This question is for agentzh, one of OpenResty authors.
i need some help or proper direction to look futher, please help…
I`m using openresty 1.0.11.19 (nginx+lua, great mix btw) and wish to
make calls to ssl-enabled third-party server (Apple Push Notifications
server, specifically).
For this i hoped to use recently added to openresty “ngx.socket.*”
functionality with LuaSec module to enable ssl-protected
communication. But seems it is not possible because LuaSec requires
setfd/getfd methods (raw access to socket file descriptors) just as
LuaSocket. Seems there is no other lua library that can do ssl
exchange only with simple “send/receive” over already established
connection anyway am i right?
before that i tryed to use nginx build-in “upstream + proxy_pass
https://” functionality, but in that case there is no way to specify
custom key+cert for upstream call and there is no way to specify
proper payload (apple APN servers are requiring direct message
exchange over sll-protected connection)
i need some help or proper direction to look futher, please help…
I`m using openresty 1.0.11.19 (nginx+lua, great mix btw) and wish to
make calls to ssl-enabled third-party server (Apple Push Notifications
server, specifically).
The SSL handshake support for ngx_lua cosocket is still a TODO I’ll
expose the underlying SSL handshake API provided by the Nginx core to
the Lua land.
You’re very welcome to provide a patch for ngx_lua though
For this i hoped to use recently added to openresty “ngx.socket.*”
functionality with LuaSec module to enable ssl-protected
communication. But seems it is not possible because LuaSec requires
setfd/getfd methods (raw access to socket file descriptors) just as
LuaSocket. Seems there is no other lua library that can do ssl
exchange only with simple “send/receive” over already established
connection anyway am i right?
You must not use the LuaSec library in ngx_lua even if the cosocket
provides the setfd/getfd methods. That’s because it uses “poll”
internally to do the network I/O, which will tragically block the
Nginx main event loop (and thus the whole nginx worker process) and
ruin Nginx’s performance.
before that i tryed to use nginx build-in “upstream + proxy_pass
https://” functionality, but in that case there is no way to specify
custom key+cert for upstream call and there is no way to specify
proper payload (apple APN servers are requiring direct message
exchange over sll-protected connection)
I see, so there is no way to do this purely via ngx_lua, for now?
I`ll try to use standalone server to send APNs first, this is just
faster way to start testing our application.
But i will be glad to test out ssl support in OpenResty when it will
be available
Thanks for great product!
am i right?
I’ll
am i right?