You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by sp...@apache.org on 2022/11/03 01:05:28 UTC
[apisix] branch master updated: chore: export the set cert/key process so we can hook it (#8228)
This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new eef518f17 chore: export the set cert/key process so we can hook it (#8228)
eef518f17 is described below
commit eef518f170ba0cc19d1efd4df49ee2a49280eaac
Author: 罗泽轩 <sp...@gmail.com>
AuthorDate: Thu Nov 3 09:05:23 2022 +0800
chore: export the set cert/key process so we can hook it (#8228)
---
apisix/ssl/router/radixtree_sni.lua | 40 +++++++++++++++++++++++--------------
1 file changed, 25 insertions(+), 15 deletions(-)
diff --git a/apisix/ssl/router/radixtree_sni.lua b/apisix/ssl/router/radixtree_sni.lua
index 28648f8c9..32a326e42 100644
--- a/apisix/ssl/router/radixtree_sni.lua
+++ b/apisix/ssl/router/radixtree_sni.lua
@@ -118,6 +118,30 @@ local function set_pem_ssl_key(sni, cert, pkey)
end
+-- export the set cert/key process so we can hook it in the other plugins
+function _M.set_cert_and_key(sni, value)
+ local ok, err = set_pem_ssl_key(sni, value.cert, value.key)
+ if not ok then
+ return false, err
+ end
+
+ -- multiple certificates support.
+ if value.certs then
+ for i = 1, #value.certs do
+ local cert = value.certs[i]
+ local key = value.keys[i]
+
+ ok, err = set_pem_ssl_key(sni, cert, key)
+ if not ok then
+ return false, err
+ end
+ end
+ end
+
+ return true
+end
+
+
function _M.match_and_set(api_ctx, match_only)
local err
if not radixtree_router or
@@ -182,25 +206,11 @@ function _M.match_and_set(api_ctx, match_only)
ngx_ssl.clear_certs()
- ok, err = set_pem_ssl_key(sni, matched_ssl.value.cert,
- matched_ssl.value.key)
+ ok, err = _M.set_cert_and_key(sni, matched_ssl.value)
if not ok then
return false, err
end
- -- multiple certificates support.
- if matched_ssl.value.certs then
- for i = 1, #matched_ssl.value.certs do
- local cert = matched_ssl.value.certs[i]
- local key = matched_ssl.value.keys[i]
-
- ok, err = set_pem_ssl_key(sni, cert, key)
- if not ok then
- return false, err
- end
- end
- end
-
if matched_ssl.value.client then
local ca_cert = matched_ssl.value.client.ca
local depth = matched_ssl.value.client.depth