ssl_engine_kernel.c revision 40beb03c240a9c60805388592f1005d9bf9d2362
02c335c23bf5fa225a467c19f2c063fb0dc7b8c3Timo Sirainen/* Licensed to the Apache Software Foundation (ASF) under one or more
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen * contributor license agreements. See the NOTICE file distributed with
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen * this work for additional information regarding copyright ownership.
9ca6d68fbad1892423ca798818f579c95475a19aTimo Sirainen * The ASF licenses this file to You under the Apache License, Version 2.0
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen * (the "License"); you may not use this file except in compliance with
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen * the License. You may obtain a copy of the License at
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen *
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen * http://www.apache.org/licenses/LICENSE-2.0
1af95e0fea59835842dafe207e86ebc53691c596Timo Sirainen *
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen * Unless required by applicable law or agreed to in writing, software
9ca6d68fbad1892423ca798818f579c95475a19aTimo Sirainen * distributed under the License is distributed on an "AS IS" BASIS,
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen * See the License for the specific language governing permissions and
eda647108a7dab36a4133bbee1916720b4b1c97eTimo Sirainen * limitations under the License.
eda647108a7dab36a4133bbee1916720b4b1c97eTimo Sirainen */
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen/* _ _
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen * _ __ ___ ___ __| | ___ ___| | mod_ssl
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
9ca6d68fbad1892423ca798818f579c95475a19aTimo Sirainen * | | | | | | (_) | (_| | \__ \__ \ |
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen * |_| |_| |_|\___/ \__,_|___|___/___/_|
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen * |_____|
9ca6d68fbad1892423ca798818f579c95475a19aTimo Sirainen * ssl_engine_kernel.c
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen * The SSL engine kernel
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen */
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen /* ``It took me fifteen years to discover
b1a2d2042e8c7e99983175eb462b82cc7a8cb70bTimo Sirainen I had no talent for programming, but
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen I couldn't give it up because by that
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen time I was too famous.''
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen -- Unknown */
9ca6d68fbad1892423ca798818f579c95475a19aTimo Sirainen#include "ssl_private.h"
9ca6d68fbad1892423ca798818f579c95475a19aTimo Sirainen
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainenstatic void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen#define SWITCH_STATUS_LINE "HTTP/1.1 101 Switching Protocols"
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen#define UPGRADE_HEADER "Upgrade: TLS/1.0, HTTP/1.1"
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen#define CONNECTION_HEADER "Connection: Upgrade"
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen
f4fdc28d5df5eee00528a37e198493829e7df0abTimo Sirainen/* Perform an upgrade-to-TLS for the given request, per RFC 2817. */
f4fdc28d5df5eee00528a37e198493829e7df0abTimo Sirainenstatic apr_status_t upgrade_connection(request_rec *r)
f4fdc28d5df5eee00528a37e198493829e7df0abTimo Sirainen{
f4fdc28d5df5eee00528a37e198493829e7df0abTimo Sirainen struct conn_rec *conn = r->connection;
f4fdc28d5df5eee00528a37e198493829e7df0abTimo Sirainen apr_bucket_brigade *bb;
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen SSLConnRec *sslconn;
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen apr_status_t rv;
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen SSL *ssl;
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen "upgrading connection to TLS");
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen bb = apr_brigade_create(r->pool, conn->bucket_alloc);
e39459afd08b437e72fd72cd60ff409230695bceTimo Sirainen
e39459afd08b437e72fd72cd60ff409230695bceTimo Sirainen rv = ap_fputstrs(conn->output_filters, bb, SWITCH_STATUS_LINE, CRLF,
e39459afd08b437e72fd72cd60ff409230695bceTimo Sirainen UPGRADE_HEADER, CRLF, CONNECTION_HEADER, CRLF, CRLF, NULL);
e39459afd08b437e72fd72cd60ff409230695bceTimo Sirainen if (rv == APR_SUCCESS) {
e39459afd08b437e72fd72cd60ff409230695bceTimo Sirainen APR_BRIGADE_INSERT_TAIL(bb,
b50e80d237435686c4ea525643f266731a600981Timo Sirainen apr_bucket_flush_create(conn->bucket_alloc));
e39459afd08b437e72fd72cd60ff409230695bceTimo Sirainen rv = ap_pass_brigade(conn->output_filters, bb);
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen }
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen
854574e0a4a4d38b0ada296cc85eed3530436c69Timo Sirainen if (rv) {
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
d5e131e809cf52342d904857d41c2bb41973dde8Timo Sirainen "failed to send 101 interim response for connection "
d5e131e809cf52342d904857d41c2bb41973dde8Timo Sirainen "upgrade");
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen return rv;
d5e131e809cf52342d904857d41c2bb41973dde8Timo Sirainen }
2769852989e20e50b437550bda3489e0950942a6Timo Sirainen
d5e131e809cf52342d904857d41c2bb41973dde8Timo Sirainen ssl_init_ssl_connection(conn, r);
2769852989e20e50b437550bda3489e0950942a6Timo Sirainen
d5e131e809cf52342d904857d41c2bb41973dde8Timo Sirainen sslconn = myConnConfig(conn);
d5e131e809cf52342d904857d41c2bb41973dde8Timo Sirainen ssl = sslconn->ssl;
d5e131e809cf52342d904857d41c2bb41973dde8Timo Sirainen
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen /* Perform initial SSL handshake. */
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen SSL_set_accept_state(ssl);
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen SSL_do_handshake(ssl);
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen if (SSL_get_state(ssl) != SSL_ST_OK) {
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen "TLS upgrade handshake failed: not accepted by client!?");
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen return APR_ECONNABORTED;
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen }
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen return APR_SUCCESS;
d5e131e809cf52342d904857d41c2bb41973dde8Timo Sirainen}
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen/*
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen * Post Read Request Handler
d5e131e809cf52342d904857d41c2bb41973dde8Timo Sirainen */
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainenint ssl_hook_ReadReq(request_rec *r)
d5e131e809cf52342d904857d41c2bb41973dde8Timo Sirainen{
d5e131e809cf52342d904857d41c2bb41973dde8Timo Sirainen SSLSrvConfigRec *sc = mySrvConfig(r->server);
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen SSLConnRec *sslconn;
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen const char *upgrade;
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen SSL *ssl;
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen /* Perform TLS upgrade here if "SSLEngine optional" is configured,
e2170d0dfac94f795ab5dbe05939393c14b1946cTimo Sirainen * SSL is not already set up for this connection, and the client
e2170d0dfac94f795ab5dbe05939393c14b1946cTimo Sirainen * has sent a suitable Upgrade header. */
e2170d0dfac94f795ab5dbe05939393c14b1946cTimo Sirainen if (sc->enabled == SSL_ENABLED_OPTIONAL && !myConnConfig(r->connection)
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen && (upgrade = apr_table_get(r->headers_in, "Upgrade")) != NULL
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen && ap_find_token(r->pool, upgrade, "TLS/1.0")) {
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen if (upgrade_connection(r)) {
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen return HTTP_INTERNAL_SERVER_ERROR;
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen }
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen }
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen sslconn = myConnConfig(r->connection);
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen if (!sslconn) {
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen return DECLINED;
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen }
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen if (sslconn->non_ssl_request) {
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen const char *errmsg;
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen char *thisurl;
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen char *thisport = "";
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen int port = ap_get_server_port(r);
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen if (!ap_is_default_port(port, r)) {
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen thisport = apr_psprintf(r->pool, ":%u", port);
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen }
14e45b91d0ce2c213b6f8f8e027171f0d08a84baTimo Sirainen
14e45b91d0ce2c213b6f8f8e027171f0d08a84baTimo Sirainen thisurl = ap_escape_html(r->pool,
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen apr_psprintf(r->pool, "https://%s%s/",
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen ap_get_server_name(r),
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen thisport));
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen errmsg = apr_psprintf(r->pool,
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen "Reason: You're speaking plain HTTP "
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen "to an SSL-enabled server port.<br />\n"
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen "Instead use the HTTPS scheme to access "
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen "this URL, please.<br />\n"
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen "<blockquote>Hint: "
5940a2b112cdabc534df17179e63208f4c81a28bTimo Sirainen "<a href=\"%s\"><b>%s</b></a></blockquote>",
5940a2b112cdabc534df17179e63208f4c81a28bTimo Sirainen thisurl, thisurl);
5940a2b112cdabc534df17179e63208f4c81a28bTimo Sirainen
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen apr_table_setn(r->notes, "error-notes", errmsg);
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen /* Now that we have caught this error, forget it. we are done
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen * with using SSL on this request.
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen */
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen sslconn->non_ssl_request = 0;
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen return HTTP_BAD_REQUEST;
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen }
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen /*
13aff14ae8b2fb88c39bacc132b468ae82d63145Timo Sirainen * Get the SSL connection structure and perform the
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen * delayed interlinking from SSL back to request_rec
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen */
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen ssl = sslconn->ssl;
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen if (!ssl) {
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen return DECLINED;
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen }
5940a2b112cdabc534df17179e63208f4c81a28bTimo Sirainen SSL_set_app_data2(ssl, r);
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen /*
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen * Log information about incoming HTTPS requests
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen */
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen "%s HTTPS request received for child %ld (server %s)",
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen (r->connection->keepalives <= 0 ?
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen "Initial (No.1)" :
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen apr_psprintf(r->pool, "Subsequent (No.%d)",
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen r->connection->keepalives+1)),
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen r->connection->id,
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen ssl_util_vhostid(r->pool, r->server));
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen }
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen /* SetEnvIf ssl-*-shutdown flags can only be per-server,
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen * so they won't change across keepalive requests
13aff14ae8b2fb88c39bacc132b468ae82d63145Timo Sirainen */
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen ssl_configure_env(r, sslconn);
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen }
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen return DECLINED;
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen}
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen/*
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen * Move SetEnvIf information from request_rec to conn_rec/BUFF
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen * to allow the close connection handler to use them.
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen */
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainenstatic void ssl_configure_env(request_rec *r, SSLConnRec *sslconn)
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen{
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen int i;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen const apr_array_header_t *arr = apr_table_elts(r->subprocess_env);
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen const apr_table_entry_t *elts = (const apr_table_entry_t *)arr->elts;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_STANDARD;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen for (i = 0; i < arr->nelts; i++) {
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen const char *key = elts[i].key;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen switch (*key) {
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen case 's':
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen /* being case-sensitive here.
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen * and not checking for the -shutdown since these are the only
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen * SetEnvIf "flags" we support
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen */
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen if (!strncmp(key+1, "sl-", 3)) {
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen key += 4;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen if (!strncmp(key, "unclean", 7)) {
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen }
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen else if (!strncmp(key, "accurate", 8)) {
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_ACCURATE;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen }
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen return; /* should only ever be one ssl-*-shutdown */
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen }
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen break;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen }
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen }
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen}
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen/*
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen * Access Handler
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen */
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainenint ssl_hook_Access(request_rec *r)
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen{
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen SSLDirConfigRec *dc = myDirConfig(r);
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen SSLSrvConfigRec *sc = mySrvConfig(r->server);
214fc90c61133ea4a3521dd7313fe488a55ac0c6Timo Sirainen SSLConnRec *sslconn = myConnConfig(r->connection);
214fc90c61133ea4a3521dd7313fe488a55ac0c6Timo Sirainen SSL *ssl = sslconn ? sslconn->ssl : NULL;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen SSL_CTX *ctx = NULL;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen apr_array_header_t *requires;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen ssl_require_t *ssl_requires;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen char *cp;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen int ok, i;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen X509 *cert;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen X509 *peercert;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen X509_STORE *cert_store = NULL;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen X509_STORE_CTX cert_store_ctx;
214fc90c61133ea4a3521dd7313fe488a55ac0c6Timo Sirainen STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
214fc90c61133ea4a3521dd7313fe488a55ac0c6Timo Sirainen SSL_CIPHER *cipher = NULL;
214fc90c61133ea4a3521dd7313fe488a55ac0c6Timo Sirainen int depth, verify_old, verify, n;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen if (ssl) {
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen ctx = SSL_get_SSL_CTX(ssl);
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen }
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen /*
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen * Support for SSLRequireSSL directive
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen */
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen if (dc->bSSLRequired && !ssl) {
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen if (sc->enabled == SSL_ENABLED_OPTIONAL) {
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen /* This vhost was configured for optional SSL, just tell the
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen * client that we need to upgrade.
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen */
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen apr_table_setn(r->err_headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen apr_table_setn(r->err_headers_out, "Connection", "Upgrade");
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen return HTTP_UPGRADE_REQUIRED;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen }
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen "access to %s failed, reason: %s",
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen r->filename, "SSL connection required");
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen /* remember forbidden access for strict require option */
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen apr_table_setn(r->notes, "ssl-access-forbidden", "1");
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen return HTTP_FORBIDDEN;
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen }
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen /*
15979d11259a2391c943bb47af4d174df52d9eb9Timo Sirainen * Check to see whether SSL is in use; if it's not, then no
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen * further access control checks are relevant. (the test for
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen * sc->enabled is probably strictly unnecessary)
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen */
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen return DECLINED;
e34d170f8f0e084bd94bfbc1a7085ece67e508dfTimo Sirainen }
e34d170f8f0e084bd94bfbc1a7085ece67e508dfTimo Sirainen
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen /*
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen * Support for per-directory reconfigured SSL connection parameters.
0b5cf161dd06c3ab1e747d48ea949631358c994eTimo Sirainen *
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen * This is implemented by forcing an SSL renegotiation with the
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen * reconfigured parameter suite. But Apache's internal API processing
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen * makes our life very hard here, because when internal sub-requests occur
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen * we nevertheless should avoid multiple unnecessary SSL handshakes (they
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen * require extra network I/O and especially time to perform).
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen *
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen * But the optimization for filtering out the unnecessary handshakes isn't
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen * obvious and trivial. Especially because while Apache is in its
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen * sub-request processing the client could force additional handshakes,
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen * too. And these take place perhaps without our notice. So the only
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen * possibility is to explicitly _ask_ OpenSSL whether the renegotiation
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen * has to be performed or not. It has to performed when some parameters
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen * which were previously known (by us) are not those we've now
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen * reconfigured (as known by OpenSSL) or (in optimized way) at least when
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen * the reconfigured parameter suite is stronger (more restrictions) than
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen * the currently active one.
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen */
6df0ab0c1ab91f06b6418cb30eff44405a1b8f02Timo Sirainen
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen#ifndef OPENSSL_NO_TLSEXT
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen /*
5085686ff2b4be28e7d631e1bbfa32afe427b7c7Timo Sirainen * We will switch to another virtualhost and to its ssl_ctx
5085686ff2b4be28e7d631e1bbfa32afe427b7c7Timo Sirainen * if changed, we will force a renegotiation.
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen */
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen if (r->hostname && !SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) {
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen SSL_CTX *ctx = SSL_get_SSL_CTX(ssl);
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen if (ssl_set_vhost_ctx(ssl,(char *)r->hostname) &&
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen ctx != SSL_get_SSL_CTX(ssl))
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen renegotiate = TRUE;
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen }
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen#endif
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen /*
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen * Override of SSLCipherSuite
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen *
ffb886eb9c3682bb891206cced9623368035d739Timo Sirainen * We provide two options here:
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen *
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen * o The paranoid and default approach where we force a renegotiation when
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen * the cipher suite changed in _any_ way (which is straight-forward but
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen * often forces renegotiations too often and is perhaps not what the
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen * user actually wanted).
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen *
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen * o The optimized and still secure way where we force a renegotiation
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen * only if the currently active cipher is no longer contained in the
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen * reconfigured/new cipher suite. Any other changes are not important
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen * because it's the servers choice to select a cipher from the ones the
bf611d43256ef8ee3e1c1ce8e1257920f2075278Timo Sirainen * client supports. So as long as the current cipher is still in the new
bf611d43256ef8ee3e1c1ce8e1257920f2075278Timo Sirainen * cipher suite we're happy. Because we can assume we would have
bf611d43256ef8ee3e1c1ce8e1257920f2075278Timo Sirainen * selected it again even when other (better) ciphers exists now in the
bf611d43256ef8ee3e1c1ce8e1257920f2075278Timo Sirainen * new cipher suite. This approach is fine because the user explicitly
bf611d43256ef8ee3e1c1ce8e1257920f2075278Timo Sirainen * has to enable this via ``SSLOptions +OptRenegotiate''. So we do no
bf611d43256ef8ee3e1c1ce8e1257920f2075278Timo Sirainen * implicit optimizations.
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen */
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen if (dc->szCipherSuite) {
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen /* remember old state */
adcb46fe2c6d1139dfbd8ab08a8fbe96e53f8fd6Timo Sirainen
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen cipher = SSL_get_current_cipher(ssl);
eda647108a7dab36a4133bbee1916720b4b1c97eTimo Sirainen }
eda647108a7dab36a4133bbee1916720b4b1c97eTimo Sirainen else {
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen cipher_list_old = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
d81b80bac97040d5e737f23ce1ee2eb4d7cc16cfTimo Sirainen
d81b80bac97040d5e737f23ce1ee2eb4d7cc16cfTimo Sirainen if (cipher_list_old) {
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen cipher_list_old = sk_SSL_CIPHER_dup(cipher_list_old);
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen }
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen }
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen /* configure new state */
d81b80bac97040d5e737f23ce1ee2eb4d7cc16cfTimo Sirainen if (!modssl_set_cipher_list(ssl, dc->szCipherSuite)) {
d81b80bac97040d5e737f23ce1ee2eb4d7cc16cfTimo Sirainen ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen "Unable to reconfigure (per-directory) "
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen "permitted SSL ciphers");
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen if (cipher_list_old) {
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen sk_SSL_CIPHER_free(cipher_list_old);
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen }
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen return HTTP_FORBIDDEN;
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen }
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen /* determine whether a renegotiation has to be forced */
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen cipher_list = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen /* optimized way */
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen if ((!cipher && cipher_list) ||
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen (cipher && !cipher_list))
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen {
530f80fcbfa8be7378ff0d36ec7ecef41f198e2cTimo Sirainen renegotiate = TRUE;
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen }
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen else if (cipher && cipher_list &&
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen (sk_SSL_CIPHER_find(cipher_list, cipher) < 0))
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen {
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen renegotiate = TRUE;
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen }
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen }
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen else {
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen /* paranoid way */
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen if ((!cipher_list_old && cipher_list) ||
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen (cipher_list_old && !cipher_list))
ffb886eb9c3682bb891206cced9623368035d739Timo Sirainen {
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen renegotiate = TRUE;
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen }
9ed77dd00248e88d731ec129116db5dddc0dd3b5Timo Sirainen else if (cipher_list_old && cipher_list) {
9ed77dd00248e88d731ec129116db5dddc0dd3b5Timo Sirainen for (n = 0;
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen !renegotiate && (n < sk_SSL_CIPHER_num(cipher_list));
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen n++)
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen {
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list, n);
fda7b3649d2ccdb4a95f5bf09eb8cf5435d57261Timo Sirainen
fda7b3649d2ccdb4a95f5bf09eb8cf5435d57261Timo Sirainen if (sk_SSL_CIPHER_find(cipher_list_old, value) < 0) {
fda7b3649d2ccdb4a95f5bf09eb8cf5435d57261Timo Sirainen renegotiate = TRUE;
fda7b3649d2ccdb4a95f5bf09eb8cf5435d57261Timo Sirainen }
fda7b3649d2ccdb4a95f5bf09eb8cf5435d57261Timo Sirainen }
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen
15979d11259a2391c943bb47af4d174df52d9eb9Timo Sirainen for (n = 0;
15979d11259a2391c943bb47af4d174df52d9eb9Timo Sirainen !renegotiate && (n < sk_SSL_CIPHER_num(cipher_list_old));
d81b80bac97040d5e737f23ce1ee2eb4d7cc16cfTimo Sirainen n++)
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen {
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list_old, n);
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen if (sk_SSL_CIPHER_find(cipher_list, value) < 0) {
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen renegotiate = TRUE;
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen }
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen }
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen }
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen }
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen /* cleanup */
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen if (cipher_list_old) {
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen sk_SSL_CIPHER_free(cipher_list_old);
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen }
7e24f82fbd6e0bde96de9d3109dd2ea6819b7d34Timo Sirainen
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen /* tracing */
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen if (renegotiate) {
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
eb1365e61674c54c7c453143356a891fb2e2b3d6Timo Sirainen "Reconfigured cipher suite will force renegotiation");
eb1365e61674c54c7c453143356a891fb2e2b3d6Timo Sirainen }
9ed77dd00248e88d731ec129116db5dddc0dd3b5Timo Sirainen }
9ed77dd00248e88d731ec129116db5dddc0dd3b5Timo Sirainen
1a284e27b1446cc2c0ed185dbfa4fac850a1abbdTimo Sirainen /*
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen * override of SSLVerifyDepth
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen *
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen * The depth checks are handled by us manually inside the verify callback
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen * function and not by OpenSSL internally (and our function is aware of
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen * both the per-server and per-directory contexts). So we cannot ask
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen * OpenSSL about the currently verify depth. Instead we remember it in our
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen * ap_ctx attached to the SSL* of OpenSSL. We've to force the
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen * renegotiation if the reconfigured/new verify depth is less than the
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen * currently active/remembered verify depth (because this means more
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen * restriction on the certificate chain).
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen */
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen if (dc->nVerifyDepth != UNSET) {
1a284e27b1446cc2c0ed185dbfa4fac850a1abbdTimo Sirainen /* XXX: doesnt look like sslconn->verify_depth is actually used */
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen if (!(n = sslconn->verify_depth)) {
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen sslconn->verify_depth = n = sc->server->auth.verify_depth;
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen }
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen /* determine whether a renegotiation has to be forced */
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen if (dc->nVerifyDepth < n) {
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen renegotiate = TRUE;
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen "Reduced client verification depth will force "
5f44975ec6c5755dd74bcd4c47a123a7242ecab3Timo Sirainen "renegotiation");
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen }
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen }
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen /*
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen * override of SSLVerifyClient
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen *
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen * We force a renegotiation if the reconfigured/new verify type is
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen * stronger than the currently active verify type.
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen *
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen * The order is: none << optional_no_ca << optional << require
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen *
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen * Additionally the following optimization is possible here: When the
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen * currently active verify type is "none" but a client certificate is
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen * already known/present, it's enough to manually force a client
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen * verification but at least skip the I/O-intensive renegotation
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen * handshake.
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen */
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen if (dc->nVerifyClient != SSL_CVERIFY_UNSET) {
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen /* remember old state */
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen verify_old = SSL_get_verify_mode(ssl);
5f44975ec6c5755dd74bcd4c47a123a7242ecab3Timo Sirainen /* configure new state */
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen verify = SSL_VERIFY_NONE;
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen if (dc->nVerifyClient == SSL_CVERIFY_REQUIRE) {
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen verify |= SSL_VERIFY_PEER_STRICT;
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen }
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen if ((dc->nVerifyClient == SSL_CVERIFY_OPTIONAL) ||
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA))
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen {
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen verify |= SSL_VERIFY_PEER;
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen }
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen modssl_set_verify(ssl, verify, ssl_callback_SSLVerify);
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen SSL_set_verify_result(ssl, X509_V_OK);
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen /* determine whether we've to force a renegotiation */
3e546c443055db8e8c69d43b13fb11a24f0a9b1cTimo Sirainen if (!renegotiate && verify != verify_old) {
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen if (((verify_old == SSL_VERIFY_NONE) &&
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen (verify != SSL_VERIFY_NONE)) ||
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen (!(verify_old & SSL_VERIFY_PEER) &&
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen (verify & SSL_VERIFY_PEER)) ||
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen (!(verify_old & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) &&
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
2ddc5efd47452644be369fa86e978cc05a508217Timo Sirainen {
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen renegotiate = TRUE;
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen /* optimization */
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen
1a284e27b1446cc2c0ed185dbfa4fac850a1abbdTimo Sirainen if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&
1a284e27b1446cc2c0ed185dbfa4fac850a1abbdTimo Sirainen (verify_old == SSL_VERIFY_NONE) &&
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen ((peercert = SSL_get_peer_certificate(ssl)) != NULL))
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen {
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen renegotiate_quick = TRUE;
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen X509_free(peercert);
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen }
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen "Changed client verification type will force "
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen "%srenegotiation",
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen renegotiate_quick ? "quick " : "");
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen }
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen }
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen }
297959b63ffb7998f73d2a722a23b4dc01c52f22Timo Sirainen
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen /*
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen * override SSLCACertificateFile & SSLCACertificatePath
297959b63ffb7998f73d2a722a23b4dc01c52f22Timo Sirainen * This is only enabled if the SSL_set_cert_store() function
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen * is available in the ssl library. the 1.x based mod_ssl
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen * used SSL_CTX_set_cert_store which is not thread safe.
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen */
e65df911d966a0b4623e287d4669253cc46bbe0fTimo Sirainen
297959b63ffb7998f73d2a722a23b4dc01c52f22Timo Sirainen#ifdef HAVE_SSL_SET_CERT_STORE
297959b63ffb7998f73d2a722a23b4dc01c52f22Timo Sirainen /*
297959b63ffb7998f73d2a722a23b4dc01c52f22Timo Sirainen * check if per-dir and per-server config field are not the same.
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen * if f is defined in per-dir and not defined in per-server
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen * or f is defined in both but not the equal ...
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen */
f424c157faae226f153578442fab1512275889fcTimo Sirainen#define MODSSL_CFG_NE(f) \
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen (dc->f && (!sc->f || (sc->f && strNE(dc->f, sc->f))))
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen#define MODSSL_CFG_CA(f) \
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen (dc->f ? dc->f : sc->f)
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen if (MODSSL_CFG_NE(szCACertificateFile) ||
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen MODSSL_CFG_NE(szCACertificatePath))
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen {
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen STACK_OF(X509_NAME) *ca_list;
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen const char *ca_file = MODSSL_CFG_CA(szCACertificateFile);
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen const char *ca_path = MODSSL_CFG_CA(szCACertificatePath);
e2b63d479f1666fef9a1d1e39c731a5cd813b437Timo Sirainen
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen cert_store = X509_STORE_new();
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen if (!X509_STORE_load_locations(cert_store, ca_file, ca_path)) {
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen "Unable to reconfigure verify locations "
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen "for client authentication");
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen
9ed77dd00248e88d731ec129116db5dddc0dd3b5Timo Sirainen X509_STORE_free(cert_store);
0daf6ffdc0958f3dff3a81201e7cdbb1ecf0d28bTimo Sirainen
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen return HTTP_FORBIDDEN;
94a77d6e5d7600859e4c5e4a7ea19dc3e91998b9Timo Sirainen }
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen
e15b305e90c9834734ccf35ed78f0ad29d570ee9Timo Sirainen /* SSL_free will free cert_store */
421d30619384e72a27e2a5d13ff6525aff4d17feTimo Sirainen SSL_set_cert_store(ssl, cert_store);
ecd69c4e8371853667e01b0c16d436ef7f7393e2Timo Sirainen
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen if (!(ca_list = ssl_init_FindCAList(r->server, r->pool,
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen ca_file, ca_path)))
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen {
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen "Unable to determine list of available "
f46885a5b78b15a8d2419f6e5d13b643bd85e41fTimo Sirainen "CA certificates for client authentication");
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen return HTTP_FORBIDDEN;
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen }
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen
50ffc12831eff618d35a8ee7537b61eaa95a4adeTimo Sirainen SSL_set_client_CA_list(ssl, ca_list);
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen renegotiate = TRUE;
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
b8eb60a9ba83e2f3f6d969e810553eb937be2128Timo Sirainen "Changed client verification locations will force "
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen "renegotiation");
306b3f41b05da642d87e7ca7a1496efce9f5902fTimo Sirainen }
df452e9628fe8d3356c42dd644b020ea9733c0c1Timo Sirainen#endif /* HAVE_SSL_SET_CERT_STORE */
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen /* If a renegotiation is now required for this location, and the
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen * request includes a message body (and the client has not
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen * requested a "100 Continue" response), then the client will be
f46885a5b78b15a8d2419f6e5d13b643bd85e41fTimo Sirainen * streaming the request body over the wire already. In that
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen * case, it is not possible to stop and perform a new SSL
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen * handshake immediately; once the SSL library moves to the
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen * "accept" state, it will reject the SSL packets which the client
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen * is sending for the request body.
9fb018dea4e2073639249ea8a14ae27cab2c0aacTimo Sirainen *
* To allow authentication to complete in this auth hook, the
* solution used here is to fill a (bounded) buffer with the
* request body, and then to reinject that request body later.
*/
if (renegotiate && !renegotiate_quick
&& (apr_table_get(r->headers_in, "transfer-encoding")
|| (apr_table_get(r->headers_in, "content-length")
&& strcmp(apr_table_get(r->headers_in, "content-length"), "0")))
&& !r->expecting_100) {
int rv;
/* Fill the I/O buffer with the request body if possible. */
rv = ssl_io_buffer_fill(r);
if (rv) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"could not buffer message body to allow "
"SSL renegotiation to proceed");
return rv;
}
}
/*
* now do the renegotiation if anything was actually reconfigured
*/
if (renegotiate) {
/*
* Now we force the SSL renegotation by sending the Hello Request
* message to the client. Here we have to do a workaround: Actually
* OpenSSL returns immediately after sending the Hello Request (the
* intent AFAIK is because the SSL/TLS protocol says it's not a must
* that the client replies to a Hello Request). But because we insist
* on a reply (anything else is an error for us) we have to go to the
* ACCEPT state manually. Using SSL_set_accept_state() doesn't work
* here because it resets too much of the connection. So we set the
* state explicitly and continue the handshake manually.
*/
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Requesting connection re-negotiation");
if (renegotiate_quick) {
STACK_OF(X509) *cert_stack;
/* perform just a manual re-verification of the peer */
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"Performing quick renegotiation: "
"just re-verifying the peer");
cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl);
cert = SSL_get_peer_certificate(ssl);
if (!cert_stack && cert) {
/* client cert is in the session cache, but there is
* no chain, since ssl3_get_client_certificate()
* sk_X509_shift-ed the peer cert out of the chain.
* we put it back here for the purpose of quick_renegotiation.
*/
cert_stack = sk_new_null();
sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert);
}
if (!cert_stack || (sk_X509_num(cert_stack) == 0)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Cannot find peer certificate chain");
return HTTP_FORBIDDEN;
}
if (!(cert_store ||
(cert_store = SSL_CTX_get_cert_store(ctx))))
{
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Cannot find certificate storage");
return HTTP_FORBIDDEN;
}
if (!cert) {
cert = sk_X509_value(cert_stack, 0);
}
X509_STORE_CTX_init(&cert_store_ctx, cert_store, cert, cert_stack);
depth = SSL_get_verify_depth(ssl);
if (depth >= 0) {
X509_STORE_CTX_set_depth(&cert_store_ctx, depth);
}
X509_STORE_CTX_set_ex_data(&cert_store_ctx,
SSL_get_ex_data_X509_STORE_CTX_idx(),
(char *)ssl);
if (!modssl_X509_verify_cert(&cert_store_ctx)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Re-negotiation verification step failed");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
}
SSL_set_verify_result(ssl, cert_store_ctx.error);
X509_STORE_CTX_cleanup(&cert_store_ctx);
if (cert_stack != SSL_get_peer_cert_chain(ssl)) {
/* we created this ourselves, so free it */
sk_X509_pop_free(cert_stack, X509_free);
}
}
else {
request_rec *id = r->main ? r->main : r;
/* do a full renegotiation */
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"Performing full renegotiation: "
"complete handshake protocol");
SSL_set_session_id_context(ssl,
(unsigned char *)&id,
sizeof(id));
SSL_renegotiate(ssl);
SSL_do_handshake(ssl);
if (SSL_get_state(ssl) != SSL_ST_OK) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Re-negotiation request failed");
r->connection->aborted = 1;
return HTTP_FORBIDDEN;
}
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Awaiting re-negotiation handshake");
/* XXX: Should replace SSL_set_state with SSL_renegotiate(ssl);
* However, this causes failures in perl-framework currently,
* perhaps pre-test if we have already negotiated?
*/
SSL_set_state(ssl, SSL_ST_ACCEPT);
SSL_do_handshake(ssl);
if (SSL_get_state(ssl) != SSL_ST_OK) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Re-negotiation handshake failed: "
"Not accepted by client!?");
r->connection->aborted = 1;
return HTTP_FORBIDDEN;
}
}
/*
* Remember the peer certificate's DN
*/
if ((cert = SSL_get_peer_certificate(ssl))) {
if (sslconn->client_cert) {
X509_free(sslconn->client_cert);
}
sslconn->client_cert = cert;
sslconn->client_dn = NULL;
}
/*
* Finally check for acceptable renegotiation results
*/
if (dc->nVerifyClient != SSL_CVERIFY_NONE) {
BOOL do_verify = (dc->nVerifyClient == SSL_CVERIFY_REQUIRE);
if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Re-negotiation handshake failed: "
"Client verification failed");
return HTTP_FORBIDDEN;
}
if (do_verify) {
if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Re-negotiation handshake failed: "
"Client certificate missing");
return HTTP_FORBIDDEN;
}
X509_free(peercert);
}
}
/*
* Also check that SSLCipherSuite has been enforced as expected.
*/
if (cipher_list) {
cipher = SSL_get_current_cipher(ssl);
if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"SSL cipher suite not renegotiated: "
"access to %s denied using cipher %s",
r->filename,
SSL_CIPHER_get_name(cipher));
return HTTP_FORBIDDEN;
}
}
}
/* If we're trying to have the user name set from a client
* certificate then we need to set it here. This should be safe as
* the user name probably isn't important from an auth checking point
* of view as the certificate supplied acts in that capacity.
* However, if FakeAuth is being used then this isn't the case so
* we need to postpone setting the username until later.
*/
if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
char *val = ssl_var_lookup(r->pool, r->server, r->connection,
r, (char *)dc->szUserName);
if (val && val[0])
r->user = val;
else
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
"Failed to set r->user to '%s'", dc->szUserName);
}
/*
* Check SSLRequire boolean expressions
*/
requires = dc->aRequirement;
ssl_requires = (ssl_require_t *)requires->elts;
for (i = 0; i < requires->nelts; i++) {
ssl_require_t *req = &ssl_requires[i];
ok = ssl_expr_exec(r, req->mpExpr);
if (ok < 0) {
cp = apr_psprintf(r->pool,
"Failed to execute "
"SSL requirement expression: %s",
ssl_expr_get_error());
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"access to %s failed, reason: %s",
r->filename, cp);
/* remember forbidden access for strict require option */
apr_table_setn(r->notes, "ssl-access-forbidden", "1");
return HTTP_FORBIDDEN;
}
if (ok != 1) {
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Access to %s denied for %s "
"(requirement expression not fulfilled)",
r->filename, r->connection->remote_ip);
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Failed expression: %s", req->cpExpr);
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"access to %s failed, reason: %s",
r->filename,
"SSL requirement expression not fulfilled");
/* remember forbidden access for strict require option */
apr_table_setn(r->notes, "ssl-access-forbidden", "1");
return HTTP_FORBIDDEN;
}
}
/*
* Else access is granted from our point of view (except vendor
* handlers override). But we have to return DECLINED here instead
* of OK, because mod_auth and other modules still might want to
* deny access.
*/
return DECLINED;
}
/*
* Authentication Handler:
* Fake a Basic authentication from the X509 client certificate.
*
* This must be run fairly early on to prevent a real authentication from
* occuring, in particular it must be run before anything else that
* authenticates a user. This means that the Module statement for this
* module should be LAST in the Configuration file.
*/
int ssl_hook_UserCheck(request_rec *r)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r);
char *clientdn;
const char *auth_line, *username, *password;
/*
* Additionally forbid access (again)
* when strict require option is used.
*/
if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) &&
(apr_table_get(r->notes, "ssl-access-forbidden")))
{
return HTTP_FORBIDDEN;
}
/*
* We decline when we are in a subrequest. The Authorization header
* would already be present if it was added in the main request.
*/
if (!ap_is_initial_req(r)) {
return DECLINED;
}
/*
* Make sure the user is not able to fake the client certificate
* based authentication by just entering an X.509 Subject DN
* ("/XX=YYY/XX=YYY/..") as the username and "password" as the
* password.
*/
if ((auth_line = apr_table_get(r->headers_in, "Authorization"))) {
if (strcEQ(ap_getword(r->pool, &auth_line, ' '), "Basic")) {
while ((*auth_line == ' ') || (*auth_line == '\t')) {
auth_line++;
}
auth_line = ap_pbase64decode(r->pool, auth_line);
username = ap_getword_nulls(r->pool, &auth_line, ':');
password = auth_line;
if ((username[0] == '/') && strEQ(password, "password")) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Encountered FakeBasicAuth spoof: %s", username);
return HTTP_FORBIDDEN;
}
}
}
/*
* We decline operation in various situations...
* - SSLOptions +FakeBasicAuth not configured
* - r->user already authenticated
* - ssl not enabled
* - client did not present a certificate
*/
if (!((sc->enabled == SSL_ENABLED_TRUE || sc->enabled == SSL_ENABLED_OPTIONAL)
&& sslconn && sslconn->ssl && sslconn->client_cert) ||
!(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user)
{
return DECLINED;
}
if (!sslconn->client_dn) {
X509_NAME *name = X509_get_subject_name(sslconn->client_cert);
char *cp = X509_NAME_oneline(name, NULL, 0);
sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
modssl_free(cp);
}
clientdn = (char *)sslconn->client_dn;
/*
* Fake a password - which one would be immaterial, as, it seems, an empty
* password in the users file would match ALL incoming passwords, if only
* we were using the standard crypt library routine. Unfortunately, OpenSSL
* "fixes" a "bug" in crypt and thus prevents blank passwords from
* working. (IMHO what they really fix is a bug in the users of the code
* - failing to program correctly for shadow passwords). We need,
* therefore, to provide a password. This password can be matched by
* adding the string "xxj31ZMTZzkVA" as the password in the user file.
* This is just the crypted variant of the word "password" ;-)
*/
auth_line = apr_pstrcat(r->pool, "Basic ",
ap_pbase64encode(r->pool,
apr_pstrcat(r->pool, clientdn,
":password", NULL)),
NULL);
apr_table_set(r->headers_in, "Authorization", auth_line);
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Faking HTTP Basic Auth header: \"Authorization: %s\"",
auth_line);
return DECLINED;
}
/* authorization phase */
int ssl_hook_Auth(request_rec *r)
{
SSLDirConfigRec *dc = myDirConfig(r);
/*
* Additionally forbid access (again)
* when strict require option is used.
*/
if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) &&
(apr_table_get(r->notes, "ssl-access-forbidden")))
{
return HTTP_FORBIDDEN;
}
return DECLINED;
}
/*
* Fixup Handler
*/
static const char *ssl_hook_Fixup_vars[] = {
"SSL_VERSION_INTERFACE",
"SSL_VERSION_LIBRARY",
"SSL_PROTOCOL",
"SSL_COMPRESS_METHOD",
"SSL_CIPHER",
"SSL_CIPHER_EXPORT",
"SSL_CIPHER_USEKEYSIZE",
"SSL_CIPHER_ALGKEYSIZE",
"SSL_CLIENT_VERIFY",
"SSL_CLIENT_M_VERSION",
"SSL_CLIENT_M_SERIAL",
"SSL_CLIENT_V_START",
"SSL_CLIENT_V_END",
"SSL_CLIENT_V_REMAIN",
"SSL_CLIENT_S_DN",
"SSL_CLIENT_S_DN_C",
"SSL_CLIENT_S_DN_ST",
"SSL_CLIENT_S_DN_L",
"SSL_CLIENT_S_DN_O",
"SSL_CLIENT_S_DN_OU",
"SSL_CLIENT_S_DN_CN",
"SSL_CLIENT_S_DN_T",
"SSL_CLIENT_S_DN_I",
"SSL_CLIENT_S_DN_G",
"SSL_CLIENT_S_DN_S",
"SSL_CLIENT_S_DN_D",
"SSL_CLIENT_S_DN_UID",
"SSL_CLIENT_S_DN_Email",
"SSL_CLIENT_I_DN",
"SSL_CLIENT_I_DN_C",
"SSL_CLIENT_I_DN_ST",
"SSL_CLIENT_I_DN_L",
"SSL_CLIENT_I_DN_O",
"SSL_CLIENT_I_DN_OU",
"SSL_CLIENT_I_DN_CN",
"SSL_CLIENT_I_DN_T",
"SSL_CLIENT_I_DN_I",
"SSL_CLIENT_I_DN_G",
"SSL_CLIENT_I_DN_S",
"SSL_CLIENT_I_DN_D",
"SSL_CLIENT_I_DN_UID",
"SSL_CLIENT_I_DN_Email",
"SSL_CLIENT_A_KEY",
"SSL_CLIENT_A_SIG",
"SSL_SERVER_M_VERSION",
"SSL_SERVER_M_SERIAL",
"SSL_SERVER_V_START",
"SSL_SERVER_V_END",
"SSL_SERVER_S_DN",
"SSL_SERVER_S_DN_C",
"SSL_SERVER_S_DN_ST",
"SSL_SERVER_S_DN_L",
"SSL_SERVER_S_DN_O",
"SSL_SERVER_S_DN_OU",
"SSL_SERVER_S_DN_CN",
"SSL_SERVER_S_DN_T",
"SSL_SERVER_S_DN_I",
"SSL_SERVER_S_DN_G",
"SSL_SERVER_S_DN_S",
"SSL_SERVER_S_DN_D",
"SSL_SERVER_S_DN_UID",
"SSL_SERVER_S_DN_Email",
"SSL_SERVER_I_DN",
"SSL_SERVER_I_DN_C",
"SSL_SERVER_I_DN_ST",
"SSL_SERVER_I_DN_L",
"SSL_SERVER_I_DN_O",
"SSL_SERVER_I_DN_OU",
"SSL_SERVER_I_DN_CN",
"SSL_SERVER_I_DN_T",
"SSL_SERVER_I_DN_I",
"SSL_SERVER_I_DN_G",
"SSL_SERVER_I_DN_S",
"SSL_SERVER_I_DN_D",
"SSL_SERVER_I_DN_UID",
"SSL_SERVER_I_DN_Email",
"SSL_SERVER_A_KEY",
"SSL_SERVER_A_SIG",
"SSL_SESSION_ID",
NULL
};
int ssl_hook_Fixup(request_rec *r)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r);
apr_table_t *env = r->subprocess_env;
char *var, *val = "";
#ifndef OPENSSL_NO_TLSEXT
const char* servername;
#endif
STACK_OF(X509) *peer_certs;
SSL *ssl;
int i;
/* If "SSLEngine optional" is configured, this is not an SSL
* connection, and this isn't a subrequest, send an Upgrade
* response header. */
if (sc->enabled == SSL_ENABLED_OPTIONAL && !(sslconn && sslconn->ssl)
&& !r->main) {
apr_table_setn(r->headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
apr_table_mergen(r->headers_out, "Connection", "upgrade");
}
/*
* Check to see if SSL is on
*/
if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) && sslconn && (ssl = sslconn->ssl))) {
return DECLINED;
}
/*
* Annotate the SSI/CGI environment with standard SSL information
*/
/* the always present HTTPS (=HTTP over SSL) flag! */
apr_table_setn(env, "HTTPS", "on");
#ifndef OPENSSL_NO_TLSEXT
/* add content of SNI TLS extension (if supplied with ClientHello) */
if (servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name)) {
apr_table_set(env, "SSL_TLS_SNI", servername);
}
#endif
/* standard SSL environment variables */
if (dc->nOptions & SSL_OPT_STDENVVARS) {
for (i = 0; ssl_hook_Fixup_vars[i]; i++) {
var = (char *)ssl_hook_Fixup_vars[i];
val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
if (!strIsEmpty(val)) {
apr_table_setn(env, var, val);
}
}
}
/*
* On-demand bloat up the SSI/CGI environment with certificate data
*/
if (dc->nOptions & SSL_OPT_EXPORTCERTDATA) {
val = ssl_var_lookup(r->pool, r->server, r->connection,
r, "SSL_SERVER_CERT");
apr_table_setn(env, "SSL_SERVER_CERT", val);
val = ssl_var_lookup(r->pool, r->server, r->connection,
r, "SSL_CLIENT_CERT");
apr_table_setn(env, "SSL_CLIENT_CERT", val);
if ((peer_certs = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl))) {
for (i = 0; i < sk_X509_num(peer_certs); i++) {
var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
val = ssl_var_lookup(r->pool, r->server, r->connection,
r, var);
if (val) {
apr_table_setn(env, var, val);
}
}
}
}
return DECLINED;
}
/* _________________________________________________________________
**
** OpenSSL Callback Functions
** _________________________________________________________________
*/
/*
* Handle out temporary RSA private keys on demand
*
* The background of this as the TLSv1 standard explains it:
*
* | D.1. Temporary RSA keys
* |
* | US Export restrictions limit RSA keys used for encryption to 512
* | bits, but do not place any limit on lengths of RSA keys used for
* | signing operations. Certificates often need to be larger than 512
* | bits, since 512-bit RSA keys are not secure enough for high-value
* | transactions or for applications requiring long-term security. Some
* | certificates are also designated signing-only, in which case they
* | cannot be used for key exchange.
* |
* | When the public key in the certificate cannot be used for encryption,
* | the server signs a temporary RSA key, which is then exchanged. In
* | exportable applications, the temporary RSA key should be the maximum
* | allowable length (i.e., 512 bits). Because 512-bit RSA keys are
* | relatively insecure, they should be changed often. For typical
* | electronic commerce applications, it is suggested that keys be
* | changed daily or every 500 transactions, and more often if possible.
* | Note that while it is acceptable to use the same temporary key for
* | multiple transactions, it must be signed each time it is used.
* |
* | RSA key generation is a time-consuming process. In many cases, a
* | low-priority process can be assigned the task of key generation.
* | Whenever a new key is completed, the existing temporary key can be
* | replaced with the new one.
*
* XXX: base on comment above, if thread support is enabled,
* we should spawn a low-priority thread to generate new keys
* on the fly.
*
* So we generated 512 and 1024 bit temporary keys on startup
* which we now just hand out on demand....
*/
RSA *ssl_callback_TmpRSA(SSL *ssl, int export, int keylen)
{
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
SSLModConfigRec *mc = myModConfig(c->base_server);
int idx;
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
"handing out temporary %d bit RSA key", keylen);
/* doesn't matter if export flag is on,
* we won't be asked for keylen > 512 in that case.
* if we are asked for a keylen > 1024, it is too expensive
* to generate on the fly.
* XXX: any reason not to generate 2048 bit keys at startup?
*/
switch (keylen) {
case 512:
idx = SSL_TMP_KEY_RSA_512;
break;
case 1024:
default:
idx = SSL_TMP_KEY_RSA_1024;
}
return (RSA *)mc->pTmpKeys[idx];
}
/*
* Hand out the already generated DH parameters...
*/
DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
{
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
SSLModConfigRec *mc = myModConfig(c->base_server);
int idx;
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
"handing out temporary %d bit DH key", keylen);
switch (keylen) {
case 512:
idx = SSL_TMP_KEY_DH_512;
break;
case 1024:
default:
idx = SSL_TMP_KEY_DH_1024;
}
return (DH *)mc->pTmpKeys[idx];
}
/*
* This OpenSSL callback function is called when OpenSSL
* does client authentication and verifies the certificate chain.
*/
int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
{
/* Get Apache context back through OpenSSL context */
SSL *ssl = X509_STORE_CTX_get_ex_data(ctx,
SSL_get_ex_data_X509_STORE_CTX_idx());
conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
server_rec *s = conn->base_server;
request_rec *r = (request_rec *)SSL_get_app_data2(ssl);
SSLSrvConfigRec *sc = mySrvConfig(s);
SSLDirConfigRec *dc = r ? myDirConfig(r) : NULL;
SSLConnRec *sslconn = myConnConfig(conn);
modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
/* Get verify ingredients */
int errnum = X509_STORE_CTX_get_error(ctx);
int errdepth = X509_STORE_CTX_get_error_depth(ctx);
int depth, verify;
/*
* Log verification information
*/
ssl_log_cxerror(APLOG_MARK, APLOG_DEBUG, 0, conn,
X509_STORE_CTX_get_current_cert(ctx),
"Certificate Verification, depth %d",
errdepth);
/*
* Check for optionally acceptable non-verifiable issuer situation
*/
if (dc && (dc->nVerifyClient != SSL_CVERIFY_UNSET)) {
verify = dc->nVerifyClient;
}
else {
verify = mctx->auth.verify_mode;
}
if (verify == SSL_CVERIFY_NONE) {
/*
* SSLProxyVerify is either not configured or set to "none".
* (this callback doesn't happen in the server context if SSLVerify
* is not configured or set to "none")
*/
return TRUE;
}
if (ssl_verify_error_is_optional(errnum) &&
(verify == SSL_CVERIFY_OPTIONAL_NO_CA))
{
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, conn,
"Certificate Verification: Verifiable Issuer is "
"configured as optional, therefore we're accepting "
"the certificate");
sslconn->verify_info = "GENEROUS";
ok = TRUE;
}
/*
* Perform OCSP/CRL-based revocation checks
*/
if (ok) {
if (!(ok = ssl_callback_SSLVerify_CRL(ok, ctx, conn))) {
errnum = X509_STORE_CTX_get_error(ctx);
}
#ifdef HAVE_OCSP
/* If there was an optional verification error, it's not
* possible to perform OCSP validation since the issuer may be
* missing/untrusted. Fail in that case. */
if (ok && ssl_verify_error_is_optional(errnum)
&& sc->server->ocsp_enabled) {
X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION);
errnum = X509_V_ERR_APPLICATION_VERIFICATION;
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn,
"cannot perform OCSP validation for cert "
"if issuer has not been verified "
"(optional_no_ca configured)");
ok = FALSE;
}
if (ok && sc->server->ocsp_enabled) {
ok = modssl_verify_ocsp(ctx, sc, s, conn, conn->pool);
if (!ok) {
errnum = X509_STORE_CTX_get_error(ctx);
}
}
#endif
}
/*
* If we already know it's not ok, log the real reason
*/
if (!ok) {
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn,
"Certificate Verification: Error (%d): %s",
errnum, X509_verify_cert_error_string(errnum));
if (sslconn->client_cert) {
X509_free(sslconn->client_cert);
sslconn->client_cert = NULL;
}
sslconn->client_dn = NULL;
sslconn->verify_error = X509_verify_cert_error_string(errnum);
}
/*
* Finally check the depth of the certificate verification
*/
if (dc && (dc->nVerifyDepth != UNSET)) {
depth = dc->nVerifyDepth;
}
else {
depth = mctx->auth.verify_depth;
}
if (errdepth > depth) {
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn,
"Certificate Verification: Certificate Chain too long "
"(chain has %d certificates, but maximum allowed are "
"only %d)",
errdepth, depth);
errnum = X509_V_ERR_CERT_CHAIN_TOO_LONG;
sslconn->verify_error = X509_verify_cert_error_string(errnum);
ok = FALSE;
}
/*
* And finally signal OpenSSL the (perhaps changed) state
*/
return ok;
}
int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
{
server_rec *s = c->base_server;
SSLSrvConfigRec *sc = mySrvConfig(s);
SSLConnRec *sslconn = myConnConfig(c);
modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
X509_OBJECT obj;
X509_NAME *subject, *issuer;
X509 *cert;
X509_CRL *crl;
EVP_PKEY *pubkey;
int i, n, rc;
/*
* Unless a revocation store for CRLs was created we
* cannot do any CRL-based verification, of course.
*/
if (!mctx->crl) {
return ok;
}
/*
* Determine certificate ingredients in advance
*/
cert = X509_STORE_CTX_get_current_cert(ctx);
subject = X509_get_subject_name(cert);
issuer = X509_get_issuer_name(cert);
/*
* OpenSSL provides the general mechanism to deal with CRLs but does not
* use them automatically when verifying certificates, so we do it
* explicitly here. We will check the CRL for the currently checked
* certificate, if there is such a CRL in the store.
*
* We come through this procedure for each certificate in the certificate
* chain, starting with the root-CA's certificate. At each step we've to
* both verify the signature on the CRL (to make sure it's a valid CRL)
* and it's revocation list (to make sure the current certificate isn't
* revoked). But because to check the signature on the CRL we need the
* public key of the issuing CA certificate (which was already processed
* one round before), we've a little problem. But we can both solve it and
* at the same time optimize the processing by using the following
* verification scheme (idea and code snippets borrowed from the GLOBUS
* project):
*
* 1. We'll check the signature of a CRL in each step when we find a CRL
* through the _subject_ name of the current certificate. This CRL
* itself will be needed the first time in the next round, of course.
* But we do the signature processing one round before this where the
* public key of the CA is available.
*
* 2. We'll check the revocation list of a CRL in each step when
* we find a CRL through the _issuer_ name of the current certificate.
* This CRLs signature was then already verified one round before.
*
* This verification scheme allows a CA to revoke its own certificate as
* well, of course.
*/
/*
* Try to retrieve a CRL corresponding to the _subject_ of
* the current certificate in order to verify it's integrity.
*/
memset((char *)&obj, 0, sizeof(obj));
rc = SSL_X509_STORE_lookup(mctx->crl,
X509_LU_CRL, subject, &obj);
crl = obj.data.crl;
if ((rc > 0) && crl) {
/*
* Log information about CRL
* (A little bit complicated because of ASN.1 and BIOs...)
*/
if (s->loglevel >= APLOG_DEBUG) {
char buff[512]; /* should be plenty */
BIO *bio = BIO_new(BIO_s_mem());
BIO_printf(bio, "CA CRL: Issuer: ");
X509_NAME_print(bio, issuer, 0);
BIO_printf(bio, ", lastUpdate: ");
ASN1_UTCTIME_print(bio, X509_CRL_get_lastUpdate(crl));
BIO_printf(bio, ", nextUpdate: ");
ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
n = BIO_read(bio, buff, sizeof(buff) - 1);
buff[n] = '\0';
BIO_free(bio);
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "%s", buff);
}
/*
* Verify the signature on this CRL
*/
pubkey = X509_get_pubkey(cert);
rc = X509_CRL_verify(crl, pubkey);
#ifdef OPENSSL_VERSION_NUMBER
/* Only refcounted in OpenSSL */
if (pubkey)
EVP_PKEY_free(pubkey);
#endif
if (rc <= 0) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Invalid signature on CRL");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
X509_OBJECT_free_contents(&obj);
return FALSE;
}
/*
* Check date of CRL to make sure it's not expired
*/
i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
if (i == 0) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Found CRL has invalid nextUpdate field");
X509_STORE_CTX_set_error(ctx,
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
X509_OBJECT_free_contents(&obj);
return FALSE;
}
if (i < 0) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Found CRL is expired - "
"revoking all certificates until you get updated CRL");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
X509_OBJECT_free_contents(&obj);
return FALSE;
}
X509_OBJECT_free_contents(&obj);
}
/*
* Try to retrieve a CRL corresponding to the _issuer_ of
* the current certificate in order to check for revocation.
*/
memset((char *)&obj, 0, sizeof(obj));
rc = SSL_X509_STORE_lookup(mctx->crl,
X509_LU_CRL, issuer, &obj);
crl = obj.data.crl;
if ((rc > 0) && crl) {
/*
* Check if the current certificate is revoked by this CRL
*/
n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
for (i = 0; i < n; i++) {
X509_REVOKED *revoked =
sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
ASN1_INTEGER *sn = X509_REVOKED_get_serialNumber(revoked);
if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(cert))) {
if (s->loglevel >= APLOG_DEBUG) {
char *cp = X509_NAME_oneline(issuer, NULL, 0);
long serial = ASN1_INTEGER_get(sn);
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Certificate with serial %ld (0x%lX) "
"revoked per CRL from issuer %s",
serial, serial, cp);
modssl_free(cp);
}
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
X509_OBJECT_free_contents(&obj);
return FALSE;
}
}
X509_OBJECT_free_contents(&obj);
}
return ok;
}
#define SSLPROXY_CERT_CB_LOG_FMT \
"Proxy client certificate callback: (%s) "
static void modssl_proxy_info_log(server_rec *s,
X509_INFO *info,
const char *msg)
{
SSLSrvConfigRec *sc = mySrvConfig(s);
char name_buf[256];
X509_NAME *name;
char *dn;
if (s->loglevel < APLOG_DEBUG) {
return;
}
name = X509_get_subject_name(info->x509);
dn = X509_NAME_oneline(name, name_buf, sizeof(name_buf));
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s",
sc->vhost_id, msg, dn ? dn : "-uknown-");
}
/*
* caller will decrement the cert and key reference
* so we need to increment here to prevent them from
* being freed.
*/
#define modssl_set_cert_info(info, cert, pkey) \
*cert = info->x509; \
X509_reference_inc(*cert); \
*pkey = info->x_pkey->dec_pkey; \
EVP_PKEY_reference_inc(*pkey)
int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey)
{
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
server_rec *s = c->base_server;
SSLSrvConfigRec *sc = mySrvConfig(s);
X509_NAME *ca_name, *issuer;
X509_INFO *info;
STACK_OF(X509_NAME) *ca_list;
STACK_OF(X509_INFO) *certs = sc->proxy->pkp->certs;
int i, j;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
SSLPROXY_CERT_CB_LOG_FMT "entered",
sc->vhost_id);
if (!certs || (sk_X509_INFO_num(certs) <= 0)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
SSLPROXY_CERT_CB_LOG_FMT
"downstream server wanted client certificate "
"but none are configured", sc->vhost_id);
return FALSE;
}
ca_list = SSL_get_client_CA_list(ssl);
if (!ca_list || (sk_X509_NAME_num(ca_list) <= 0)) {
/*
* downstream server didn't send us a list of acceptable CA certs,
* so we send the first client cert in the list.
*/
info = sk_X509_INFO_value(certs, 0);
modssl_proxy_info_log(s, info, "no acceptable CA list");
modssl_set_cert_info(info, x509, pkey);
return TRUE;
}
for (i = 0; i < sk_X509_NAME_num(ca_list); i++) {
ca_name = sk_X509_NAME_value(ca_list, i);
for (j = 0; j < sk_X509_INFO_num(certs); j++) {
info = sk_X509_INFO_value(certs, j);
issuer = X509_get_issuer_name(info->x509);
if (X509_NAME_cmp(issuer, ca_name) == 0) {
modssl_proxy_info_log(s, info, "found acceptable cert");
modssl_set_cert_info(info, x509, pkey);
return TRUE;
}
}
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
SSLPROXY_CERT_CB_LOG_FMT
"no client certificate found!?", sc->vhost_id);
return FALSE;
}
static void ssl_session_log(server_rec *s,
const char *request,
unsigned char *id,
unsigned int idlen,
const char *status,
const char *result,
long timeout)
{
char buf[SSL_SESSION_ID_STRING_LEN];
char timeout_str[56] = {'\0'};
if (s->loglevel < APLOG_DEBUG) {
return;
}
if (timeout) {
apr_snprintf(timeout_str, sizeof(timeout_str),
"timeout=%lds ", (timeout - time(NULL)));
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Inter-Process Session Cache: "
"request=%s status=%s id=%s %s(session %s)",
request, status,
SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
timeout_str, result);
}
/*
* This callback function is executed by OpenSSL whenever a new SSL_SESSION is
* added to the internal OpenSSL session cache. We use this hook to spread the
* SSL_SESSION also to the inter-process disk-cache to make share it with our
* other Apache pre-forked server processes.
*/
int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
{
/* Get Apache context back through OpenSSL context */
conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
server_rec *s = conn->base_server;
SSLSrvConfigRec *sc = mySrvConfig(s);
long timeout = sc->session_cache_timeout;
BOOL rc;
unsigned char *id;
unsigned int idlen;
/*
* Set the timeout also for the internal OpenSSL cache, because this way
* our inter-process cache is consulted only when it's really necessary.
*/
SSL_set_timeout(session, timeout);
/*
* Store the SSL_SESSION in the inter-process cache with the
* same expire time, so it expires automatically there, too.
*/
id = SSL_SESSION_get_session_id(session);
idlen = SSL_SESSION_get_session_id_length(session);
timeout += modssl_session_get_time(session);
rc = ssl_scache_store(s, id, idlen, timeout, session, conn->pool);
ssl_session_log(s, "SET", id, idlen,
rc == TRUE ? "OK" : "BAD",
"caching", timeout);
/*
* return 0 which means to OpenSSL that the session is still
* valid and was not freed by us with SSL_SESSION_free().
*/
return 0;
}
/*
* This callback function is executed by OpenSSL whenever a
* SSL_SESSION is looked up in the internal OpenSSL cache and it
* was not found. We use this to lookup the SSL_SESSION in the
* inter-process disk-cache where it was perhaps stored by one
* of our other Apache pre-forked server processes.
*/
SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl,
unsigned char *id,
int idlen, int *do_copy)
{
/* Get Apache context back through OpenSSL context */
conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
server_rec *s = conn->base_server;
SSL_SESSION *session;
/*
* Try to retrieve the SSL_SESSION from the inter-process cache
*/
session = ssl_scache_retrieve(s, id, idlen, conn->pool);
ssl_session_log(s, "GET", id, idlen,
session ? "FOUND" : "MISSED",
session ? "reuse" : "renewal", 0);
/*
* Return NULL or the retrieved SSL_SESSION. But indicate (by
* setting do_copy to 0) that the reference count on the
* SSL_SESSION should not be incremented by the SSL library,
* because we will no longer hold a reference to it ourself.
*/
*do_copy = 0;
return session;
}
/*
* This callback function is executed by OpenSSL whenever a
* SSL_SESSION is removed from the the internal OpenSSL cache.
* We use this to remove the SSL_SESSION in the inter-process
* disk-cache, too.
*/
void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx,
SSL_SESSION *session)
{
server_rec *s;
SSLSrvConfigRec *sc;
unsigned char *id;
unsigned int idlen;
/*
* Get Apache context back through OpenSSL context
*/
if (!(s = (server_rec *)SSL_CTX_get_app_data(ctx))) {
return; /* on server shutdown Apache is already gone */
}
sc = mySrvConfig(s);
/*
* Remove the SSL_SESSION from the inter-process cache
*/
id = SSL_SESSION_get_session_id(session);
idlen = SSL_SESSION_get_session_id_length(session);
/* TODO: Do we need a temp pool here, or are we always shutting down? */
ssl_scache_remove(s, id, idlen, sc->mc->pPool);
ssl_session_log(s, "REM", id, idlen,
"OK", "dead", 0);
return;
}
/*
* This callback function is executed while OpenSSL processes the
* SSL handshake and does SSL record layer stuff. We use it to
* trace OpenSSL's processing in out SSL logfile.
*/
void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc)
{
conn_rec *c;
server_rec *s;
SSLSrvConfigRec *sc;
/*
* find corresponding server
*/
if (!(c = (conn_rec *)SSL_get_app_data((SSL *)ssl))) {
return;
}
s = c->base_server;
if (!(sc = mySrvConfig(s))) {
return;
}
/*
* create the various trace messages
*/
if (s->loglevel >= APLOG_DEBUG) {
if (where & SSL_CB_HANDSHAKE_START) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Handshake: start", SSL_LIBRARY_NAME);
}
else if (where & SSL_CB_HANDSHAKE_DONE) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Handshake: done", SSL_LIBRARY_NAME);
}
else if (where & SSL_CB_LOOP) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Loop: %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_READ) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Read: %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_WRITE) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Write: %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_ALERT) {
char *str = (where & SSL_CB_READ) ? "read" : "write";
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Alert: %s:%s:%s",
SSL_LIBRARY_NAME, str,
SSL_alert_type_string_long(rc),
SSL_alert_desc_string_long(rc));
}
else if (where & SSL_CB_EXIT) {
if (rc == 0) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Exit: failed in %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (rc < 0) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Exit: error in %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
}
}
/*
* Because SSL renegotations can happen at any time (not only after
* SSL_accept()), the best way to log the current connection details is
* right after a finished handshake.
*/
if (where & SSL_CB_HANDSHAKE_DONE) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Connection: Client IP: %s, Protocol: %s, "
"Cipher: %s (%s/%s bits)",
ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"),
ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"),
ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"),
ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"),
ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE"));
}
}