lua-nginx-module icon indicating copy to clipboard operation
lua-nginx-module copied to clipboard
verified publisher icon openresty

Support for client TLS certificate in tcpsock:sslhandshake

Open smira opened this issue 10 years ago • 6 comments

There's already an option to validate server TLS certificate using lua_ssl_trusted_certificate.

It would be nice if we could provide client TLS certificate, in the same way as ngx_http_proxy module is doing: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ssl_certificate, so that there would be two new options:

  • lua_ssl_certificate
  • lua_ssl_certificate_key

These options would initialise nginx ssl context with client certificates, which would be used during ssl handshake.

smira avatar Jul 10 '15 19:07 smira

@smira Yes, this has been on my TODO list. But would you mind contributing a patch for it? ;)

Thanks!

agentzh avatar Jul 11 '15 03:07 agentzh

Any patch available?

rohitjoshi avatar Apr 25 '16 14:04 rohitjoshi

This appears to be fixed since March 2022 via commit 2b902657f370e392bd5066d2eafed7a3429af19e (PR #1602). There is a new tcpsock:setclientcert API.

Lekensteyn avatar Aug 18 '22 16:08 Lekensteyn

I don't see and can't find setclientcert anywhere...

Bec-k avatar Sep 06 '22 14:09 Bec-k

It was not merged...

Bec-k avatar Sep 06 '22 14:09 Bec-k

https://github.com/openresty/lua-nginx-module#tcpsocksetclientcert It has been merged. But do not contain in the openresty-1.21.4 Release

zhuizhuhaomeng avatar Sep 06 '22 15:09 zhuizhuhaomeng