First whack a lua in core.

configure.ac

@@ -1379,6 +1379,12 @@ no)
   ;;
 esac
 
+AS_IF([ test "x${enable_lua_support}" = "xno"], [
+  AC_MSG_ERROR([lua required but not found])
+  ], [
+  ])
+
+TS_ADDTO(CPPFLAGS, [$LUA_CFLAGS])
 AC_SUBST(LUA_CFLAGS)
 AC_SUBST(LUA_LIBS)
 AC_MSG_CHECKING([whether to enable Lua support])
@@ -1389,7 +1395,7 @@ AC_MSG_RESULT([$enable_lua_support])
 # On Darwin LuaJIT requires magic link options, otherwise it will crash in luaL_openlibs() at startup. See
 # http://luajit.org/install.html.
 case $host_os in
-  darwin)
+  darwin*)
     if test "x${enable_lua_support}" = "xLuaJIT"; then
       LUA_LUAJIT_LDFLAGS="-Wl,-pagezero_size,10000 -Wl,-image_base,100000000"
     fi

iocore/net/SSLUtils.cc

@@ -23,6 +23,8 @@
 #include "libts.h"
 #include "I_Layout.h"
 #include "P_Net.h"
+#include "luaConfig.h"
+#include "lua.hpp"
 
 #include <openssl/err.h>
 #include <openssl/bio.h>
@@ -632,6 +634,39 @@ ssl_extract_certificate(
   return true;
 }
 
+static int
+SSLUtils_lua_ssl_store_ssl_context(lua_State *L) {
+  const SSLConfigParams * params;
+  SSLCertLookup * lookup;
+  xptr<char> dest_ip, ssl_key_name, ssl_ca_name, ssl_cert_name;
+  params = (const SSLConfigParams *) lua_touserdata(L, lua_upvalueindex(1));
+  lookup = (SSLCertLookup *) lua_touserdata(L, lua_upvalueindex(2));
+#define LUAGETF(name) do { \
+  lua_getfield(L,-1,#name); \
+  name = (char *)lua_tostring(L,1); \
+  lua_pop(L,1); \
+} while(0)
+  LUAGETF(dest_ip);
+  LUAGETF(ssl_key_name);
+  LUAGETF(ssl_ca_name);
+  LUAGETF(ssl_cert_name);
+  if(!ssl_store_ssl_context(params, lookup, dest_ip, ssl_cert_name, ssl_ca_name, ssl_key_name))
+    lua_pushboolean(L,0);
+  else
+    lua_pushboolean(L,1);
+  return 1;
+}
+
+void
+SSLUtils_lua_ssl_context(
+    lua_State *             L,
+    const SSLConfigParams * params,
+    SSLCertLookup *         lookup) {
+  lua_pushlightuserdata(L, (void *)params);
+  lua_pushlightuserdata(L, (void *)lookup);
+  lua_pushcclosure(L, SSLUtils_lua_ssl_store_ssl_context, 2);
+}
+
 bool
 SSLParseCertificateConfiguration(
     const SSLConfigParams * params,
@@ -702,6 +737,11 @@ SSLParseCertificateConfiguration(
     line = tokLine(NULL, &tok_state);
   }
 
+
+  lua_State *L = globalLuaConfig.getL(); 
+  SSLUtils_lua_ssl_context(L, params, lookup);
+  globalLuaConfig.call(L, "config_ssl", 1);
+
   // We *must* have a default context even if it can't possibly work. The default context is used to
   // bootstrap the SSL handshake so that we can subsequently do the SNI lookup to switch to the real
   // context.

proxy/Main.cc

@@ -89,6 +89,7 @@ extern "C" int plock(int);
 #include "XmlUtils.h"
 #include "I_Tasks.h"
 #include "InkAPIInternal.h"
+#include "luaConfig.h"
 
 #include <ts/ink_cap.h>
 
@@ -363,6 +364,8 @@ initialize_process_manager()
     LibRecordsConfigInit();
     RecordsConfigOverrideFromEnvironment();
   }
+
+  luaConfigInit();
   //
   // Start up manager
   //

proxy/Makefile.am

@@ -52,7 +52,8 @@ AM_CPPFLAGS = \
   -I$(srcdir)/api/ts \
   -I. \
   -I./api/ts \
-  -I$(top_srcdir)/lib
+  -I$(top_srcdir)/lib \
+  $(LUA_CFLAGS)
 
 noinst_HEADERS = \
   ConfigParse.h \
@@ -103,6 +104,8 @@ traffic_server_SOURCES = \
   InkXml.h \
   IPAllow.cc \
   IPAllow.h \
+  luaConfig.cc \
+  luaConfig.h \
   Main.cc \
   Main.h \
   ParentSelection.cc \
@@ -136,7 +139,7 @@ if BUILD_TESTS
     RegressionSM.cc
 endif
 
-traffic_server_LDFLAGS = @EXTRA_CXX_LDFLAGS@ @LIBTOOL_LINK_FLAGS@
+traffic_server_LDFLAGS = @LUA_LUAJIT_LDFLAGS@ @EXTRA_CXX_LDFLAGS@ @LIBTOOL_LINK_FLAGS@
 traffic_server_LDADD = \
   http/libhttp.a \
   http/remap/libhttp_remap.a \
@@ -161,6 +164,7 @@ traffic_server_LDADD = \
   $(top_builddir)/iocore/eventsystem/libinkevent.a \
   $(which_libts) \
   @hwloc_LIBS@ \
+  @LUA_LIBS@ \
   @LIBPCRE@ \
   @LIBSSL@ \
   @LIBTCL@ \
@@ -173,10 +177,6 @@ traffic_server_LDADD = \
   @LIBPROFILER@ \
   -lm
 
-if BUILD_LUA_SUPPORT
-traffic_server_LDFLAGS += @LUA_LUAJIT_LDFLAGS@
-endif
-
 traffic_logcat_SOURCES = \
   logcat.cc \
   signals.cc \
@@ -238,9 +238,10 @@ traffic_sac_SOURCES = \
   InkAPI.cc \
   FetchSM.cc \
   InkIOCoreAPI.cc \
+  luaConfig.cc \
   InkXml.cc
 
-traffic_sac_LDFLAGS = @EXTRA_CXX_LDFLAGS@ @LIBTOOL_LINK_FLAGS@
+traffic_sac_LDFLAGS = @LUA_LUAJIT_LDFLAGS@ @EXTRA_CXX_LDFLAGS@ @LIBTOOL_LINK_FLAGS@
 traffic_sac_LDADD = \
   http/libhttp.a \
   http/remap/libhttp_remap.a \
@@ -262,6 +263,7 @@ traffic_sac_LDADD = \
   $(top_builddir)/iocore/eventsystem/libinkevent.a \
   $(top_builddir)/lib/records/librecprocess.a \
   $(top_builddir)/lib/ts/libtsutil.la \
+  @LUA_LIBS@ \
   @LIBRESOLV@ @LIBPCRE@ @LIBSSL@ @LIBTCL@ \
   @LIBEXPAT@ @LIBDEMANGLE@ @LIBZ@ @LIBLZMA@ @LIBPROFILER@ -lm