add type check for client cert and key

catbro666 · catbro666 · commit aa3c82a4e2d5 · 2024-01-10T14:06:09.000+08:00
diff --git a/lib/resty/http_connect.lua b/lib/resty/http_connect.lua
@@ -179,6 +179,13 @@ local function connect(self, options)
             local x509 = res[2]
             local pkey = res[3]
 
+            if type(ssl_client_cert) ~= "cdata" then
+              return nil, "bad ssl_client_cert: cdata expected, got " .. type(ssl_client_cert)
+            end
+
+            if type(ssl_client_priv_key) ~= "cdata" then
+              return nil, "bad ssl_client_priv_key: cdata expected, got " .. type(ssl_client_priv_key)
+            end
 
             -- convert from `void*` to `OPENSSL_STACK*`
             local cert_chain, err = chain.dup(ffi_cast("OPENSSL_STACK*", ssl_client_cert))
diff --git a/t/20-mtls.t b/t/20-mtls.t
@@ -148,7 +148,7 @@ location /t {
 GET /t
 --- error_code: 200
 --- error_log
-could not set client certificate: bad client pkey type
+bad ssl_client_priv_key: cdata expected, got string
 --- response_body_unlike: hello, CN=foo@example.com,O=OpenResty,ST=California,C=US
 --- skip_nginx
 4: < 1.21.4
