Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

undefined symbol: EVP_MD_CTX_create #161

Closed
AlpacaMyLunch opened this issue May 24, 2018 · 2 comments
Closed

undefined symbol: EVP_MD_CTX_create #161

AlpacaMyLunch opened this issue May 24, 2018 · 2 comments

Comments

@AlpacaMyLunch
Copy link

This error is thrown by evp.lua however the call originated with openidc.lua in function 'authenticate' so I'm hoping that someone here can help guide me in the right direction.

error.log
2018/05/23 15:46:29 [error] 1670#1670: *4 lua entry thread aborted: runtime error: /usr/local/openresty/site/lualib/resty/evp.lua:216: /usr/local/openresty/luajit/lib/libluajit-5.1.so.2: undefined symbol: EVP_MD_CTX_create
stack traceback:
coroutine 0:
[C]: in function '__index'
/usr/local/openresty/site/lualib/resty/evp.lua:216: in function 'verify'
/usr/local/openresty/site/lualib/resty/jwt.lua:812: in function 'verify_jwt_obj'
/usr/local/openresty/site/lualib/resty/openidc.lua:819: in function 'openidc_load_jwt_and_verify_crypto'
/usr/local/openresty/site/lualib/resty/openidc.lua:884: in function 'authenticate'
access_by_lua(nginx.conf:119):19: in function <access_by_lua(nginx.conf:119):1>, client: #.#.#.#, server: my.server.com, request: "GET /pingauth?code=Lpz0ICuyFiSYib7bny9v2s_C4XfUoeNJmv9mgQAB&state=cfbaeb7868df452a284db4a3a2473c8d HTTP/1.1", host: "my.server.com"

nginx.txt
user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}

http {

underscores_in_headers on;
##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type text/html;



resolver 10.220.220.220;
# lua_package_path '/usr/local/openresty/lualib/resty/?.lua;;';
lua_shared_dict discovery 1m;

error_log /home/ubuntu/openresty-config/logs/error.log debug;
access_log /home/ubuntu/openresty-config/logs/access.log ;


gzip on;
gzip_disable "msie6";


lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
lua_ssl_verify_depth 5;


map $sent_http_content_type $expires {
	"text/html"                 epoch;
	"text/html; charset=utf-8"  epoch;
	default                     off;
}

server {
	listen          443 ssl;            
	server_name     my.server.com;  
	ssl_certificate	cert.pem;
	ssl_certificate_key	cert.key.openssl;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers HIGH:!aNULL:!MD5;
	set $session_cookie_lifetime 21600;
	set $session_cipher none;
	set $session_secret 623q4hR325t36VsCD3g567922IC0073T;
	set $session_check_ssi         off;
	set $session_check_ua          off;
	set $session_check_scheme      off;
	set $session_check_addr        off;

	gzip            on;
	gzip_types      text/plain application/xml text/css application/javascript;
	gzip_min_length 1000;

	location = /favicon.ico {
		log_not_found off;
	}
	location / {
		expires $expires;
		
		access_by_lua_block {
				local opts = {
					redirect_uri_path = "/pingauth",
					discovery = <discovery address>,
					client_id = <client id>,
					client_secret = <client secret>,
					scope = "api openid profile",
					ssl_verify = "no",
					refresh_session_interval = 21600,
					redirect_uri_scheme = "https",
					renew_access_token_on_expiry = true,
					access_token_expires_in = 21600,
					access_token_expires_leeway = 10,
					force_reauthorize = false,
		
				}
				
				-- call authenticate for OpenID Connect user authentication
				 local res, err = require("resty.openidc").authenticate(opts)
	
				if err then
					ngx.status = 500
					ngx.say(err)
					ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
				end

			}

		proxy_redirect                      off;
		proxy_set_header Host               $host;
		proxy_set_header X-Real-IP          $remote_addr;
		proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto  $scheme;
		proxy_read_timeout          1m;
		proxy_connect_timeout       1m;
		proxy_pass                          http://127.0.0.1:3000; 

	}
	location  /api {
		expires $expires;

		proxy_redirect                      off;
		proxy_set_header Host               $host;
		proxy_set_header X-Real-IP          $remote_addr;
		proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto  $scheme;
		proxy_read_timeout          1m;
		proxy_connect_timeout       1m;
		proxy_pass                          https://127.0.0.1:6133; 
	}


}

}
@zandbelt
Copy link
Contributor

see #159 and #160 ; support for OpenSSL 1.1.x depends on lua-resty-jwt

@gene1wood
Copy link
Contributor

This dependency change was merged into lua-resty-openidc in #165

@jaceksocha jaceksocha mentioned this issue Jun 19, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gene1wood @zandbelt @AlpacaMyLunch