GIF89a=( ý' 7IAXKgNgYvYx\%wh&h}týh%ýs%xý}9ýRýý&ý0%ý (ý.ýý5ýSDýý&ýa)ýx5ýý;c*!&r)ï7õ<{4ý3ýH§KoTýýYýaqýýqýýFý !ý ' !ýNETSCAPE2.0 , =( ýýpH,ý$rýl:x(tJýZý,výýzýýxL.:ýýzýnýýý|Nýýýýý~ýýýýýýý& !ý0`9Rý}ýý"ý"a:Sý~xýýýýýýýýgýýýEýýýýýýýRýýýEýýýýBýý ýý8ýýDýýý"ýný ýHýýLýýDkDýBýýýýýDýýýTýýýH ýGýýA Rý |ýým&ýýE8ýSýkGýAýpxýaýýýR2XBýýE8Iýýý6Xý:vT)ý~ýýqýåýý"F~%xý ý 4#Zý0O|-4BsýX:= Qý SalýýyXJ`G&|shýýK3l7ýB|ý$'7J©*0!ýýDýn=ýPýýýýý0`ýRýljýýýýv>ýýý5 ý.69ýødýýýýýnlvý9ýýf{ýýýPbxýl5}ýpýýýýý3aýýýIýOýýýý!>ýýýiýý9ýý#ýý)pýa ½ ý{ý)vmýý%D~6fýýs}RýDýW Eý`!ý ý&L8xý ý{)x`X/>ý}mýýRý*|`Dý=ý_ ^ý5!_&'aýOý7ýcýý`DCx`ý¥ý9ýYýFýýý`?ýý"ý ýn@`ý} lýý@4>ýd S ývýxNýý"@~dýý=ýgýs~Gýýýýýýud &p8Qý)«lXDýýýýA~HýySunýjýýýk*DýLHý] ýýC"JýýXb~ªwSt}6K,ýýqýS:9*:ýýýlý@ý`ýý ý.ìýt9ýSý[©:ýý=`9Nýýýý{¿ýA !Rý:ýýý6ýýxý0ý_ ý;ýýýýýý^ýýý#ýýýý!ýýýýUýýý;0L1ýýýýýp%AýýU,uýý%ýSýý!ýýý~`ýGýýýý ýýý=4ýnpý3ýýýýýýýýýuýuýn|%2ýIýýrý#0ýýJ``8ý@S@5ýýýý^`8Eý]ý.ýSýýý7 ý ý0ýj SýDý zýýýiýSýýýýý!ýýýlýýw9*ýDýIýnEXýýý &AýGoýQfýýFýý;ýýý}ýJýýýýF5ýýQ|ýýýXýýTýýyýýý]ý o ýýC=ýý:ýýýPB@ DýSý(>ýCýx}`ýýxJ,ýàýýp+eE0`ý}`Aý/NEýý ý9@ýýý Hý7ý!%B0`ýl*ýý!8 2ý%ý ý:ý1ý0Eýýux%nP1ý!ýC)ýP81lýxF#¬{ýýýýB0>ýý
Server IP : 217.18.85.50 / Your IP : 3.17.175.167 Web Server : LiteSpeed System : Linux server50.tr85.dhs.com.tr 3.10.0-962.3.2.lve1.5.85.el7.x86_64 #1 SMP Thu Apr 18 15:18:36 UTC 2024 x86_64 User : ferhatgenc ( ) PHP Version : 7.2.34 Disable Function : restore_ini,mail,openbasedir,f_open,system,dl,array_compare,array_user_key_compare,passthru,cat,exec,popen,proc_close,proc_get_status,proc_nice,proc_open,escapeshellcmd,escapeshellarg,show_source,posix_mkfifo,ini_restore,mysql_list_dbs,getmyuid,pconnect,link,symlink,fin,passthruexec,fileread,shell_exec,pcntl_exec,ini_alter,leak,apache_child_terminate,chown,posix_kill,posix_setpgid,posix_setsid,posix_setuid,proc_terminate,syslog,allow_url_fopen,fpassthru,execute,shell,chgrp,passthru,socket_select,socket_create,socket_create_listen,socket_create_pair,socket_listen,socket_accept,socket_bind,foreach,socket_strerror,pcntl_fork,pcntl_signal,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,openlog,apache_get_version,apache_getenv,apache_note,apache_setenv,virtualal MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /opt/imunify360-webshield/lualib/ngx/ssl/ |
Upload File : |
-- Copyright (C) Yichun Zhang (agentzh) local base = require "resty.core.base" base.allows_subsystem('http', 'stream') local ffi = require "ffi" local bit = require "bit" local bor = bit.bor local C = ffi.C local ffi_str = ffi.string local get_request = base.get_request local error = error local errmsg = base.get_errmsg_ptr() local get_size_ptr = base.get_size_ptr local FFI_OK = base.FFI_OK local subsystem = ngx.config.subsystem local ngx_phase = ngx.get_phase local byte = string.byte local lshift = bit.lshift local table_insert = table.insert local ngx_lua_ffi_ssl_get_client_hello_server_name local ngx_lua_ffi_ssl_get_client_hello_ext local ngx_lua_ffi_ssl_set_protocols if subsystem == 'http' then ffi.cdef[[ int ngx_http_lua_ffi_ssl_get_client_hello_server_name(ngx_http_request_t *r, const char **name, size_t *namelen, char **err); int ngx_http_lua_ffi_ssl_get_client_hello_ext(ngx_http_request_t *r, unsigned int type, const unsigned char **out, size_t *outlen, char **err); int ngx_http_lua_ffi_ssl_set_protocols(ngx_http_request_t *r, int protocols, char **err); ]] ngx_lua_ffi_ssl_get_client_hello_server_name = C.ngx_http_lua_ffi_ssl_get_client_hello_server_name ngx_lua_ffi_ssl_get_client_hello_ext = C.ngx_http_lua_ffi_ssl_get_client_hello_ext ngx_lua_ffi_ssl_set_protocols = C.ngx_http_lua_ffi_ssl_set_protocols elseif subsystem == 'stream' then ffi.cdef[[ int ngx_stream_lua_ffi_ssl_get_client_hello_server_name( ngx_stream_lua_request_t *r, const char **name, size_t *namelen, char **err); int ngx_stream_lua_ffi_ssl_get_client_hello_ext( ngx_stream_lua_request_t *r, unsigned int type, const unsigned char **out, size_t *outlen, char **err); int ngx_stream_lua_ffi_ssl_set_protocols(ngx_stream_lua_request_t *r, int protocols, char **err); ]] ngx_lua_ffi_ssl_get_client_hello_server_name = C.ngx_stream_lua_ffi_ssl_get_client_hello_server_name ngx_lua_ffi_ssl_get_client_hello_ext = C.ngx_stream_lua_ffi_ssl_get_client_hello_ext ngx_lua_ffi_ssl_set_protocols = C.ngx_stream_lua_ffi_ssl_set_protocols end local _M = { version = base.version } local ccharpp = ffi.new("const char*[1]") local cucharpp = ffi.new("const unsigned char*[1]") -- return server_name, err function _M.get_client_hello_server_name() local r = get_request() if not r then error("no request found") end if ngx_phase() ~= "ssl_client_hello" then error("API disabled in the current context") end local sizep = get_size_ptr() local rc = ngx_lua_ffi_ssl_get_client_hello_server_name(r, ccharpp, sizep, errmsg) if rc == FFI_OK then return ffi_str(ccharpp[0], sizep[0]) end -- NGX_DECLINED: no sni extension if rc == -5 then return nil end return nil, ffi_str(errmsg[0]) end -- return ext, err function _M.get_client_hello_ext(ext_type) local r = get_request() if not r then error("no request found") end if ngx_phase() ~= "ssl_client_hello" then error("API disabled in the current context") end local sizep = get_size_ptr() local rc = ngx_lua_ffi_ssl_get_client_hello_ext(r, ext_type, cucharpp, sizep, errmsg) if rc == FFI_OK then return ffi_str(cucharpp[0], sizep[0]) end -- NGX_DECLINED: no extension if rc == -5 then return nil end return nil, ffi_str(errmsg[0]) end -- tls.handshake.extension.type supported_version local supported_versions_type = 43 local versions_map = { [0x002] = "SSLv2", [0x300] = "SSLv3", [0x301] = "TLSv1", [0x302] = "TLSv1.1", [0x303] = "TLSv1.2", [0x304] = "TLSv1.3", } -- return types, err function _M.get_supported_versions() local r = get_request() if not r then error("no request found") end if ngx_phase() ~= "ssl_client_hello" then error("API disabled in the current context") end local sizep = get_size_ptr() local rc = ngx_lua_ffi_ssl_get_client_hello_ext(r, supported_versions_type, cucharpp, sizep, errmsg) if rc ~= FFI_OK then -- NGX_DECLINED: no extension if rc == -5 then return nil end return nil, ffi_str(errmsg[0]) end local supported_versions_str = ffi_str(cucharpp[0], sizep[0]) local remain_len = #supported_versions_str if remain_len == 0 then return nil end local supported_versions_len = byte(supported_versions_str, 1) remain_len = remain_len - 1 if remain_len ~= supported_versions_len then return nil end local types = {} while remain_len >= 2 do local type_hi = byte(supported_versions_str, remain_len) local type_lo = byte(supported_versions_str, remain_len + 1) local type_id = lshift(type_hi, 8) + type_lo if versions_map[type_id] ~= nil then table_insert(types, versions_map[type_id]) end remain_len = remain_len - 2 end return types end local prot_map = { ["SSLv2"] = 0x0002, ["SSLv3"] = 0x0004, ["TLSv1"] = 0x0008, ["TLSv1.1"] = 0x0010, ["TLSv1.2"] = 0x0020, ["TLSv1.3"] = 0x0040 } -- return ok, err function _M.set_protocols(protocols) local r = get_request() if not r then error("no request found") end if ngx_phase() ~= "ssl_client_hello" then error("API disabled in the current context") end local prots = 0 for _, v in ipairs(protocols) do if not prot_map[v] then return nil, "invalid protocols failed" end prots = bor(prots, prot_map[v]) end local rc = ngx_lua_ffi_ssl_set_protocols(r, prots, errmsg) if rc == FFI_OK then return true end return nil, ffi_str(errmsg[0]) end return _M