bugfix: some lua configurations (i.e. lua_ssl_trusted_certificate) were missing in the init_worker phase.

should use the top lua conf top_llcf for init_worker block.
also renamed the variables from `*lcf` to `*scf`.

Author: doujiang24

src/ngx_stream_lua_initworkerby.c

@@ -51,8 +51,8 @@ ngx_stream_lua_init_worker(ngx_cycle_t *cycle)
     ngx_conf_file_t         *conf_file;
     ngx_stream_session_t    *s;
 
-    ngx_stream_core_srv_conf_t    *clcf, *top_clcf;
-    ngx_stream_lua_srv_conf_t     *llcf, *top_llcf;
+    ngx_stream_core_srv_conf_t    *cscf, *top_cscf;
+    ngx_stream_lua_srv_conf_t     *lscf, *top_lscf;
 
     lmcf = ngx_stream_cycle_get_module_main_conf(cycle, ngx_stream_lua_module);
 
@@ -98,8 +98,8 @@ ngx_stream_lua_init_worker(ngx_cycle_t *cycle)
                cycle->conf_ctx[ngx_stream_module.index];
     stream_ctx.main_conf = conf_ctx->main_conf;
 
-    top_clcf = conf_ctx->srv_conf[ngx_stream_core_module.ctx_index];
-    top_llcf = conf_ctx->srv_conf[ngx_stream_lua_module.ctx_index];
+    top_cscf = conf_ctx->srv_conf[ngx_stream_core_module.ctx_index];
+    top_lscf = conf_ctx->srv_conf[ngx_stream_lua_module.ctx_index];
 
     ngx_memzero(&conf, sizeof(ngx_conf_t));
 
@@ -223,16 +223,24 @@ ngx_stream_lua_init_worker(ngx_cycle_t *cycle)
             stream_ctx.srv_conf[modules[i]->ctx_index] = cur;
 
             if (modules[i]->ctx_index == ngx_stream_core_module.ctx_index) {
-                clcf = cur;
+                cscf = cur;
                 /* just to silence the error in
                  * ngx_stream_core_merge_srv_conf */
-                clcf->handler = ngx_stream_lua_content_handler;
+                cscf->handler = ngx_stream_lua_content_handler;
             }
 
             if (module->merge_srv_conf) {
-                prev = module->create_srv_conf(&conf);
-                if (prev == NULL) {
-                    return NGX_ERROR;
+                if (modules[i] == &ngx_stream_lua_module) {
+                    prev = top_lscf;
+
+                } else if (modules[i] == &ngx_stream_core_module) {
+                    prev = top_cscf;
+
+                } else {
+                    prev = module->create_srv_conf(&conf);
+                    if (prev == NULL) {
+                        return NGX_ERROR;
+                    }
                 }
 
                 rv = module->merge_srv_conf(&conf, prev, cur);
@@ -262,24 +270,24 @@ ngx_stream_lua_init_worker(ngx_cycle_t *cycle)
     s->main_conf = stream_ctx.main_conf;
     s->srv_conf = stream_ctx.srv_conf;
 
-    clcf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module);
+    cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module);
 
-    llcf = ngx_stream_get_module_srv_conf(s, ngx_stream_lua_module);
+    lscf = ngx_stream_get_module_srv_conf(s, ngx_stream_lua_module);
 
-    if (top_llcf->log_socket_errors != NGX_CONF_UNSET) {
-        llcf->log_socket_errors = top_llcf->log_socket_errors;
+    if (top_lscf->log_socket_errors != NGX_CONF_UNSET) {
+        lscf->log_socket_errors = top_lscf->log_socket_errors;
     }
 
-    if (top_clcf->resolver != NULL) {
-        clcf->resolver = top_clcf->resolver;
+    if (top_cscf->resolver != NULL) {
+        cscf->resolver = top_cscf->resolver;
     }
 
-    if (top_clcf->resolver_timeout != NGX_CONF_UNSET_MSEC) {
-        clcf->resolver_timeout = top_clcf->resolver_timeout;
+    if (top_cscf->resolver_timeout != NGX_CONF_UNSET_MSEC) {
+        cscf->resolver_timeout = top_cscf->resolver_timeout;
     }
 
 #if defined(nginx_version) && nginx_version >= 1009000
-    ngx_set_connection_log(s->connection, clcf->error_log);
+    ngx_set_connection_log(s->connection, cscf->error_log);
 
 #else
 #endif

t/124-init-worker.t

@@ -8,11 +8,21 @@ use Test::Nginx::Socket::Lua::Stream;
 
 repeat_each(1);
 
-plan tests => repeat_each() * (blocks() * 4 - 1);
+plan tests => repeat_each() * (blocks() * 4 + 1);
 
 $ENV{TEST_NGINX_MEMCACHED_PORT} ||= 11211;
 $ENV{TEST_NGINX_RESOLVER} ||= '8.8.8.8';
 
+sub read_file {
+    my $infile = shift;
+    open my $in, $infile
+        or die "cannot open $infile for reading: $!";
+    my $cert = do { local $/; <$in> };
+    close $in;
+    $cert;
+}
+
+our $DSTRootCertificate = read_file("t/cert/dst-ca.crt");
 our $ServerRoot = server_root();
 
 #no_diff();
@@ -699,3 +709,67 @@ This also affects merge_loc_conf
 ok
 --- no_error_log
 [error]
+
+
+
+=== TEST 20: lua_ssl_trusted_certificate
+--- stream_config
+    resolver $TEST_NGINX_RESOLVER ipv6=off;
+    lua_ssl_trusted_certificate ../html/trusted.crt;
+    lua_ssl_verify_depth 2;
+
+    init_worker_by_lua_block {
+        local semaphore = require "ngx.semaphore"
+        local sem = semaphore:new(0)
+        package.loaded.sem = sem
+
+        local function test_ssl_verify()
+            local sock = ngx.socket.tcp()
+            sock:settimeout(2000)
+            local ok, err = sock:connect("openresty.org", 443)
+            if not ok then
+                ngx.log(ngx.ERR, "failed to connect: ", err)
+                return
+            end
+
+            ngx.log(ngx.WARN, "connected: ", ok)
+
+            local session, err = sock:sslhandshake(nil, "openresty.org", true)
+            if not session then
+                ngx.log(ngx.ERR, "failed to do SSL handshake: ", err)
+                return
+            end
+
+            ngx.log(ngx.WARN, "ssl handshake: ", type(session))
+
+            local ok, err = sock:close()
+            ngx.log(ngx.WARN, "close: ", ok, " ", err)
+
+            sem:post(1)
+        end
+
+        ngx.timer.at(0, test_ssl_verify)
+    }
+
+--- stream_server_config
+    content_by_lua_block {
+        local sem = package.loaded.sem
+        local ok, err = sem:wait(3)
+        if not ok then
+            ngx.say("wait test_ssl_verify failed: ", err)
+        end
+
+        ngx.say('ok')
+    }
+--- user_files eval
+">>> trusted.crt
+$::DSTRootCertificate"
+
+--- stream_response
+ok
+--- no_error_log
+[error]
+--- error_log
+connected: 1
+ssl handshake: userdata
+close: 1 nil