fix(patches): add patches from upstream openresty (#13640)

* chore(patches): add patches from upstream openresty Fixing the issue where a connection can't be setkeepalive successfully when using TLSv1.3. The issue was originally found in the tcp-log plugin. \### Summary \#### ngx_lua patches - openresty/lua-nginx-module@bf4bdcd - openresty/lua-nginx-module@ea09d92 - openresty/lua-nginx-module@816483d \#### ngx_stream_lua patches - openresty/stream-lua-nginx-module@5954e22 - openresty/stream-lua-nginx-module@69f0cd7 - openresty/stream-lua-nginx-module@1e1d93e https://konghq.atlassian.net/browse/FTI-6190 * chore(fixture): fix tcp_server, SSL_shutdown only does a half close, so the connection can still be reused.
Kong · Nov 29, 2024 · eff5e8f · eff5e8f · github-actions · Nov 29, 2024
1 parent a87e708
commit eff5e8f
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 4 deletions.
diff --git a/build/openresty/patches/ngx_lua-0.10.26_07-tcpsock-setkeepalive-tls13.patch b/build/openresty/patches/ngx_lua-0.10.26_07-tcpsock-setkeepalive-tls13.patch
@@ -0,0 +1,26 @@
+diff --git a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_socket_tcp.c b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_socket_tcp.c
+index 037faef..0e6dcd0 100644
+--- a/bundle/ngx_lua-0.10.26/src/ngx_http_lua_socket_tcp.c
++++ b/bundle/ngx_lua-0.10.26/src/ngx_http_lua_socket_tcp.c
+@@ -5731,7 +5731,7 @@ ngx_http_lua_socket_keepalive_close_handler(ngx_event_t *ev)
+     ngx_http_lua_socket_pool_t          *spool;
+
+     int                n;
+-    char               buf[1];
++    unsigned char      buf[1];
+     ngx_connection_t  *c;
+
+     c = ev->data;
+@@ -5752,9 +5752,10 @@ ngx_http_lua_socket_keepalive_close_handler(ngx_event_t *ev)
+     ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0,
+                    "lua tcp socket keepalive close handler check stale events");
+
+-    n = recv(c->fd, buf, 1, MSG_PEEK);
++    /* consume the possible ssl-layer data implicitly */
++    n = c->recv(c, buf, 1);
+
+-    if (n == -1 && ngx_socket_errno == NGX_EAGAIN) {
++    if (n == NGX_AGAIN) {
+         /* stale event */
+
+         if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
diff --git a/build/openresty/patches/ngx_stream_lua-0.0.14_06-tcpsock-setkeepalive-tls13.patch b/build/openresty/patches/ngx_stream_lua-0.0.14_06-tcpsock-setkeepalive-tls13.patch
@@ -0,0 +1,26 @@
+diff --git a/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_socket_tcp.c b/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_socket_tcp.c
+index 9d5472a..c5b33df 100644
+--- a/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_socket_tcp.c
++++ b/bundle/ngx_stream_lua-0.0.14/src/ngx_stream_lua_socket_tcp.c
+@@ -5595,7 +5595,7 @@ ngx_stream_lua_socket_keepalive_close_handler(ngx_event_t *ev)
+     ngx_stream_lua_socket_pool_t                *spool;
+
+     int                n;
+-    char               buf[1];
++    unsigned char      buf[1];
+     ngx_connection_t  *c;
+
+     c = ev->data;
+@@ -5617,9 +5617,10 @@ ngx_stream_lua_socket_keepalive_close_handler(ngx_event_t *ev)
+                    "stream lua tcp socket keepalive close handler "
+                    "check stale events");
+
+-    n = recv(c->fd, buf, 1, MSG_PEEK);
++    /* consume the possible ssl-layer data implicitly */
++    n = c->recv(c, buf, 1);
+
+-    if (n == -1 && ngx_socket_errno == NGX_EAGAIN) {
++    if (n == NGX_AGAIN) {
+         /* stale event */
+
+         if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
diff --git a/spec/internal/ssl.lua b/spec/internal/ssl.lua
@@ -152,12 +152,12 @@ function SSL.wrap(sock, cfg)
    if s then
     local fd = sock:getfd()
     C.SSL_set_fd(s, fd)
-    sock:setfd(SOCKET_INVALID)
 
     local self = setmetatable({
       ssl_ctx = ctx,
       ctx = s,
       fd = fd,
+      sock = sock,
     }, ssl_mt)
 
     return self, nil
@@ -259,9 +259,7 @@ function SSL:send(s)
 end
 
 function SSL:close()
-  if C.SSL_shutdown(self.ctx) ~= 1 then
-    return nil, format_error("SSL_shutdown")
-  end
+  self.sock:close()
   return true
 end