diff --git a/.travis.yml b/.travis.yml index e6321c453d..6033ee185f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -64,8 +64,8 @@ env: #- NGINX_VERSION=1.21.4 OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d #- NGINX_VERSION=1.25.1 OPENSSL_VER=1.1.0l OPENSSL_PATCH_VER=1.1.0d - NGINX_VERSION=1.21.4 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f - - NGINX_VERSION=1.25.3 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f USE_PCRE2=Y - - NGINX_VERSION=1.25.3 BORINGSSL=1 TEST_NGINX_USE_HTTP3=1 USE_PCRE2=Y + - NGINX_VERSION=1.27.0 OPENSSL_VER=1.1.1w OPENSSL_PATCH_VER=1.1.1f USE_PCRE2=Y TEST_NGINX_TIMEOUT=5 + - NGINX_VERSION=1.27.0 BORINGSSL=1 TEST_NGINX_USE_HTTP3=1 USE_PCRE2=Y TEST_NGINX_QUIC_IDLE_TIMEOUT=3 #- NGINX_VERSION=1.25.1 OPENSSL_VER=1.1.1w TEST_NGINX_USE_HTTP2=1 services: diff --git a/src/ngx_http_lua_balancer.c b/src/ngx_http_lua_balancer.c index 5401a1ac88..ae0f1380b5 100644 --- a/src/ngx_http_lua_balancer.c +++ b/src/ngx_http_lua_balancer.c @@ -994,7 +994,7 @@ ngx_http_lua_ffi_balancer_bind_to_local_addr(ngx_http_request_t *r, bp = (ngx_http_lua_balancer_peer_data_t *) u->peer.data; if (bp->local == NULL) { - bp->local = ngx_palloc(r->pool, sizeof(ngx_addr_t)); + bp->local = ngx_palloc(r->pool, sizeof(ngx_addr_t) + addr_len); if (bp->local == NULL) { p = ngx_snprintf(errbuf, *errbuf_size, "no memory"); *errbuf_size = p - errbuf; @@ -1009,6 +1009,10 @@ ngx_http_lua_ffi_balancer_bind_to_local_addr(ngx_http_request_t *r, return NGX_ERROR; } + bp->local->name.len = addr_len; + bp->local->name.data = (u_char *) (bp->local + 1); + ngx_memcpy(bp->local->name.data, addr, addr_len); + return NGX_OK; } diff --git a/src/ngx_http_lua_socket_tcp.c b/src/ngx_http_lua_socket_tcp.c index 214e78329e..5010dfa6ed 100644 --- a/src/ngx_http_lua_socket_tcp.c +++ b/src/ngx_http_lua_socket_tcp.c @@ -5747,6 +5747,16 @@ ngx_http_lua_socket_keepalive_close_handler(ngx_event_t *ev) "lua tcp socket keepalive close handler check stale events"); n = recv(c->fd, buf, 1, MSG_PEEK); +#if (NGX_HTTP_SSL) + /* ignore ssl protocol data like change cipher spec */ + if (n == 1 && c->ssl != NULL) { + n = c->recv(c, (unsigned char *) buf, 1); + if (n == NGX_AGAIN) { + n = -1; + ngx_socket_errno = NGX_EAGAIN; + } + } +#endif if (n == -1 && ngx_socket_errno == NGX_EAGAIN) { /* stale event */ diff --git a/t/014-bugs.t b/t/014-bugs.t index 1b79aa4c59..d34f42e23d 100644 --- a/t/014-bugs.t +++ b/t/014-bugs.t @@ -828,7 +828,7 @@ qr/curl: \(28\) Operation timed out after \d+ milliseconds with 0 bytes received rewrite ^/myproxy/(.*) /$1 break; resolver_timeout 3s; #resolver 172.16.0.23; # AWS DNS resolver address is the same in all regions - 172.16.0.23 - resolver 8.8.8.8; + resolver $TEST_NGINX_RESOLVER; proxy_read_timeout 1s; proxy_send_timeout 1s; proxy_connect_timeout 1s; diff --git a/t/020-subrequest.t b/t/020-subrequest.t index 59b9f61a34..37914be061 100644 --- a/t/020-subrequest.t +++ b/t/020-subrequest.t @@ -1,6 +1,7 @@ # vim:set ft= ts=4 sw=4 et fdm=marker: use Test::Nginx::Socket::Lua; +use Test::Nginx::Util 'is_tcp_port_used'; #master_on(); #workers(1); @@ -16,6 +17,16 @@ plan tests => repeat_each() * (blocks() * 3 + 23); $ENV{TEST_NGINX_MEMCACHED_PORT} ||= 11211; $ENV{TEST_NGINX_HTML_DIR} ||= html_dir(); +# NB: tcp_listen_port needs to be greater than 10000, +# because the test cases expect it to be a 5-digit number +my $tcp_listen_port = 19113; +while (++$tcp_listen_port < 65535) { + if (!is_tcp_port_used $tcp_listen_port) { + last; + } +} +$ENV{TEST_NGINX_TCP_LISTEN_PORT} = $tcp_listen_port; + #no_diff(); no_long_string(); #no_shuffle(); @@ -1383,7 +1394,7 @@ upstream timed out #proxy_read_timeout 100ms; proxy_buffering on; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1396,7 +1407,7 @@ upstream timed out } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_query_len: 65 --- tcp_reply eval "HTTP/1.0 200 OK\r\nContent-Length: 1024\r\n\r\nhello world" @@ -1443,7 +1454,7 @@ upstream prematurely closed connection proxy_read_timeout 100ms; proxy_buffering on; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1456,7 +1467,7 @@ upstream prematurely closed connection } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_no_close --- tcp_reply eval "HTTP/1.0 200 OK\r\nContent-Length: 1024\r\n\r\nhello world" @@ -1505,7 +1516,7 @@ upstream timed out #proxy_read_timeout 100ms; proxy_buffering on; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1518,7 +1529,7 @@ upstream timed out } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_query_len: 65 --- tcp_reply eval "HTTP/1.0 200 OK\r\n\r\nhello world" @@ -1565,7 +1576,7 @@ truncated: false proxy_read_timeout 100ms; proxy_buffering on; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1578,7 +1589,7 @@ truncated: false } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_no_close --- tcp_reply eval "HTTP/1.0 200 OK\r\n\r\nhello world" @@ -1628,7 +1639,7 @@ upstream timed out #proxy_read_timeout 100ms; proxy_buffering off; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1641,7 +1652,7 @@ upstream timed out } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_query_len: 65 --- tcp_reply eval "HTTP/1.0 200 OK\r\n\r\nhello world" @@ -1688,7 +1699,7 @@ truncated: false proxy_read_timeout 500ms; proxy_buffering off; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1701,7 +1712,7 @@ truncated: false } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_no_close --- tcp_reply eval "HTTP/1.0 200 OK\r\n\r\nhello world" @@ -1914,7 +1925,7 @@ a client request body is buffered to a temporary file #proxy_read_timeout 100ms; proxy_http_version 1.1; proxy_buffering on; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1927,7 +1938,7 @@ a client request body is buffered to a temporary file } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_query_len: 65 --- tcp_reply eval "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\nb\r\nhello world\r" @@ -1977,7 +1988,7 @@ upstream prematurely closed connection #proxy_read_timeout 100ms; proxy_http_version 1.1; proxy_buffering off; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -1990,7 +2001,7 @@ upstream prematurely closed connection } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_query_len: 65 --- tcp_reply eval "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\nb\r\nhello world\r" @@ -2038,7 +2049,7 @@ upstream prematurely closed connection proxy_read_timeout 100ms; proxy_buffering on; proxy_http_version 1.1; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -2051,7 +2062,7 @@ upstream prematurely closed connection } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_no_close --- tcp_reply eval "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\nb\r\nhello world\r" @@ -2100,7 +2111,7 @@ upstream timed out #proxy_read_timeout 100ms; proxy_buffering on; proxy_http_version 1.1; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -2113,7 +2124,7 @@ upstream timed out } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_no_close --- tcp_reply eval "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n" @@ -2158,7 +2169,7 @@ truncated: false #proxy_read_timeout 100ms; proxy_buffering off; proxy_http_version 1.1; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -2171,7 +2182,7 @@ truncated: false } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_no_close --- tcp_reply eval "HTTP/1.1 200 OK\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r\n0\r\n\r\n" @@ -2217,7 +2228,7 @@ truncated: false #proxy_read_timeout 100ms; proxy_buffering off; - proxy_pass http://127.0.0.1:$TEST_NGINX_RAND_PORT_2; + proxy_pass http://127.0.0.1:$TEST_NGINX_TCP_LISTEN_PORT; } location /main { @@ -2230,7 +2241,7 @@ truncated: false } --- request GET /main ---- tcp_listen: $TEST_NGINX_RAND_PORT_2 +--- tcp_listen: $TEST_NGINX_TCP_LISTEN_PORT --- tcp_query_len: 65 --- tcp_reply eval "HTTP/1.0 200 OK\r\nContent-Length: 1024\r\n\r\nhello world" diff --git a/t/068-socket-keepalive.t b/t/068-socket-keepalive.t index 1660a3a361..626b441678 100644 --- a/t/068-socket-keepalive.t +++ b/t/068-socket-keepalive.t @@ -3109,6 +3109,8 @@ qr/\Qbad argument #1 to 'setkeepalive' (number expected, got string)\E/ --- no_error_log [crit] --- timeout: 4 +--- curl_error eval +qr{HTTP/3 stream 0 reset by server} @@ -3189,3 +3191,5 @@ qr/\Qbad argument #2 to 'setkeepalive' (number expected, got string)\E/ --- no_error_log [crit] --- timeout: 4 +--- curl_error eval +qr{HTTP/3 stream 0 reset by server} diff --git a/t/129-ssl-socket.t b/t/129-ssl-socket.t index ccfa19fffb..ca8d5a49e6 100644 --- a/t/129-ssl-socket.t +++ b/t/129-ssl-socket.t @@ -1484,6 +1484,72 @@ SSL reused session === TEST 18: openresty.org: passing SSL verify: keepalive (no reusing the ssl session) +The session returned by SSL_get1_session maybe different. +After function tls_process_new_session_ticket, the session saved in SSL->session +will be replace by a new one. + +ngx_ssl_session_t * +ngx_ssl_get_session(ngx_connection_t *c) +{ +#ifdef TLS1_3_VERSION + if (c->ssl->session) { + SSL_SESSION_up_ref(c->ssl->session); + return c->ssl->session; + } +#endif + + return SSL_get1_session(c->ssl->connection); +} + +SSL_SESSION *SSL_get1_session(SSL *ssl) +/* variant of SSL_get_session: caller really gets something */ +{ + SSL_SESSION *sess; + /* + * Need to lock this all up rather than just use CRYPTO_add so that + * somebody doesn't free ssl->session between when we check it's non-null + * and when we up the reference count. + */ + CRYPTO_THREAD_read_lock(ssl->lock); + sess = ssl->session; + if (sess) + SSL_SESSION_up_ref(sess); + CRYPTO_THREAD_unlock(ssl->lock); + return sess; +} + +#0 tls_process_new_session_ticket (s=0x7e6ea0, pkt=0x7fffffffc820) at ssl/statem/statem_clnt.c:2650 +#1 0x00007ffff7af50fd in read_state_machine (s=0x7e6ea0) at ssl/statem/statem.c:636 +#2 state_machine (s=0x7e6ea0, server=0) at ssl/statem/statem.c:434 +#3 0x00007ffff7aca6b3 in ssl3_read_bytes (s=, type=23, recvd_type=0x0, buf=0x7fffffffc9d7 "\027\320\355t", len=1, + peek=0, readbytes=0x7fffffffc978) at ssl/record/rec_layer_s3.c:1677 +#4 0x00007ffff7ad2250 in ssl3_read_internal (readbytes=0x7fffffffc978, peek=0, len=1, buf=0x7fffffffc9d7, s=0x7e6ea0) + at ssl/s3_lib.c:4477 +#5 ssl3_read (s=0x7e6ea0, buf=0x7fffffffc9d7, len=1, readbytes=0x7fffffffc978) at ssl/s3_lib.c:4500 +#6 0x00007ffff7ade695 in SSL_read (s=, buf=buf@entry=0x7fffffffc9d7, num=num@entry=1) at ssl/ssl_lib.c:1799 +#7 0x000000000045a965 in ngx_ssl_recv (c=0x72c3b0, buf=0x7fffffffc9d7 "\027\320\355t", size=1) + at src/event/ngx_event_openssl.c:2337 +#8 0x0000000000533b17 in ngx_http_lua_socket_keepalive_close_handler (ev=0x7e2f20) + at /var/code/openresty/lua-nginx-module/src/ngx_http_lua_socket_tcp.c:5753 +#9 0x000000000052cf40 in ngx_http_lua_socket_tcp_setkeepalive (L=0x74edd0) + at /var/code/openresty/lua-nginx-module/src/ngx_http_lua_socket_tcp.c:5602 +#10 0x00007ffff7f0fabe in lj_BC_FUNCC () + from /tmp/undodb.72729.1722915526.2470007.80d50d088e818fd4/debuggee-1-zwqz8svp/symbol-files/opt/luajit-sysm/lib/libluajit-5.1.so.2 +#11 0x000000000051f2b2 in ngx_http_lua_run_thread (L=L@entry=0x767670, r=r@entry=0x7edf80, ctx=ctx@entry=0x750e40, nrets=0) + at /var/code/openresty/lua-nginx-module/src/ngx_http_lua_util.c:1194 +#12 0x0000000000524347 in ngx_http_lua_content_by_chunk (L=0x767670, r=0x7edf80) + at /var/code/openresty/lua-nginx-module/src/ngx_http_lua_contentby.c:124 +#13 0x000000000047c663 in ngx_http_core_content_phase (r=0x7edf80, ph=0x7b4470) at src/http/ngx_http_core_module.c:1271 +#14 0x000000000047b80d in ngx_http_core_run_phases (r=0x7edf80) at src/http/ngx_http_core_module.c:885 +#15 ngx_http_handler (r=r@entry=0x7edf80) at src/http/ngx_http_core_module.c:868 +#16 0x00000000004854ad in ngx_http_process_request (r=r@entry=0x7edf80) at src/http/ngx_http_request.c:2140 +#17 0x00000000004868e8 in ngx_http_process_request_headers (rev=rev@entry=0x7e2f80) at src/http/ngx_http_request.c:1529 +#18 0x0000000000486468 in ngx_http_process_request_line (rev=0x7e2f80) at src/http/ngx_http_request.c:1196 +#19 0x000000000044b338 in ngx_event_process_posted (cycle=cycle@entry=0x721690, posted=0x62f250 ) + at src/event/ngx_event_posted.c:35 +#20 0x000000000044a522 in ngx_process_events_and_timers (cycle=cycle@entry=0x721690) at src/event/ngx_event.c:273 +#21 0x0000000000453819 in ngx_single_process_cycle (cycle=cycle@entry=0x721690) at src/os/unix/ngx_process_cycle.c:323 +#22 0x0000000000429dee in main (argc=argc@entry=5, argv=argv@entry=0x7fffffffd1a8) at src/core/nginx.c:384 --- config server_tokens off; resolver $TEST_NGINX_RESOLVER ipv6=off; @@ -1548,11 +1614,11 @@ set keepalive: 1 nil --- grep_error_log eval: qr/lua ssl (?:set|save|free) session: [0-9A-F]+/ --- grep_error_log_out eval qr/^lua ssl save session: ([0-9A-F]+) -lua ssl save session: \1 -lua ssl save session: \1 -lua ssl free session: \1 -lua ssl free session: \1 -lua ssl free session: \1 +lua ssl save session: ([0-9A-F]+) +lua ssl save session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) +lua ssl free session: ([0-9A-F]+) $/ --- error_log diff --git a/t/163-signal.t b/t/163-signal.t index 15f41e2200..0ce8fa2613 100644 --- a/t/163-signal.t +++ b/t/163-signal.t @@ -5,6 +5,9 @@ our $SkipReason; BEGIN { if ($ENV{TEST_NGINX_USE_HUP}) { $SkipReason = "unavailable under hup test mode"; + + } elsif ($ENV{TEST_NGINX_CHECK_LEAK}) { + $SkipReason = "unavailable under check leak test mode"; } } diff --git a/t/188-balancer_keepalive_pool_max_retry.t b/t/188-balancer_keepalive_pool_max_retry.t index 456ea794c9..679ee680f8 100644 --- a/t/188-balancer_keepalive_pool_max_retry.t +++ b/t/188-balancer_keepalive_pool_max_retry.t @@ -35,9 +35,9 @@ __DATA__ if ngx.ctx.tries == 1 then balancer.set_more_tries(5) end - + local host = "127.0.0.1" - local port = 8090; + local port = $TEST_NGINX_RAND_PORT_1; local ok, err = balancer.set_current_peer(host, port) if not ok then @@ -56,9 +56,9 @@ __DATA__ } server { - listen 0.0.0.0:8090; + listen 127.0.0.1:$TEST_NGINX_RAND_PORT_1; location /hello { - content_by_lua_block{ + content_by_lua_block{ local request_counter = ngx.shared.request_counter local first_request = request_counter:get("first_request") if first_request == nil then @@ -74,7 +74,7 @@ __DATA__ location = /t { proxy_pass http://my_upstream; proxy_set_header Connection "keep-alive"; - + rewrite_by_lua_block { ngx.req.set_uri("/hello") } diff --git a/util/build.sh b/util/build.sh index 41896f2c7e..fdf5c4d53d 100755 --- a/util/build.sh +++ b/util/build.sh @@ -25,13 +25,13 @@ force=$2 add_fake_shm_module="--add-module=$root/t/data/fake-shm-module" add_http3_module=--with-http_v3_module -answer=`$root/util/ver-ge "$NGINX_VERSION" 1.25.1` +answer=`$root/util/ver-ge "$version" 1.25.1` if [ "$OPENSSL_VER" = "1.1.0l" ] || [ "$answer" = "N" ]; then add_http3_module="" fi disable_pcre2=--without-pcre2 -answer=`$root/util/ver-ge "$NGINX_VERSION" 1.25.1` +answer=`$root/util/ver-ge "$version" 1.25.1` if [ "$answer" = "N" ] || [ "$USE_PCRE2" = "Y" ]; then disable_pcre2="" fi