Merge branch 'master' into proxy_ssl_certificate_by_lua

willmafh · willmafh · commit d2c242f7ebfc · 2025-10-18T22:47:28.000+08:00
diff --git a/src/ngx_http_lua_proxy_ssl_verifyby.c b/src/ngx_http_lua_proxy_ssl_verifyby.c
@@ -62,7 +62,7 @@ ngx_http_lua_proxy_ssl_verify_set_callback(ngx_conf_t *cf)
         return NGX_ERROR;
     }
 
-#if (!defined SSL_ERROR_WANT_RETRY_VERIFY \
+#if (!defined SSL_ERROR_WANT_RETRY_VERIFY                                    \
      || OPENSSL_VERSION_NUMBER < 0x30000020L)
 
     ngx_log_error(NGX_LOG_EMERG, cf->log, 0, "OpenSSL too old to support "
@@ -150,7 +150,7 @@ char *
 ngx_http_lua_proxy_ssl_verify_by_lua(ngx_conf_t *cf, ngx_command_t *cmd,
     void *conf)
 {
-#if (!defined SSL_ERROR_WANT_RETRY_VERIFY \
+#if (!defined SSL_ERROR_WANT_RETRY_VERIFY                                    \
      || OPENSSL_VERSION_NUMBER < 0x30000020L)
 
     /* SSL_set_retry_verify() was added in OpenSSL 3.0.2 */
@@ -339,7 +339,8 @@ ngx_http_lua_proxy_ssl_verify_handler(X509_STORE_CTX *x509_store, void *arg)
 
         ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
                        "proxy_ssl_verify_by_lua: handler return value: %i, "
-                       "cert verify callback exit code: %d", rc, cctx->exit_code);
+                       "cert verify callback exit code: %d", rc,
+                       cctx->exit_code);
 
         c->log->action = "proxy pass SSL handshaking";
         return cctx->exit_code;
@@ -370,6 +371,7 @@ ngx_http_lua_proxy_ssl_verify_handler(X509_STORE_CTX *x509_store, void *arg)
     return SSL_set_retry_verify(ssl_conn);
 
 failed:
+
     if (cctx && cctx->pool) {
         ngx_destroy_pool(cctx->pool);
     }
diff --git a/src/ngx_http_lua_ssl_certby.c b/src/ngx_http_lua_ssl_certby.c
@@ -392,7 +392,7 @@ ngx_http_lua_ssl_cert_done(void *data)
 
 #if (HAVE_QUIC_SSL_LUA_YIELD_PATCH && NGX_HTTP_V3)
 #   if OPENSSL_VERSION_NUMBER >= 0x1000205fL
-#       if (NGX_QUIC_OPENSSL_COMPAT)
+#       if (NGX_QUIC_OPENSSL_COMPAT || NGX_QUIC_OPENSSL_API)
     ngx_http_lua_resume_quic_ssl_handshake(c);
 #       endif
 #   endif
diff --git a/src/ngx_http_lua_ssl_client_helloby.c b/src/ngx_http_lua_ssl_client_helloby.c
@@ -392,7 +392,7 @@ ngx_http_lua_ssl_client_hello_done(void *data)
 
 #if (HAVE_QUIC_SSL_LUA_YIELD_PATCH && NGX_HTTP_V3)
 #   if defined(SSL_ERROR_WANT_CLIENT_HELLO_CB)
-#       if (NGX_QUIC_OPENSSL_COMPAT)
+#       if (NGX_QUIC_OPENSSL_COMPAT || NGX_QUIC_OPENSSL_API)
     ngx_http_lua_resume_quic_ssl_handshake(c);
 #       endif
 #   endif
diff --git a/src/ngx_http_lua_util.c b/src/ngx_http_lua_util.c
@@ -1682,6 +1682,7 @@ ngx_http_lua_run_thread(lua_State *L, ngx_http_request_t *r,
                 NGX_ERROR : NGX_HTTP_INTERNAL_SERVER_ERROR;
 
 done:
+
 #ifdef HAVE_PROXY_SSL_PATCH
     if (ctx->context == NGX_HTTP_LUA_CONTEXT_PROXY_SSL_CERT
         || ctx->context == NGX_HTTP_LUA_CONTEXT_PROXY_SSL_VERIFY) {
