-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(feat) Add additional methods for crl ad csr modules #8
Conversation
nasrullo
commented
Aug 6, 2020
- Adds get_extensions and get_extension to csr module
- Adds revoked module for adding revoked items
- Adds add_revoked method to crl module
@nasrullo Thanks for the PR! The failure in CI is unrelated, I didn't pin the lua-nginx-module and it's crying. I'll go ahead with a review now and fix the CI later. |
I've fixed the CI, please rebase to master when appropriate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is becoming in a good shape! I'd also humbly ask for some test on those new functions. For now each function with a happy path case will be good.
lib/resty/openssl/x509/csr.lua
Outdated
push(ret, obj) | ||
end | ||
end | ||
return ret |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should return the stack itself rather than a table here. i just finished the extensions module today, will merge as is and update to use that later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agree, Changed. I only need get_extension. BTW, Did you review new logic in get extension method? What do you think? I did not find any method to directly get single extension without getting all
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah i do have some investigation a while ago, the API for X509_REQ is bit different for others. But it should be fine, from I can see X509_REQ_get_extension returns a internal pointer and not duplicating the stack.
thank you
…On Sun, Aug 9, 2020 at 11:34 AM Wangchong Zhou ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In lib/resty/openssl/x509/csr.lua
<#8 (comment)>
:
> +function _M.get_extensions(self)
+ local extensions = C.X509_REQ_get_extensions(self.ctx)
+ ffi_gc(extensions, stack_macro.OPENSSL_sk_free)
+ local n = stack_macro.OPENSSL_sk_num(extensions)
+ local ret = {}
+ for i = 0, n - 1 do
+ local ext = stack_macro.OPENSSL_sk_value(extensions, i)
+ ffi_gc(ext, C.X509_EXTENSION_free)
+ local dup, err = extension_lib.dup(ffi_cast(ext_typ_ptr, ext))
+ if not err then
+ local obj = dup:get_object()
+ obj.blob = dup:tostring()
+ push(ret, obj)
+ end
+ end
+ return ret
Yeah i do have some investigation a while ago, the API for X509_REQ is bit
different for others. But it should be fine, from I can see
X509_REQ_get_extension returns a internal pointer and not duplicating the
stack.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#8 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABCWUDNUW3Q5HTG4VQBIN33R726YZANCNFSM4PWDQ6DQ>
.
|
I'm going to do a manual rebase and merge with #9. |
Ok, I sent you an invite to chat
…On Sun, Aug 9, 2020 at 11:37 AM Wangchong Zhou ***@***.***> wrote:
I'm going to do a manual rebase and merge with #9
<#9>.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#8 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABCWUDIYO5BY2YD7TLIQHRDR727DRANCNFSM4PWDQ6DQ>
.
|
Manually merged in with #9 |
@nasrullo I'll add you to credits tomorrow. |
Can you bump up rockspec and publish it now
…On Sun, Aug 9, 2020 at 1:25 PM Wangchong Zhou ***@***.***> wrote:
@nasrullo <https://github.com/nasrullo> I'll add you to credits tomorrow.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#8 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABCWUDMUMUDYA3I4ZBLAB6LR73LWXANCNFSM4PWDQ6DQ>
.
|
@nasrullo Sure, just published. |
We need to remove varars from :update methods, it is very slow. I am using
digest methods per request and it makes it slow, what do you think?
…On Sun, Aug 9, 2020 at 1:36 PM Wangchong Zhou ***@***.***> wrote:
@nasrullo <https://github.com/nasrullo> Sure, just published.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#8 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABCWUDOWJTI5WY664L6FZ4LR73NCVANCNFSM4PWDQ6DQ>
.
|
@nasrullo please open a new issue and don't reply in closed issue. This will help other people find answer easier. |
READ of size 4 at 0x60300004fba8 thread T0 #0 0x7ffff6d96fb4 in BN_get_word crypto/bn/bn_lib.c:411 fffonion#1 0x555555ca9d98 (/usr/local/openresty-plus-asan/nginx/sbin/nginx+0x755d98) fffonion#2 0x555555d7149f in lj_ccall_func /usr/src/debug/openresty-plus-1.19.9.1.65/build/LuaJIT-plus-2.1-20240710/src/lj_ccall.c:1402 fffonion#3 0x555555ca35b7 in lj_cf_ffi_meta___call /usr/src/debug/openresty-plus-1.19.9.1.65/build/LuaJIT-plus-2.1-20240710/src/lib_ffi.c:230 fffonion#4 0x555555ca7773 (/usr/local/openresty-plus-asan/nginx/sbin/nginx+0x753773) fffonion#5 0x55555599e140 in ngx_http_lua_run_thread ../ngx_lua-0.10.26.8/src/ngx_http_lua_util.c:1190 fffonion#6 0x5555559a9d21 in ngx_http_lua_content_by_chunk ../ngx_lua-0.10.26.8/src/ngx_http_lua_contentby.c:124 fffonion#7 0x55555575d41d in ngx_http_core_content_phase src/http/ngx_http_core_module.c:1269 fffonion#8 0x555555748024 in ngx_http_core_run_phases src/http/ngx_http_core_module.c:885 fffonion#9 0x55555577348d in ngx_http_process_request src/http/ngx_http_request.c:2130 fffonion#10 0x5555557749a6 in ngx_http_process_request_headers src/http/ngx_http_request.c:1529 fffonion#11 0x5555557758c4 in ngx_http_process_request_line src/http/ngx_http_request.c:1196 fffonion#12 0x55555570fb1c in ngx_epoll_process_events src/event/modules/ngx_epoll_module.c:968 fffonion#13 0x5555556e5706 in ngx_process_events_and_timers src/event/ngx_event.c:262 fffonion#14 0x55555570b323 in ngx_single_process_cycle src/os/unix/ngx_process_cycle.c:338 fffonion#15 0x555555660ef4 in main src/core/nginx.c:403 fffonion#16 0x7ffff683feaf in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 fffonion#17 0x7ffff683ff5f in __libc_start_main_impl ../csu/libc-start.c:389 fffonion#18 0x5555556648f4 in _start (/usr/local/openresty-plus-asan/nginx/sbin/nginx+0x1108f4) 0x60300004fba8 is located 8 bytes inside of 24-byte region [0x60300004fba0,0x60300004fbb8) freed by thread T0 here: #0 0x7ffff74b46b7 in free (/lib64/libasan.so.6+0xb46b7) fffonion#1 0x7ffff6ea66e7 in CRYPTO_free crypto/mem.c:312 fffonion#2 0x7ffff6d9810e in BN_free crypto/bn/bn_lib.c:231 fffonion#3 0x555555ca9d98 (/usr/local/openresty-plus-asan/nginx/sbin/nginx+0x755d98) fffonion#4 0x555555d7149f in lj_ccall_func /usr/src/debug/openresty-plus-1.19.9.1.65/build/LuaJIT-plus-2.1-20240710/src/lj_ccall.c:1402 fffonion#5 0x555555ca35b7 in lj_cf_ffi_meta___call /usr/src/debug/openresty-plus-1.19.9.1.65/build/LuaJIT-plus-2.1-20240710/src/lib_ffi.c:230 fffonion#6 0x555555ca7773 (/usr/local/openresty-plus-asan/nginx/sbin/nginx+0x753773) previously allocated by thread T0 here: #0 0x7ffff74b4a07 in __interceptor_malloc (/lib64/libasan.so.6+0xb4a07) fffonion#1 0x7ffff6ea66bc in CRYPTO_malloc crypto/mem.c:222 fffonion#2 0x7ffff6ea6807 in CRYPTO_zalloc crypto/mem.c:230 fffonion#3 0x7ffff6d96c15 in BN_new crypto/bn/bn_lib.c:246 fffonion#4 0x555555ca9d98 (/usr/local/openresty-plus-asan/nginx/sbin/nginx+0x755d98) fffonion#5 0x555555d7149f in lj_ccall_func /usr/src/debug/openresty-plus-1.19.9.1.65/build/LuaJIT-plus-2.1-20240710/src/lj_ccall.c:1402 fffonion#6 0x555555ca35b7 in lj_cf_ffi_meta___call /usr/src/debug/openresty-plus-1.19.9.1.65/build/LuaJIT-plus-2.1-20240710/src/lib_ffi.c:230 fffonion#7 0x555555ca7773 (/usr/local/openresty-plus-asan/nginx/sbin/nginx+0x753773)