Openresty + socket + ssl question

Ilja Razinkov razinkov at gmail.com
Tue Mar 6 12:41:48 UTC 2012


I see, so there is no way to do this purely via ngx_lua, for now? :(
I`ll try to use standalone server to send APNs first, this is just
faster way to start testing our application.
But i will be glad to test out ssl support in OpenResty when it will
be available :)
Thanks for great product!

On Tue, Mar 6, 2012 at 8:32 AM, agentzh <agentzh at gmail.com> wrote:
> On Mon, Mar 5, 2012 at 11:29 PM, Ilja Razinkov <razinkov at gmail.com> wrote:
>>  i need some help or proper direction to look futher, please help...
>> I`m using openresty 1.0.11.19 (nginx+lua, great mix btw) and wish to
>> make calls to ssl-enabled third-party server (Apple Push Notifications
>> server, specifically).
>
> The SSL handshake support for ngx_lua cosocket is still a TODO :) I'll
> expose the underlying SSL handshake API provided by the Nginx core to
> the Lua land.
>
> You're very welcome to provide a patch for ngx_lua though :)
>
>> For this i hoped to use recently added to openresty "ngx.socket.*"
>> functionality with LuaSec module to enable ssl-protected
>> communication. But seems it is not possible because LuaSec requires
>> setfd/getfd methods (raw access to socket file descriptors) just as
>> LuaSocket. Seems there is no other lua library that can do ssl
>> exchange only with simple "send/receive" over already established
>> connection anyway :(  am i right?
>>
>
> You must not use the LuaSec library in ngx_lua even if the cosocket
> provides the setfd/getfd methods. That's because it uses "poll"
> internally to do the network I/O, which will tragically block the
> Nginx main event loop (and thus the whole nginx worker process) and
> ruin Nginx's performance.
>
>> before that i tryed to use nginx build-in "upstream + proxy_pass
>> https://" functionality, but in that case there is no way to specify
>> custom key+cert for upstream call and there is no way to specify
>> proper payload (apple APN servers are requiring direct message
>> exchange over sll-protected connection)
>>
>
> Fair enough :)
>
> Best,
> -agentzh
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx



-- 
с уважением, Разинков Илья



More information about the nginx mailing list