feature: ngx.ssl.clienthello get_client_hello_ext_present() ; test

climagabriel · climagabriel · commit 1d40d9337efe · 2025-05-06T07:00:26.000Z
diff --git a/t/ssl-client-hello.t b/t/ssl-client-hello.t
@@ -964,3 +964,103 @@ failed to get_supported_versions
 
 --- no_error_log
 [alert]
+
+
+
+=== TEST 10: log all_extensions in the clienthello packet
+--- skip_nginx: 4: < 1.19.9
+--- http_config
+    lua_package_path "$TEST_NGINX_LUA_PACKAGE_PATH";
+
+    server {
+        listen 127.0.0.2:$TEST_NGINX_RAND_PORT_1 ssl;
+        server_name   test.com;
+        ssl_client_hello_by_lua_block {
+            local ssl_clt = require "ngx.ssl.clienthello"
+            local all_extensions, err = ssl_clt.get_client_hello_ext_present()
+            if not err and all_extensions then
+                for i,ext in ipairs(all_extensions) do
+                    ngx.log(ngx.ERR, i, " ", ext)
+                end
+            else
+                ngx.log(ngx.ERR, "failed to get all_extensions")
+                ngx.exit(ngx.ERROR)
+            end
+        }
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+        ssl_certificate ../../cert/test.crt;
+        ssl_certificate_key ../../cert/test.key;
+
+        server_tokens off;
+        location /foo {
+            default_type 'text/plain';
+            content_by_lua_block {ngx.status = 201 ngx.say("foo") ngx.exit(201)}
+            more_clear_headers Date;
+        }
+    }
+--- config
+    server_tokens off;
+    lua_ssl_trusted_certificate ../../cert/test.crt;
+    lua_ssl_protocols TLSv1 TLSv1.1 ;
+
+    location /t {
+        content_by_lua_block {
+            do
+                local sock = ngx.socket.tcp()
+
+                sock:settimeout(3000)
+
+                local ok, err = sock:connect("127.0.0.2", $TEST_NGINX_RAND_PORT_1)
+                if not ok then
+                    ngx.say("failed to connect: ", err)
+                    return
+                end
+
+                ngx.say("connected: ", ok)
+
+                local sess, err = sock:sslhandshake(nil, nil, true)
+                if not sess then
+                    ngx.say("failed to do SSL handshake: ", err)
+                    return
+                end
+
+                ngx.say("ssl handshake: ", type(sess))
+
+                local req = "GET /foo HTTP/1.0\r\nHost: test.com\r\nConnection: close\r\n\r\n"
+                local bytes, err = sock:send(req)
+                if not bytes then
+                    ngx.say("failed to send http request: ", err)
+                    return
+                end
+
+                ngx.say("sent http request: ", bytes, " bytes.")
+
+                while true do
+                    local line, err = sock:receive()
+                    if not line then
+                        -- ngx.say("failed to receive response status line: ", err)
+                        break
+                    end
+
+                    ngx.say("received: ", line)
+                end
+
+                local ok, err = sock:close()
+                ngx.say("close: ", ok, " ", err)
+            end  -- do
+            -- collectgarbage()
+        }
+    }
+
+--- request
+GET /t
+--- response_body
+connected: 1
+failed to do SSL handshake: handshake failed
+
+--- error_log
+1 0, context: ssl_client_hello_by_lua
+
+--- no_error_log
+[alert]
+
