You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2022/11/03 01:05:28 UTC

[apisix] branch master updated: chore: export the set cert/key process so we can hook it (#8228)

This is an automated email from the ASF dual-hosted git repository.

spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new eef518f17 chore: export the set cert/key process so we can hook it (#8228)
eef518f17 is described below

commit eef518f170ba0cc19d1efd4df49ee2a49280eaac
Author: 罗泽轩 <sp...@gmail.com>
AuthorDate: Thu Nov 3 09:05:23 2022 +0800

    chore: export the set cert/key process so we can hook it (#8228)
---
 apisix/ssl/router/radixtree_sni.lua | 40 +++++++++++++++++++++++--------------
 1 file changed, 25 insertions(+), 15 deletions(-)

diff --git a/apisix/ssl/router/radixtree_sni.lua b/apisix/ssl/router/radixtree_sni.lua
index 28648f8c9..32a326e42 100644
--- a/apisix/ssl/router/radixtree_sni.lua
+++ b/apisix/ssl/router/radixtree_sni.lua
@@ -118,6 +118,30 @@ local function set_pem_ssl_key(sni, cert, pkey)
 end
 
 
+-- export the set cert/key process so we can hook it in the other plugins
+function _M.set_cert_and_key(sni, value)
+    local ok, err = set_pem_ssl_key(sni, value.cert, value.key)
+    if not ok then
+        return false, err
+    end
+
+    -- multiple certificates support.
+    if value.certs then
+        for i = 1, #value.certs do
+            local cert = value.certs[i]
+            local key = value.keys[i]
+
+            ok, err = set_pem_ssl_key(sni, cert, key)
+            if not ok then
+                return false, err
+            end
+        end
+    end
+
+    return true
+end
+
+
 function _M.match_and_set(api_ctx, match_only)
     local err
     if not radixtree_router or
@@ -182,25 +206,11 @@ function _M.match_and_set(api_ctx, match_only)
 
     ngx_ssl.clear_certs()
 
-    ok, err = set_pem_ssl_key(sni, matched_ssl.value.cert,
-                              matched_ssl.value.key)
+    ok, err = _M.set_cert_and_key(sni, matched_ssl.value)
     if not ok then
         return false, err
     end
 
-    -- multiple certificates support.
-    if matched_ssl.value.certs then
-        for i = 1, #matched_ssl.value.certs do
-            local cert = matched_ssl.value.certs[i]
-            local key = matched_ssl.value.keys[i]
-
-            ok, err = set_pem_ssl_key(sni, cert, key)
-            if not ok then
-                return false, err
-            end
-        end
-    end
-
     if matched_ssl.value.client then
         local ca_cert = matched_ssl.value.client.ca
         local depth = matched_ssl.value.client.depth