lua-resty-http icon indicating copy to clipboard operation
lua-resty-http copied to clipboard
verified publisher icon ledgetech

error: resty.openssl.x509.chain not found

Open syzh opened this issue 1 year ago • 5 comments

the call require('resty.http').new() create a http client object failed。an error when checking the logs

[warn] 8#8: *109 [lua] http_connect.lua:21: failed to load module resty.openssl.*, mTLS isn't supported without lua-resty-openssl: /usr/local/nginx/lib/lua/resty/http_connect.lua:15: module 'resty.openssl.x509.chain' not found:

but the error did not occur in the old version

syzh avatar Mar 13 '24 01:03 syzh

This is not an error, just a warning to indicate that mTLS features will not work. You can adjust your Nginx log level to turn off warnings if you wish.

pintsized avatar Mar 13 '24 11:03 pintsized

It would be nice if there was a way to turn off/disable this warning if you aren't using the mTLS features without having to adjust the global Nginx log level. The warning gets very noisy and we don't want to increase the log level globally in Nginx because it would hide other warnings.

diarmuidie avatar Apr 17 '24 08:04 diarmuidie

is it dependenced other version openssl? it look like incompatible with lua-resty-openssl-1.3.0-1

JustUse avatar Jun 11 '24 15:06 JustUse

I have a proposal: what would you say to logging it only once, when this block of code gets hit:

        if not openssl_available then
            return nil, "module `resty.openssl.*` not available, mTLS isn't supported without lua-resty-openssl"
        end

?

I know that WARN logs can be disabled, but it's a global setting, and logging a warning that's expected to be ignored desensitizes people to legitimate warnings in logs.

piotrp avatar Sep 09 '24 18:09 piotrp

Yeh this is polluting our logs with this noise that looks like real problems. It seems a bit overkill to log this, even at WARN, when we're not even trying to create an mTLS connection.

rayward avatar Jan 23 '25 04:01 rayward