Adjust proxy options so additional options can be passed in. Add tests.

Tweaks to #133

Author: GUI

README.md

@@ -300,14 +300,17 @@ cjson and dkjson json adapters are supplied, but custom external adapters may al
 auto_ssl:set("json_adapter", "resty.auto-ssl.json_adapters.dkjson")
 ```
 
-### `proxy_addr`
+### `http_proxy_options`
+*Default:* `nil`
 
- The `proxy_addr` specify address of proxy which will be used for requests to issue SSL certificates.
+Configure an HTTP proxy to use when making OCSP stapling requests. Accepts a table of options for [lua-resty-http's `set_proxy_options`](https://github.com/ledgetech/lua-resty-http#set_proxy_options).
 
 *Example:*
 
 ```lua
-auto_ssl:set("proxy_addr", "http://localhost:3128")
+auto_ssl:set("http_proxy_options", {
+  http_proxy = "http://localhost:3128",
+})
 ```
 
 ## `ssl_certificate` Configuration

lib/resty/auto-ssl/ssl_certificate.lua

@@ -172,10 +172,9 @@ local function get_ocsp_response(fullchain_der, auto_ssl_instance)
   -- Make the OCSP request against the OCSP server.
   local httpc = http.new()
   httpc:set_timeout(10000)
-  if (auto_ssl_instance:get("proxy_addr") ~= nil) then
-    httpc:set_proxy_options({
-      http_proxy = auto_ssl_instance:get("proxy_addr")
-    })
+  local http_proxy_options = auto_ssl_instance:get("http_proxy_options")
+  if http_proxy_options then
+    httpc:set_proxy_options(http_proxy_options)
   end
 
   local res, req_err = httpc:request_uri(ocsp_url, {

spec/proxy_spec.lua

@@ -0,0 +1,53 @@
+local http = require "resty.http"
+local server = require "spec.support.server"
+
+describe("proxy", function()
+  before_each(server.stop)
+  after_each(server.stop)
+
+  it("issues and renews certificates", function()
+    server.start({
+      auto_ssl_pre_new = [[
+        options["http_proxy_options"] = {
+          http_proxy = "http://127.0.0.1:9444",
+          http_proxy_authorization = "Basic ZGVtbzp0ZXN0",
+        }
+      ]],
+      auto_ssl_http_config = [[
+        server {
+          listen 9444;
+
+          location / {
+            content_by_lua_block {
+              ngx.log(ngx.INFO, "http proxy auth: ", ngx.var.http_proxy_authorization)
+            }
+          }
+        }
+      ]],
+    })
+
+    local httpc = http.new()
+    local _, connect_err = httpc:connect("127.0.0.1", 9443)
+    assert.equal(nil, connect_err)
+
+    local _, ssl_err = httpc:ssl_handshake(nil, server.ngrok_hostname, true)
+    assert.equal(nil, ssl_err)
+
+    local res, request_err = httpc:request({ path = "/foo" })
+    assert.equal(nil, request_err)
+    assert.equal(200, res.status)
+
+    local body, body_err = res:read_body()
+    assert.equal(nil, body_err)
+    assert.equal("foo", body)
+
+    local error_log = server.read_error_log()
+    assert.matches("auto-ssl: issuing new certificate for " .. server.ngrok_hostname, error_log, nil, true)
+    assert.matches("http proxy auth: Basic ZGVtbzp0ZXN0", error_log, nil, true)
+    assert.matches("auto-ssl: failed to set ocsp stapling for " .. server.ngrok_hostname .. " - continuing anyway - failed to get ocsp response: OCSP responder returns bad response body (http://ocsp.stg-int-x1.letsencrypt.org): ,", error_log, nil, true)
+    assert.Not.matches("[warn]", error_log, nil, true)
+    assert.matches("[error]", error_log, nil, true)
+    assert.Not.matches("[alert]", error_log, nil, true)
+    assert.Not.matches("[emerg]", error_log, nil, true)
+  end)
+end)