[PATCH] SSL: handled SSL_CTX_set_cert_cb() callback yielding.

Yichun Zhang (agentzh) agentzh at gmail.com
Tue Jan 5 22:27:08 UTC 2016


Hello!

On Sat, Jan 2, 2016 at 8:06 PM, Yichun Zhang (agentzh) wrote:
> SSL: handled SSL_CTX_set_cert_cb() callback yielding.
>
> OpenSSL 1.0.2+ introduces SSL_CTX_set_cert_cb() to allow custom
> callbacks to serve the SSL certificiates and private keys dynamically
> and lazily. The callbacks may yield for nonblocking I/O or sleeping.
> Here we added support for such usage in NGINX 3rd-party modules
> (like ngx_lua) in NGINX's event handlers for downstream SSL
> connections.
>

FYI, the new ssl_certificate_by_lua* directives of ngx_http_lua_module
relies on this NGINX core patch:

    https://github.com/openresty/lua-nginx-module#ssl_certificate_by_lua_block

This allows users to use Lua to dynamically load and configure SSL
certificates and private keys used by downstream https connections,
for example.

It'll be great if the mainline nginx core can have this patch applied.
And this would also be a wonderful feature for the NGINX world as
well.

Regards,
-agentzh



More information about the nginx-devel mailing list