Openresty + socket + ssl question

Hello!

This question is for agentzh, one of OpenResty authors.

i need some help or proper direction to look futher, please help…
I`m using openresty 1.0.11.19 (nginx+lua, great mix btw) and wish to
make calls to ssl-enabled third-party server (Apple Push Notifications
server, specifically).
For this i hoped to use recently added to openresty “ngx.socket.*”
functionality with LuaSec module to enable ssl-protected
communication. But seems it is not possible because LuaSec requires
setfd/getfd methods (raw access to socket file descriptors) just as
LuaSocket. Seems there is no other lua library that can do ssl
exchange only with simple “send/receive” over already established
connection anyway :frowning: am i right?

before that i tryed to use nginx build-in “upstream + proxy_pass
https://” functionality, but in that case there is no way to specify
custom key+cert for upstream call and there is no way to specify
proper payload (apple APN servers are requiring direct message
exchange over sll-protected connection)

Thanks in advance for any help
sincerely, Ilja R.

On Mon, Mar 5, 2012 at 11:29 PM, Ilja R. [email protected]
wrote:

i need some help or proper direction to look futher, please help…
I`m using openresty 1.0.11.19 (nginx+lua, great mix btw) and wish to
make calls to ssl-enabled third-party server (Apple Push Notifications
server, specifically).

The SSL handshake support for ngx_lua cosocket is still a TODO :slight_smile: I’ll
expose the underlying SSL handshake API provided by the Nginx core to
the Lua land.

You’re very welcome to provide a patch for ngx_lua though :slight_smile:

For this i hoped to use recently added to openresty “ngx.socket.*”
functionality with LuaSec module to enable ssl-protected
communication. But seems it is not possible because LuaSec requires
setfd/getfd methods (raw access to socket file descriptors) just as
LuaSocket. Seems there is no other lua library that can do ssl
exchange only with simple “send/receive” over already established
connection anyway :frowning: am i right?

You must not use the LuaSec library in ngx_lua even if the cosocket
provides the setfd/getfd methods. That’s because it uses “poll”
internally to do the network I/O, which will tragically block the
Nginx main event loop (and thus the whole nginx worker process) and
ruin Nginx’s performance.

before that i tryed to use nginx build-in “upstream + proxy_pass
https://” functionality, but in that case there is no way to specify
custom key+cert for upstream call and there is no way to specify
proper payload (apple APN servers are requiring direct message
exchange over sll-protected connection)

Fair enough :slight_smile:

Best,
-agentzh

I see, so there is no way to do this purely via ngx_lua, for now? :frowning:
I`ll try to use standalone server to send APNs first, this is just
faster way to start testing our application.
But i will be glad to test out ssl support in OpenResty when it will
be available :slight_smile:
Thanks for great product!

On Tue, Mar 6, 2012 at 8:32 AM, agentzh [email protected] wrote:

You’re very welcome to provide a patch for ngx_lua though :slight_smile:
You must not use the LuaSec library in ngx_lua even if the cosocket

Fair enough :slight_smile:

Best,
-agentzh


nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx


с уважением, Разинков Илья

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs