add type check for client cert and key

ledgetech · Jan 10, 2024 · aa3c82a · aa3c82a
1 parent 67a6d8a
commit aa3c82a
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/lib/resty/http_connect.lua b/lib/resty/http_connect.lua
@@ -179,6 +179,13 @@ local function connect(self, options)
             local x509 = res[2]
             local pkey = res[3]
 
+            if type(ssl_client_cert) ~= "cdata" then
+              return nil, "bad ssl_client_cert: cdata expected, got " .. type(ssl_client_cert)
+            end
+
+            if type(ssl_client_priv_key) ~= "cdata" then
+              return nil, "bad ssl_client_priv_key: cdata expected, got " .. type(ssl_client_priv_key)
+            end
 
             -- convert from `void*` to `OPENSSL_STACK*`
             local cert_chain, err = chain.dup(ffi_cast("OPENSSL_STACK*", ssl_client_cert))

diff --git a/t/20-mtls.t b/t/20-mtls.t
@@ -148,7 +148,7 @@ location /t {
 GET /t
 --- error_code: 200
 --- error_log
-could not set client certificate: bad client pkey type
+bad ssl_client_priv_key: cdata expected, got string
 --- response_body_unlike: hello, [email protected],O=OpenResty,ST=California,C=US
 --- skip_nginx
 4: < 1.21.4