wsxedcer

  • Nov 15, 2020
  • Joined Nov 13, 2020
  • In ssl.server_name 在使用ab测试的时候无法获取访问域名

    还真是这样,谢谢了,在centos 8上面安装的ab测试就没问题,看样子是ab版本的问题了,谢谢

    • In ssl.server_name 在使用ab测试的时候无法获取访问域名

      centos 7系统,采用yum新安装的openresty-1.19.3.1版本,以下配置在浏览器中访问正常,使用ab测试ssl失败
      测试机centos 7,ab版本为 httpd-tools-2.4.6-93.el7
      ssl_certificate_by_lua_file 内容为:

      local ssl = require("ngx.ssl")
local r = require("resty.redis")
local redis = r:new()
redis:set_timeouts(1000, 1000, 1000)
local ok, err = redis:connect("127.0.0.1", 6379, {
    pool = RedisPool,
    pool_size = 100,
    backlog = 200
})

redis:auth("p123456")
redis:select(1)
local ok, err = ssl.clear_certs()
if not ok then
    ngx.log(ngx.ERR, "failed to clear existing (fallback) certificates")
    return ngx.exit(ngx.ERROR)
end

local hostname, hostname_err = assert(ssl.server_name())
ngx.log(ngx.INFO, "hostname --> " .. hostname)

local all = redis:hmget(hostname, "cert", "key")
local pool_max_idle_time = 10000
local pool_size = 100
local ok, err = redis:set_keepalive(pool_max_idle_time, pool_size)
if not ok then
    ngx.log(ngx.ERR, "set keepalive err: ", err)
end

local cert_data = all[1]
local pkey_data = all[2]

if not cert_data then
    ngx.log(ngx.ERR, "failed to get PEM cert: ", err)
    return
end
local cert, err = ssl.parse_pem_cert(cert_data)
if not cert then
    ngx.log(ngx.ERR, "failed to parse PEM cert: ", err)
    return
end

local ok, err = ssl.set_cert(cert)
if not ok then
    ngx.log(ngx.ERR, "failed to set cert: ", err)
    return
end

if not pkey_data then
    ngx.log(ngx.ERR, "failed to get DER private key: ", err)
    return
end
local pkey, err = ssl.parse_pem_priv_key(pkey_data)
if not pkey then
    ngx.log(ngx.ERR, "failed to parse pem key: ", err)
    return
end
local ok, err = ssl.set_priv_key(pkey)
if not ok then
    ngx.log(ngx.ERR, "failed to set private key: ", err)
    return
end

      在error.log日志中报错为

      stack traceback:
coroutine 0:
        [C]: in function 'assert'
        /usr/local/openresty/nginx/conf/lua/dynamicSsl.lua:21: in main chunk, context: ssl_certificate_by_lua*, client: 192.168.11.151, server: 0.0.0.0:443
2020/11/13 09:59:58 [info] 4945#4945: *19 SSL_do_handshake() failed (SSL: error:1417A179:SSL routines:tls_post_process_client_hello:cert cb error) while SSL handshaking, client: 192.168.11.151, server: 0.0.0.0:443

      这里应该怎么解决呢?