apache · membphis · Jul 10, 2020 · Jul 8, 2020 · Jul 8, 2020 · Jul 8, 2020
diff --git a/.travis/osx_openresty_runner.sh b/.travis/osx_openresty_runner.sh
@@ -23,8 +23,8 @@ export_or_prefix() {
 }
 
 before_install() {
-    HOMEBREW_NO_AUTO_UPDATE=1 brew install perl cpanminus etcd luarocks openresty/brew/openresty-debug redis@3.2
-    brew upgrade go
+    HOMEBREW_NO_AUTO_UPDATE=1 brew install perl cpanminus etcd luarocks openresty/brew/openresty-debug redis@4.0
+    brew install go@1.13
 
     sudo sed -i "" "s/requirepass/#requirepass/g" /usr/local/etc/redis.conf
     brew services start redis@3.2

diff --git a/apisix/http/router/radixtree_sni.lua b/apisix/http/router/radixtree_sni.lua
@@ -80,7 +80,6 @@ local function create_router(ssl_items)
                 end
             end
 
-            local
             idx = idx + 1
             route_items[idx] = {
                 paths = sni,
@@ -151,15 +150,15 @@ function _M.match_and_set(api_ctx)
     local sni
     sni, err = ngx_ssl.server_name()
     if type(sni) ~= "string" then
-        return false, "failed to fetch SNI: " .. (err or "not found")
+        return false, "failed to fetch SSL certificate: " .. (err or "not found")
     end
 
     core.log.debug("sni: ", sni)
 
     local sni_rev = sni:reverse()
     local ok = radixtree_router:dispatch(sni_rev, nil, api_ctx)
     if not ok then
-        core.log.warn("not found any valid sni configuration")
+        core.log.warn("failed to find any SSL certificate by SNI: ", sni)
         return false
     end
 
@@ -172,14 +171,14 @@ function _M.match_and_set(api_ctx)
             end
         end
         if not matched then
-            core.log.warn("not found any valid sni configuration, matched sni: ",
-                          core.json.delay_encode(api_ctx.matched_sni, true), " current sni: ", sni)
+            core.log.warn("failed to find any SSL certificate by SNI: ",
+                          sni, " matched SNIs: ", core.json.delay_encode(api_ctx.matched_sni, true))
             return false
         end
     else
         if str_find(sni_rev, ".", #api_ctx.matched_sni, true) then
-            core.log.warn("not found any valid sni configuration, matched sni: ",
-                          api_ctx.matched_sni:reverse(), " current sni: ", sni)
+            core.log.warn("failed to find any SSL certificate by SNI: ",
+                          sni, " matched SNI: ", api_ctx.matched_sni:reverse())
             return false
         end
     end

diff --git a/t/router/radixtree-sni.t b/t/router/radixtree-sni.t
@@ -207,7 +207,7 @@ GET /t
 connected: 1
 failed to do SSL handshake: certificate host mismatch
 --- error_log
-not found any valid sni configuration
+failed to find any SSL certificate by SNI
 
 
 
@@ -448,15 +448,15 @@ location /t {
         local ssl_key =  t.read_file("conf/cert/test2.key")
         local data = {cert = ssl_cert, key = ssl_key, sni = "*.test2.com"}
 
-        local code, body = t.test('/apisix/admin/ssl/1',
+        local code, body = t.test('/apisix/admin/ssl/2',
             ngx.HTTP_PUT,
             core.json.encode(data),
             [[{
                 "node": {
                     "value": {
                         "sni": "*.test2.com"
                     },
-                    "key": "/apisix/ssl/1"
+                    "key": "/apisix/ssl/2"
                 },
                 "action": "set"
             }]]
@@ -521,7 +521,82 @@ lua ssl server name: "www.test2.com"
 
 
 
-=== TEST 11: client request: aa.bb.test2.com
+=== TEST 11: client request: test.com again
+--- config
+listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
+
+location /t {
+    content_by_lua_block {
+        -- etcd sync
+        ngx.sleep(0.2)
+
+        do
+            local sock = ngx.socket.tcp()
+
+            sock:settimeout(2000)
+
+            local ok, err = sock:connect("unix:$TEST_NGINX_HTML_DIR/nginx.sock")
+            if not ok then
+                ngx.say("failed to connect: ", err)
+                return
+            end
+
+            ngx.say("connected: ", ok)
+
+            local sess, err = sock:sslhandshake(nil, "test.com", false)
+            if not sess then
+                ngx.say("failed to do SSL handshake: ", err)
+                return
+            end
+
+            ngx.say("ssl handshake: ", type(sess))
+
+            local req = "GET /hello HTTP/1.0\r\nHost: test.com\r\nConnection: close\r\n\r\n"
+            local bytes, err = sock:send(req)
+            if not bytes then
+                ngx.say("failed to send http request: ", err)
+                return
+            end
+
+            ngx.say("sent http request: ", bytes, " bytes.")
+
+            while true do
+                local line, err = sock:receive()
+                if not line then
+                    -- ngx.say("failed to receive response status line: ", err)
+                    break
+                end
+
+                ngx.say("received: ", line)
+            end
+
+            local ok, err = sock:close()
+            ngx.say("close: ", ok, " ", err)
+        end  -- do
+        -- collectgarbage()
+    }
+}
+--- request
+GET /t
+--- response_body eval
+qr{connected: 1
+ssl handshake: userdata
+sent http request: 58 bytes.
+received: HTTP/1.1 200 OK
+received: Content-Type: text/plain
+received: Connection: close
+received: Server: \w+
+received: \nreceived: hello world
+close: 1 nil}
+--- error_log
+lua ssl server name: "test.com"
+--- no_error_log
+[error]
+[alert]
+
+
+
+=== TEST 12: client request: aa.bb.test2.com
 --- config
 listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
 
@@ -561,14 +636,14 @@ connected: 1
 failed to do SSL handshake: certificate host mismatch
 --- error_log
 lua ssl server name: "aa.bb.test2.com"
-not found any valid sni configuration, matched sni: *.test2.com current sni: aa.bb.test2.com
+failed to find any SSL certificate by SNI: aa.bb.test2.com matched SNI: *.test2.com
 --- no_error_log
 [error]
 [alert]
 
 
 
-=== TEST 12: disable ssl(sni: *.test2.com)
+=== TEST 13: disable ssl(sni: *.test2.com)
 --- config
 location /t {
     content_by_lua_block {
@@ -577,15 +652,15 @@ location /t {
 
         local data = {status = 0}
 
-        local code, body = t.test('/apisix/admin/ssl/1',
+        local code, body = t.test('/apisix/admin/ssl/2',
             ngx.HTTP_PATCH,
             core.json.encode(data),
             [[{
                 "node": {
                     "value": {
                         "status": 0
                     },
-                    "key": "/apisix/ssl/1"
+                    "key": "/apisix/ssl/2"
                 },
                 "action": "set"
             }]]
@@ -604,7 +679,7 @@ passed
 
 
 
-=== TEST 13: client request: www.test2.com -- failed by disable
+=== TEST 14: client request: www.test2.com -- failed by disable
 --- config
 listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
 
@@ -650,7 +725,7 @@ lua ssl server name: "www.test2.com"
 
 
 
-=== TEST 14: enable ssl(sni: *.test2.com)
+=== TEST 15: enable ssl(sni: *.test2.com)
 --- config
 location /t {
     content_by_lua_block {
@@ -659,15 +734,15 @@ location /t {
 
         local data = {status = 1}
 
-        local code, body = t.test('/apisix/admin/ssl/1',
+        local code, body = t.test('/apisix/admin/ssl/2',
             ngx.HTTP_PATCH,
             core.json.encode(data),
             [[{
                 "node": {
                     "value": {
                         "status": 1
                     },
-                    "key": "/apisix/ssl/1"
+                    "key": "/apisix/ssl/2"
                 },
                 "action": "set"
             }]]
@@ -686,7 +761,7 @@ passed
 
 
 
-=== TEST 15: client request: www.test2.com again
+=== TEST 16: client request: www.test2.com again
 --- config
 listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
 
@@ -732,7 +807,7 @@ lua ssl server name: "www.test2.com"
 
 
 
-=== TEST 16: set ssl(snis: {test2.com, *.test2.com})
+=== TEST 17: set ssl(snis: {test2.com, *.test2.com})
 --- config
 location /t {
     content_by_lua_block {
@@ -770,7 +845,7 @@ passed
 
 
 
-=== TEST 17: client request: test2.com
+=== TEST 18: client request: test2.com
 --- config
 listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
 
@@ -816,7 +891,27 @@ lua ssl server name: "test2.com"
 
 
 
-=== TEST 18: client request: aa.bb.test2.com  -- snis un-include
+=== TEST 19: remove ssl2
+--- config
+location /t {
+    content_by_lua_block {
+        local core = require("apisix.core")
+        local t = require("lib.test_admin")
+
+        local code, body = t.test('/apisix/admin/ssl/2', ngx.HTTP_DELETE)
+
+        ngx.status = code
+        ngx.say(body)
+    }
+}
+--- request
+GET /t
+--- no_error_log
+[error]
+
+
+
+=== TEST 20: client request: aa.bb.test2.com  -- snis un-include
 --- config
 listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
 
@@ -856,14 +951,14 @@ connected: 1
 failed to do SSL handshake: certificate host mismatch
 --- error_log
 lua ssl server name: "aa.bb.test2.com"
-not found any valid sni configuration, matched sni: ["moc.2tset","moc.2tset.*"] current sni: aa.bb.test2.com
+failed to find any SSL certificate by SNI: aa.bb.test2.com matched SNIs: ["moc.2tset","moc.2tset.*"]
 --- no_error_log
 [error]
 [alert]
 
 
 
-=== TEST 19: set ssl(encrypt ssl key with another iv)
+=== TEST 21: set ssl(encrypt ssl key with another iv)
 --- config
 location /t {
     content_by_lua_block {
@@ -901,10 +996,9 @@ passed
 
 
 
-=== TEST 20: client request: test2.com
+=== TEST 22: client request: test2.com
 --- config
 listen unix:$TEST_NGINX_HTML_DIR/nginx.sock ssl;
-
 location /t {
     content_by_lua_block {
         -- etcd sync