Comments (5)
I've updated the title to better reflect our question.
We are working with certificates from letsencrypt and their ocsp responses expire at fixed points in time, irrespective of when the ocsp request was sent. In order to refresh the response, it is vital to know when it expires. Is there any way to do that currently?
from lua-resty-core.
pinging @agentzh
Currently, we are just polling the ocsp endpoint. Because of this, there are intervals where we are stapling an outdated response. It'd be great to do this more efficiently.
from lua-resty-core.
I'm deducing from the lack of responses that there is currently no way of doing this.
I had a look at the openssl and nginx source code and found a) a function that can extract nextUpdate (openssl) and b) a function to convert that value to time_t
(nginx).
@agentzh I'd love some feedback on whether a PR on adding a new method to ocsp
would be welcome. There are two different method that could solve our issue:
- get_nextupdate: Would return the
nextupdate
timestamp as seconds since the unix epoch. Calculating its validity would then happen in lua-land. This may have timezone/clock delay issues. - get_nextupdate_validity: Would return the difference between
nextupdate
and C-landt_now
. This way, lua-land can immediately set a time based on this, or, for negative values, request a new ocsp response.
from lua-resty-core.
FWIW we are adding OCSP stapling feature to https://github.com/kubernetes/ingress-nginx and having thisUpdate
and nextUpdate
attributes exposed on the Lua land would be really useful for deciding cache validity.
from lua-resty-core.
I took an alternative stab at this: #296
from lua-resty-core.
Related Issues (20)
- Failed on IBM Z/S390x HOT 1
- how to set error log level ? HOT 4
- 2022/06/14 05:43:28 [error] 159#0: *45 lua entry thread aborted: runtime error: /opt/nginx/lib/lua/resty/core/misc.lua:178: /usr/local/lib/libluajit-5.1.so.2: undefined symbol: ngx_http_lua_ffi_req_is_internal stack traceback: coroutine 0: [C]: in function '__index' /opt/nginx/lib/lua/resty/core/misc.lua:178: in function 'is_internal' /opt/nginx/scripts/manage_access_session.lua:70: in main chunk, client: 10.221.16.1 HOT 11
- no ssl session caching happen, always new session ID!
- 0.1.24 tag missing features from lua-nginx-module 0.10.22
- I want to get all the extension information of client hello, not just server name , what can I do? HOT 6
- b64.encode_base64url problem HOT 3
- undocumented that errlog.set_filter_level can not be set lower than error_log level HOT 1
- ngx.sleep() does not work in ssl_client_hello_by_lua* HOT 13
- undefined symbol: ngx_http_lua_ffi_var_get HOT 3
- ngx.balancer 如何设置重试状态码 HOT 3
- why the lua version number is commented out in Makefile HOT 4
- nginx: [alert] failed to load the 'resty.core' module (https://github.com/openresty/lua-resty-core); ensure you are using an OpenResty release from https://openresty.org/en/download.html (reason: module 'resty.core' not found: HOT 5
- ngx.shared.DICT:ttl() returns 0 for the exipred key
- Requesting information about security fixes. HOT 1
- runtime error: /usr/local/openresty/lualib/ngx/semaphore.lua:129: attempt to perform arithmetic on a nil value HOT 1
- get_client_hello_ext() | lua-resty-core/lib/ngx/ssl | Issue with custom TLS Extension Type 17516
- The feature set_upstream_tls is marked as being introduced in version 0.1.29 HOT 1
- when using ngx.exit(5**), the ngx.ctx is empty at the log_by_lua_block phase
- firefox v128 returning image instead of response 302`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lua-resty-core.