语法: session, err = tcpsock:sslhandshake(reused_session?, server_name?, ssl_verify?)
内容: rewrite_by_lua, access_by_lua*, content_by_lua*, ngx.timer.**
对当前建立的连接上完成 SSL/TLS 握手。 Does SSL/TLS handshake on the currently established connection.
The optional reused_session argument can take a former SSL
session userdata returned by a previous sslhandshake
call for exactly the same target. For short-lived connections, reusing SSL
sessions can usually speed up the handshake by one order by magnitude but it
is not so useful if the connection pool is enabled. This argument defaults to
nil. If this argument takes the boolean false value, no SSL session
userdata would return by this call and only a Lua boolean will be returned as
the first return value; otherwise the current SSL session will
always be returned as the first argument in case of successes.
The optional server_name argument is used to specify the server
name for the new TLS extension Server Name Indication (SNI). Use of SNI can
make different servers share the same IP address on the server side. Also,
when SSL verification is enabled, this server_name argument is
also used to validate the server name specified in the server certificate sent from
the remote.
The optional ssl_verify argument takes a Lua boolean value to
control whether to perform SSL verification. When set to true, the server
certificate will be verified according to the CA certificates specified by
the lua_ssl_trusted_certificate directive.
You may also need to adjust the lua_ssl_verify_depth
directive to control how deep we should follow along the certificate chain.
Also, when the ssl_verify argument is true and the
server_name argument is also specified, the latter will be used
to validate the server name in the server certificate.
对已经完成 SSL/TLS 握手的连接,该方法立即返回。 For connections that have already done SSL/TLS handshake, this method returns immediately.
该特性在 v0.9.11 版本首次引入。
This method was first introduced in the v0.9.11 release.
English source:
syntax: session, err = tcpsock:sslhandshake(reused_session?, server_name?, ssl_verify?)
context: rewrite_by_lua, access_by_lua*, content_by_lua*, ngx.timer.**
Does SSL/TLS handshake on the currently established connection.
The optional reused_session argument can take a former SSL
session userdata returned by a previous sslhandshake
call for exactly the same target. For short-lived connections, reusing SSL
sessions can usually speed up the handshake by one order by magnitude but it
is not so useful if the connection pool is enabled. This argument defaults to
nil. If this argument takes the boolean false value, no SSL session
userdata would return by this call and only a Lua boolean will be returned as
the first return value; otherwise the current SSL session will
always be returned as the first argument in case of successes.
The optional server_name argument is used to specify the server
name for the new TLS extension Server Name Indication (SNI). Use of SNI can
make different servers share the same IP address on the server side. Also,
when SSL verification is enabled, this server_name argument is
also used to validate the server name specified in the server certificate sent from
the remote.
The optional ssl_verify argument takes a Lua boolean value to
control whether to perform SSL verification. When set to true, the server
certificate will be verified according to the CA certificates specified by
the lua_ssl_trusted_certificate directive.
You may also need to adjust the lua_ssl_verify_depth
directive to control how deep we should follow along the certificate chain.
Also, when the ssl_verify argument is true and the
server_name argument is also specified, the latter will be used
to validate the server name in the server certificate.
For connections that have already done SSL/TLS handshake, this method returns immediately.
This method was first introduced in the v0.9.11 release.