|  | # | 
|  | # Licensed to the Apache Software Foundation (ASF) under one or more | 
|  | # contributor license agreements.  See the NOTICE file distributed with | 
|  | # this work for additional information regarding copyright ownership. | 
|  | # The ASF licenses this file to You under the Apache License, Version 2.0 | 
|  | # (the "License"); you may not use this file except in compliance with | 
|  | # the License.  You may obtain a copy of the License at | 
|  | # | 
|  | #     http://www.apache.org/licenses/LICENSE-2.0 | 
|  | # | 
|  | # Unless required by applicable law or agreed to in writing, software | 
|  | # distributed under the License is distributed on an "AS IS" BASIS, | 
|  | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 
|  | # See the License for the specific language governing permissions and | 
|  | # limitations under the License. | 
|  | # | 
|  | use t::APISIX 'no_plan'; | 
|  |  | 
|  | log_level('info'); | 
|  | no_root_location(); | 
|  | worker_connections(1024); | 
|  | no_shuffle(); | 
|  |  | 
|  | add_block_preprocessor(sub { | 
|  | my ($block) = @_; | 
|  | }); | 
|  |  | 
|  | run_tests(); | 
|  |  | 
|  | __DATA__ | 
|  |  | 
|  | === TEST 1: set stream / ssl | 
|  | --- config | 
|  | location /t { | 
|  | content_by_lua_block { | 
|  | local core = require("apisix.core") | 
|  | local t = require("lib.test_admin") | 
|  |  | 
|  | local ssl_cert = t.read_file("t/certs/apisix.crt") | 
|  | local ssl_key =  t.read_file("t/certs/apisix.key") | 
|  | local data = { | 
|  | cert = ssl_cert, key = ssl_key, | 
|  | sni = "test.com", | 
|  | } | 
|  | local code, body = t.test('/apisix/admin/ssls/1', | 
|  | ngx.HTTP_PUT, | 
|  | core.json.encode(data) | 
|  | ) | 
|  |  | 
|  | if code >= 300 then | 
|  | ngx.status = code | 
|  | return | 
|  | end | 
|  |  | 
|  | local code, body = t.test('/apisix/admin/stream_routes/1', | 
|  | ngx.HTTP_PUT, | 
|  | [[{ | 
|  | "upstream": { | 
|  | "nodes": { | 
|  | "127.0.0.1:1995": 1 | 
|  | }, | 
|  | "type": "roundrobin" | 
|  | } | 
|  | }]] | 
|  | ) | 
|  |  | 
|  | if code >= 300 then | 
|  | ngx.status = code | 
|  | end | 
|  | ngx.say(body) | 
|  | } | 
|  | } | 
|  | --- request | 
|  | GET /t | 
|  | --- response_body | 
|  | passed | 
|  |  | 
|  |  | 
|  |  | 
|  | === TEST 2: hit route | 
|  | --- stream_tls_request | 
|  | mmm | 
|  | --- stream_sni: test.com | 
|  | --- response_body | 
|  | hello world | 
|  |  | 
|  |  | 
|  |  | 
|  | === TEST 3: wrong sni | 
|  | --- stream_tls_request | 
|  | mmm | 
|  | --- stream_sni: xx.com | 
|  | --- error_log | 
|  | failed to match any SSL certificate by SNI: xx.com | 
|  |  | 
|  |  | 
|  |  | 
|  | === TEST 4: missing sni | 
|  | --- stream_tls_request | 
|  | mmm | 
|  | --- error_log | 
|  | failed to find SNI | 
|  |  | 
|  |  | 
|  |  | 
|  | === TEST 5: ensure table is reused in TLS handshake | 
|  | --- stream_extra_init_by_lua | 
|  | local tablepool = require("apisix.core").tablepool | 
|  | local old_fetch = tablepool.fetch | 
|  | tablepool.fetch = function(name, ...) | 
|  | ngx.log(ngx.WARN, "fetch table ", name) | 
|  | return old_fetch(name, ...) | 
|  | end | 
|  |  | 
|  | local old_release = tablepool.release | 
|  | tablepool.release = function(name, ...) | 
|  | ngx.log(ngx.WARN, "release table ", name) | 
|  | return old_release(name, ...) | 
|  | end | 
|  | --- stream_tls_request | 
|  | mmm | 
|  | --- stream_sni: test.com | 
|  | --- response_body | 
|  | hello world | 
|  | --- grep_error_log eval | 
|  | qr/(fetch|release) table \w+/ | 
|  | --- grep_error_log_out | 
|  | fetch table api_ctx | 
|  | release table api_ctx | 
|  | fetch table api_ctx | 
|  | fetch table ctx_var | 
|  | fetch table plugins | 
|  | release table ctx_var | 
|  | release table plugins | 
|  | release table api_ctx |