|
Packit |
90a5c9 |
/* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
Packit |
90a5c9 |
* contributor license agreements. See the NOTICE file distributed with
|
|
Packit |
90a5c9 |
* this work for additional information regarding copyright ownership.
|
|
Packit |
90a5c9 |
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
Packit |
90a5c9 |
* (the "License"); you may not use this file except in compliance with
|
|
Packit |
90a5c9 |
* the License. You may obtain a copy of the License at
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* http://www.apache.org/licenses/LICENSE-2.0
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Unless required by applicable law or agreed to in writing, software
|
|
Packit |
90a5c9 |
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
Packit |
90a5c9 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
Packit |
90a5c9 |
* See the License for the specific language governing permissions and
|
|
Packit |
90a5c9 |
* limitations under the License.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* _ _
|
|
Packit |
90a5c9 |
* _ __ ___ ___ __| | ___ ___| | mod_ssl
|
|
Packit |
90a5c9 |
* | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
|
|
Packit |
90a5c9 |
* | | | | | | (_) | (_| | \__ \__ \ |
|
|
Packit |
90a5c9 |
* |_| |_| |_|\___/ \__,_|___|___/___/_|
|
|
Packit |
90a5c9 |
* |_____|
|
|
Packit |
90a5c9 |
* ssl_engine_kernel.c
|
|
Packit |
90a5c9 |
* The SSL engine kernel
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
/* ``It took me fifteen years to discover
|
|
Packit |
90a5c9 |
I had no talent for programming, but
|
|
Packit |
90a5c9 |
I couldn't give it up because by that
|
|
Packit |
90a5c9 |
time I was too famous.''
|
|
Packit |
90a5c9 |
-- Unknown */
|
|
Packit |
90a5c9 |
#include "ssl_private.h"
|
|
Packit |
90a5c9 |
#include "mod_ssl.h"
|
|
Packit |
90a5c9 |
#include "util_md5.h"
|
|
Packit |
90a5c9 |
#include "scoreboard.h"
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
|
|
Packit |
90a5c9 |
#ifdef HAVE_TLSEXT
|
|
Packit |
90a5c9 |
static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s);
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#define SWITCH_STATUS_LINE "HTTP/1.1 101 Switching Protocols"
|
|
Packit |
90a5c9 |
#define UPGRADE_HEADER "Upgrade: TLS/1.0, HTTP/1.1"
|
|
Packit |
90a5c9 |
#define CONNECTION_HEADER "Connection: Upgrade"
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Perform an upgrade-to-TLS for the given request, per RFC 2817. */
|
|
Packit |
90a5c9 |
static apr_status_t upgrade_connection(request_rec *r)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
struct conn_rec *conn = r->connection;
|
|
Packit |
90a5c9 |
apr_bucket_brigade *bb;
|
|
Packit |
90a5c9 |
SSLConnRec *sslconn;
|
|
Packit |
90a5c9 |
apr_status_t rv;
|
|
Packit |
90a5c9 |
SSL *ssl;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02028)
|
|
Packit |
90a5c9 |
"upgrading connection to TLS");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
bb = apr_brigade_create(r->pool, conn->bucket_alloc);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
rv = ap_fputs(conn->output_filters, bb, SWITCH_STATUS_LINE CRLF
|
|
Packit |
90a5c9 |
UPGRADE_HEADER CRLF CONNECTION_HEADER CRLF CRLF);
|
|
Packit |
90a5c9 |
if (rv == APR_SUCCESS) {
|
|
Packit |
90a5c9 |
APR_BRIGADE_INSERT_TAIL(bb,
|
|
Packit |
90a5c9 |
apr_bucket_flush_create(conn->bucket_alloc));
|
|
Packit |
90a5c9 |
rv = ap_pass_brigade(conn->output_filters, bb);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (rv) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02029)
|
|
Packit |
90a5c9 |
"failed to send 101 interim response for connection "
|
|
Packit |
90a5c9 |
"upgrade");
|
|
Packit |
90a5c9 |
return rv;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ssl_init_ssl_connection(conn, r);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
sslconn = myConnConfig(conn);
|
|
Packit |
90a5c9 |
ssl = sslconn->ssl;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Perform initial SSL handshake. */
|
|
Packit |
90a5c9 |
SSL_set_accept_state(ssl);
|
|
Packit |
90a5c9 |
SSL_do_handshake(ssl);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!SSL_is_init_finished(ssl)) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02030)
|
|
Packit |
90a5c9 |
"TLS upgrade handshake failed");
|
|
Packit |
90a5c9 |
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return APR_ECONNABORTED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return APR_SUCCESS;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Perform a speculative (and non-blocking) read from the connection
|
|
Packit |
90a5c9 |
* filters for the given request, to determine whether there is any
|
|
Packit |
90a5c9 |
* pending data to read. Return non-zero if there is, else zero. */
|
|
Packit |
90a5c9 |
static int has_buffered_data(request_rec *r)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
apr_bucket_brigade *bb;
|
|
Packit |
90a5c9 |
apr_off_t len;
|
|
Packit |
90a5c9 |
apr_status_t rv;
|
|
Packit |
90a5c9 |
int result;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
rv = ap_get_brigade(r->connection->input_filters, bb, AP_MODE_SPECULATIVE,
|
|
Packit |
90a5c9 |
APR_NONBLOCK_READ, 1);
|
|
Packit |
90a5c9 |
result = rv == APR_SUCCESS
|
|
Packit |
90a5c9 |
&& apr_brigade_length(bb, 1, &len) == APR_SUCCESS
|
|
Packit |
90a5c9 |
&& len > 0;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
apr_brigade_destroy(bb);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return result;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
7b674e |
/* If a renegotiation is required for the location, and the request
|
|
Packit |
7b674e |
* includes a message body (and the client has not requested a "100
|
|
Packit |
7b674e |
* Continue" response), then the client will be streaming the request
|
|
Packit |
7b674e |
* body over the wire already. In that case, it is not possible to
|
|
Packit |
7b674e |
* stop and perform a new SSL handshake immediately; once the SSL
|
|
Packit |
7b674e |
* library moves to the "accept" state, it will reject the SSL packets
|
|
Packit |
7b674e |
* which the client is sending for the request body.
|
|
Packit |
7b674e |
*
|
|
Packit |
7b674e |
* To allow authentication to complete in the hook, the solution used
|
|
Packit |
7b674e |
* here is to fill a (bounded) buffer with the request body, and then
|
|
Packit |
7b674e |
* to reinject that request body later.
|
|
Packit |
7b674e |
*
|
|
Packit |
7b674e |
* This function is called to fill the renegotiation buffer for the
|
|
Packit |
7b674e |
* location as required, or fail. Returns zero on success or HTTP_
|
|
Packit |
7b674e |
* error code on failure.
|
|
Packit |
7b674e |
*/
|
|
Packit |
7b674e |
static int fill_reneg_buffer(request_rec *r, SSLDirConfigRec *dc)
|
|
Packit |
7b674e |
{
|
|
Packit |
7b674e |
int rv;
|
|
Packit |
7b674e |
apr_size_t rsize;
|
|
Packit |
7b674e |
|
|
Packit |
7b674e |
/* ### this is HTTP/1.1 specific, special case for protocol? */
|
|
Packit |
7b674e |
if (r->expecting_100 || !ap_request_has_body(r)) {
|
|
Packit |
7b674e |
return 0;
|
|
Packit |
7b674e |
}
|
|
Packit |
7b674e |
|
|
Packit |
7b674e |
rsize = dc->nRenegBufferSize == UNSET ? DEFAULT_RENEG_BUFFER_SIZE : dc->nRenegBufferSize;
|
|
Packit |
7b674e |
if (rsize > 0) {
|
|
Packit |
7b674e |
/* Fill the I/O buffer with the request body if possible. */
|
|
Packit |
7b674e |
rv = ssl_io_buffer_fill(r, rsize);
|
|
Packit |
7b674e |
}
|
|
Packit |
7b674e |
else {
|
|
Packit |
7b674e |
/* If the reneg buffer size is set to zero, just fail. */
|
|
Packit |
7b674e |
rv = HTTP_REQUEST_ENTITY_TOO_LARGE;
|
|
Packit |
7b674e |
}
|
|
Packit |
7b674e |
|
|
Packit |
7b674e |
return rv;
|
|
Packit |
7b674e |
}
|
|
Packit |
7b674e |
|
|
Packit |
90a5c9 |
#ifdef HAVE_TLSEXT
|
|
Packit |
90a5c9 |
static int ap_array_same_str_set(apr_array_header_t *s1, apr_array_header_t *s2)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
int i;
|
|
Packit |
90a5c9 |
const char *c;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (s1 == s2) {
|
|
Packit |
90a5c9 |
return 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (!s1 || !s2 || (s1->nelts != s2->nelts)) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
for (i = 0; i < s1->nelts; i++) {
|
|
Packit |
90a5c9 |
c = APR_ARRAY_IDX(s1, i, const char *);
|
|
Packit |
90a5c9 |
if (!c || !ap_array_str_contains(s2, c)) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
return 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static int ssl_pk_server_compatible(modssl_pk_server_t *pks1,
|
|
Packit |
90a5c9 |
modssl_pk_server_t *pks2)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
if (!pks1 || !pks2) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
/* both have the same certificates? */
|
|
Packit |
90a5c9 |
if ((pks1->ca_name_path != pks2->ca_name_path)
|
|
Packit |
90a5c9 |
&& (!pks1->ca_name_path || !pks2->ca_name_path
|
|
Packit |
90a5c9 |
|| strcmp(pks1->ca_name_path, pks2->ca_name_path))) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
if ((pks1->ca_name_file != pks2->ca_name_file)
|
|
Packit |
90a5c9 |
&& (!pks1->ca_name_file || !pks2->ca_name_file
|
|
Packit |
90a5c9 |
|| strcmp(pks1->ca_name_file, pks2->ca_name_file))) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
if (!ap_array_same_str_set(pks1->cert_files, pks2->cert_files)
|
|
Packit |
90a5c9 |
|| !ap_array_same_str_set(pks1->key_files, pks2->key_files)) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
return 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static int ssl_auth_compatible(modssl_auth_ctx_t *a1,
|
|
Packit |
90a5c9 |
modssl_auth_ctx_t *a2)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
if (!a1 || !a2) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
/* both have the same verification */
|
|
Packit |
90a5c9 |
if ((a1->verify_depth != a2->verify_depth)
|
|
Packit |
90a5c9 |
|| (a1->verify_mode != a2->verify_mode)) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
/* both have the same ca path/file */
|
|
Packit |
90a5c9 |
if ((a1->ca_cert_path != a2->ca_cert_path)
|
|
Packit |
90a5c9 |
&& (!a1->ca_cert_path || !a2->ca_cert_path
|
|
Packit |
90a5c9 |
|| strcmp(a1->ca_cert_path, a2->ca_cert_path))) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
if ((a1->ca_cert_file != a2->ca_cert_file)
|
|
Packit |
90a5c9 |
&& (!a1->ca_cert_file || !a2->ca_cert_file
|
|
Packit |
90a5c9 |
|| strcmp(a1->ca_cert_file, a2->ca_cert_file))) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
/* both have the same ca cipher suite string */
|
|
Packit |
90a5c9 |
if ((a1->cipher_suite != a2->cipher_suite)
|
|
Packit |
90a5c9 |
&& (!a1->cipher_suite || !a2->cipher_suite
|
|
Packit |
90a5c9 |
|| strcmp(a1->cipher_suite, a2->cipher_suite))) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
/* both have the same ca cipher suite string */
|
|
Packit |
90a5c9 |
if ((a1->tls13_ciphers != a2->tls13_ciphers)
|
|
Packit |
90a5c9 |
&& (!a1->tls13_ciphers || !a2->tls13_ciphers
|
|
Packit |
90a5c9 |
|| strcmp(a1->tls13_ciphers, a2->tls13_ciphers))) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
return 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static int ssl_ctx_compatible(modssl_ctx_t *ctx1,
|
|
Packit |
90a5c9 |
modssl_ctx_t *ctx2)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
if (!ctx1 || !ctx2
|
|
Packit |
90a5c9 |
|| (ctx1->protocol != ctx2->protocol)
|
|
Packit |
90a5c9 |
|| !ssl_auth_compatible(&ctx1->auth, &ctx2->auth)
|
|
Packit |
90a5c9 |
|| !ssl_pk_server_compatible(ctx1->pks, ctx2->pks)) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
return 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static int ssl_server_compatible(server_rec *s1, server_rec *s2)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
SSLSrvConfigRec *sc1 = s1? mySrvConfig(s1) : NULL;
|
|
Packit |
90a5c9 |
SSLSrvConfigRec *sc2 = s2? mySrvConfig(s2) : NULL;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* both use the same TLS protocol? */
|
|
Packit |
90a5c9 |
if (!sc1 || !sc2
|
|
Packit |
90a5c9 |
|| !ssl_ctx_compatible(sc1->server, sc2->server)) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Post Read Request Handler
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
int ssl_hook_ReadReq(request_rec *r)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
SSLSrvConfigRec *sc = mySrvConfig(r->server);
|
|
Packit |
90a5c9 |
SSLConnRec *sslconn;
|
|
Packit |
90a5c9 |
const char *upgrade;
|
|
Packit |
90a5c9 |
#ifdef HAVE_TLSEXT
|
|
Packit |
90a5c9 |
const char *servername;
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
SSL *ssl;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Perform TLS upgrade here if "SSLEngine optional" is configured,
|
|
Packit |
90a5c9 |
* SSL is not already set up for this connection, and the client
|
|
Packit |
90a5c9 |
* has sent a suitable Upgrade header. */
|
|
Packit |
90a5c9 |
if (sc->enabled == SSL_ENABLED_OPTIONAL && !myConnConfig(r->connection)
|
|
Packit |
90a5c9 |
&& (upgrade = apr_table_get(r->headers_in, "Upgrade")) != NULL
|
|
Packit |
90a5c9 |
&& ap_find_token(r->pool, upgrade, "TLS/1.0")) {
|
|
Packit |
90a5c9 |
if (upgrade_connection(r)) {
|
|
Packit |
90a5c9 |
return AP_FILTER_ERROR;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* If we are on a slave connection, we do not expect to have an SSLConnRec,
|
|
Packit |
90a5c9 |
* but our master connection might. */
|
|
Packit |
90a5c9 |
sslconn = myConnConfig(r->connection);
|
|
Packit |
90a5c9 |
if (!(sslconn && sslconn->ssl) && r->connection->master) {
|
|
Packit |
90a5c9 |
sslconn = myConnConfig(r->connection->master);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* If "SSLEngine optional" is configured, this is not an SSL
|
|
Packit |
90a5c9 |
* connection, and this isn't a subrequest, send an Upgrade
|
|
Packit |
90a5c9 |
* response header. Note this must happen before map_to_storage
|
|
Packit |
90a5c9 |
* and OPTIONS * request processing is completed.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (sc->enabled == SSL_ENABLED_OPTIONAL && !(sslconn && sslconn->ssl)
|
|
Packit |
90a5c9 |
&& !r->main) {
|
|
Packit |
90a5c9 |
apr_table_setn(r->headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
|
|
Packit |
90a5c9 |
apr_table_mergen(r->headers_out, "Connection", "upgrade");
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!sslconn) {
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (sslconn->service_unavailable) {
|
|
Packit |
90a5c9 |
/* This is set when the SSL properties of this connection are
|
|
Packit |
90a5c9 |
* incomplete or if this connection was made to challenge a
|
|
Packit |
90a5c9 |
* particular hostname (ACME). We never serve any request on
|
|
Packit |
90a5c9 |
* such a connection. */
|
|
Packit |
90a5c9 |
/* TODO: a retry-after indicator would be nice here */
|
|
Packit |
90a5c9 |
return HTTP_SERVICE_UNAVAILABLE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (sslconn->non_ssl_request == NON_SSL_SET_ERROR_MSG) {
|
|
Packit |
90a5c9 |
apr_table_setn(r->notes, "error-notes",
|
|
Packit |
90a5c9 |
"Reason: You're speaking plain HTTP to an SSL-enabled "
|
|
Packit |
90a5c9 |
"server port. \n Instead use the HTTPS scheme to "
|
|
Packit |
90a5c9 |
"access this URL, please. \n");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Now that we have caught this error, forget it. we are done
|
|
Packit |
90a5c9 |
* with using SSL on this request.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
sslconn->non_ssl_request = NON_SSL_OK;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return HTTP_BAD_REQUEST;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Get the SSL connection structure and perform the
|
|
Packit |
90a5c9 |
* delayed interlinking from SSL back to request_rec
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
ssl = sslconn->ssl;
|
|
Packit |
90a5c9 |
if (!ssl) {
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
#ifdef HAVE_TLSEXT
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Perform SNI checks only on the initial request. In particular,
|
|
Packit |
90a5c9 |
* if these checks detect a problem, the checks shouldn't return an
|
|
Packit |
90a5c9 |
* error again when processing an ErrorDocument redirect for the
|
|
Packit |
90a5c9 |
* original problem.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (r->proxyreq != PROXYREQ_PROXY && ap_is_initial_req(r)) {
|
|
Packit |
90a5c9 |
server_rec *handshakeserver = sslconn->server;
|
|
Packit |
90a5c9 |
SSLSrvConfigRec *hssc = mySrvConfig(handshakeserver);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* The SNI extension supplied a hostname. So don't accept requests
|
|
Packit |
90a5c9 |
* with either no hostname or a hostname that selected a different
|
|
Packit |
90a5c9 |
* virtual host than the one used for the handshake, causing
|
|
Packit |
90a5c9 |
* different SSL parameters to be applied, such as SSLProtocol,
|
|
Packit |
90a5c9 |
* SSLCACertificateFile/Path and SSLCADNRequestFile/Path which
|
|
Packit |
90a5c9 |
* cannot be renegotiated (SSLCA* due to current limitations in
|
|
Packit |
90a5c9 |
* OpenSSL, see:
|
|
Packit |
90a5c9 |
* http://mail-archives.apache.org/mod_mbox/httpd-dev/200806.mbox/%3C48592955.2090303@velox.ch%3E
|
|
Packit |
90a5c9 |
* and
|
|
Packit |
90a5c9 |
* http://mail-archives.apache.org/mod_mbox/httpd-dev/201312.mbox/%3CCAKQ1sVNpOrdiBm-UPw1hEdSN7YQXRRjeaT-MCWbW_7mN%3DuFiOw%40mail.gmail.com%3E
|
|
Packit |
90a5c9 |
* )
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (!r->hostname) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02031)
|
|
Packit |
90a5c9 |
"Hostname %s provided via SNI, but no hostname"
|
|
Packit |
90a5c9 |
" provided in HTTP request", servername);
|
|
Packit |
90a5c9 |
return HTTP_BAD_REQUEST;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
if (r->server != handshakeserver
|
|
Packit |
90a5c9 |
&& !ssl_server_compatible(sslconn->server, r->server)) {
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* The request does not select the virtual host that was
|
|
Packit |
90a5c9 |
* selected by the SNI and its SSL parameters are different
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02032)
|
|
Packit |
90a5c9 |
"Hostname %s provided via SNI and hostname %s provided"
|
|
Packit |
90a5c9 |
" via HTTP have no compatible SSL setup",
|
|
Packit |
90a5c9 |
servername, r->hostname);
|
|
Packit |
90a5c9 |
return HTTP_MISDIRECTED_REQUEST;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (((sc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
|
|
Packit |
90a5c9 |
|| hssc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
|
|
Packit |
90a5c9 |
&& r->connection->vhost_lookup_data) {
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* We are using a name based configuration here, but no hostname was
|
|
Packit |
90a5c9 |
* provided via SNI. Don't allow that if are requested to do strict
|
|
Packit |
90a5c9 |
* checking. Check whether this strict checking was set up either in the
|
|
Packit |
90a5c9 |
* server config we used for handshaking or in our current server.
|
|
Packit |
90a5c9 |
* This should avoid insecure configuration by accident.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02033)
|
|
Packit |
90a5c9 |
"No hostname was provided via SNI for a name based"
|
|
Packit |
90a5c9 |
" virtual host");
|
|
Packit |
90a5c9 |
apr_table_setn(r->notes, "error-notes",
|
|
Packit |
90a5c9 |
"Reason: The client software did not provide a "
|
|
Packit |
90a5c9 |
"hostname using Server Name Indication (SNI), "
|
|
Packit |
90a5c9 |
"which is required to access this server. \n");
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
modssl_set_app_data2(ssl, r);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Log information about incoming HTTPS requests
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (APLOGrinfo(r) && ap_is_initial_req(r)) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02034)
|
|
Packit |
90a5c9 |
"%s HTTPS request received for child %ld (server %s)",
|
|
Packit |
90a5c9 |
(r->connection->keepalives <= 0 ?
|
|
Packit |
90a5c9 |
"Initial (No.1)" :
|
|
Packit |
90a5c9 |
apr_psprintf(r->pool, "Subsequent (No.%d)",
|
|
Packit |
90a5c9 |
r->connection->keepalives+1)),
|
|
Packit |
90a5c9 |
r->connection->id,
|
|
Packit |
90a5c9 |
ssl_util_vhostid(r->pool, r->server));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* SetEnvIf ssl-*-shutdown flags can only be per-server,
|
|
Packit |
90a5c9 |
* so they won't change across keepalive requests
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
|
|
Packit |
90a5c9 |
ssl_configure_env(r, sslconn);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Move SetEnvIf information from request_rec to conn_rec/BUFF
|
|
Packit |
90a5c9 |
* to allow the close connection handler to use them.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
int i;
|
|
Packit |
90a5c9 |
const apr_array_header_t *arr = apr_table_elts(r->subprocess_env);
|
|
Packit |
90a5c9 |
const apr_table_entry_t *elts = (const apr_table_entry_t *)arr->elts;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_STANDARD;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
for (i = 0; i < arr->nelts; i++) {
|
|
Packit |
90a5c9 |
const char *key = elts[i].key;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
switch (*key) {
|
|
Packit |
90a5c9 |
case 's':
|
|
Packit |
90a5c9 |
/* being case-sensitive here.
|
|
Packit |
90a5c9 |
* and not checking for the -shutdown since these are the only
|
|
Packit |
90a5c9 |
* SetEnvIf "flags" we support
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (!strncmp(key+1, "sl-", 3)) {
|
|
Packit |
90a5c9 |
key += 4;
|
|
Packit |
90a5c9 |
if (!strncmp(key, "unclean", 7)) {
|
|
Packit |
90a5c9 |
sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (!strncmp(key, "accurate", 8)) {
|
|
Packit |
90a5c9 |
sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_ACCURATE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
return; /* should only ever be one ssl-*-shutdown */
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
break;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static int ssl_check_post_client_verify(request_rec *r, SSLSrvConfigRec *sc,
|
|
Packit |
90a5c9 |
SSLDirConfigRec *dc, SSLConnRec *sslconn,
|
|
Packit |
90a5c9 |
SSL *ssl)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
X509 *cert;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Remember the peer certificate's DN
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if ((cert = SSL_get_peer_certificate(ssl))) {
|
|
Packit |
90a5c9 |
if (sslconn->client_cert) {
|
|
Packit |
90a5c9 |
X509_free(sslconn->client_cert);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
sslconn->client_cert = cert;
|
|
Packit |
90a5c9 |
sslconn->client_dn = NULL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Finally check for acceptable renegotiation results
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if ((dc->nVerifyClient != SSL_CVERIFY_NONE) ||
|
|
Packit |
90a5c9 |
(sc->server->auth.verify_mode != SSL_CVERIFY_NONE)) {
|
|
Packit |
90a5c9 |
BOOL do_verify = ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
|
|
Packit |
90a5c9 |
(sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE));
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02262)
|
|
Packit |
90a5c9 |
"Re-negotiation handshake failed: "
|
|
Packit |
90a5c9 |
"Client verification failed");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (do_verify) {
|
|
Packit |
90a5c9 |
if (cert == NULL) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02263)
|
|
Packit |
90a5c9 |
"Re-negotiation handshake failed: "
|
|
Packit |
90a5c9 |
"Client certificate missing");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
return OK;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Access Handler, classic flavour, for SSL/TLS up to v1.2
|
|
Packit |
90a5c9 |
* where everything can be renegotiated and no one is happy.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirConfigRec *dc,
|
|
Packit |
90a5c9 |
SSLConnRec *sslconn, SSL *ssl)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
server_rec *handshakeserver = sslconn ? sslconn->server : NULL;
|
|
Packit |
90a5c9 |
SSLSrvConfigRec *hssc = handshakeserver? mySrvConfig(handshakeserver) : NULL;
|
|
Packit |
90a5c9 |
SSL_CTX *ctx = ssl ? SSL_get_SSL_CTX(ssl) : NULL;
|
|
Packit |
90a5c9 |
BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
|
|
Packit |
90a5c9 |
X509 *peercert;
|
|
Packit |
90a5c9 |
X509_STORE *cert_store = NULL;
|
|
Packit |
90a5c9 |
X509_STORE_CTX *cert_store_ctx;
|
|
Packit |
90a5c9 |
STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
|
|
Packit |
90a5c9 |
const SSL_CIPHER *cipher = NULL;
|
|
Packit |
90a5c9 |
int depth, verify_old, verify, n, rc;
|
|
Packit |
90a5c9 |
const char *ncipher_suite;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#ifdef HAVE_SRP
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Support for per-directory reconfigured SSL connection parameters
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* We do not force any renegotiation if the user is already authenticated
|
|
Packit |
90a5c9 |
* via SRP.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (SSL_get_srp_username(ssl)) {
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Support for per-directory reconfigured SSL connection parameters.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* This is implemented by forcing an SSL renegotiation with the
|
|
Packit |
90a5c9 |
* reconfigured parameter suite. But Apache's internal API processing
|
|
Packit |
90a5c9 |
* makes our life very hard here, because when internal sub-requests occur
|
|
Packit |
90a5c9 |
* we nevertheless should avoid multiple unnecessary SSL handshakes (they
|
|
Packit |
90a5c9 |
* require extra network I/O and especially time to perform).
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* But the optimization for filtering out the unnecessary handshakes isn't
|
|
Packit |
90a5c9 |
* obvious and trivial. Especially because while Apache is in its
|
|
Packit |
90a5c9 |
* sub-request processing the client could force additional handshakes,
|
|
Packit |
90a5c9 |
* too. And these take place perhaps without our notice. So the only
|
|
Packit |
90a5c9 |
* possibility is to explicitly _ask_ OpenSSL whether the renegotiation
|
|
Packit |
90a5c9 |
* has to be performed or not. It has to performed when some parameters
|
|
Packit |
90a5c9 |
* which were previously known (by us) are not those we've now
|
|
Packit |
90a5c9 |
* reconfigured (as known by OpenSSL) or (in optimized way) at least when
|
|
Packit |
90a5c9 |
* the reconfigured parameter suite is stronger (more restrictions) than
|
|
Packit |
90a5c9 |
* the currently active one.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Override of SSLCipherSuite
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* We provide two options here:
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* o The paranoid and default approach where we force a renegotiation when
|
|
Packit |
90a5c9 |
* the cipher suite changed in _any_ way (which is straight-forward but
|
|
Packit |
90a5c9 |
* often forces renegotiations too often and is perhaps not what the
|
|
Packit |
90a5c9 |
* user actually wanted).
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* o The optimized and still secure way where we force a renegotiation
|
|
Packit |
90a5c9 |
* only if the currently active cipher is no longer contained in the
|
|
Packit |
90a5c9 |
* reconfigured/new cipher suite. Any other changes are not important
|
|
Packit |
90a5c9 |
* because it's the servers choice to select a cipher from the ones the
|
|
Packit |
90a5c9 |
* client supports. So as long as the current cipher is still in the new
|
|
Packit |
90a5c9 |
* cipher suite we're happy. Because we can assume we would have
|
|
Packit |
90a5c9 |
* selected it again even when other (better) ciphers exists now in the
|
|
Packit |
90a5c9 |
* new cipher suite. This approach is fine because the user explicitly
|
|
Packit |
90a5c9 |
* has to enable this via ``SSLOptions +OptRenegotiate''. So we do no
|
|
Packit |
90a5c9 |
* implicit optimizations.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
ncipher_suite = (dc->szCipherSuite?
|
|
Packit |
90a5c9 |
dc->szCipherSuite : (r->server != handshakeserver)?
|
|
Packit |
90a5c9 |
sc->server->auth.cipher_suite : NULL);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (ncipher_suite && (!sslconn->cipher_suite
|
|
Packit |
90a5c9 |
|| strcmp(ncipher_suite, sslconn->cipher_suite))) {
|
|
Packit |
90a5c9 |
/* remember old state */
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
|
|
Packit |
90a5c9 |
cipher = SSL_get_current_cipher(ssl);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
cipher_list_old = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (cipher_list_old) {
|
|
Packit |
90a5c9 |
cipher_list_old = sk_SSL_CIPHER_dup(cipher_list_old);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* configure new state */
|
|
Packit |
90a5c9 |
if (r->connection->master) {
|
|
Packit |
90a5c9 |
/* TODO: this categorically fails changed cipher suite settings
|
|
Packit |
90a5c9 |
* on slave connections. We could do better by
|
|
Packit |
90a5c9 |
* - create a new SSL* from our SSL_CTX and set cipher suite there,
|
|
Packit |
90a5c9 |
* and retrieve ciphers, free afterwards
|
|
Packit |
90a5c9 |
* Modifying the SSL on a slave connection is no good.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
apr_table_setn(r->notes, "ssl-renegotiate-forbidden", "cipher-suite");
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!SSL_set_cipher_list(ssl, ncipher_suite)) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02253)
|
|
Packit |
90a5c9 |
"Unable to reconfigure (per-directory) "
|
|
Packit |
90a5c9 |
"permitted SSL ciphers");
|
|
Packit |
90a5c9 |
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (cipher_list_old) {
|
|
Packit |
90a5c9 |
sk_SSL_CIPHER_free(cipher_list_old);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* determine whether a renegotiation has to be forced */
|
|
Packit |
90a5c9 |
cipher_list = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
|
|
Packit |
90a5c9 |
/* optimized way */
|
|
Packit |
90a5c9 |
if ((!cipher && cipher_list) ||
|
|
Packit |
90a5c9 |
(cipher && !cipher_list))
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
renegotiate = TRUE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (cipher && cipher_list &&
|
|
Packit |
90a5c9 |
(sk_SSL_CIPHER_find(cipher_list, cipher) < 0))
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
renegotiate = TRUE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
/* paranoid way */
|
|
Packit |
90a5c9 |
if ((!cipher_list_old && cipher_list) ||
|
|
Packit |
90a5c9 |
(cipher_list_old && !cipher_list))
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
renegotiate = TRUE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (cipher_list_old && cipher_list) {
|
|
Packit |
90a5c9 |
for (n = 0;
|
|
Packit |
90a5c9 |
!renegotiate && (n < sk_SSL_CIPHER_num(cipher_list));
|
|
Packit |
90a5c9 |
n++)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
const SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list, n);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (sk_SSL_CIPHER_find(cipher_list_old, value) < 0) {
|
|
Packit |
90a5c9 |
renegotiate = TRUE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
for (n = 0;
|
|
Packit |
90a5c9 |
!renegotiate && (n < sk_SSL_CIPHER_num(cipher_list_old));
|
|
Packit |
90a5c9 |
n++)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
const SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list_old, n);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (sk_SSL_CIPHER_find(cipher_list, value) < 0) {
|
|
Packit |
90a5c9 |
renegotiate = TRUE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* cleanup */
|
|
Packit |
90a5c9 |
if (cipher_list_old) {
|
|
Packit |
90a5c9 |
sk_SSL_CIPHER_free(cipher_list_old);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (renegotiate) {
|
|
Packit |
90a5c9 |
if (r->connection->master) {
|
|
Packit |
90a5c9 |
/* The request causes renegotiation on a slave connection.
|
|
Packit |
90a5c9 |
* This is not allowed since we might have concurrent requests
|
|
Packit |
90a5c9 |
* on this connection.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
apr_table_setn(r->notes, "ssl-renegotiate-forbidden", "cipher-suite");
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
|
|
Packit |
90a5c9 |
if (sc->cipher_server_pref == TRUE) {
|
|
Packit |
90a5c9 |
SSL_set_options(ssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
/* tracing */
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02220)
|
|
Packit |
90a5c9 |
"Reconfigured cipher suite will force renegotiation");
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* override of SSLVerifyClient
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* We force a renegotiation if the reconfigured/new verify type is
|
|
Packit |
90a5c9 |
* stronger than the currently active verify type.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* The order is: none << optional_no_ca << optional << require
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* Additionally the following optimization is possible here: When the
|
|
Packit |
90a5c9 |
* currently active verify type is "none" but a client certificate is
|
|
Packit |
90a5c9 |
* already known/present, it's enough to manually force a client
|
|
Packit |
90a5c9 |
* verification but at least skip the I/O-intensive renegotiation
|
|
Packit |
90a5c9 |
* handshake.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if ((dc->nVerifyClient != SSL_CVERIFY_UNSET) ||
|
|
Packit |
90a5c9 |
(sc->server->auth.verify_mode != SSL_CVERIFY_UNSET)) {
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* remember old state */
|
|
Packit |
90a5c9 |
verify_old = SSL_get_verify_mode(ssl);
|
|
Packit |
90a5c9 |
/* configure new state */
|
|
Packit |
90a5c9 |
verify = SSL_VERIFY_NONE;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
|
|
Packit |
90a5c9 |
(sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE)) {
|
|
Packit |
90a5c9 |
verify |= SSL_VERIFY_PEER_STRICT;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if ((dc->nVerifyClient == SSL_CVERIFY_OPTIONAL) ||
|
|
Packit |
90a5c9 |
(dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA) ||
|
|
Packit |
90a5c9 |
(sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL) ||
|
|
Packit |
90a5c9 |
(sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
verify |= SSL_VERIFY_PEER;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* TODO: this seems premature since we do not know if there
|
|
Packit |
90a5c9 |
* are any changes required.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
SSL_set_verify(ssl, verify, ssl_callback_SSLVerify);
|
|
Packit |
90a5c9 |
SSL_set_verify_result(ssl, X509_V_OK);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* determine whether we've to force a renegotiation */
|
|
Packit |
90a5c9 |
if (!renegotiate && verify != verify_old) {
|
|
Packit |
90a5c9 |
if (((verify_old == SSL_VERIFY_NONE) &&
|
|
Packit |
90a5c9 |
(verify != SSL_VERIFY_NONE)) ||
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
(!(verify_old & SSL_VERIFY_PEER) &&
|
|
Packit |
90a5c9 |
(verify & SSL_VERIFY_PEER)) ||
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
(!(verify_old & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) &&
|
|
Packit |
90a5c9 |
(verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
renegotiate = TRUE;
|
|
Packit |
90a5c9 |
if (r->connection->master) {
|
|
Packit |
90a5c9 |
/* The request causes renegotiation on a slave connection.
|
|
Packit |
90a5c9 |
* This is not allowed since we might have concurrent requests
|
|
Packit |
90a5c9 |
* on this connection.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
apr_table_setn(r->notes, "ssl-renegotiate-forbidden", "verify-client");
|
|
Packit |
90a5c9 |
SSL_set_verify(ssl, verify_old, ssl_callback_SSLVerify);
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
/* optimization */
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&
|
|
Packit |
90a5c9 |
(verify_old == SSL_VERIFY_NONE) &&
|
|
Packit |
90a5c9 |
((peercert = SSL_get_peer_certificate(ssl)) != NULL))
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
renegotiate_quick = TRUE;
|
|
Packit |
90a5c9 |
X509_free(peercert);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02255)
|
|
Packit |
90a5c9 |
"Changed client verification type will force "
|
|
Packit |
90a5c9 |
"%srenegotiation",
|
|
Packit |
90a5c9 |
renegotiate_quick ? "quick " : "");
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (verify != SSL_VERIFY_NONE) {
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* override of SSLVerifyDepth
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* The depth checks are handled by us manually inside the
|
|
Packit |
90a5c9 |
* verify callback function and not by OpenSSL internally
|
|
Packit |
90a5c9 |
* (and our function is aware of both the per-server and
|
|
Packit |
90a5c9 |
* per-directory contexts). So we cannot ask OpenSSL about
|
|
Packit |
90a5c9 |
* the currently verify depth. Instead we remember it in our
|
|
Packit |
90a5c9 |
* SSLConnRec attached to the SSL* of OpenSSL. We've to force
|
|
Packit |
90a5c9 |
* the renegotiation if the reconfigured/new verify depth is
|
|
Packit |
90a5c9 |
* less than the currently active/remembered verify depth
|
|
Packit |
90a5c9 |
* (because this means more restriction on the certificate
|
|
Packit |
90a5c9 |
* chain).
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
n = (sslconn->verify_depth != UNSET)
|
|
Packit |
90a5c9 |
? sslconn->verify_depth
|
|
Packit |
90a5c9 |
: hssc->server->auth.verify_depth;
|
|
Packit |
90a5c9 |
/* determine the new depth */
|
|
Packit |
90a5c9 |
sslconn->verify_depth = (dc->nVerifyDepth != UNSET)
|
|
Packit |
90a5c9 |
? dc->nVerifyDepth
|
|
Packit |
90a5c9 |
: sc->server->auth.verify_depth;
|
|
Packit |
90a5c9 |
if (sslconn->verify_depth < n) {
|
|
Packit |
90a5c9 |
renegotiate = TRUE;
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02254)
|
|
Packit |
90a5c9 |
"Reduced client verification depth will "
|
|
Packit |
90a5c9 |
"force renegotiation");
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
/* If we're handling a request for a vhost other than the default one,
|
|
Packit |
90a5c9 |
* then we need to make sure that client authentication is properly
|
|
Packit |
90a5c9 |
* enforced. For clients supplying an SNI extension, the peer
|
|
Packit |
90a5c9 |
* certificate verification has happened in the handshake already
|
|
Packit |
90a5c9 |
* (and r->server == handshakeserver). For non-SNI requests,
|
|
Packit |
90a5c9 |
* an additional check is needed here. If client authentication
|
|
Packit |
90a5c9 |
* is configured as mandatory, then we can only proceed if the
|
|
Packit |
90a5c9 |
* CA list doesn't have to be changed (OpenSSL doesn't provide
|
|
Packit |
90a5c9 |
* an option to change the list for an existing session).
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if ((r->server != handshakeserver)
|
|
Packit |
90a5c9 |
&& renegotiate
|
|
Packit |
90a5c9 |
&& ((verify & SSL_VERIFY_PEER) ||
|
|
Packit |
90a5c9 |
(verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
|
|
Packit |
90a5c9 |
#define MODSSL_CFG_CA_NE(f, sc1, sc2) \
|
|
Packit |
90a5c9 |
(sc1->server->auth.f && \
|
|
Packit |
90a5c9 |
(!sc2->server->auth.f || \
|
|
Packit |
90a5c9 |
strNE(sc1->server->auth.f, sc2->server->auth.f)))
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (MODSSL_CFG_CA_NE(ca_cert_file, sc, hssc) ||
|
|
Packit |
90a5c9 |
MODSSL_CFG_CA_NE(ca_cert_path, sc, hssc)) {
|
|
Packit |
90a5c9 |
if (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02256)
|
|
Packit |
90a5c9 |
"Non-default virtual host with SSLVerify set to "
|
|
Packit |
90a5c9 |
"'require' and VirtualHost-specific CA certificate "
|
|
Packit |
90a5c9 |
"list is only available to clients with TLS server "
|
|
Packit |
90a5c9 |
"name indication (SNI) support");
|
|
Packit |
90a5c9 |
SSL_set_verify(ssl, verify_old, NULL);
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
} else
|
|
Packit |
90a5c9 |
/* let it pass, possibly with an "incorrect" peer cert,
|
|
Packit |
90a5c9 |
* so make sure the SSL_CLIENT_VERIFY environment variable
|
|
Packit |
90a5c9 |
* will indicate partial success only, later on.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
sslconn->verify_info = "GENEROUS";
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
7b674e |
/* Fill reneg buffer if required. */
|
|
Packit |
7b674e |
if (renegotiate && !renegotiate_quick) {
|
|
Packit |
7b674e |
rc = fill_reneg_buffer(r, dc);
|
|
Packit |
7b674e |
if (rc) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02257)
|
|
Packit |
90a5c9 |
"could not buffer message body to allow "
|
|
Packit |
90a5c9 |
"SSL renegotiation to proceed");
|
|
Packit |
7b674e |
return rc;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* now do the renegotiation if anything was actually reconfigured
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (renegotiate) {
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Now we force the SSL renegotiation by sending the Hello Request
|
|
Packit |
90a5c9 |
* message to the client. Here we have to do a workaround: Actually
|
|
Packit |
90a5c9 |
* OpenSSL returns immediately after sending the Hello Request (the
|
|
Packit |
90a5c9 |
* intent AFAIK is because the SSL/TLS protocol says it's not a must
|
|
Packit |
90a5c9 |
* that the client replies to a Hello Request). But because we insist
|
|
Packit |
90a5c9 |
* on a reply (anything else is an error for us) we have to go to the
|
|
Packit |
90a5c9 |
* ACCEPT state manually. Using SSL_set_accept_state() doesn't work
|
|
Packit |
90a5c9 |
* here because it resets too much of the connection. So we set the
|
|
Packit |
90a5c9 |
* state explicitly and continue the handshake manually.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02221)
|
|
Packit |
90a5c9 |
"Requesting connection re-negotiation");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (renegotiate_quick) {
|
|
Packit |
90a5c9 |
STACK_OF(X509) *cert_stack;
|
|
Packit |
90a5c9 |
X509 *cert;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* perform just a manual re-verification of the peer */
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02258)
|
|
Packit |
90a5c9 |
"Performing quick renegotiation: "
|
|
Packit |
90a5c9 |
"just re-verifying the peer");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
cert = SSL_get_peer_certificate(ssl);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!cert_stack || (sk_X509_num(cert_stack) == 0)) {
|
|
Packit |
90a5c9 |
if (!cert) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02222)
|
|
Packit |
90a5c9 |
"Cannot find peer certificate chain");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* client cert is in the session cache, but there is
|
|
Packit |
90a5c9 |
* no chain, since ssl3_get_client_certificate()
|
|
Packit |
90a5c9 |
* sk_X509_shift-ed the peer cert out of the chain.
|
|
Packit |
90a5c9 |
* we put it back here for the purpose of quick_renegotiation.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
cert_stack = sk_X509_new_null();
|
|
Packit |
90a5c9 |
sk_X509_push(cert_stack, cert);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!(cert_store ||
|
|
Packit |
90a5c9 |
(cert_store = SSL_CTX_get_cert_store(ctx))))
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02223)
|
|
Packit |
90a5c9 |
"Cannot find certificate storage");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!cert) {
|
|
Packit |
90a5c9 |
cert = sk_X509_value(cert_stack, 0);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
cert_store_ctx = X509_STORE_CTX_new();
|
|
Packit |
90a5c9 |
X509_STORE_CTX_init(cert_store_ctx, cert_store, cert, cert_stack);
|
|
Packit |
90a5c9 |
depth = SSL_get_verify_depth(ssl);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (depth >= 0) {
|
|
Packit |
90a5c9 |
X509_STORE_CTX_set_depth(cert_store_ctx, depth);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
X509_STORE_CTX_set_ex_data(cert_store_ctx,
|
|
Packit |
90a5c9 |
SSL_get_ex_data_X509_STORE_CTX_idx(),
|
|
Packit |
90a5c9 |
(char *)ssl);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!X509_verify_cert(cert_store_ctx)) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02224)
|
|
Packit |
90a5c9 |
"Re-negotiation verification step failed");
|
|
Packit |
90a5c9 |
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(cert_store_ctx));
|
|
Packit |
90a5c9 |
X509_STORE_CTX_cleanup(cert_store_ctx);
|
|
Packit |
90a5c9 |
X509_STORE_CTX_free(cert_store_ctx);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (cert_stack != SSL_get_peer_cert_chain(ssl)) {
|
|
Packit |
90a5c9 |
/* we created this ourselves, so free it */
|
|
Packit |
90a5c9 |
sk_X509_pop_free(cert_stack, X509_free);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
char peekbuf[1];
|
|
Packit |
90a5c9 |
const char *reneg_support;
|
|
Packit |
90a5c9 |
request_rec *id = r->main ? r->main : r;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Additional mitigation for CVE-2009-3555: At this point,
|
|
Packit |
90a5c9 |
* before renegotiating, an (entire) request has been read
|
|
Packit |
90a5c9 |
* from the connection. An attacker may have sent further
|
|
Packit |
90a5c9 |
* data to "prefix" any subsequent request by the victim's
|
|
Packit |
90a5c9 |
* client after the renegotiation; this data may already
|
|
Packit |
90a5c9 |
* have been read and buffered. Forcing a connection
|
|
Packit |
90a5c9 |
* closure after the response ensures such data will be
|
|
Packit |
90a5c9 |
* discarded. Legimately pipelined HTTP requests will be
|
|
Packit |
90a5c9 |
* retried anyway with this approach. */
|
|
Packit |
90a5c9 |
if (has_buffered_data(r)) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02259)
|
|
Packit |
90a5c9 |
"insecure SSL re-negotiation required, but "
|
|
Packit |
90a5c9 |
"a pipelined request is present; keepalive "
|
|
Packit |
90a5c9 |
"disabled");
|
|
Packit |
90a5c9 |
r->connection->keepalive = AP_CONN_CLOSE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#if defined(SSL_get_secure_renegotiation_support)
|
|
Packit |
90a5c9 |
reneg_support = SSL_get_secure_renegotiation_support(ssl) ?
|
|
Packit |
90a5c9 |
"client does" : "client does not";
|
|
Packit |
90a5c9 |
#else
|
|
Packit |
90a5c9 |
reneg_support = "server does not";
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
/* Perform a full renegotiation. */
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02260)
|
|
Packit |
90a5c9 |
"Performing full renegotiation: complete handshake "
|
|
Packit |
90a5c9 |
"protocol (%s support secure renegotiation)",
|
|
Packit |
90a5c9 |
reneg_support);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
SSL_set_session_id_context(ssl,
|
|
Packit |
90a5c9 |
(unsigned char *)&id,
|
|
Packit |
90a5c9 |
sizeof(id));
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Toggle the renegotiation state to allow the new
|
|
Packit |
90a5c9 |
* handshake to proceed. */
|
|
Packit |
90a5c9 |
sslconn->reneg_state = RENEG_ALLOW;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
SSL_renegotiate(ssl);
|
|
Packit |
90a5c9 |
SSL_do_handshake(ssl);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!SSL_is_init_finished(ssl)) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02225)
|
|
Packit |
90a5c9 |
"Re-negotiation request failed");
|
|
Packit |
90a5c9 |
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
r->connection->keepalive = AP_CONN_CLOSE;
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02226)
|
|
Packit |
90a5c9 |
"Awaiting re-negotiation handshake");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* XXX: Should replace setting state with SSL_renegotiate(ssl);
|
|
Packit |
90a5c9 |
* However, this causes failures in perl-framework currently,
|
|
Packit |
90a5c9 |
* perhaps pre-test if we have already negotiated?
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
/* Need to trigger renegotiation handshake by reading.
|
|
Packit |
90a5c9 |
* Peeking 0 bytes actually works.
|
|
Packit |
90a5c9 |
* See: http://marc.info/?t=145493359200002&r=1&w=2
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
SSL_peek(ssl, peekbuf, 0);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
sslconn->reneg_state = RENEG_REJECT;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!SSL_is_init_finished(ssl)) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02261)
|
|
Packit |
90a5c9 |
"Re-negotiation handshake failed");
|
|
Packit |
90a5c9 |
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
r->connection->keepalive = AP_CONN_CLOSE;
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Full renegotiation successful, we now have handshaken with
|
|
Packit |
90a5c9 |
* this server's parameters.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
sslconn->server = r->server;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Finally check for acceptable renegotiation results
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (OK != (rc = ssl_check_post_client_verify(r, sc, dc, sslconn, ssl))) {
|
|
Packit |
90a5c9 |
return rc;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Also check that SSLCipherSuite has been enforced as expected.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (cipher_list) {
|
|
Packit |
90a5c9 |
cipher = SSL_get_current_cipher(ssl);
|
|
Packit |
90a5c9 |
if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02264)
|
|
Packit |
90a5c9 |
"SSL cipher suite not renegotiated: "
|
|
Packit |
90a5c9 |
"access to %s denied using cipher %s",
|
|
Packit |
90a5c9 |
r->filename,
|
|
Packit |
90a5c9 |
SSL_CIPHER_get_name(cipher));
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
/* remember any new cipher suite used in renegotiation */
|
|
Packit |
90a5c9 |
if (ncipher_suite) {
|
|
Packit |
90a5c9 |
sslconn->cipher_suite = ncipher_suite;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#if SSL_HAVE_PROTOCOL_TLSV1_3
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Access Handler, modern flavour, for SSL/TLS v1.3 and onward.
|
|
Packit |
90a5c9 |
* Only client certificates can be requested, everything else stays.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
static int ssl_hook_Access_modern(request_rec *r, SSLSrvConfigRec *sc, SSLDirConfigRec *dc,
|
|
Packit |
90a5c9 |
SSLConnRec *sslconn, SSL *ssl)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
if ((dc->nVerifyClient != SSL_CVERIFY_UNSET) ||
|
|
Packit |
90a5c9 |
(sc->server->auth.verify_mode != SSL_CVERIFY_UNSET)) {
|
|
Packit |
90a5c9 |
int vmode_inplace, vmode_needed;
|
|
Packit |
90a5c9 |
int change_vmode = FALSE;
|
|
Packit |
90a5c9 |
int old_state, n, rc;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
vmode_inplace = SSL_get_verify_mode(ssl);
|
|
Packit |
90a5c9 |
vmode_needed = SSL_VERIFY_NONE;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
|
|
Packit |
90a5c9 |
(sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE)) {
|
|
Packit |
90a5c9 |
vmode_needed |= SSL_VERIFY_PEER_STRICT;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if ((dc->nVerifyClient == SSL_CVERIFY_OPTIONAL) ||
|
|
Packit |
90a5c9 |
(dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA) ||
|
|
Packit |
90a5c9 |
(sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL) ||
|
|
Packit |
90a5c9 |
(sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
vmode_needed |= SSL_VERIFY_PEER;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (vmode_needed == SSL_VERIFY_NONE) {
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
vmode_needed |= SSL_VERIFY_CLIENT_ONCE;
|
|
Packit |
90a5c9 |
if (vmode_inplace != vmode_needed) {
|
|
Packit |
90a5c9 |
/* Need to change, if new setting is more restrictive than existing one */
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if ((vmode_inplace == SSL_VERIFY_NONE)
|
|
Packit |
90a5c9 |
|| (!(vmode_inplace & SSL_VERIFY_PEER)
|
|
Packit |
90a5c9 |
&& (vmode_needed & SSL_VERIFY_PEER))
|
|
Packit |
90a5c9 |
|| (!(vmode_inplace & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
|
|
Packit |
90a5c9 |
&& (vmode_needed & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
|
|
Packit |
90a5c9 |
/* need to change the effective verify mode */
|
|
Packit |
90a5c9 |
change_vmode = TRUE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
/* FIXME: does this work with TLSv1.3? Is this more than re-inspecting
|
|
Packit |
90a5c9 |
* the certificate we should already have? */
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* override of SSLVerifyDepth
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* The depth checks are handled by us manually inside the
|
|
Packit |
90a5c9 |
* verify callback function and not by OpenSSL internally
|
|
Packit |
90a5c9 |
* (and our function is aware of both the per-server and
|
|
Packit |
90a5c9 |
* per-directory contexts). So we cannot ask OpenSSL about
|
|
Packit |
90a5c9 |
* the currently verify depth. Instead we remember it in our
|
|
Packit |
90a5c9 |
* SSLConnRec attached to the SSL* of OpenSSL. We've to force
|
|
Packit |
90a5c9 |
* the renegotiation if the reconfigured/new verify depth is
|
|
Packit |
90a5c9 |
* less than the currently active/remembered verify depth
|
|
Packit |
90a5c9 |
* (because this means more restriction on the certificate
|
|
Packit |
90a5c9 |
* chain).
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
n = (sslconn->verify_depth != UNSET)?
|
|
Packit |
90a5c9 |
sslconn->verify_depth : sc->server->auth.verify_depth;
|
|
Packit |
90a5c9 |
/* determine the new depth */
|
|
Packit |
90a5c9 |
sslconn->verify_depth = (dc->nVerifyDepth != UNSET)
|
|
Packit |
90a5c9 |
? dc->nVerifyDepth
|
|
Packit |
90a5c9 |
: sc->server->auth.verify_depth;
|
|
Packit |
90a5c9 |
if (sslconn->verify_depth < n) {
|
|
Packit |
90a5c9 |
change_vmode = TRUE;
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO()
|
|
Packit |
90a5c9 |
"Reduced client verification depth will "
|
|
Packit |
90a5c9 |
"force renegotiation");
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
7b674e |
/* Fill reneg buffer if required. */
|
|
Packit |
7b674e |
if (change_vmode) {
|
|
Packit |
7b674e |
rc = fill_reneg_buffer(r, dc);
|
|
Packit |
7b674e |
if (rc) {
|
|
Packit |
7b674e |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10228)
|
|
Packit |
7b674e |
"could not buffer message body to allow "
|
|
Packit |
7b674e |
"TLS Post-Handshake Authentication to proceed");
|
|
Packit |
7b674e |
return rc;
|
|
Packit |
7b674e |
}
|
|
Packit |
7b674e |
}
|
|
Packit |
7b674e |
|
|
Packit |
90a5c9 |
if (change_vmode) {
|
|
Packit |
90a5c9 |
char peekbuf[1];
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (r->connection->master) {
|
|
Packit |
90a5c9 |
/* FIXME: modifying the SSL on a slave connection is no good.
|
|
Packit |
90a5c9 |
* We would need to push this back to the master connection
|
|
Packit |
90a5c9 |
* somehow.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
apr_table_setn(r->notes, "ssl-renegotiate-forbidden", "verify-client");
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO() "verify client post handshake");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
SSL_set_verify(ssl, vmode_needed, ssl_callback_SSLVerify);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (SSL_verify_client_post_handshake(ssl) != 1) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10158)
|
|
Packit |
90a5c9 |
"cannot perform post-handshake authentication");
|
|
Packit |
90a5c9 |
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
|
|
Packit |
90a5c9 |
apr_table_setn(r->notes, "error-notes",
|
|
Packit |
90a5c9 |
"Reason: Cannot perform Post-Handshake Authentication. ");
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
old_state = sslconn->reneg_state;
|
|
Packit |
90a5c9 |
sslconn->reneg_state = RENEG_ALLOW;
|
|
Packit |
90a5c9 |
modssl_set_app_data2(ssl, r);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
SSL_do_handshake(ssl);
|
|
Packit |
90a5c9 |
/* Need to trigger renegotiation handshake by reading.
|
|
Packit |
90a5c9 |
* Peeking 0 bytes actually works.
|
|
Packit |
90a5c9 |
* See: http://marc.info/?t=145493359200002&r=1&w=2
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
SSL_peek(ssl, peekbuf, 0);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
sslconn->reneg_state = old_state;
|
|
Packit |
90a5c9 |
modssl_set_app_data2(ssl, NULL);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Finally check for acceptable renegotiation results
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (OK != (rc = ssl_check_post_client_verify(r, sc, dc, sslconn, ssl))) {
|
|
Packit |
90a5c9 |
return rc;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
int ssl_hook_Access(request_rec *r)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
SSLDirConfigRec *dc = myDirConfig(r);
|
|
Packit |
90a5c9 |
SSLSrvConfigRec *sc = mySrvConfig(r->server);
|
|
Packit |
90a5c9 |
SSLConnRec *sslconn = myConnConfig(r->connection);
|
|
Packit |
90a5c9 |
SSL *ssl = sslconn ? sslconn->ssl : NULL;
|
|
Packit |
90a5c9 |
apr_array_header_t *requires;
|
|
Packit |
90a5c9 |
ssl_require_t *ssl_requires;
|
|
Packit |
90a5c9 |
int ok, i, ret;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* On a slave connection, we do not expect to have an SSLConnRec, but
|
|
Packit |
90a5c9 |
* our master connection might have one. */
|
|
Packit |
90a5c9 |
if (!(sslconn && ssl) && r->connection->master) {
|
|
Packit |
90a5c9 |
sslconn = myConnConfig(r->connection->master);
|
|
Packit |
90a5c9 |
ssl = sslconn ? sslconn->ssl : NULL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* We should have handshaken here, otherwise we are being
|
|
Packit |
90a5c9 |
* redirected (ErrorDocument) from a renegotiation failure below.
|
|
Packit |
90a5c9 |
* The access is still forbidden in the latter case, let ap_die() handle
|
|
Packit |
90a5c9 |
* this recursive (same) error.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (ssl && !SSL_is_init_finished(ssl)) {
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Support for SSLRequireSSL directive
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (dc->bSSLRequired && !ssl) {
|
|
Packit |
90a5c9 |
if ((sc->enabled == SSL_ENABLED_OPTIONAL) && !r->connection->master) {
|
|
Packit |
90a5c9 |
/* This vhost was configured for optional SSL, just tell the
|
|
Packit |
90a5c9 |
* client that we need to upgrade.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
apr_table_setn(r->err_headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
|
|
Packit |
90a5c9 |
apr_table_setn(r->err_headers_out, "Connection", "Upgrade");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return HTTP_UPGRADE_REQUIRED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02219)
|
|
Packit |
90a5c9 |
"access to %s failed, reason: %s",
|
|
Packit |
90a5c9 |
r->filename, "SSL connection required");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* remember forbidden access for strict require option */
|
|
Packit |
90a5c9 |
apr_table_setn(r->notes, "ssl-access-forbidden", "1");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Check to see whether SSL is in use; if it's not, then no
|
|
Packit |
90a5c9 |
* further access control checks are relevant. (the test for
|
|
Packit |
90a5c9 |
* sc->enabled is probably strictly unnecessary)
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#if SSL_HAVE_PROTOCOL_TLSV1_3
|
|
Packit |
90a5c9 |
/* TLSv1.3+ is less complicated here. Branch off into a new codeline
|
|
Packit |
90a5c9 |
* and avoid messing with the past. */
|
|
Packit |
90a5c9 |
if (SSL_version(ssl) >= TLS1_3_VERSION) {
|
|
Packit |
90a5c9 |
ret = ssl_hook_Access_modern(r, sc, dc, sslconn, ssl);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
ret = ssl_hook_Access_classic(r, sc, dc, sslconn, ssl);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (ret != DECLINED) {
|
|
Packit |
90a5c9 |
return ret;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* If we're trying to have the user name set from a client
|
|
Packit |
90a5c9 |
* certificate then we need to set it here. This should be safe as
|
|
Packit |
90a5c9 |
* the user name probably isn't important from an auth checking point
|
|
Packit |
90a5c9 |
* of view as the certificate supplied acts in that capacity.
|
|
Packit |
90a5c9 |
* However, if FakeAuth is being used then this isn't the case so
|
|
Packit |
90a5c9 |
* we need to postpone setting the username until later.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
|
|
Packit |
90a5c9 |
char *val = ssl_var_lookup(r->pool, r->server, r->connection,
|
|
Packit |
90a5c9 |
r, (char *)dc->szUserName);
|
|
Packit |
90a5c9 |
if (val && val[0])
|
|
Packit |
90a5c9 |
r->user = val;
|
|
Packit |
90a5c9 |
else
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02227)
|
|
Packit |
90a5c9 |
"Failed to set r->user to '%s'", dc->szUserName);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Check SSLRequire boolean expressions
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
requires = dc->aRequirement;
|
|
Packit |
90a5c9 |
ssl_requires = (ssl_require_t *)requires->elts;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
for (i = 0; i < requires->nelts; i++) {
|
|
Packit |
90a5c9 |
ssl_require_t *req = &ssl_requires[i];
|
|
Packit |
90a5c9 |
const char *errstring;
|
|
Packit |
90a5c9 |
ok = ap_expr_exec(r, req->mpExpr, &errstring);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (ok < 0) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02265)
|
|
Packit |
90a5c9 |
"access to %s failed, reason: Failed to execute "
|
|
Packit |
90a5c9 |
"SSL requirement expression: %s",
|
|
Packit |
90a5c9 |
r->filename, errstring);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* remember forbidden access for strict require option */
|
|
Packit |
90a5c9 |
apr_table_setn(r->notes, "ssl-access-forbidden", "1");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (ok != 1) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02266)
|
|
Packit |
90a5c9 |
"Access to %s denied for %s "
|
|
Packit |
90a5c9 |
"(requirement expression not fulfilled)",
|
|
Packit |
90a5c9 |
r->filename, r->useragent_ip);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02228)
|
|
Packit |
90a5c9 |
"Failed expression: %s", req->cpExpr);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02229)
|
|
Packit |
90a5c9 |
"access to %s failed, reason: %s",
|
|
Packit |
90a5c9 |
r->filename,
|
|
Packit |
90a5c9 |
"SSL requirement expression not fulfilled");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* remember forbidden access for strict require option */
|
|
Packit |
90a5c9 |
apr_table_setn(r->notes, "ssl-access-forbidden", "1");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Else access is granted from our point of view (except vendor
|
|
Packit |
90a5c9 |
* handlers override). But we have to return DECLINED here instead
|
|
Packit |
90a5c9 |
* of OK, because mod_auth and other modules still might want to
|
|
Packit |
90a5c9 |
* deny access.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Authentication Handler:
|
|
Packit |
90a5c9 |
* Fake a Basic authentication from the X509 client certificate.
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* This must be run fairly early on to prevent a real authentication from
|
|
Packit |
90a5c9 |
* occurring, in particular it must be run before anything else that
|
|
Packit |
90a5c9 |
* authenticates a user. This means that the Module statement for this
|
|
Packit |
90a5c9 |
* module should be LAST in the Configuration file.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
int ssl_hook_UserCheck(request_rec *r)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
SSLConnRec *sslconn = myConnConfig(r->connection);
|
|
Packit |
90a5c9 |
SSLSrvConfigRec *sc = mySrvConfig(r->server);
|
|
Packit |
90a5c9 |
SSLDirConfigRec *dc = myDirConfig(r);
|
|
Packit |
90a5c9 |
char *clientdn;
|
|
Packit |
90a5c9 |
const char *auth_line, *username, *password;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Additionally forbid access (again)
|
|
Packit |
90a5c9 |
* when strict require option is used.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) &&
|
|
Packit |
90a5c9 |
(apr_table_get(r->notes, "ssl-access-forbidden")))
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* We decline when we are in a subrequest. The Authorization header
|
|
Packit |
90a5c9 |
* would already be present if it was added in the main request.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (!ap_is_initial_req(r)) {
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Make sure the user is not able to fake the client certificate
|
|
Packit |
90a5c9 |
* based authentication by just entering an X.509 Subject DN
|
|
Packit |
90a5c9 |
* ("/XX=YYY/XX=YYY/..") as the username and "password" as the
|
|
Packit |
90a5c9 |
* password.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if ((auth_line = apr_table_get(r->headers_in, "Authorization"))) {
|
|
Packit |
90a5c9 |
if (strcEQ(ap_getword(r->pool, &auth_line, ' '), "Basic")) {
|
|
Packit |
90a5c9 |
while ((*auth_line == ' ') || (*auth_line == '\t')) {
|
|
Packit |
90a5c9 |
auth_line++;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
auth_line = ap_pbase64decode(r->pool, auth_line);
|
|
Packit |
90a5c9 |
username = ap_getword_nulls(r->pool, &auth_line, ':');
|
|
Packit |
90a5c9 |
password = auth_line;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if ((username[0] == '/') && strEQ(password, "password")) {
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02035)
|
|
Packit |
90a5c9 |
"Encountered FakeBasicAuth spoof: %s", username);
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* We decline operation in various situations...
|
|
Packit |
90a5c9 |
* - SSLOptions +FakeBasicAuth not configured
|
|
Packit |
90a5c9 |
* - r->user already authenticated
|
|
Packit |
90a5c9 |
* - ssl not enabled
|
|
Packit |
90a5c9 |
* - client did not present a certificate
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (!((sc->enabled == SSL_ENABLED_TRUE || sc->enabled == SSL_ENABLED_OPTIONAL)
|
|
Packit |
90a5c9 |
&& sslconn && sslconn->ssl && sslconn->client_cert) ||
|
|
Packit |
90a5c9 |
!(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!sslconn->client_dn) {
|
|
Packit |
90a5c9 |
X509_NAME *name = X509_get_subject_name(sslconn->client_cert);
|
|
Packit |
90a5c9 |
char *cp = X509_NAME_oneline(name, NULL, 0);
|
|
Packit |
90a5c9 |
sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
|
|
Packit |
90a5c9 |
OPENSSL_free(cp);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
clientdn = (char *)sslconn->client_dn;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Fake a password - which one would be immaterial, as, it seems, an empty
|
|
Packit |
90a5c9 |
* password in the users file would match ALL incoming passwords, if only
|
|
Packit |
90a5c9 |
* we were using the standard crypt library routine. Unfortunately, OpenSSL
|
|
Packit |
90a5c9 |
* "fixes" a "bug" in crypt and thus prevents blank passwords from
|
|
Packit |
90a5c9 |
* working. (IMHO what they really fix is a bug in the users of the code
|
|
Packit |
90a5c9 |
* - failing to program correctly for shadow passwords). We need,
|
|
Packit |
90a5c9 |
* therefore, to provide a password. This password can be matched by
|
|
Packit |
90a5c9 |
* adding the string "xxj31ZMTZzkVA" as the password in the user file.
|
|
Packit |
90a5c9 |
* This is just the crypted variant of the word "password" ;-)
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
auth_line = apr_pstrcat(r->pool, "Basic ",
|
|
Packit |
90a5c9 |
ap_pbase64encode(r->pool,
|
|
Packit |
90a5c9 |
apr_pstrcat(r->pool, clientdn,
|
|
Packit |
90a5c9 |
":password", NULL)),
|
|
Packit |
90a5c9 |
NULL);
|
|
Packit |
90a5c9 |
apr_table_setn(r->headers_in, "Authorization", auth_line);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02036)
|
|
Packit |
90a5c9 |
"Faking HTTP Basic Auth header: \"Authorization: %s\"",
|
|
Packit |
90a5c9 |
auth_line);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* authorization phase */
|
|
Packit |
90a5c9 |
int ssl_hook_Auth(request_rec *r)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
SSLDirConfigRec *dc = myDirConfig(r);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Additionally forbid access (again)
|
|
Packit |
90a5c9 |
* when strict require option is used.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) &&
|
|
Packit |
90a5c9 |
(apr_table_get(r->notes, "ssl-access-forbidden")))
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
return HTTP_FORBIDDEN;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Fixup Handler
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const char *const ssl_hook_Fixup_vars[] = {
|
|
Packit |
90a5c9 |
"SSL_VERSION_INTERFACE",
|
|
Packit |
90a5c9 |
"SSL_VERSION_LIBRARY",
|
|
Packit |
90a5c9 |
"SSL_PROTOCOL",
|
|
Packit |
90a5c9 |
"SSL_SECURE_RENEG",
|
|
Packit |
90a5c9 |
"SSL_COMPRESS_METHOD",
|
|
Packit |
90a5c9 |
"SSL_CIPHER",
|
|
Packit |
90a5c9 |
"SSL_CIPHER_EXPORT",
|
|
Packit |
90a5c9 |
"SSL_CIPHER_USEKEYSIZE",
|
|
Packit |
90a5c9 |
"SSL_CIPHER_ALGKEYSIZE",
|
|
Packit |
90a5c9 |
"SSL_CLIENT_VERIFY",
|
|
Packit |
90a5c9 |
"SSL_CLIENT_M_VERSION",
|
|
Packit |
90a5c9 |
"SSL_CLIENT_M_SERIAL",
|
|
Packit |
90a5c9 |
"SSL_CLIENT_V_START",
|
|
Packit |
90a5c9 |
"SSL_CLIENT_V_END",
|
|
Packit |
90a5c9 |
"SSL_CLIENT_V_REMAIN",
|
|
Packit |
90a5c9 |
"SSL_CLIENT_S_DN",
|
|
Packit |
90a5c9 |
"SSL_CLIENT_I_DN",
|
|
Packit |
90a5c9 |
"SSL_CLIENT_A_KEY",
|
|
Packit |
90a5c9 |
"SSL_CLIENT_A_SIG",
|
|
Packit |
90a5c9 |
"SSL_CLIENT_CERT_RFC4523_CEA",
|
|
Packit |
90a5c9 |
"SSL_SERVER_M_VERSION",
|
|
Packit |
90a5c9 |
"SSL_SERVER_M_SERIAL",
|
|
Packit |
90a5c9 |
"SSL_SERVER_V_START",
|
|
Packit |
90a5c9 |
"SSL_SERVER_V_END",
|
|
Packit |
90a5c9 |
"SSL_SERVER_S_DN",
|
|
Packit |
90a5c9 |
"SSL_SERVER_I_DN",
|
|
Packit |
90a5c9 |
"SSL_SERVER_A_KEY",
|
|
Packit |
90a5c9 |
"SSL_SERVER_A_SIG",
|
|
Packit |
90a5c9 |
"SSL_SESSION_ID",
|
|
Packit |
90a5c9 |
"SSL_SESSION_RESUMED",
|
|
Packit |
90a5c9 |
#ifdef HAVE_SRP
|
|
Packit |
90a5c9 |
"SSL_SRP_USER",
|
|
Packit |
90a5c9 |
"SSL_SRP_USERINFO",
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
NULL
|
|
Packit |
90a5c9 |
};
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
int ssl_hook_Fixup(request_rec *r)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
SSLConnRec *sslconn = myConnConfig(r->connection);
|
|
Packit |
90a5c9 |
SSLSrvConfigRec *sc = mySrvConfig(r->server);
|
|
Packit |
90a5c9 |
SSLDirConfigRec *dc = myDirConfig(r);
|
|
Packit |
90a5c9 |
apr_table_t *env = r->subprocess_env;
|
|
Packit |
90a5c9 |
char *var, *val = "";
|
|
Packit |
90a5c9 |
#ifdef HAVE_TLSEXT
|
|
Packit |
90a5c9 |
const char *servername;
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
STACK_OF(X509) *peer_certs;
|
|
Packit |
90a5c9 |
SSL *ssl;
|
|
Packit |
90a5c9 |
int i;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!(sslconn && sslconn->ssl) && r->connection->master) {
|
|
Packit |
90a5c9 |
sslconn = myConnConfig(r->connection->master);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Check to see if SSL is on
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) && sslconn && (ssl = sslconn->ssl))) {
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Annotate the SSI/CGI environment with standard SSL information
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
/* the always present HTTPS (=HTTP over SSL) flag! */
|
|
Packit |
90a5c9 |
apr_table_setn(env, "HTTPS", "on");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#ifdef HAVE_TLSEXT
|
|
Packit |
90a5c9 |
/* add content of SNI TLS extension (if supplied with ClientHello) */
|
|
Packit |
90a5c9 |
if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
|
|
Packit |
90a5c9 |
apr_table_set(env, "SSL_TLS_SNI", servername);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* standard SSL environment variables */
|
|
Packit |
90a5c9 |
if (dc->nOptions & SSL_OPT_STDENVVARS) {
|
|
Packit |
90a5c9 |
modssl_var_extract_dns(env, ssl, r->pool);
|
|
Packit |
90a5c9 |
modssl_var_extract_san_entries(env, ssl, r->pool);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
for (i = 0; ssl_hook_Fixup_vars[i]; i++) {
|
|
Packit |
90a5c9 |
var = (char *)ssl_hook_Fixup_vars[i];
|
|
Packit |
90a5c9 |
val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
|
|
Packit |
90a5c9 |
if (!strIsEmpty(val)) {
|
|
Packit |
90a5c9 |
apr_table_setn(env, var, val);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* On-demand bloat up the SSI/CGI environment with certificate data
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (dc->nOptions & SSL_OPT_EXPORTCERTDATA) {
|
|
Packit |
90a5c9 |
val = ssl_var_lookup(r->pool, r->server, r->connection,
|
|
Packit |
90a5c9 |
r, "SSL_SERVER_CERT");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
apr_table_setn(env, "SSL_SERVER_CERT", val);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
val = ssl_var_lookup(r->pool, r->server, r->connection,
|
|
Packit |
90a5c9 |
r, "SSL_CLIENT_CERT");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
apr_table_setn(env, "SSL_CLIENT_CERT", val);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if ((peer_certs = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl))) {
|
|
Packit |
90a5c9 |
for (i = 0; i < sk_X509_num(peer_certs); i++) {
|
|
Packit |
90a5c9 |
var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
|
|
Packit |
90a5c9 |
val = ssl_var_lookup(r->pool, r->server, r->connection,
|
|
Packit |
90a5c9 |
r, var);
|
|
Packit |
90a5c9 |
if (val) {
|
|
Packit |
90a5c9 |
apr_table_setn(env, var, val);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#ifdef SSL_get_secure_renegotiation_support
|
|
Packit |
90a5c9 |
apr_table_setn(r->notes, "ssl-secure-reneg",
|
|
Packit |
90a5c9 |
SSL_get_secure_renegotiation_support(ssl) ? "1" : "0");
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return DECLINED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* _________________________________________________________________
|
|
Packit |
90a5c9 |
**
|
|
Packit |
90a5c9 |
** Authz providers for use with mod_authz_core
|
|
Packit |
90a5c9 |
** _________________________________________________________________
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static authz_status ssl_authz_require_ssl_check(request_rec *r,
|
|
Packit |
90a5c9 |
const char *require_line,
|
|
Packit |
90a5c9 |
const void *parsed)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
SSLConnRec *sslconn = myConnConfig(r->connection);
|
|
Packit |
90a5c9 |
SSL *ssl = sslconn ? sslconn->ssl : NULL;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (ssl)
|
|
Packit |
90a5c9 |
return AUTHZ_GRANTED;
|
|
Packit |
90a5c9 |
else
|
|
Packit |
90a5c9 |
return AUTHZ_DENIED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const char *ssl_authz_require_ssl_parse(cmd_parms *cmd,
|
|
Packit |
90a5c9 |
const char *require_line,
|
|
Packit |
90a5c9 |
const void **parsed)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
if (require_line && require_line[0])
|
|
Packit |
90a5c9 |
return "'Require ssl' does not take arguments";
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return NULL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
const authz_provider ssl_authz_provider_require_ssl =
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
&ssl_authz_require_ssl_check,
|
|
Packit |
90a5c9 |
&ssl_authz_require_ssl_parse,
|
|
Packit |
90a5c9 |
};
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static authz_status ssl_authz_verify_client_check(request_rec *r,
|
|
Packit |
90a5c9 |
const char *require_line,
|
|
Packit |
90a5c9 |
const void *parsed)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
SSLConnRec *sslconn = myConnConfig(r->connection);
|
|
Packit |
90a5c9 |
SSL *ssl = sslconn ? sslconn->ssl : NULL;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!ssl)
|
|
Packit |
90a5c9 |
return AUTHZ_DENIED;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (sslconn->verify_error == NULL &&
|
|
Packit |
90a5c9 |
sslconn->verify_info == NULL &&
|
|
Packit |
90a5c9 |
SSL_get_verify_result(ssl) == X509_V_OK)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
X509 *xs = SSL_get_peer_certificate(ssl);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (xs) {
|
|
Packit |
90a5c9 |
X509_free(xs);
|
|
Packit |
90a5c9 |
return AUTHZ_GRANTED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
X509_free(xs);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return AUTHZ_DENIED;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static const char *ssl_authz_verify_client_parse(cmd_parms *cmd,
|
|
Packit |
90a5c9 |
const char *require_line,
|
|
Packit |
90a5c9 |
const void **parsed)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
if (require_line && require_line[0])
|
|
Packit |
90a5c9 |
return "'Require ssl-verify-client' does not take arguments";
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return NULL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
const authz_provider ssl_authz_provider_verify_client =
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
&ssl_authz_verify_client_check,
|
|
Packit |
90a5c9 |
&ssl_authz_verify_client_parse,
|
|
Packit |
90a5c9 |
};
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* _________________________________________________________________
|
|
Packit |
90a5c9 |
**
|
|
Packit |
90a5c9 |
** OpenSSL Callback Functions
|
|
Packit |
90a5c9 |
** _________________________________________________________________
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Hand out standard DH parameters, based on the authentication strength
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
|
|
Packit |
90a5c9 |
EVP_PKEY *pkey;
|
|
Packit |
90a5c9 |
int type;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#ifdef SSL_CERT_SET_SERVER
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* When multiple certs/keys are configured for the SSL_CTX: make sure
|
|
Packit |
90a5c9 |
* that we get the private key which is indeed used for the current
|
|
Packit |
90a5c9 |
* SSL connection (available in OpenSSL 1.0.2 or later only)
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
SSL_set_current_cert(ssl, SSL_CERT_SET_SERVER);
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
pkey = SSL_get_privatekey(ssl);
|
|
Packit |
90a5c9 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Packit |
90a5c9 |
type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
|
|
Packit |
90a5c9 |
#else
|
|
Packit |
90a5c9 |
type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* OpenSSL will call us with either keylen == 512 or keylen == 1024
|
|
Packit |
90a5c9 |
* (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h).
|
|
Packit |
90a5c9 |
* Adjust the DH parameter length according to the size of the
|
|
Packit |
90a5c9 |
* RSA/DSA private key used for the current connection, and always
|
|
Packit |
90a5c9 |
* use at least 1024-bit parameters.
|
|
Packit |
90a5c9 |
* Note: This may cause interoperability issues with implementations
|
|
Packit |
90a5c9 |
* which limit their DH support to 1024 bit - e.g. Java 7 and earlier.
|
|
Packit |
90a5c9 |
* In this case, SSLCertificateFile can be used to specify fixed
|
|
Packit |
90a5c9 |
* 1024-bit DH parameters (with the effect that OpenSSL skips this
|
|
Packit |
90a5c9 |
* callback).
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if ((type == EVP_PKEY_RSA) || (type == EVP_PKEY_DSA)) {
|
|
Packit |
90a5c9 |
keylen = EVP_PKEY_bits(pkey);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
|
|
Packit |
90a5c9 |
"handing out built-in DH parameters for %d-bit authenticated connection", keylen);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return modssl_get_dh_params(keylen);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* This OpenSSL callback function is called when OpenSSL
|
|
Packit |
90a5c9 |
* does client authentication and verifies the certificate chain.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
/* Get Apache context back through OpenSSL context */
|
|
Packit |
90a5c9 |
SSL *ssl = X509_STORE_CTX_get_ex_data(ctx,
|
|
Packit |
90a5c9 |
SSL_get_ex_data_X509_STORE_CTX_idx());
|
|
Packit |
90a5c9 |
conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
|
|
Packit |
90a5c9 |
request_rec *r = (request_rec *)modssl_get_app_data2(ssl);
|
|
Packit |
90a5c9 |
server_rec *s = r ? r->server : mySrvFromConn(conn);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
SSLSrvConfigRec *sc = mySrvConfig(s);
|
|
Packit |
90a5c9 |
SSLConnRec *sslconn = myConnConfig(conn);
|
|
Packit |
90a5c9 |
SSLDirConfigRec *dc = r ? myDirConfig(r) : sslconn->dc;
|
|
Packit |
90a5c9 |
modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
|
|
Packit |
90a5c9 |
int crl_check_mode = mctx->crl_check_mask & ~SSL_CRLCHECK_FLAGS;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Get verify ingredients */
|
|
Packit |
90a5c9 |
int errnum = X509_STORE_CTX_get_error(ctx);
|
|
Packit |
90a5c9 |
int errdepth = X509_STORE_CTX_get_error_depth(ctx);
|
|
Packit |
90a5c9 |
int depth = UNSET;
|
|
Packit |
90a5c9 |
int verify = SSL_CVERIFY_UNSET;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Log verification information
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
ssl_log_cxerror(SSLLOG_MARK, APLOG_DEBUG, 0, conn,
|
|
Packit |
90a5c9 |
X509_STORE_CTX_get_current_cert(ctx), APLOGNO(02275)
|
|
Packit |
90a5c9 |
"Certificate Verification, depth %d, "
|
|
Packit |
90a5c9 |
"CRL checking mode: %s (%x)", errdepth,
|
|
Packit |
90a5c9 |
crl_check_mode == SSL_CRLCHECK_CHAIN ? "chain" :
|
|
Packit |
90a5c9 |
crl_check_mode == SSL_CRLCHECK_LEAF ? "leaf" : "none",
|
|
Packit |
90a5c9 |
mctx->crl_check_mask);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Check for optionally acceptable non-verifiable issuer situation
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (dc) {
|
|
Packit |
90a5c9 |
if (sslconn->is_proxy) {
|
|
Packit |
90a5c9 |
verify = dc->proxy->auth.verify_mode;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
verify = dc->nVerifyClient;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
if (!dc || (verify == SSL_CVERIFY_UNSET)) {
|
|
Packit |
90a5c9 |
verify = mctx->auth.verify_mode;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (verify == SSL_CVERIFY_NONE) {
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* SSLProxyVerify is either not configured or set to "none".
|
|
Packit |
90a5c9 |
* (this callback doesn't happen in the server context if SSLVerify
|
|
Packit |
90a5c9 |
* is not configured or set to "none")
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
return TRUE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (ssl_verify_error_is_optional(errnum) &&
|
|
Packit |
90a5c9 |
(verify == SSL_CVERIFY_OPTIONAL_NO_CA))
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, conn, APLOGNO(02037)
|
|
Packit |
90a5c9 |
"Certificate Verification: Verifiable Issuer is "
|
|
Packit |
90a5c9 |
"configured as optional, therefore we're accepting "
|
|
Packit |
90a5c9 |
"the certificate");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
sslconn->verify_info = "GENEROUS";
|
|
Packit |
90a5c9 |
ok = TRUE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Expired certificates vs. "expired" CRLs: by default, OpenSSL
|
|
Packit |
90a5c9 |
* turns X509_V_ERR_CRL_HAS_EXPIRED into a "certificate_expired(45)"
|
|
Packit |
90a5c9 |
* SSL alert, but that's not really the message we should convey to the
|
|
Packit |
90a5c9 |
* peer (at the very least, it's confusing, and in many cases, it's also
|
|
Packit |
90a5c9 |
* inaccurate, as the certificate itself may very well not have expired
|
|
Packit |
90a5c9 |
* yet). We set the X509_STORE_CTX error to something which OpenSSL's
|
|
Packit |
90a5c9 |
* s3_both.c:ssl_verify_alarm_type() maps to SSL_AD_CERTIFICATE_UNKNOWN,
|
|
Packit |
90a5c9 |
* i.e. the peer will receive a "certificate_unknown(46)" alert.
|
|
Packit |
90a5c9 |
* We do not touch errnum, though, so that later on we will still log
|
|
Packit |
90a5c9 |
* the "real" error, as returned by OpenSSL.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (!ok && errnum == X509_V_ERR_CRL_HAS_EXPIRED) {
|
|
Packit |
90a5c9 |
X509_STORE_CTX_set_error(ctx, -1);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!ok && errnum == X509_V_ERR_UNABLE_TO_GET_CRL
|
|
Packit |
90a5c9 |
&& (mctx->crl_check_mask & SSL_CRLCHECK_NO_CRL_FOR_CERT_OK)) {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, conn,
|
|
Packit |
90a5c9 |
"Certificate Verification: Temporary error (%d): %s: "
|
|
Packit |
90a5c9 |
"optional therefore we're accepting the certificate",
|
|
Packit |
90a5c9 |
errnum, X509_verify_cert_error_string(errnum));
|
|
Packit |
90a5c9 |
X509_STORE_CTX_set_error(ctx, X509_V_OK);
|
|
Packit |
90a5c9 |
errnum = X509_V_OK;
|
|
Packit |
90a5c9 |
ok = TRUE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#ifndef OPENSSL_NO_OCSP
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Perform OCSP-based revocation checks
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
e55c45 |
if (ok && ((mctx->ocsp_mask & SSL_OCSPCHECK_CHAIN) ||
|
|
Packit |
e55c45 |
(errdepth == 0 && (mctx->ocsp_mask & SSL_OCSPCHECK_LEAF)))) {
|
|
Packit |
90a5c9 |
/* If there was an optional verification error, it's not
|
|
Packit |
90a5c9 |
* possible to perform OCSP validation since the issuer may be
|
|
Packit |
90a5c9 |
* missing/untrusted. Fail in that case. */
|
|
Packit |
90a5c9 |
if (ssl_verify_error_is_optional(errnum)) {
|
|
Packit |
90a5c9 |
X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION);
|
|
Packit |
90a5c9 |
errnum = X509_V_ERR_APPLICATION_VERIFICATION;
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn, APLOGNO(02038)
|
|
Packit |
90a5c9 |
"cannot perform OCSP validation for cert "
|
|
Packit |
90a5c9 |
"if issuer has not been verified "
|
|
Packit |
90a5c9 |
"(optional_no_ca configured)");
|
|
Packit |
90a5c9 |
ok = FALSE;
|
|
Packit |
90a5c9 |
} else {
|
|
Packit |
90a5c9 |
ok = modssl_verify_ocsp(ctx, sc, s, conn, conn->pool);
|
|
Packit |
90a5c9 |
if (!ok) {
|
|
Packit |
90a5c9 |
errnum = X509_STORE_CTX_get_error(ctx);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* If we already know it's not ok, log the real reason
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (!ok) {
|
|
Packit |
90a5c9 |
if (APLOGcinfo(conn)) {
|
|
Packit |
90a5c9 |
ssl_log_cxerror(SSLLOG_MARK, APLOG_INFO, 0, conn,
|
|
Packit |
90a5c9 |
X509_STORE_CTX_get_current_cert(ctx), APLOGNO(02276)
|
|
Packit |
90a5c9 |
"Certificate Verification: Error (%d): %s",
|
|
Packit |
90a5c9 |
errnum, X509_verify_cert_error_string(errnum));
|
|
Packit |
90a5c9 |
} else {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn, APLOGNO(02039)
|
|
Packit |
90a5c9 |
"Certificate Verification: Error (%d): %s",
|
|
Packit |
90a5c9 |
errnum, X509_verify_cert_error_string(errnum));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (sslconn->client_cert) {
|
|
Packit |
90a5c9 |
X509_free(sslconn->client_cert);
|
|
Packit |
90a5c9 |
sslconn->client_cert = NULL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
sslconn->client_dn = NULL;
|
|
Packit |
90a5c9 |
sslconn->verify_error = X509_verify_cert_error_string(errnum);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Finally check the depth of the certificate verification
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (dc) {
|
|
Packit |
90a5c9 |
if (sslconn->is_proxy) {
|
|
Packit |
90a5c9 |
depth = dc->proxy->auth.verify_depth;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
depth = dc->nVerifyDepth;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
if (!dc || (depth == UNSET)) {
|
|
Packit |
90a5c9 |
depth = mctx->auth.verify_depth;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (errdepth > depth) {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn, APLOGNO(02040)
|
|
Packit |
90a5c9 |
"Certificate Verification: Certificate Chain too long "
|
|
Packit |
90a5c9 |
"(chain has %d certificates, but maximum allowed are "
|
|
Packit |
90a5c9 |
"only %d)",
|
|
Packit |
90a5c9 |
errdepth, depth);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
errnum = X509_V_ERR_CERT_CHAIN_TOO_LONG;
|
|
Packit |
90a5c9 |
sslconn->verify_error = X509_verify_cert_error_string(errnum);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ok = FALSE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* And finally signal OpenSSL the (perhaps changed) state
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
return ok;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#define SSLPROXY_CERT_CB_LOG_FMT \
|
|
Packit |
90a5c9 |
"Proxy client certificate callback: (%s) "
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void modssl_proxy_info_log(conn_rec *c,
|
|
Packit |
90a5c9 |
X509_INFO *info,
|
|
Packit |
90a5c9 |
const char *msg)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
ssl_log_cxerror(SSLLOG_MARK, APLOG_DEBUG, 0, c, info->x509, APLOGNO(02277)
|
|
Packit |
90a5c9 |
SSLPROXY_CERT_CB_LOG_FMT "%s, sending",
|
|
Packit |
90a5c9 |
(mySrvConfigFromConn(c))->vhost_id, msg);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* caller will decrement the cert and key reference
|
|
Packit |
90a5c9 |
* so we need to increment here to prevent them from
|
|
Packit |
90a5c9 |
* being freed.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
#if MODSSL_USE_OPENSSL_PRE_1_1_API
|
|
Packit |
90a5c9 |
#define modssl_set_cert_info(info, cert, pkey) \
|
|
Packit |
90a5c9 |
*cert = info->x509; \
|
|
Packit |
90a5c9 |
CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \
|
|
Packit |
90a5c9 |
*pkey = info->x_pkey->dec_pkey; \
|
|
Packit |
90a5c9 |
CRYPTO_add(&(*pkey)->references, +1, CRYPTO_LOCK_X509_PKEY)
|
|
Packit |
90a5c9 |
#else
|
|
Packit |
90a5c9 |
#define modssl_set_cert_info(info, cert, pkey) \
|
|
Packit |
90a5c9 |
*cert = info->x509; \
|
|
Packit |
90a5c9 |
X509_up_ref(*cert); \
|
|
Packit |
90a5c9 |
*pkey = info->x_pkey->dec_pkey; \
|
|
Packit |
90a5c9 |
EVP_PKEY_up_ref(*pkey);
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
|
|
Packit |
90a5c9 |
server_rec *s = mySrvFromConn(c);
|
|
Packit |
90a5c9 |
SSLSrvConfigRec *sc = mySrvConfig(s);
|
|
Packit |
90a5c9 |
SSLDirConfigRec *dc = myDirConfigFromConn(c);
|
|
Packit |
90a5c9 |
X509_NAME *ca_name, *issuer, *ca_issuer;
|
|
Packit |
90a5c9 |
X509_INFO *info;
|
|
Packit |
90a5c9 |
X509 *ca_cert;
|
|
Packit |
90a5c9 |
STACK_OF(X509_NAME) *ca_list;
|
|
Packit |
90a5c9 |
STACK_OF(X509_INFO) *certs;
|
|
Packit |
90a5c9 |
STACK_OF(X509) *ca_certs;
|
|
Packit |
90a5c9 |
STACK_OF(X509) **ca_cert_chains;
|
|
Packit |
90a5c9 |
int i, j, k;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02267)
|
|
Packit |
90a5c9 |
SSLPROXY_CERT_CB_LOG_FMT "entered",
|
|
Packit |
90a5c9 |
sc->vhost_id);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
certs = (dc && dc->proxy) ? dc->proxy->pkp->certs : NULL;
|
|
Packit |
90a5c9 |
if (!certs || (sk_X509_INFO_num(certs) <= 0)) {
|
|
Packit |
90a5c9 |
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(02268)
|
|
Packit |
90a5c9 |
SSLPROXY_CERT_CB_LOG_FMT
|
|
Packit |
90a5c9 |
"downstream server wanted client certificate "
|
|
Packit |
90a5c9 |
"but none are configured", sc->vhost_id);
|
|
Packit |
90a5c9 |
return FALSE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ca_list = SSL_get_client_CA_list(ssl);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!ca_list || (sk_X509_NAME_num(ca_list) <= 0)) {
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* downstream server didn't send us a list of acceptable CA certs,
|
|
Packit |
90a5c9 |
* so we send the first client cert in the list.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
info = sk_X509_INFO_value(certs, 0);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
modssl_proxy_info_log(c, info, APLOGNO(02278) "no acceptable CA list");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
modssl_set_cert_info(info, x509, pkey);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return TRUE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ca_cert_chains = dc->proxy->pkp->ca_certs;
|
|
Packit |
90a5c9 |
for (i = 0; i < sk_X509_NAME_num(ca_list); i++) {
|
|
Packit |
90a5c9 |
ca_name = sk_X509_NAME_value(ca_list, i);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
for (j = 0; j < sk_X509_INFO_num(certs); j++) {
|
|
Packit |
90a5c9 |
info = sk_X509_INFO_value(certs, j);
|
|
Packit |
90a5c9 |
issuer = X509_get_issuer_name(info->x509);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Search certs (by issuer name) one by one*/
|
|
Packit |
90a5c9 |
if (X509_NAME_cmp(issuer, ca_name) == 0) {
|
|
Packit |
90a5c9 |
modssl_proxy_info_log(c, info, APLOGNO(02279)
|
|
Packit |
90a5c9 |
"found acceptable cert");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
modssl_set_cert_info(info, x509, pkey);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return TRUE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (ca_cert_chains) {
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Failed to find direct issuer - search intermediates
|
|
Packit |
90a5c9 |
* (by issuer name), if provided.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
ca_certs = ca_cert_chains[j];
|
|
Packit |
90a5c9 |
for (k = 0; k < sk_X509_num(ca_certs); k++) {
|
|
Packit |
90a5c9 |
ca_cert = sk_X509_value(ca_certs, k);
|
|
Packit |
90a5c9 |
ca_issuer = X509_get_issuer_name(ca_cert);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if(X509_NAME_cmp(ca_issuer, ca_name) == 0 ) {
|
|
Packit |
90a5c9 |
modssl_proxy_info_log(c, info, APLOGNO(02280)
|
|
Packit |
90a5c9 |
"found acceptable cert by intermediate CA");
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
modssl_set_cert_info(info, x509, pkey);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return TRUE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
} /* end loop through chained certs */
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
} /* end loop through available certs */
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02269)
|
|
Packit |
90a5c9 |
SSLPROXY_CERT_CB_LOG_FMT
|
|
Packit |
90a5c9 |
"no client certificate found!?", sc->vhost_id);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return FALSE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
static void ssl_session_log(server_rec *s,
|
|
Packit |
90a5c9 |
const char *request,
|
|
Packit |
90a5c9 |
IDCONST unsigned char *id,
|
|
Packit |
90a5c9 |
unsigned int idlen,
|
|
Packit |
90a5c9 |
const char *status,
|
|
Packit |
90a5c9 |
const char *result,
|
|
Packit |
90a5c9 |
long timeout)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
char buf[MODSSL_SESSION_ID_STRING_LEN];
|
|
Packit |
90a5c9 |
char timeout_str[56] = {'\0'};
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (!APLOGdebug(s)) {
|
|
Packit |
90a5c9 |
return;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (timeout) {
|
|
Packit |
90a5c9 |
apr_snprintf(timeout_str, sizeof(timeout_str),
|
|
Packit |
90a5c9 |
"timeout=%lds ", timeout);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, s,
|
|
Packit |
90a5c9 |
"Inter-Process Session Cache: "
|
|
Packit |
90a5c9 |
"request=%s status=%s id=%s %s(session %s)",
|
|
Packit |
90a5c9 |
request, status,
|
|
Packit |
90a5c9 |
modssl_SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
|
|
Packit |
90a5c9 |
timeout_str, result);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* This callback function is executed by OpenSSL whenever a new SSL_SESSION is
|
|
Packit |
90a5c9 |
* added to the internal OpenSSL session cache. We use this hook to spread the
|
|
Packit |
90a5c9 |
* SSL_SESSION also to the inter-process disk-cache to make share it with our
|
|
Packit |
90a5c9 |
* other Apache pre-forked server processes.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
/* Get Apache context back through OpenSSL context */
|
|
Packit |
90a5c9 |
conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
|
|
Packit |
90a5c9 |
server_rec *s = mySrvFromConn(conn);
|
|
Packit |
90a5c9 |
SSLSrvConfigRec *sc = mySrvConfig(s);
|
|
Packit |
90a5c9 |
long timeout = sc->session_cache_timeout;
|
|
Packit |
90a5c9 |
BOOL rc;
|
|
Packit |
90a5c9 |
IDCONST unsigned char *id;
|
|
Packit |
90a5c9 |
unsigned int idlen;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Set the timeout also for the internal OpenSSL cache, because this way
|
|
Packit |
90a5c9 |
* our inter-process cache is consulted only when it's really necessary.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
SSL_set_timeout(session, timeout);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Store the SSL_SESSION in the inter-process cache with the
|
|
Packit |
90a5c9 |
* same expire time, so it expires automatically there, too.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
#ifdef OPENSSL_NO_SSL_INTERN
|
|
Packit |
90a5c9 |
id = (unsigned char *)SSL_SESSION_get_id(session, &idlen);
|
|
Packit |
90a5c9 |
#else
|
|
Packit |
90a5c9 |
id = session->session_id;
|
|
Packit |
90a5c9 |
idlen = session->session_id_length;
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
rc = ssl_scache_store(s, id, idlen,
|
|
Packit |
90a5c9 |
apr_time_from_sec(SSL_SESSION_get_time(session)
|
|
Packit |
90a5c9 |
+ timeout),
|
|
Packit |
90a5c9 |
session, conn->pool);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ssl_session_log(s, "SET", id, idlen,
|
|
Packit |
90a5c9 |
rc == TRUE ? "OK" : "BAD",
|
|
Packit |
90a5c9 |
"caching", timeout);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* return 0 which means to OpenSSL that the session is still
|
|
Packit |
90a5c9 |
* valid and was not freed by us with SSL_SESSION_free().
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* This callback function is executed by OpenSSL whenever a
|
|
Packit |
90a5c9 |
* SSL_SESSION is looked up in the internal OpenSSL cache and it
|
|
Packit |
90a5c9 |
* was not found. We use this to lookup the SSL_SESSION in the
|
|
Packit |
90a5c9 |
* inter-process disk-cache where it was perhaps stored by one
|
|
Packit |
90a5c9 |
* of our other Apache pre-forked server processes.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl,
|
|
Packit |
90a5c9 |
IDCONST unsigned char *id,
|
|
Packit |
90a5c9 |
int idlen, int *do_copy)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
/* Get Apache context back through OpenSSL context */
|
|
Packit |
90a5c9 |
conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
|
|
Packit |
90a5c9 |
server_rec *s = mySrvFromConn(conn);
|
|
Packit |
90a5c9 |
SSL_SESSION *session;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Try to retrieve the SSL_SESSION from the inter-process cache
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
session = ssl_scache_retrieve(s, id, idlen, conn->pool);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ssl_session_log(s, "GET", id, idlen,
|
|
Packit |
90a5c9 |
session ? "FOUND" : "MISSED",
|
|
Packit |
90a5c9 |
session ? "reuse" : "renewal", 0);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Return NULL or the retrieved SSL_SESSION. But indicate (by
|
|
Packit |
90a5c9 |
* setting do_copy to 0) that the reference count on the
|
|
Packit |
90a5c9 |
* SSL_SESSION should not be incremented by the SSL library,
|
|
Packit |
90a5c9 |
* because we will no longer hold a reference to it ourself.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
*do_copy = 0;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return session;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* This callback function is executed by OpenSSL whenever a
|
|
Packit |
90a5c9 |
* SSL_SESSION is removed from the internal OpenSSL cache.
|
|
Packit |
90a5c9 |
* We use this to remove the SSL_SESSION in the inter-process
|
|
Packit |
90a5c9 |
* disk-cache, too.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx,
|
|
Packit |
90a5c9 |
SSL_SESSION *session)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
server_rec *s;
|
|
Packit |
90a5c9 |
SSLSrvConfigRec *sc;
|
|
Packit |
90a5c9 |
IDCONST unsigned char *id;
|
|
Packit |
90a5c9 |
unsigned int idlen;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Get Apache context back through OpenSSL context
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (!(s = (server_rec *)SSL_CTX_get_app_data(ctx))) {
|
|
Packit |
90a5c9 |
return; /* on server shutdown Apache is already gone */
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
sc = mySrvConfig(s);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Remove the SSL_SESSION from the inter-process cache
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
#ifdef OPENSSL_NO_SSL_INTERN
|
|
Packit |
90a5c9 |
id = (unsigned char *)SSL_SESSION_get_id(session, &idlen);
|
|
Packit |
90a5c9 |
#else
|
|
Packit |
90a5c9 |
id = session->session_id;
|
|
Packit |
90a5c9 |
idlen = session->session_id_length;
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* TODO: Do we need a temp pool here, or are we always shutting down? */
|
|
Packit |
90a5c9 |
ssl_scache_remove(s, id, idlen, sc->mc->pPool);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ssl_session_log(s, "REM", id, idlen,
|
|
Packit |
90a5c9 |
"OK", "dead", 0);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Dump debugginfo trace to the log file. */
|
|
Packit |
90a5c9 |
static void log_tracing_state(const SSL *ssl, conn_rec *c,
|
|
Packit |
90a5c9 |
server_rec *s, int where, int rc)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* create the various trace messages
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (where & SSL_CB_HANDSHAKE_START) {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
|
|
Packit |
90a5c9 |
"%s: Handshake: start", MODSSL_LIBRARY_NAME);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (where & SSL_CB_HANDSHAKE_DONE) {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
|
|
Packit |
90a5c9 |
"%s: Handshake: done", MODSSL_LIBRARY_NAME);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (where & SSL_CB_LOOP) {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
|
|
Packit |
90a5c9 |
"%s: Loop: %s",
|
|
Packit |
90a5c9 |
MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (where & SSL_CB_READ) {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
|
|
Packit |
90a5c9 |
"%s: Read: %s",
|
|
Packit |
90a5c9 |
MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (where & SSL_CB_WRITE) {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
|
|
Packit |
90a5c9 |
"%s: Write: %s",
|
|
Packit |
90a5c9 |
MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (where & SSL_CB_ALERT) {
|
|
Packit |
90a5c9 |
char *str = (where & SSL_CB_READ) ? "read" : "write";
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
|
|
Packit |
90a5c9 |
"%s: Alert: %s:%s:%s",
|
|
Packit |
90a5c9 |
MODSSL_LIBRARY_NAME, str,
|
|
Packit |
90a5c9 |
SSL_alert_type_string_long(rc),
|
|
Packit |
90a5c9 |
SSL_alert_desc_string_long(rc));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (where & SSL_CB_EXIT) {
|
|
Packit |
90a5c9 |
if (rc == 0) {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
|
|
Packit |
90a5c9 |
"%s: Exit: failed in %s",
|
|
Packit |
90a5c9 |
MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (rc < 0) {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
|
|
Packit |
90a5c9 |
"%s: Exit: error in %s",
|
|
Packit |
90a5c9 |
MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Because SSL renegotiations can happen at any time (not only after
|
|
Packit |
90a5c9 |
* SSL_accept()), the best way to log the current connection details is
|
|
Packit |
90a5c9 |
* right after a finished handshake.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (where & SSL_CB_HANDSHAKE_DONE) {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02041)
|
|
Packit |
90a5c9 |
"Protocol: %s, Cipher: %s (%s/%s bits)",
|
|
Packit |
90a5c9 |
ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"),
|
|
Packit |
90a5c9 |
ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"),
|
|
Packit |
90a5c9 |
ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"),
|
|
Packit |
90a5c9 |
ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE"));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* This callback function is executed while OpenSSL processes the SSL
|
|
Packit |
90a5c9 |
* handshake and does SSL record layer stuff. It's used to trap
|
|
Packit |
90a5c9 |
* client-initiated renegotiations, and for dumping everything to the
|
|
Packit |
90a5c9 |
* log.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
void ssl_callback_Info(const SSL *ssl, int where, int rc)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
conn_rec *c;
|
|
Packit |
90a5c9 |
server_rec *s;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* Retrieve the conn_rec and the associated SSLConnRec. */
|
|
Packit |
90a5c9 |
if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL) {
|
|
Packit |
90a5c9 |
return;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* With TLS 1.3 this callback may be called multiple times on the first
|
|
Packit |
90a5c9 |
* negotiation, so the below logic to detect renegotiations can't work.
|
|
Packit |
90a5c9 |
* Fortunately renegotiations are forbidden starting with TLS 1.3, and
|
|
Packit |
90a5c9 |
* this is enforced by OpenSSL so there's nothing to be done here.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
#if SSL_HAVE_PROTOCOL_TLSV1_3
|
|
Packit |
90a5c9 |
if (SSL_version(ssl) < TLS1_3_VERSION)
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
SSLConnRec *sslconn;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if ((sslconn = myConnConfig(c)) == NULL) {
|
|
Packit |
90a5c9 |
return;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* If the reneg state is to reject renegotiations, check the SSL
|
|
Packit |
90a5c9 |
* state machine and move to ABORT if a Client Hello is being
|
|
Packit |
90a5c9 |
* read. */
|
|
Packit |
90a5c9 |
if (!sslconn->is_proxy &&
|
|
Packit |
90a5c9 |
(where & SSL_CB_HANDSHAKE_START) &&
|
|
Packit |
90a5c9 |
sslconn->reneg_state == RENEG_REJECT) {
|
|
Packit |
90a5c9 |
sslconn->reneg_state = RENEG_ABORT;
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02042)
|
|
Packit |
90a5c9 |
"rejecting client initiated renegotiation");
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
/* If the first handshake is complete, change state to reject any
|
|
Packit |
90a5c9 |
* subsequent client-initiated renegotiation. */
|
|
Packit |
90a5c9 |
else if ((where & SSL_CB_HANDSHAKE_DONE)
|
|
Packit |
90a5c9 |
&& sslconn->reneg_state == RENEG_INIT) {
|
|
Packit |
90a5c9 |
sslconn->reneg_state = RENEG_REJECT;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
s = mySrvFromConn(c);
|
|
Packit |
90a5c9 |
if (s && APLOGdebug(s)) {
|
|
Packit |
90a5c9 |
log_tracing_state(ssl, c, s, where, rc);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#ifdef HAVE_TLSEXT
|
|
Packit |
20f7c8 |
|
|
Packit |
20f7c8 |
static apr_status_t set_challenge_creds(conn_rec *c, const char *servername,
|
|
Packit |
20f7c8 |
SSL *ssl, X509 *cert, EVP_PKEY *key)
|
|
Packit |
20f7c8 |
{
|
|
Packit |
20f7c8 |
SSLConnRec *sslcon = myConnConfig(c);
|
|
Packit |
20f7c8 |
|
|
Packit |
20f7c8 |
sslcon->service_unavailable = 1;
|
|
Packit |
20f7c8 |
if ((SSL_use_certificate(ssl, cert) < 1)) {
|
|
Packit |
20f7c8 |
ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c, APLOGNO(10086)
|
|
Packit |
20f7c8 |
"Failed to configure challenge certificate %s",
|
|
Packit |
20f7c8 |
servername);
|
|
Packit |
20f7c8 |
return APR_EGENERAL;
|
|
Packit |
20f7c8 |
}
|
|
Packit |
20f7c8 |
|
|
Packit |
20f7c8 |
if (!SSL_use_PrivateKey(ssl, key)) {
|
|
Packit |
20f7c8 |
ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c, APLOGNO(10087)
|
|
Packit |
20f7c8 |
"error '%s' using Challenge key: %s",
|
|
Packit |
20f7c8 |
ERR_error_string(ERR_peek_last_error(), NULL),
|
|
Packit |
20f7c8 |
servername);
|
|
Packit |
20f7c8 |
return APR_EGENERAL;
|
|
Packit |
20f7c8 |
}
|
|
Packit |
20f7c8 |
|
|
Packit |
20f7c8 |
if (SSL_check_private_key(ssl) < 1) {
|
|
Packit |
20f7c8 |
ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c, APLOGNO(10088)
|
|
Packit |
20f7c8 |
"Challenge certificate and private key %s "
|
|
Packit |
20f7c8 |
"do not match", servername);
|
|
Packit |
20f7c8 |
return APR_EGENERAL;
|
|
Packit |
20f7c8 |
}
|
|
Packit |
20f7c8 |
return APR_SUCCESS;
|
|
Packit |
20f7c8 |
}
|
|
Packit |
20f7c8 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* This function sets the virtual host from an extended
|
|
Packit |
90a5c9 |
* client hello with a server name indication extension ("SNI", cf. RFC 6066).
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
static apr_status_t init_vhost(conn_rec *c, SSL *ssl)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
const char *servername;
|
|
Packit |
90a5c9 |
X509 *cert;
|
|
Packit |
90a5c9 |
EVP_PKEY *key;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (c) {
|
|
Packit |
90a5c9 |
SSLConnRec *sslcon = myConnConfig(c);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (sslcon->server != c->base_server) {
|
|
Packit |
90a5c9 |
/* already found the vhost */
|
|
Packit |
90a5c9 |
return APR_SUCCESS;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
|
|
Packit |
90a5c9 |
if (servername) {
|
|
Packit |
90a5c9 |
if (ap_vhost_iterate_given_conn(c, ssl_find_vhost,
|
|
Packit |
90a5c9 |
(void *)servername)) {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02043)
|
|
Packit |
90a5c9 |
"SSL virtual host for servername %s found",
|
|
Packit |
90a5c9 |
servername);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return APR_SUCCESS;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (ssl_is_challenge(c, servername, &cert, &key)) {
|
|
Packit |
20f7c8 |
/* With ACMEv1 we can have challenge connections to a unknown domains
|
|
Packit |
20f7c8 |
* that need to be answered with a special certificate and will
|
|
Packit |
20f7c8 |
* otherwise not answer any requests. */
|
|
Packit |
20f7c8 |
if (set_challenge_creds(c, servername, ssl, cert, key) != APR_SUCCESS) {
|
|
Packit |
90a5c9 |
return APR_EGENERAL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02044)
|
|
Packit |
90a5c9 |
"No matching SSL virtual host for servername "
|
|
Packit |
90a5c9 |
"%s found (using default/first virtual host)",
|
|
Packit |
90a5c9 |
servername);
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* RFC 6066 section 3 says "It is NOT RECOMMENDED to send
|
|
Packit |
90a5c9 |
* a warning-level unrecognized_name(112) alert, because
|
|
Packit |
90a5c9 |
* the client's behavior in response to warning-level alerts
|
|
Packit |
90a5c9 |
* is unpredictable."
|
|
Packit |
90a5c9 |
*
|
|
Packit |
90a5c9 |
* To maintain backwards compatibility in mod_ssl, we
|
|
Packit |
90a5c9 |
* no longer send any alert (neither warning- nor fatal-level),
|
|
Packit |
90a5c9 |
* i.e. we take the second action suggested in RFC 6066:
|
|
Packit |
90a5c9 |
* "If the server understood the ClientHello extension but
|
|
Packit |
90a5c9 |
* does not recognize the server name, the server SHOULD take
|
|
Packit |
90a5c9 |
* one of two actions: either abort the handshake by sending
|
|
Packit |
90a5c9 |
* a fatal-level unrecognized_name(112) alert or continue
|
|
Packit |
90a5c9 |
* the handshake."
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02645)
|
|
Packit |
90a5c9 |
"Server name not provided via TLS extension "
|
|
Packit |
90a5c9 |
"(using default/first virtual host)");
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return APR_NOTFOUND;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* This callback function is executed when OpenSSL encounters an extended
|
|
Packit |
90a5c9 |
* client hello with a server name indication extension ("SNI", cf. RFC 6066).
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
int ssl_callback_ServerNameIndication(SSL *ssl, int *al, modssl_ctx_t *mctx)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
|
|
Packit |
90a5c9 |
apr_status_t status = init_vhost(c, ssl);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return (status == APR_SUCCESS)? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Find a (name-based) SSL virtual host where either the ServerName
|
|
Packit |
90a5c9 |
* or one of the ServerAliases matches the supplied name (to be used
|
|
Packit |
90a5c9 |
* with ap_vhost_iterate_given_conn())
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
SSLSrvConfigRec *sc;
|
|
Packit |
90a5c9 |
SSL *ssl;
|
|
Packit |
90a5c9 |
BOOL found;
|
|
Packit |
90a5c9 |
SSLConnRec *sslcon;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
found = ssl_util_vhost_matches(servername, s);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* set SSL_CTX (if matched) */
|
|
Packit |
90a5c9 |
sslcon = myConnConfig(c);
|
|
Packit |
90a5c9 |
if (found && (ssl = sslcon->ssl) &&
|
|
Packit |
90a5c9 |
(sc = mySrvConfig(s))) {
|
|
Packit |
90a5c9 |
SSL_CTX *ctx = SSL_set_SSL_CTX(ssl, sc->server->ssl_ctx);
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* SSL_set_SSL_CTX() only deals with the server cert,
|
|
Packit |
90a5c9 |
* so we need to duplicate a few additional settings
|
|
Packit |
90a5c9 |
* from the ctx by hand
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
SSL_set_options(ssl, SSL_CTX_get_options(ctx));
|
|
Packit |
90a5c9 |
if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
|
|
Packit |
90a5c9 |
(SSL_num_renegotiations(ssl) == 0)) {
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Only initialize the verification settings from the ctx
|
|
Packit |
90a5c9 |
* if they are not yet set, or if we're called when a new
|
|
Packit |
90a5c9 |
* SSL connection is set up (num_renegotiations == 0).
|
|
Packit |
90a5c9 |
* Otherwise, we would possibly reset a per-directory
|
|
Packit |
90a5c9 |
* configuration which was put into effect by ssl_hook_Access.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx),
|
|
Packit |
90a5c9 |
SSL_CTX_get_verify_callback(ctx));
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Adjust the session id context. ssl_init_ssl_connection()
|
|
Packit |
90a5c9 |
* always picks the configuration of the first vhost when
|
|
Packit |
90a5c9 |
* calling SSL_new(), but we want to tie the session to the
|
|
Packit |
90a5c9 |
* vhost we have just switched to. Again, we have to make sure
|
|
Packit |
90a5c9 |
* that we're not overwriting a session id context which was
|
|
Packit |
90a5c9 |
* possibly set in ssl_hook_Access(), before triggering
|
|
Packit |
90a5c9 |
* a renegotiation.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (SSL_num_renegotiations(ssl) == 0) {
|
|
Packit |
90a5c9 |
unsigned char *sid_ctx =
|
|
Packit |
90a5c9 |
(unsigned char *)ap_md5_binary(c->pool,
|
|
Packit |
90a5c9 |
(unsigned char *)sc->vhost_id,
|
|
Packit |
90a5c9 |
sc->vhost_id_len);
|
|
Packit |
90a5c9 |
SSL_set_session_id_context(ssl, sid_ctx, APR_MD5_DIGESTSIZE*2);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* Save the found server into our SSLConnRec for later
|
|
Packit |
90a5c9 |
* retrieval
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
sslcon->server = s;
|
|
Packit |
90a5c9 |
sslcon->cipher_suite = sc->server->auth.cipher_suite;
|
|
Packit |
90a5c9 |
sslcon->service_unavailable = sc->server->pks?
|
|
Packit |
90a5c9 |
sc->server->pks->service_unavailable : 0;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_update_child_status_from_server(c->sbh, SERVER_BUSY_READ, c, s);
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* There is one special filter callback, which is set
|
|
Packit |
90a5c9 |
* very early depending on the base_server's log level.
|
|
Packit |
90a5c9 |
* If this is not the first vhost we're now selecting
|
|
Packit |
90a5c9 |
* (and the first vhost doesn't use APLOG_TRACE4), then
|
|
Packit |
90a5c9 |
* we need to set that callback here.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
if (APLOGtrace4(s)) {
|
|
Packit |
90a5c9 |
BIO *rbio = SSL_get_rbio(ssl),
|
|
Packit |
90a5c9 |
*wbio = SSL_get_wbio(ssl);
|
|
Packit |
90a5c9 |
BIO_set_callback(rbio, ssl_io_data_cb);
|
|
Packit |
90a5c9 |
BIO_set_callback_arg(rbio, (void *)ssl);
|
|
Packit |
90a5c9 |
if (wbio && wbio != rbio) {
|
|
Packit |
90a5c9 |
BIO_set_callback(wbio, ssl_io_data_cb);
|
|
Packit |
90a5c9 |
BIO_set_callback_arg(wbio, (void *)ssl);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
#endif /* HAVE_TLSEXT */
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#ifdef HAVE_TLS_SESSION_TICKETS
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* This callback function is executed when OpenSSL needs a key for encrypting/
|
|
Packit |
90a5c9 |
* decrypting a TLS session ticket (RFC 5077) and a ticket key file has been
|
|
Packit |
90a5c9 |
* configured through SSLSessionTicketKeyFile.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
int ssl_callback_SessionTicket(SSL *ssl,
|
|
Packit |
90a5c9 |
unsigned char *keyname,
|
|
Packit |
90a5c9 |
unsigned char *iv,
|
|
Packit |
90a5c9 |
EVP_CIPHER_CTX *cipher_ctx,
|
|
Packit |
90a5c9 |
HMAC_CTX *hctx,
|
|
Packit |
90a5c9 |
int mode)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
|
|
Packit |
90a5c9 |
server_rec *s = mySrvFromConn(c);
|
|
Packit |
90a5c9 |
SSLSrvConfigRec *sc = mySrvConfig(s);
|
|
Packit |
90a5c9 |
SSLConnRec *sslconn = myConnConfig(c);
|
|
Packit |
90a5c9 |
modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
|
|
Packit |
90a5c9 |
modssl_ticket_key_t *ticket_key = mctx->ticket_key;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (mode == 1) {
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* OpenSSL is asking for a key for encrypting a ticket,
|
|
Packit |
90a5c9 |
* see s3_srvr.c:ssl3_send_newsession_ticket()
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (ticket_key == NULL) {
|
|
Packit |
90a5c9 |
/* should never happen, but better safe than sorry */
|
|
Packit |
90a5c9 |
return -1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
memcpy(keyname, ticket_key->key_name, 16);
|
|
Packit |
90a5c9 |
if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) != 1) {
|
|
Packit |
90a5c9 |
return -1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
|
|
Packit |
90a5c9 |
ticket_key->aes_key, iv);
|
|
Packit |
90a5c9 |
HMAC_Init_ex(hctx, ticket_key->hmac_secret, 16, tlsext_tick_md(), NULL);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02289)
|
|
Packit |
90a5c9 |
"TLS session ticket key for %s successfully set, "
|
|
Packit |
90a5c9 |
"creating new session ticket", sc->vhost_id);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
else if (mode == 0) {
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* OpenSSL is asking for the decryption key,
|
|
Packit |
90a5c9 |
* see t1_lib.c:tls_decrypt_ticket()
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* check key name */
|
|
Packit |
90a5c9 |
if (ticket_key == NULL || memcmp(keyname, ticket_key->key_name, 16)) {
|
|
Packit |
90a5c9 |
return 0;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
EVP_DecryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
|
|
Packit |
90a5c9 |
ticket_key->aes_key, iv);
|
|
Packit |
90a5c9 |
HMAC_Init_ex(hctx, ticket_key->hmac_secret, 16, tlsext_tick_md(), NULL);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02290)
|
|
Packit |
90a5c9 |
"TLS session ticket key for %s successfully set, "
|
|
Packit |
90a5c9 |
"decrypting existing session ticket", sc->vhost_id);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return 1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* OpenSSL is not expected to call us with modes other than 1 or 0 */
|
|
Packit |
90a5c9 |
return -1;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
#endif /* HAVE_TLS_SESSION_TICKETS */
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#ifdef HAVE_TLS_ALPN
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/*
|
|
Packit |
90a5c9 |
* This callback function is executed when the TLS Application-Layer
|
|
Packit |
90a5c9 |
* Protocol Negotiation Extension (ALPN, RFC 7301) is triggered by the Client
|
|
Packit |
90a5c9 |
* Hello, giving a list of desired protocol names (in descending preference)
|
|
Packit |
90a5c9 |
* to the server.
|
|
Packit |
90a5c9 |
* The callback has to select a protocol name or return an error if none of
|
|
Packit |
90a5c9 |
* the clients preferences is supported.
|
|
Packit |
90a5c9 |
* The selected protocol does not have to be on the client list, according
|
|
Packit |
90a5c9 |
* to RFC 7301, so no checks are performed.
|
|
Packit |
90a5c9 |
* The client protocol list is serialized as length byte followed by ASCII
|
|
Packit |
90a5c9 |
* characters (not null-terminated), followed by the next protocol name.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
int ssl_callback_alpn_select(SSL *ssl,
|
|
Packit |
90a5c9 |
const unsigned char **out, unsigned char *outlen,
|
|
Packit |
90a5c9 |
const unsigned char *in, unsigned int inlen,
|
|
Packit |
90a5c9 |
void *arg)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
|
|
Packit |
90a5c9 |
SSLConnRec *sslconn;
|
|
Packit |
90a5c9 |
apr_array_header_t *client_protos;
|
|
Packit |
90a5c9 |
const char *proposed;
|
|
Packit |
90a5c9 |
size_t len;
|
|
Packit |
90a5c9 |
int i;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* If the connection object is not available,
|
|
Packit |
90a5c9 |
* then there's nothing for us to do. */
|
|
Packit |
90a5c9 |
if (c == NULL) {
|
|
Packit |
90a5c9 |
return SSL_TLSEXT_ERR_OK;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
sslconn = myConnConfig(c);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (inlen == 0) {
|
|
Packit |
90a5c9 |
/* someone tries to trick us? */
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02837)
|
|
Packit |
90a5c9 |
"ALPN client protocol list empty");
|
|
Packit |
90a5c9 |
return SSL_TLSEXT_ERR_ALERT_FATAL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
client_protos = apr_array_make(c->pool, 0, sizeof(char *));
|
|
Packit |
90a5c9 |
for (i = 0; i < inlen; /**/) {
|
|
Packit |
90a5c9 |
unsigned int plen = in[i++];
|
|
Packit |
90a5c9 |
if (plen + i > inlen) {
|
|
Packit |
90a5c9 |
/* someone tries to trick us? */
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02838)
|
|
Packit |
90a5c9 |
"ALPN protocol identifier too long");
|
|
Packit |
90a5c9 |
return SSL_TLSEXT_ERR_ALERT_FATAL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
APR_ARRAY_PUSH(client_protos, char *) =
|
|
Packit |
90a5c9 |
apr_pstrndup(c->pool, (const char *)in+i, plen);
|
|
Packit |
90a5c9 |
i += plen;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* The order the callbacks are invoked from TLS extensions is, unfortunately
|
|
Packit |
90a5c9 |
* not defined and older openssl versions do call ALPN selection before
|
|
Packit |
90a5c9 |
* they callback the SNI. We need to make sure that we know which vhost
|
|
Packit |
90a5c9 |
* we are dealing with so we respect the correct protocols.
|
|
Packit |
90a5c9 |
*/
|
|
Packit |
90a5c9 |
init_vhost(c, ssl);
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
proposed = ap_select_protocol(c, NULL, sslconn->server, client_protos);
|
|
Packit |
90a5c9 |
if (!proposed) {
|
|
Packit |
90a5c9 |
proposed = ap_get_protocol(c);
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
len = strlen(proposed);
|
|
Packit |
90a5c9 |
if (len > 255) {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02840)
|
|
Packit |
90a5c9 |
"ALPN negotiated protocol name too long");
|
|
Packit |
90a5c9 |
return SSL_TLSEXT_ERR_ALERT_FATAL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
*out = (const unsigned char *)proposed;
|
|
Packit |
90a5c9 |
*outlen = (unsigned char)len;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (strcmp(proposed, ap_get_protocol(c))) {
|
|
Packit |
90a5c9 |
apr_status_t status;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
status = ap_switch_protocol(c, NULL, sslconn->server, proposed);
|
|
Packit |
90a5c9 |
if (status != APR_SUCCESS) {
|
|
Packit |
90a5c9 |
ap_log_cerror(APLOG_MARK, APLOG_ERR, status, c,
|
|
Packit |
90a5c9 |
APLOGNO(02908) "protocol switch to '%s' failed",
|
|
Packit |
90a5c9 |
proposed);
|
|
Packit |
90a5c9 |
return SSL_TLSEXT_ERR_ALERT_FATAL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
20f7c8 |
|
|
Packit |
20f7c8 |
/* protocol was switched, this could be a challenge protocol such as "acme-tls/1".
|
|
Packit |
20f7c8 |
* For that to work, we need to allow overrides to our ssl certificate.
|
|
Packit |
20f7c8 |
* However, exclude challenge checks on our best known traffic protocol.
|
|
Packit |
20f7c8 |
* (http/1.1 is the default, we never switch to it anyway.)
|
|
Packit |
20f7c8 |
*/
|
|
Packit |
20f7c8 |
if (strcmp("h2", proposed)) {
|
|
Packit |
20f7c8 |
const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
|
|
Packit |
20f7c8 |
X509 *cert;
|
|
Packit |
20f7c8 |
EVP_PKEY *key;
|
|
Packit |
20f7c8 |
|
|
Packit |
20f7c8 |
if (ssl_is_challenge(c, servername, &cert, &key)) {
|
|
Packit |
20f7c8 |
if (set_challenge_creds(c, servername, ssl, cert, key) != APR_SUCCESS) {
|
|
Packit |
20f7c8 |
return SSL_TLSEXT_ERR_ALERT_FATAL;
|
|
Packit |
20f7c8 |
}
|
|
Packit |
20f7c8 |
}
|
|
Packit |
20f7c8 |
}
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
return SSL_TLSEXT_ERR_OK;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
#endif /* HAVE_TLS_ALPN */
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#ifdef HAVE_SRP
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg)
|
|
Packit |
90a5c9 |
{
|
|
Packit |
90a5c9 |
modssl_ctx_t *mctx = (modssl_ctx_t *)arg;
|
|
Packit |
90a5c9 |
char *username = SSL_get_srp_username(ssl);
|
|
Packit |
90a5c9 |
SRP_user_pwd *u;
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (username == NULL
|
|
Packit |
90a5c9 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
Packit |
90a5c9 |
|| (u = SRP_VBASE_get_by_user(mctx->srp_vbase, username)) == NULL) {
|
|
Packit |
90a5c9 |
#else
|
|
Packit |
90a5c9 |
|| (u = SRP_VBASE_get1_by_user(mctx->srp_vbase, username)) == NULL) {
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
*ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
|
|
Packit |
90a5c9 |
return SSL3_AL_FATAL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
if (SSL_set_srp_server_param(ssl, u->N, u->g, u->s, u->v, u->info) < 0) {
|
|
Packit |
90a5c9 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
Packit |
90a5c9 |
SRP_user_pwd_free(u);
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
*ad = SSL_AD_INTERNAL_ERROR;
|
|
Packit |
90a5c9 |
return SSL3_AL_FATAL;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
/* reset all other options */
|
|
Packit |
90a5c9 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
Packit |
90a5c9 |
SRP_user_pwd_free(u);
|
|
Packit |
90a5c9 |
#endif
|
|
Packit |
90a5c9 |
SSL_set_verify(ssl, SSL_VERIFY_NONE, ssl_callback_SSLVerify);
|
|
Packit |
90a5c9 |
return SSL_ERROR_NONE;
|
|
Packit |
90a5c9 |
}
|
|
Packit |
90a5c9 |
|
|
Packit |
90a5c9 |
#endif /* HAVE_SRP */
|
|
Packit |
003d89 |
|
|
Packit |
003d89 |
|
|
Packit |
003d89 |
#ifdef HAVE_OPENSSL_KEYLOG
|
|
Packit |
003d89 |
/* Callback used with SSL_CTX_set_keylog_callback. */
|
|
Packit |
003d89 |
void modssl_callback_keylog(const SSL *ssl, const char *line)
|
|
Packit |
003d89 |
{
|
|
Packit |
003d89 |
conn_rec *conn = SSL_get_app_data(ssl);
|
|
Packit |
003d89 |
SSLSrvConfigRec *sc = mySrvConfig(conn->base_server);
|
|
Packit |
003d89 |
|
|
Packit |
003d89 |
if (sc && sc->mc->keylog_file) {
|
|
Packit |
003d89 |
apr_file_printf(sc->mc->keylog_file, "%s\n", line);
|
|
Packit |
003d89 |
}
|
|
Packit |
003d89 |
}
|
|
Packit |
003d89 |
#endif
|