ssl session repeated sslhandshake #79
Description
branch : master
if scheme == "wss" then
if not ssl_support then
return nil, "ngx_lua 0.9.11+ required for SSL sockets"
end
if client_cert then
ok, err = sock:setclientcert(client_cert, client_priv_key)
if not ok then
return nil, "failed to set TLS client certificate: " .. err
end
end
ok, err = sock:sslhandshake(false, server_name, ssl_verify)
if not ok then
return nil, "ssl handshake failed: " .. err
end
end
According to the api manual https://www.kancloud.cn/qq13867685/openresty-api-cn/159103
session, err = tcpsock:sslhandshake(reused_session?, server_name?, ssl_verify?)
I think it is nesseary to change the code:
if scheme == "wss" then
if not ssl_support then
return nil, "ngx_lua 0.9.11+ required for SSL sockets"
end
if client_cert then
ok, err = sock:setclientcert(client_cert, client_priv_key)
if not ok then
return nil, "failed to set TLS client certificate: " .. err
end
end
end
-- check for connections from pool:
local count, err = sock:getreusedtimes()
if not count then
return nil, "failed to get reused times: " .. err
end
if count > 0 then
-- being a reused connection (must have done handshake)
return 1
else
local ok, err = sock:sslhandshake(false, server_name, ssl_verify)
if not ok then
return nil, "ssl handshake failed: " .. err
end
end
Added: Determine if the sslhandshake is necessary by 'sock:getreusedtimes()' .It do need to call sslhandshake when the reused time of connection is zero.