Hello,
I come from the mystical world / realm of Windows Nginx + Lua.
The error i receive is this.
2017/04/05 20:21:40 [error] 11096#5896: *2 lua entry thread aborted: runtime error: ...0n\Desktop\lerroy jenkins\nginx-test-del\lua\ngx\ssl.lua:77: cannot resolve symbol 'ngx_http_lua_ffi_ssl_clear_certs': The specified procedure could not be found.
stack traceback:
coroutine 0:
[C]: in function '__index'
...0n\Desktop\lerroy jenkins\nginx-test-del\lua\ngx\ssl.lua:77: in function 'clear_certs'
ssl_certificate_by_lua:7: in function <ssl_certificate_by_lua:1>, context: ssl_certificate_by_lua*, client: 127.0.0.1, server: 0.0.0.0:443
2017/04/05 20:21:40 [crit] 11096#5896: *1 SSL_do_handshake() failed (SSL: error:1408A179:SSL routines:ssl3_get_client_hello:cert cb error) while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:443
The code I am trying to run is as follows.
ssl_certificate_by_lua_block {
local ssl = require "ngx.ssl"
-- clear the fallback certificates and private keys
-- set by the ssl_certificate and ssl_certificate_key
-- directives above:
local ok, err = ssl.clear_certs()
if not ok then
ngx.log(ngx.ERR, "failed to clear existing (fallback) certificates")
return ngx.exit(ngx.ERROR)
end
local name, err = ssl.server_name()
if not name then
ngx.log(ngx.ERR, "failed to read ssl.server_name() client sent")
return ngx.exit(ngx.ERROR)
else
local ssl_server_name = ssl.server_name()
end
}
I have installed and got all the paths correctly setup and downloaded the files required for ngx.ssl to work from these two Github repo's
https://github.com/openresty/lua-resty-corehttps://github.com/openresty/lua-resty-lrucacheThe Windows Nginx Lua builds can be obtained from here.
http://nginx-win.ecsds.eu/download/nginx%201.11.11.1%20Lion.zipI have contacted itpp2012 (
https://forum.nginx.org/profile.php?11,7488 ) Who is the one who compiles and maintains those builds and is also one of the Nginx mailing lists admins I believe.
In our email conversation about this error on windows he/she said this.
Ok we got everything now and can reproduce the error.
It looks like some include file is still missing as "ngx_http_lua_ffi_ssl_clear_certs" is not a compile time function but a JIT function.
Openresty allows embedded c++ (luaff bindings) which is treated as
Luajit code, its like adding 'c' code without having to compile
anything, but it does need some other includes.
No ffi means you can use C code without having to compile it.
Any other code needs to be compiled, ffi doesn't, its pulled in via Luajit and bytecode compiled at runtime.
If ffi complains its missing something this means some definition file is missing.
We haven't had time yet to sort this out, you can always try google groups.
itpp2012 was also kind enough to provide me with a working example of "ffi" on Windows here.
location = /141t {
content_by_lua_block {
local ffi = require "ffi"
ffi.cdef[[
void *malloc(size_t size);
void free(void *p);
]]
local p = ffi.C.malloc(1);
local num = tonumber(ffi.cast("uintptr_t", p))
ffi.C.free(p)
if ffi.abi("64bit") then
if num < 2^31 then
ngx.say("fail: ", string.format("p = %#x", num))
return
end
end
ngx.say("pass on 141t")
}
}
To anyone who wanted to reproduce the error on Windows in their own live windows environment here is my Nginx config folder.
https://www.dropbox.com/s/6p0s841lmesvs4t/conf.zip?dl=1Inside the zip archive is a "conf" folder and a "lua" folder the lua folder contains these two github repo's
https://github.com/openresty/lua-resty-core |
https://github.com/openresty/lua-resty-lrucacheIf you download the Nginx builds
http://nginx-win.ecsds.eu/download/nginx%201.11.11.1%20Lion.zipAnd just extract replace/overwrite the "conf" folder with my "conf" folder you should be able to reproduce the SSL error.
Hopefully someone can help and guide / show me what is wrong hopefully it is something easy / simple to fix.
Thank's in advance :) <3