Openresty + socket + ssl question
agentzh at gmail.com
Tue Mar 6 04:32:22 UTC 2012
On Mon, Mar 5, 2012 at 11:29 PM, Ilja Razinkov <razinkov at gmail.com> wrote:
> i need some help or proper direction to look futher, please help...
> I`m using openresty 18.104.22.168 (nginx+lua, great mix btw) and wish to
> make calls to ssl-enabled third-party server (Apple Push Notifications
> server, specifically).
The SSL handshake support for ngx_lua cosocket is still a TODO :) I'll
expose the underlying SSL handshake API provided by the Nginx core to
the Lua land.
You're very welcome to provide a patch for ngx_lua though :)
> For this i hoped to use recently added to openresty "ngx.socket.*"
> functionality with LuaSec module to enable ssl-protected
> communication. But seems it is not possible because LuaSec requires
> setfd/getfd methods (raw access to socket file descriptors) just as
> LuaSocket. Seems there is no other lua library that can do ssl
> exchange only with simple "send/receive" over already established
> connection anyway :( am i right?
You must not use the LuaSec library in ngx_lua even if the cosocket
provides the setfd/getfd methods. That's because it uses "poll"
internally to do the network I/O, which will tragically block the
Nginx main event loop (and thus the whole nginx worker process) and
ruin Nginx's performance.
> before that i tryed to use nginx build-in "upstream + proxy_pass
> https://" functionality, but in that case there is no way to specify
> custom key+cert for upstream call and there is no way to specify
> proper payload (apple APN servers are requiring direct message
> exchange over sll-protected connection)
Fair enough :)
More information about the nginx