/* Licensed to the Apache Software Foundation (ASF) under one or more

 * contributor license agreements.  See the NOTICE file distributed with

 * this work for additional information regarding copyright ownership.

 * The ASF licenses this file to You under the Apache License, Version 2.0

 * (the "License"); you may not use this file except in compliance with

 * the License.  You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

/*                      _             _

 *  _ __ ___   ___   __| |    ___ ___| |  mod_ssl

 * | '_ ` _ \ / _ \ / _` |   / __/ __| |  Apache Interface to OpenSSL

 * | | | | | | (_) | (_| |   \__ \__ \ |

 * |_| |_| |_|\___/ \__,_|___|___/___/_|

 *                      |_____|

 *  ssl_engine_init.c

 *  Initialization of Servers

 */

                             /* ``Recursive, adj.;

                                  see Recursive.''

                                        -- Unknown   */

#include "ssl_private.h"

#include "mod_ssl.h"

#include "mod_ssl_openssl.h"

#include "mpm_common.h"

#include "mod_md.h"

APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, init_server,

                                    (server_rec *s,apr_pool_t *p,int is_proxy,SSL_CTX *ctx),

                                    (s,p,is_proxy,ctx), OK, DECLINED)

APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, add_cert_files,

                                    (server_rec *s, apr_pool_t *p, 

                                    apr_array_header_t *cert_files, apr_array_header_t *key_files),

                                    (s, p, cert_files, key_files),

                                    OK, DECLINED)

APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, add_fallback_cert_files,

                                    (server_rec *s, apr_pool_t *p, 

                                    apr_array_header_t *cert_files, apr_array_header_t *key_files),

                                    (s, p, cert_files, key_files),

                                    OK, DECLINED)

APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ssl, SSL, int, answer_challenge,

                                    (conn_rec *c, const char *server_name, 

                                    X509 **pcert, EVP_PKEY **pkey),

                                    (c, server_name, pcert, pkey),

                                    DECLINED, DECLINED)

/*  _________________________________________________________________

**

**  Module Initialization

**  _________________________________________________________________

*/

#ifdef HAVE_ECC

#define KEYTYPES "RSA, DSA or ECC"

#else 

#define KEYTYPES "RSA or DSA"

#endif

#if MODSSL_USE_OPENSSL_PRE_1_1_API

/* OpenSSL Pre-1.1.0 compatibility */

/* Taken from OpenSSL 1.1.0 snapshot 20160410 */

static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)

{

    /* q is optional */

    if (p == NULL || g == NULL)

        return 0;

    BN_free(dh->p);

    BN_free(dh->q);

    BN_free(dh->g);

    dh->p = p;

    dh->q = q;

    dh->g = g;

    if (q != NULL) {

        dh->length = BN_num_bits(q);

    }

    return 1;

}

#endif

/*

 * Grab well-defined DH parameters from OpenSSL, see the BN_get_rfc*

 * functions in <openssl/bn.h> for all available primes.

 */

static DH *make_dh_params(BIGNUM *(*prime)(BIGNUM *))

{

    DH *dh = DH_new();

    BIGNUM *p, *g;

    if (!dh) {

        return NULL;

    }

    p = prime(NULL);

    g = BN_new();

    if (g != NULL) {

        BN_set_word(g, 2);

    }

    if (!p || !g || !DH_set0_pqg(dh, p, NULL, g)) {

        DH_free(dh);

        BN_free(p);

        BN_free(g);

        return NULL;

    }

    return dh;

}

/* Storage and initialization for DH parameters. */

static struct dhparam {

    BIGNUM *(*const prime)(BIGNUM *); /* function to generate... */

    DH *dh;                           /* ...this, used for keys.... */

    const unsigned int min;           /* ...of length >= this. */

} dhparams[] = {

    { BN_get_rfc3526_prime_8192, NULL, 6145 },

    { BN_get_rfc3526_prime_6144, NULL, 4097 },

    { BN_get_rfc3526_prime_4096, NULL, 3073 },

    { BN_get_rfc3526_prime_3072, NULL, 2049 },

    { BN_get_rfc3526_prime_2048, NULL, 1025 },

    { BN_get_rfc2409_prime_1024, NULL, 0 }

};

static void init_dh_params(void)

{

    unsigned n;

    for (n = 0; n < sizeof(dhparams)/sizeof(dhparams[0]); n++)

        dhparams[n].dh = make_dh_params(dhparams[n].prime);

}

static void free_dh_params(void)

{

    unsigned n;

    /* DH_free() is a noop for a NULL parameter, so these are harmless

     * in the (unexpected) case where these variables are already

     * NULL. */

    for (n = 0; n < sizeof(dhparams)/sizeof(dhparams[0]); n++) {

        DH_free(dhparams[n].dh);

        dhparams[n].dh = NULL;

    }

}

/* Hand out the same DH structure though once generated as we leak

 * memory otherwise and freeing the structure up after use would be

 * hard to track and in fact is not needed at all as it is safe to

 * use the same parameters over and over again security wise (in

 * contrast to the keys itself) and code safe as the returned structure

 * is duplicated by OpenSSL anyway. Hence no modification happens

 * to our copy. */

DH *modssl_get_dh_params(unsigned keylen)

{

    unsigned n;

    for (n = 0; n < sizeof(dhparams)/sizeof(dhparams[0]); n++)

        if (keylen >= dhparams[n].min)

            return dhparams[n].dh;

    return NULL; /* impossible to reach. */

}

static void ssl_add_version_components(apr_pool_t *p,

                                       server_rec *s)

{

    char *modver = ssl_var_lookup(p, s, NULL, NULL, "SSL_VERSION_INTERFACE");

    char *libver = ssl_var_lookup(p, s, NULL, NULL, "SSL_VERSION_LIBRARY");

    char *incver = ssl_var_lookup(p, s, NULL, NULL,

                                  "SSL_VERSION_LIBRARY_INTERFACE");

    ap_add_version_component(p, libver);

    ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01876)

                 "%s compiled against Server: %s, Library: %s",

                 modver, AP_SERVER_BASEVERSION, incver);

}

/*  _________________________________________________________________

**

**  Let other answer special connection attempts. 

**  Used in ACME challenge handling by mod_md.

**  _________________________________________________________________

*/

int ssl_is_challenge(conn_rec *c, const char *servername, 

                     X509 **pcert, EVP_PKEY **pkey)

{

    if (APR_SUCCESS == ssl_run_answer_challenge(c, servername, pcert, pkey)) {

        return 1;

    }

    *pcert = NULL;

    *pkey = NULL;

    return 0;

}

#ifdef HAVE_FIPS

static apr_status_t ssl_fips_cleanup(void *data)

{

    FIPS_mode_set(0);

    return APR_SUCCESS;

}

#endif

/*

 *  Per-module initialization

 */

apr_status_t ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,

                             apr_pool_t *ptemp,

                             server_rec *base_server)

{

    SSLModConfigRec *mc = myModConfig(base_server);

    SSLSrvConfigRec *sc;

    server_rec *s;

    apr_status_t rv;

    apr_array_header_t *pphrases;

    if (SSLeay() < MODSSL_LIBRARY_VERSION) {

        ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, APLOGNO(01882)

                     "Init: this version of mod_ssl was compiled against "

                     "a newer library (%s, version currently loaded is %s)"

                     " - may result in undefined or erroneous behavior",

                     MODSSL_LIBRARY_TEXT, MODSSL_LIBRARY_DYNTEXT);

    }

    /* We initialize mc->pid per-process in the child init,

     * but it should be initialized for startup before we

     * call ssl_rand_seed() below.

     */

    mc->pid = getpid();

    /*

     * Let us cleanup on restarts and exits

     */

    apr_pool_cleanup_register(p, base_server,

                              ssl_init_ModuleKill,

                              apr_pool_cleanup_null);

    /*

     * Any init round fixes the global config

     */

    ssl_config_global_create(base_server); /* just to avoid problems */

    ssl_config_global_fix(mc);

    /*

     *  try to fix the configuration and open the dedicated SSL

     *  logfile as early as possible

     */

    for (s = base_server; s; s = s->next) {

        sc = mySrvConfig(s);

        if (sc->server) {

            sc->server->sc = sc;

        }

        /*

         * Create the server host:port string because we need it a lot

         */

        if (sc->vhost_id) {

            /* already set. This should only happen if this config rec is

             * shared with another server. Argh! */

            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(10104) 

                         "%s, SSLSrvConfigRec shared from %s", 

                         ssl_util_vhostid(p, s), sc->vhost_id);

        }

        sc->vhost_id = ssl_util_vhostid(p, s);

        sc->vhost_id_len = strlen(sc->vhost_id);

        /* Default to enabled if SSLEngine is not set explicitly, and

         * the protocol is https. */

        if (ap_get_server_protocol(s) 

            && strcmp("https", ap_get_server_protocol(s)) == 0

            && sc->enabled == SSL_ENABLED_UNSET

            && (!apr_is_empty_array(sc->server->pks->cert_files))) {

            sc->enabled = SSL_ENABLED_TRUE;

        }

        /* Fix up stuff that may not have been set.  If sc->enabled is

         * UNSET, then SSL is disabled on this vhost.  */

        if (sc->enabled == SSL_ENABLED_UNSET) {

            sc->enabled = SSL_ENABLED_FALSE;

        }

        if (sc->session_cache_timeout == UNSET) {

            sc->session_cache_timeout = SSL_SESSION_CACHE_TIMEOUT;

        }

        if (sc->server && sc->server->pphrase_dialog_type == SSL_PPTYPE_UNSET) {

            sc->server->pphrase_dialog_type = SSL_PPTYPE_BUILTIN;

        }

#ifdef HAVE_FIPS

        if (sc->fips == UNSET) {

            sc->fips = FALSE;

        }

#endif

    }

#if APR_HAS_THREADS && MODSSL_USE_OPENSSL_PRE_1_1_API

    ssl_util_thread_setup(p);

#endif

    /*

     * SSL external crypto device ("engine") support

     */

#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)

    if ((rv = ssl_init_Engine(base_server, p)) != APR_SUCCESS) {

        return rv;

    }

#endif

    ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01883)

                 "Init: Initialized %s library", MODSSL_LIBRARY_NAME);

    /*

     * Seed the Pseudo Random Number Generator (PRNG)

     * only need ptemp here; nothing inside allocated from the pool

     * needs to live once we return from ssl_rand_seed().

     */

    ssl_rand_seed(base_server, ptemp, SSL_RSCTX_STARTUP, "Init: ");

#ifdef HAVE_FIPS

    if(sc->fips) {

        if (!FIPS_mode()) {

            if (FIPS_mode_set(1)) {

                ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, APLOGNO(01884)

                             "Operating in SSL FIPS mode");

                apr_pool_cleanup_register(p, NULL, ssl_fips_cleanup,

                                          apr_pool_cleanup_null);

            }

            else {

                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01885) "FIPS mode failed");

                ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);

                return ssl_die(s);

            }

        }

    }

    else {

        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01886)

                     "SSL FIPS mode disabled");

    }

#endif

    /*

     * initialize the mutex handling

     */

    if (!ssl_mutex_init(base_server, p)) {

        return HTTP_INTERNAL_SERVER_ERROR;

    }

#ifdef HAVE_OCSP_STAPLING

    ssl_stapling_certinfo_hash_init(p);

#endif

    /*

     * initialize session caching

     */

    if ((rv = ssl_scache_init(base_server, p)) != APR_SUCCESS) {

        return rv;

    }

    pphrases = apr_array_make(ptemp, 2, sizeof(char *));

    /*

     *  initialize servers

     */

    ap_log_error(APLOG_MARK, APLOG_INFO, 0, base_server, APLOGNO(01887)

                 "Init: Initializing (virtual) servers for SSL");

    for (s = base_server; s; s = s->next) {

        sc = mySrvConfig(s);

        /*

         * Either now skip this server when SSL is disabled for

         * it or give out some information about what we're

         * configuring.

         */

        /*

         * Read the server certificate and key

         */

        if ((rv = ssl_init_ConfigureServer(s, p, ptemp, sc, pphrases))

            != APR_SUCCESS) {

            return rv;

        }

    }

    if (pphrases->nelts > 0) {

        memset(pphrases->elts, 0, pphrases->elt_size * pphrases->nelts);

        pphrases->nelts = 0;

        ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(02560)

                     "Init: Wiped out the queried pass phrases from memory");

    }

    /*

     * Configuration consistency checks

     */

    if ((rv = ssl_init_CheckServers(base_server, ptemp)) != APR_SUCCESS) {

        return rv;

    }

    for (s = base_server; s; s = s->next) {

        SSLDirConfigRec *sdc = ap_get_module_config(s->lookup_defaults,

                                                    &ssl_module);

        sc = mySrvConfig(s);

        if (sc->enabled == SSL_ENABLED_TRUE || sc->enabled == SSL_ENABLED_OPTIONAL) {

            if ((rv = ssl_run_init_server(s, p, 0, sc->server->ssl_ctx)) != APR_SUCCESS) {

                return rv;

            }

        }

        if (sdc->proxy_enabled) {

            rv = ssl_run_init_server(s, p, 1, sdc->proxy->ssl_ctx);

            if (rv != APR_SUCCESS) {

                return rv;

            }

        }

    }

    /*

     *  Announce mod_ssl and SSL library in HTTP Server field

     *  as ``mod_ssl/X.X.X OpenSSL/X.X.X''

     */

    ssl_add_version_components(p, base_server);

    modssl_init_app_data2_idx(); /* for modssl_get_app_data2() at request time */

    init_dh_params();

#if !MODSSL_USE_OPENSSL_PRE_1_1_API

    init_bio_methods();

#endif

#ifdef HAVE_OPENSSL_KEYLOG

    {

        const char *logfn = getenv("SSLKEYLOGFILE");

        if (logfn) {

            rv = apr_file_open(&mc->keylog_file, logfn,

                               APR_FOPEN_CREATE|APR_FOPEN_WRITE|APR_FOPEN_APPEND|APR_FOPEN_LARGEFILE,

                               APR_FPROT_UREAD|APR_FPROT_UWRITE,

                               mc->pPool);

            if (rv) {

                ap_log_error(APLOG_MARK, APLOG_NOTICE, rv, s, APLOGNO(10226)

                             "Could not open log file '%s' configured via SSLKEYLOGFILE",

                             logfn);

                return rv;

            }

            ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s, APLOGNO(10227)

                         "Init: Logging SSL private key material to %s", logfn);

        }

    }

#endif

    return OK;

}

/*

 * Support for external a Crypto Device ("engine"), usually

 * a hardware accellerator card for crypto operations.

 */

#if defined(HAVE_OPENSSL_ENGINE_H) && defined(HAVE_ENGINE_INIT)

apr_status_t ssl_init_Engine(server_rec *s, apr_pool_t *p)

{

    SSLModConfigRec *mc = myModConfig(s);

    ENGINE *e;

    if (mc->szCryptoDevice) {

        if (!(e = ENGINE_by_id(mc->szCryptoDevice))) {

            ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01888)

                         "Init: Failed to load Crypto Device API `%s'",

                         mc->szCryptoDevice);

            ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);

            return ssl_die(s);

        }

#ifdef ENGINE_CTRL_CHIL_SET_FORKCHECK

        if (strEQ(mc->szCryptoDevice, "chil")) {

            ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);

        }

#endif

        if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {

            ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01889)

                         "Init: Failed to enable Crypto Device API `%s'",

                         mc->szCryptoDevice);

            ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);

            return ssl_die(s);

        }

        ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01890)

                     "Init: loaded Crypto Device API `%s'",

                     mc->szCryptoDevice);

        ENGINE_free(e);

    }

    return APR_SUCCESS;

}

#endif

#ifdef HAVE_TLSEXT

static apr_status_t ssl_init_ctx_tls_extensions(server_rec *s,

                                                apr_pool_t *p,

                                                apr_pool_t *ptemp,

                                                modssl_ctx_t *mctx)

{

    apr_status_t rv;

    /*

     * Configure TLS extensions support

     */

    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01893)

                 "Configuring TLS extension handling");

    /*

     * Server name indication (SNI)

     */

    if (!SSL_CTX_set_tlsext_servername_callback(mctx->ssl_ctx,

                          ssl_callback_ServerNameIndication) ||

        !SSL_CTX_set_tlsext_servername_arg(mctx->ssl_ctx, mctx)) {

        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01894)

                     "Unable to initialize TLS servername extension "

                     "callback (incompatible OpenSSL version?)");

        ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);

        return ssl_die(s);

    }

#ifdef HAVE_OCSP_STAPLING

    /*

     * OCSP Stapling support, status_request extension

     */

    if ((mctx->pkp == FALSE) && (mctx->stapling_enabled == TRUE)) {

        if ((rv = modssl_init_stapling(s, p, ptemp, mctx)) != APR_SUCCESS) {

            return rv;

        }

    }

#endif

#ifdef HAVE_SRP

    /*

     * TLS-SRP support

     */

    if (mctx->srp_vfile != NULL) {

        int err;

        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02308)

                     "Using SRP verifier file [%s]", mctx->srp_vfile);

        if (!(mctx->srp_vbase = SRP_VBASE_new(mctx->srp_unknown_user_seed))) {

            ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02309)

                         "Unable to initialize SRP verifier structure "

                         "[%s seed]",

                         mctx->srp_unknown_user_seed ? "with" : "without");

            ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);

            return ssl_die(s);

        }

        err = SRP_VBASE_init(mctx->srp_vbase, mctx->srp_vfile);

        if (err != SRP_NO_ERROR) {

            ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02310)

                         "Unable to load SRP verifier file [error %d]", err);

            ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);

            return ssl_die(s);

        }

        SSL_CTX_set_srp_username_callback(mctx->ssl_ctx,

                                          ssl_callback_SRPServerParams);

        SSL_CTX_set_srp_cb_arg(mctx->ssl_ctx, mctx);

    }

#endif

    return APR_SUCCESS;

}

#endif

static apr_status_t ssl_init_ctx_protocol(server_rec *s,

                                          apr_pool_t *p,

                                          apr_pool_t *ptemp,

                                          modssl_ctx_t *mctx)

{

    SSL_CTX *ctx = NULL;

    MODSSL_SSL_METHOD_CONST SSL_METHOD *method = NULL;

    char *cp;

    int protocol = mctx->protocol;

    int protocol_set = mctx->protocol_set;

    SSLSrvConfigRec *sc = mySrvConfig(s);

#if OPENSSL_VERSION_NUMBER >= 0x10100000L

    int prot;

#endif

    /*

     *  Create the new per-server SSL context

     */

    if (protocol == SSL_PROTOCOL_NONE) {

        if (protocol_set) {

            ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02231)

                    "No SSL protocols available [hint: SSLProtocol]");

            return ssl_die(s);

        }

        ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s, 

                     "Using OpenSSL/system default SSL/TLS protocols");

        cp = "default";

    }

    else {

        cp = apr_pstrcat(p,

#ifndef OPENSSL_NO_SSL3

                     (protocol & SSL_PROTOCOL_SSLV3 ? "SSLv3, " : ""),

#endif

                     (protocol & SSL_PROTOCOL_TLSV1 ? "TLSv1, " : ""),

#ifdef HAVE_TLSV1_X

                     (protocol & SSL_PROTOCOL_TLSV1_1 ? "TLSv1.1, " : ""),

                     (protocol & SSL_PROTOCOL_TLSV1_2 ? "TLSv1.2, " : ""),

#if SSL_HAVE_PROTOCOL_TLSV1_3

                     (protocol & SSL_PROTOCOL_TLSV1_3 ? "TLSv1.3, " : ""),

#endif

#endif

                     NULL);

        cp[strlen(cp)-2] = NUL;

    }

    ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s,

                 "Creating new SSL context (protocols: %s)", cp);

#if OPENSSL_VERSION_NUMBER < 0x10100000L

#ifndef OPENSSL_NO_SSL3

    if (protocol == SSL_PROTOCOL_SSLV3) {

        method = mctx->pkp ?

            SSLv3_client_method() : /* proxy */

            SSLv3_server_method();  /* server */

    }

    else

#endif

    if (protocol == SSL_PROTOCOL_TLSV1) {

        method = mctx->pkp ?

            TLSv1_client_method() : /* proxy */

            TLSv1_server_method();  /* server */

    }

#ifdef HAVE_TLSV1_X

    else if (protocol == SSL_PROTOCOL_TLSV1_1) {

        method = mctx->pkp ?

            TLSv1_1_client_method() : /* proxy */

            TLSv1_1_server_method();  /* server */

    }

    else if (protocol == SSL_PROTOCOL_TLSV1_2) {

        method = mctx->pkp ?

            TLSv1_2_client_method() : /* proxy */

            TLSv1_2_server_method();  /* server */

    }

#if SSL_HAVE_PROTOCOL_TLSV1_3

    else if (protocol == SSL_PROTOCOL_TLSV1_3) {

        method = mctx->pkp ?

            TLSv1_3_client_method() : /* proxy */

            TLSv1_3_server_method();  /* server */

    }

#endif

#endif

    else { /* For multiple protocols, we need a flexible method */

        method = mctx->pkp ?

            SSLv23_client_method() : /* proxy */

            SSLv23_server_method();  /* server */

    }

#else

    method = mctx->pkp ?

        TLS_client_method() : /* proxy */

        TLS_server_method();  /* server */

#endif

    ctx = SSL_CTX_new(method);

    mctx->ssl_ctx = ctx;

    SSL_CTX_set_options(ctx, SSL_OP_ALL);

#if OPENSSL_VERSION_NUMBER < 0x10100000L  || \

	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L)

    /* always disable SSLv2, as per RFC 6176 */

    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);

#ifndef OPENSSL_NO_SSL3

    if (!(protocol & SSL_PROTOCOL_SSLV3)) {

        SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);

    }

#endif

    if (!(protocol & SSL_PROTOCOL_TLSV1)) {

        SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1);

    }

#ifdef HAVE_TLSV1_X

    if (!(protocol & SSL_PROTOCOL_TLSV1_1)) {

        SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_1);

    }

    if (!(protocol & SSL_PROTOCOL_TLSV1_2)) {

        SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2);

    }

#if SSL_HAVE_PROTOCOL_TLSV1_3

    ssl_set_ctx_protocol_option(s, ctx, SSL_OP_NO_TLSv1_3,

                                protocol & SSL_PROTOCOL_TLSV1_3, "TLSv1.3");

#endif

#endif

#else /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */

    /* We first determine the maximum protocol version we should provide */

#if SSL_HAVE_PROTOCOL_TLSV1_3

    if (SSL_HAVE_PROTOCOL_TLSV1_3 && (protocol & SSL_PROTOCOL_TLSV1_3)) {

        prot = TLS1_3_VERSION;

    } else  

#endif

    if (protocol & SSL_PROTOCOL_TLSV1_2) {

        prot = TLS1_2_VERSION;

    } else if (protocol & SSL_PROTOCOL_TLSV1_1) {

        prot = TLS1_1_VERSION;

    } else if (protocol & SSL_PROTOCOL_TLSV1) {

        prot = TLS1_VERSION;

#ifndef OPENSSL_NO_SSL3

    } else if (protocol & SSL_PROTOCOL_SSLV3) {

        prot = SSL3_VERSION;

#endif

    } else {

        if (protocol_set) {

            SSL_CTX_free(ctx);

            mctx->ssl_ctx = NULL;

            ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(03378)

                    "No SSL protocols available [hint: SSLProtocol]");

            return ssl_die(s);

        }

    }

    if (protocol != SSL_PROTOCOL_NONE) SSL_CTX_set_max_proto_version(ctx, prot);

    /* Next we scan for the minimal protocol version we should provide,

     * but we do not allow holes between max and min */

#if SSL_HAVE_PROTOCOL_TLSV1_3

    if (prot == TLS1_3_VERSION && protocol & SSL_PROTOCOL_TLSV1_2) {

        prot = TLS1_2_VERSION;

    }

#endif

    if (prot == TLS1_2_VERSION && protocol & SSL_PROTOCOL_TLSV1_1) {

        prot = TLS1_1_VERSION;

    }

    if (prot == TLS1_1_VERSION && protocol & SSL_PROTOCOL_TLSV1) {

        prot = TLS1_VERSION;

    }

#ifndef OPENSSL_NO_SSL3

    if (prot == TLS1_VERSION && protocol & SSL_PROTOCOL_SSLV3) {

        prot = SSL3_VERSION;

    }

#endif

    if (protocol != SSL_PROTOCOL_NONE) SSL_CTX_set_min_proto_version(ctx, prot);

#endif /* if OPENSSL_VERSION_NUMBER < 0x10100000L */

#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE

    if (sc->cipher_server_pref == TRUE) {

        SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);

    }

#endif

#ifndef OPENSSL_NO_COMP

    if (sc->compression != TRUE) {

#ifdef SSL_OP_NO_COMPRESSION

        /* OpenSSL >= 1.0 only */

        SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION);

#else

        sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());

#endif

    }

#endif

#ifdef SSL_OP_NO_TICKET

    /*

     * Configure using RFC 5077 TLS session tickets

     * for session resumption.

     */

    if (sc->session_tickets == FALSE) {

        SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);

    }

#endif

#ifdef SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION

    if (sc->insecure_reneg == TRUE) {

        SSL_CTX_set_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);

    }

#endif

    SSL_CTX_set_app_data(ctx, s);

    /*

     * Configure additional context ingredients

     */

    SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);

#ifdef HAVE_ECC

    SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);

#endif

#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION

    /*

     * Disallow a session from being resumed during a renegotiation,

     * so that an acceptable cipher suite can be negotiated.

     */

    SSL_CTX_set_options(ctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);

#endif

#ifdef SSL_MODE_RELEASE_BUFFERS

    /* If httpd is configured to reduce mem usage, ask openssl to do so, too */

    if (ap_max_mem_free != APR_ALLOCATOR_MAX_FREE_UNLIMITED)

        SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);

#endif

#if OPENSSL_VERSION_NUMBER >= 0x1010100fL

    /* For OpenSSL >=1.1.1, disable auto-retry mode so it's possible

     * to consume handshake records without blocking for app-data.

     * https://github.com/openssl/openssl/issues/7178 */

    SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);

#endif

#ifdef HAVE_OPENSSL_KEYLOG

    if (mctx->sc->mc->keylog_file) {

        SSL_CTX_set_keylog_callback(ctx, modssl_callback_keylog);

    }

#endif

    return APR_SUCCESS;

}

static void ssl_init_ctx_session_cache(server_rec *s,

                                       apr_pool_t *p,

                                       apr_pool_t *ptemp,

                                       modssl_ctx_t *mctx)

{

    SSL_CTX *ctx = mctx->ssl_ctx;

    SSLModConfigRec *mc = myModConfig(s);

    SSL_CTX_set_session_cache_mode(ctx, mc->sesscache_mode);

    if (mc->sesscache) {

        SSL_CTX_sess_set_new_cb(ctx,    ssl_callback_NewSessionCacheEntry);

        SSL_CTX_sess_set_get_cb(ctx,    ssl_callback_GetSessionCacheEntry);

        SSL_CTX_sess_set_remove_cb(ctx, ssl_callback_DelSessionCacheEntry);

    }

}

static void ssl_init_ctx_callbacks(server_rec *s,

                                   apr_pool_t *p,

                                   apr_pool_t *ptemp,

                                   modssl_ctx_t *mctx)

{

    SSL_CTX *ctx = mctx->ssl_ctx;

    SSL_CTX_set_tmp_dh_callback(ctx,  ssl_callback_TmpDH);

    SSL_CTX_set_info_callback(ctx, ssl_callback_Info);

#ifdef HAVE_TLS_ALPN

    SSL_CTX_set_alpn_select_cb(ctx, ssl_callback_alpn_select, NULL);

#endif

}

static apr_status_t ssl_init_ctx_verify(server_rec *s,

                                        apr_pool_t *p,

                                        apr_pool_t *ptemp,

                                        modssl_ctx_t *mctx)

{

    SSL_CTX *ctx = mctx->ssl_ctx;

    int verify = SSL_VERIFY_NONE;

    STACK_OF(X509_NAME) *ca_list;

    if (mctx->auth.verify_mode == SSL_CVERIFY_UNSET) {

        mctx->auth.verify_mode = SSL_CVERIFY_NONE;

    }

    if (mctx->auth.verify_depth == UNSET) {

        mctx->auth.verify_depth = 1;

    }