feature: shared ngx.ctx among SSL_* phases and the following phases. #1514
Conversation
|
This is the sister PR of openresty/lua-resty-core#243 |
|
@spacewander We don't need the non-FFI version of the API. Actually we are retiring all the non-FFI variants of the existing API functions which already have an FFI version. |
src/ngx_http_lua_ctx.c
Outdated
| @@ -145,19 +151,67 @@ ngx_http_lua_ffi_get_ctx_ref(ngx_http_request_t *r) | |||
| } | |||
|
|
|||
|
|
|||
| int | |||
| ngx_http_lua_ffi_get_ssl_ctx_ref(ngx_http_request_t *r, int *in_ssl_phase) | |||
There was a problem hiding this comment.
I might be missing something, but it seems that we can change the existing ngx_http_lua_ffi_get_ctx_ref function to look for ssl_ctx-> ssl_ctx as well and return int *need_clone based on the current phase and where ref was located instead? That will save one FFI call and introducing new function.
spacewander
force-pushed
the
ssl_shared_ctx
branch
from
ad408f1
to
ebed5b8
Compare
|
Updated. |
|
This pull request is now in conflict :( |
spacewander
force-pushed
the
ssl_shared_ctx
branch
from
9cae84c
to
30bcd42
Compare
spacewander
force-pushed
the
ssl_shared_ctx
branch
from
30bcd42
to
f0bb536
Compare
| Because HTTP request is created after SSL handshake, the <code>ngx.ctx</code> created | ||
| in [[#ssl_certificate_by_lua|ssl_certificate_by_lua*]], [[#ssl_session_store_by_lua|ssl_session_store_by_lua*]] and [[#ssl_session_fetch_by_lua|ssl_session_fetch_by_lua*]] | ||
| is not available in the following phases like [[#rewrite_by_lua|rewrite_by_lua*]]. | ||
| Since <code>dev</code>, the <code>ngx.ctx</code> created during a SSL handshake |
There was a problem hiding this comment.
style: break a new line may be better?
| in [[#ssl_certificate_by_lua|ssl_certificate_by_lua*]], [[#ssl_session_store_by_lua|ssl_session_store_by_lua*]] and [[#ssl_session_fetch_by_lua|ssl_session_fetch_by_lua*]] | ||
| is not available in the following phases like [[#rewrite_by_lua|rewrite_by_lua*]]. | ||
| Since <code>dev</code>, the <code>ngx.ctx</code> created during a SSL handshake | ||
| will be inherited by the requests which share the same TCP connection established by the handshake. |
There was a problem hiding this comment.
better clarify the inherited value from ngx.ctx is read-only.
doc/HttpLuaModule.wiki
Outdated
|
|
||
| Since <code>dev</code>, the <code>ngx.ctx</code> created during a SSL handshake | ||
| will be inherited by the requests which share the same TCP connection established by the handshake. | ||
| Note that the inherited value from <code>ngx.ctx</code> is read-only. |
There was a problem hiding this comment.
| Note that the inherited value from <code>ngx.ctx</code> is read-only. | |
| Note that overwrite values in <code>ngx.ctx</code> in the http request phases (like `rewrite_by_lua*`) will only take affect in the current http request. |
There was a problem hiding this comment.
and add the following case will be much clearer.
for example:
ssl_certificate_by_lua_by_block {
ngx.ctx.foo = 1 -- it will always be 1 in all of the http requests over this SSL connection.
}
location /foo-1 {
rewrite_by_lua_block {
ngx.ctx.foo = 2 -- only take affects in current http request
}
}
location /foo-2 {
rewrite_by_lua_block {
ngx.say(ngx.ctx.foo) -- will alway be 1
}
}
There was a problem hiding this comment.
@doujiang24
Done. Test case is added in openresty/lua-resty-core#243
spacewander
force-pushed
the
ssl_shared_ctx
branch
from
e7db3b6
to
118eb82
Compare
src/ngx_http_lua_ctx.c
Outdated
| } | ||
|
|
||
| *in_ssl_phase = ctx->context & (NGX_HTTP_LUA_CONTEXT_SSL_CERT | ||
| | NGX_HTTP_LUA_CONTEXT_SSL_SESS_FETCH |
There was a problem hiding this comment.
This has indentation problem caught by ngx-releng:
src/ngx_http_lua_ctx.c:
incorrect front spaces, unclosed bracket
89: | NGX_HTTP_LUA_CONTEXT_SSL_SESS_FETCH
1a1bce4
to
aa0702f
Compare
spacewander
force-pushed
the
ssl_shared_ctx
branch
from
aa0702f
to
489ae10
Compare
TODO: update documentation & support the non-FFI version of API.
I hereby granted the copyright of the changes in this pull request
to the authors of this lua-nginx-module project.