2626#include "ngx_http_lua_probe.h"
2727#include "ngx_http_lua_semaphore.h"
2828#include "ngx_http_lua_balancer.h"
29+ #include "ngx_http_lua_ssl_client_helloby.h"
2930#include "ngx_http_lua_ssl_certby.h"
3031#include "ngx_http_lua_ssl_session_storeby.h"
3132#include "ngx_http_lua_ssl_session_fetchby.h"
@@ -566,6 +567,20 @@ static ngx_command_t ngx_http_lua_cmds[] = {
566567 offsetof(ngx_http_lua_loc_conf_t , ssl_ciphers ),
567568 NULL },
568569
570+ { ngx_string ("ssl_client_hello_by_lua_block" ),
571+ NGX_HTTP_MAIN_CONF |NGX_HTTP_SRV_CONF |NGX_CONF_BLOCK |NGX_CONF_NOARGS ,
572+ ngx_http_lua_ssl_client_hello_by_lua_block ,
573+ NGX_HTTP_SRV_CONF_OFFSET ,
574+ 0 ,
575+ (void * ) ngx_http_lua_ssl_client_hello_handler_inline },
576+
577+ { ngx_string ("ssl_client_hello_by_lua_file" ),
578+ NGX_HTTP_MAIN_CONF |NGX_HTTP_SRV_CONF |NGX_CONF_TAKE1 ,
579+ ngx_http_lua_ssl_client_hello_by_lua ,
580+ NGX_HTTP_SRV_CONF_OFFSET ,
581+ 0 ,
582+ (void * ) ngx_http_lua_ssl_client_hello_handler_file },
583+
569584 { ngx_string ("ssl_certificate_by_lua_block" ),
570585 NGX_HTTP_MAIN_CONF |NGX_HTTP_SRV_CONF |NGX_CONF_BLOCK |NGX_CONF_NOARGS ,
571586 ngx_http_lua_ssl_cert_by_lua_block ,
@@ -1086,6 +1101,10 @@ ngx_http_lua_create_srv_conf(ngx_conf_t *cf)
10861101 }
10871102
10881103 /* set by ngx_pcalloc:
1104+ * lscf->srv.ssl_client_hello_handler = NULL;
1105+ * lscf->srv.ssl_client_hello_src = { 0, NULL };
1106+ * lscf->srv.ssl_client_hello_src_key = NULL;
1107+ *
10891108 * lscf->srv.ssl_cert_handler = NULL;
10901109 * lscf->srv.ssl_cert_src = { 0, NULL };
10911110 * lscf->srv.ssl_cert_src_key = NULL;
@@ -1104,6 +1123,7 @@ ngx_http_lua_create_srv_conf(ngx_conf_t *cf)
11041123 */
11051124
11061125#if (NGX_HTTP_SSL )
1126+ lscf -> srv .ssl_client_hello_src_ref = LUA_REFNIL ;
11071127 lscf -> srv .ssl_cert_src_ref = LUA_REFNIL ;
11081128 lscf -> srv .ssl_sess_store_src_ref = LUA_REFNIL ;
11091129 lscf -> srv .ssl_sess_fetch_src_ref = LUA_REFNIL ;
@@ -1126,6 +1146,45 @@ ngx_http_lua_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
11261146
11271147 dd ("merge srv conf" );
11281148
1149+ if (conf -> srv .ssl_client_hello_src .len == 0 ) {
1150+ conf -> srv .ssl_client_hello_src = prev -> srv .ssl_client_hello_src ;
1151+ conf -> srv .ssl_client_hello_src_ref = prev -> srv .ssl_client_hello_src_ref ;
1152+ conf -> srv .ssl_client_hello_src_key = prev -> srv .ssl_client_hello_src_key ;
1153+ conf -> srv .ssl_client_hello_handler = prev -> srv .ssl_client_hello_handler ;
1154+ }
1155+
1156+ if (conf -> srv .ssl_client_hello_src .len ) {
1157+ sscf = ngx_http_conf_get_module_srv_conf (cf , ngx_http_ssl_module );
1158+ if (sscf == NULL || sscf -> ssl .ctx == NULL ) {
1159+ ngx_log_error (NGX_LOG_EMERG , cf -> log , 0 ,
1160+ "no ssl configured for the server" );
1161+
1162+ return NGX_CONF_ERROR ;
1163+ }
1164+ #ifdef LIBRESSL_VERSION_NUMBER
1165+ ngx_log_error (NGX_LOG_EMERG , cf -> log , 0 ,
1166+ "LibreSSL does not support by ssl_client_hello_by_lua*" );
1167+ return NGX_CONF_ERROR ;
1168+
1169+ #else
1170+
1171+ #ifdef SSL_ERROR_WANT_CLIENT_HELLO_CB
1172+
1173+ SSL_CTX_set_client_hello_cb (sscf -> ssl .ctx ,
1174+ ngx_http_lua_ssl_client_hello_handler ,
1175+ NULL );
1176+
1177+ #else
1178+
1179+ ngx_log_error (NGX_LOG_EMERG , cf -> log , 0 ,
1180+ "OpenSSL too old to support "
1181+ "ssl_client_hello_by_lua*" );
1182+ return NGX_CONF_ERROR ;
1183+
1184+ #endif
1185+ #endif
1186+ }
1187+
11291188 if (conf -> srv .ssl_cert_src .len == 0 ) {
11301189 conf -> srv .ssl_cert_src = prev -> srv .ssl_cert_src ;
11311190 conf -> srv .ssl_cert_src_ref = prev -> srv .ssl_cert_src_ref ;
0 commit comments