lua-resty-core icon indicating copy to clipboard operation
lua-resty-core copied to clipboard
verified publisher icon openresty

The sslhandshake function does not handle the scenario where ngx_http_lua_ffi_socket_tcp_sslhandshake directly returns FFI_OK.

Open akf00000 opened this issue 9 months ago • 3 comments

When i test the sslhandshake future,i connect to local machine and i set the ssl_verify future, sometimes it failed in assert check.

log: /usr/local/openresty/lualib/resty/core/socket.lua:281: assertion failed!

I add some log and found the ngx_http_lua_ffi_socket_tcp_sslhandshake return FFI_OK, when assert failed happen。

I think it should add check FFI_OK:

local rc = C.ngx_http_lua_ffi_socket_tcp_sslhandshake(r, u,
               session_ptr[0],
               reused_session ~= false,
               server_name_str,
               ssl_verify and 1 or 0,
               send_status_req and 1 or 0,
               cosocket[SOCKET_CLIENT_CERT_INDEX],
               cosocket[SOCKET_CLIENT_PKEY_INDEX],
               errmsg)

if rc == FFI_NO_REQ_CTX then
    error("no request ctx found", 2)
end

if rc == FFI_OK then
    if reused_session == false then
        return true
    end

    rc = C.ngx_http_lua_ffi_socket_tcp_get_sslhandshake_result(r, u,
             session_ptr, errmsg, openssl_error_code)
end

akf00000 avatar May 12 '25 03:05 akf00000

Have you try this patch ?

zhuizhuhaomeng avatar May 13 '25 14:05 zhuizhuhaomeng

yes, i try this patch, and never assert again when ngx_http_lua_ffi_socket_tcp_sslhandshake return FFI_OK and peer verify failed.

akf00000 avatar May 14 '25 08:05 akf00000

Would you please create a PR for this isssue?

zhuizhuhaomeng avatar May 14 '25 11:05 zhuizhuhaomeng