com @@ -215,7 +231,7 @@ proxy request to 127.0.0.4:1995 -=== TEST 7: change a.test.com route to fall back to wildcard route +=== TEST 8: change a.test.com route to fall back to wildcard route --- config location /t { content_by_lua_block { @@ -250,7 +266,7 @@ passed -=== TEST 8: hit route +=== TEST 9: hit route --- stream_tls_request mmm --- stream_sni: a.test.com @@ -261,7 +277,7 @@ proxy request to 127.0.0.2:1995 -=== TEST 9: no sni matched, fall back to non-sni route +=== TEST 10: no sni matched, fall back to non-sni route --- config location /t { content_by_lua_block { @@ -285,7 +301,7 @@ passed -=== TEST 10: hit route +=== TEST 11: hit route --- stream_tls_request mmm --- stream_sni: b.test.com @@ -296,7 +312,7 @@ proxy request to 127.0.0.3:1995 -=== TEST 11: clean up routes +=== TEST 12: clean up routes --- config location /t { content_by_lua_block {