ssl_engine_kernel.c revision bb8b22a3708a815a8fcd0c8d5c8de46c25240cc1
842ae4bd224140319ae7feec1872b93dfd491143fielding/* Licensed to the Apache Software Foundation (ASF) under one or more
842ae4bd224140319ae7feec1872b93dfd491143fielding * contributor license agreements. See the NOTICE file distributed with
842ae4bd224140319ae7feec1872b93dfd491143fielding * this work for additional information regarding copyright ownership.
842ae4bd224140319ae7feec1872b93dfd491143fielding * The ASF licenses this file to You under the Apache License, Version 2.0
842ae4bd224140319ae7feec1872b93dfd491143fielding * (the "License"); you may not use this file except in compliance with
842ae4bd224140319ae7feec1872b93dfd491143fielding * the License. You may obtain a copy of the License at
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * http://www.apache.org/licenses/LICENSE-2.0
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding *
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * Unless required by applicable law or agreed to in writing, software
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * distributed under the License is distributed on an "AS IS" BASIS,
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * See the License for the specific language governing permissions and
04891cf70e0bfc38bfb027541dc821f04c754ff7nd * limitations under the License.
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding */
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding
3568de757bac0b47256647504c186d17ca272f85rbb/* _ _
3568de757bac0b47256647504c186d17ca272f85rbb * _ __ ___ ___ __| | ___ ___| | mod_ssl
3568de757bac0b47256647504c186d17ca272f85rbb * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
3568de757bac0b47256647504c186d17ca272f85rbb * | | | | | | (_) | (_| | \__ \__ \ |
3568de757bac0b47256647504c186d17ca272f85rbb * |_| |_| |_|\___/ \__,_|___|___/___/_|
3568de757bac0b47256647504c186d17ca272f85rbb * |_____|
3568de757bac0b47256647504c186d17ca272f85rbb * ssl_engine_kernel.c
3568de757bac0b47256647504c186d17ca272f85rbb * The SSL engine kernel
3568de757bac0b47256647504c186d17ca272f85rbb */
3568de757bac0b47256647504c186d17ca272f85rbb /* ``It took me fifteen years to discover
3568de757bac0b47256647504c186d17ca272f85rbb I had no talent for programming, but
3568de757bac0b47256647504c186d17ca272f85rbb I couldn't give it up because by that
3568de757bac0b47256647504c186d17ca272f85rbb time I was too famous.''
3568de757bac0b47256647504c186d17ca272f85rbb -- Unknown */
3568de757bac0b47256647504c186d17ca272f85rbb#include "ssl_private.h"
3568de757bac0b47256647504c186d17ca272f85rbb#include "mod_ssl.h"
3568de757bac0b47256647504c186d17ca272f85rbb#include "util_md5.h"
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbbstatic void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
3568de757bac0b47256647504c186d17ca272f85rbb#ifdef HAVE_TLSEXT
3568de757bac0b47256647504c186d17ca272f85rbbstatic int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s);
3568de757bac0b47256647504c186d17ca272f85rbb#endif
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb#define SWITCH_STATUS_LINE "HTTP/1.1 101 Switching Protocols"
3568de757bac0b47256647504c186d17ca272f85rbb#define UPGRADE_HEADER "Upgrade: TLS/1.0, HTTP/1.1"
3568de757bac0b47256647504c186d17ca272f85rbb#define CONNECTION_HEADER "Connection: Upgrade"
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb/* Perform an upgrade-to-TLS for the given request, per RFC 2817. */
3568de757bac0b47256647504c186d17ca272f85rbbstatic apr_status_t upgrade_connection(request_rec *r)
3568de757bac0b47256647504c186d17ca272f85rbb{
3568de757bac0b47256647504c186d17ca272f85rbb struct conn_rec *conn = r->connection;
3568de757bac0b47256647504c186d17ca272f85rbb apr_bucket_brigade *bb;
3568de757bac0b47256647504c186d17ca272f85rbb SSLConnRec *sslconn;
3568de757bac0b47256647504c186d17ca272f85rbb apr_status_t rv;
3568de757bac0b47256647504c186d17ca272f85rbb SSL *ssl;
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02028)
3568de757bac0b47256647504c186d17ca272f85rbb "upgrading connection to TLS");
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb bb = apr_brigade_create(r->pool, conn->bucket_alloc);
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding rv = ap_fputs(conn->output_filters, bb, SWITCH_STATUS_LINE CRLF
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding UPGRADE_HEADER CRLF CONNECTION_HEADER CRLF CRLF);
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding if (rv == APR_SUCCESS) {
3568de757bac0b47256647504c186d17ca272f85rbb APR_BRIGADE_INSERT_TAIL(bb,
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick apr_bucket_flush_create(conn->bucket_alloc));
3568de757bac0b47256647504c186d17ca272f85rbb rv = ap_pass_brigade(conn->output_filters, bb);
3568de757bac0b47256647504c186d17ca272f85rbb }
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb if (rv) {
98fb535f829e2a95aabd82420931f476661fa8e3jorton ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02029)
db12cd62083041bf90945eeb90cc40fbd2340797trawick "failed to send 101 interim response for connection "
db12cd62083041bf90945eeb90cc40fbd2340797trawick "upgrade");
db12cd62083041bf90945eeb90cc40fbd2340797trawick return rv;
333eac96e4fb7d6901cb75e6ca7bb22b2ccb84cetrawick }
333eac96e4fb7d6901cb75e6ca7bb22b2ccb84cetrawick
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem ssl_init_ssl_connection(conn, r);
3568de757bac0b47256647504c186d17ca272f85rbb
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz sslconn = myConnConfig(conn);
3568de757bac0b47256647504c186d17ca272f85rbb ssl = sslconn->ssl;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz /* Perform initial SSL handshake. */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz SSL_set_accept_state(ssl);
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding SSL_do_handshake(ssl);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding if (SSL_get_state(ssl) != SSL_ST_OK) {
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02030)
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding "TLS upgrade handshake failed: not accepted by client!?");
8f3ec4772d2aeb347cf40e87c77627bb784dd018rbb
8f3ec4772d2aeb347cf40e87c77627bb784dd018rbb return APR_ECONNABORTED;
3d96ee83babeec32482c9082c9426340cee8c44dwrowe }
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding
397df70abe0bdd78a84fb6c38c02641bcfeadceasf return APR_SUCCESS;
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick}
98fb535f829e2a95aabd82420931f476661fa8e3jorton
f0e395a55abfcad3d2bd7c63470003b08a93d567nd/* Perform a speculative (and non-blocking) read from the connection
f0e395a55abfcad3d2bd7c63470003b08a93d567nd * filters for the given request, to determine whether there is any
f0e395a55abfcad3d2bd7c63470003b08a93d567nd * pending data to read. Return non-zero if there is, else zero. */
f0e395a55abfcad3d2bd7c63470003b08a93d567ndstatic int has_buffered_data(request_rec *r)
98fb535f829e2a95aabd82420931f476661fa8e3jorton{
7cd5419264796cfeaf8215383cf0f89130a81fectrawick apr_bucket_brigade *bb;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick apr_off_t len;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick apr_status_t rv;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick int result;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
7cd5419264796cfeaf8215383cf0f89130a81fectrawick bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
7cd5419264796cfeaf8215383cf0f89130a81fectrawick rv = ap_get_brigade(r->connection->input_filters, bb, AP_MODE_SPECULATIVE,
3568de757bac0b47256647504c186d17ca272f85rbb APR_NONBLOCK_READ, 1);
41634f717c623556a16b27b25d7d909a66fe20f8wrowe result = rv == APR_SUCCESS
3568de757bac0b47256647504c186d17ca272f85rbb && apr_brigade_length(bb, 1, &len) == APR_SUCCESS
3568de757bac0b47256647504c186d17ca272f85rbb && len > 0;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
3568de757bac0b47256647504c186d17ca272f85rbb apr_brigade_destroy(bb);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
3568de757bac0b47256647504c186d17ca272f85rbb return result;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz}
3568de757bac0b47256647504c186d17ca272f85rbb
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz/*
3568de757bac0b47256647504c186d17ca272f85rbb * Post Read Request Handler
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding */
41634f717c623556a16b27b25d7d909a66fe20f8wroweint ssl_hook_ReadReq(request_rec *r)
3568de757bac0b47256647504c186d17ca272f85rbb{
3568de757bac0b47256647504c186d17ca272f85rbb SSLSrvConfigRec *sc = mySrvConfig(r->server);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz SSLConnRec *sslconn;
3568de757bac0b47256647504c186d17ca272f85rbb const char *upgrade;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz#ifdef HAVE_TLSEXT
3568de757bac0b47256647504c186d17ca272f85rbb const char *servername;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz#endif
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding SSL *ssl;
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz /* Perform TLS upgrade here if "SSLEngine optional" is configured,
3568de757bac0b47256647504c186d17ca272f85rbb * SSL is not already set up for this connection, and the client
fc1efab92032301e317f07e1b3a00082d9d71f3frbb * has sent a suitable Upgrade header. */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (sc->enabled == SSL_ENABLED_OPTIONAL && !myConnConfig(r->connection)
24b534291150023e6b68eca89ddd33e475ccddc0wrowe && (upgrade = apr_table_get(r->headers_in, "Upgrade")) != NULL
3568de757bac0b47256647504c186d17ca272f85rbb && ap_find_token(r->pool, upgrade, "TLS/1.0")) {
24b534291150023e6b68eca89ddd33e475ccddc0wrowe if (upgrade_connection(r)) {
3568de757bac0b47256647504c186d17ca272f85rbb return HTTP_INTERNAL_SERVER_ERROR;
24b534291150023e6b68eca89ddd33e475ccddc0wrowe }
24b534291150023e6b68eca89ddd33e475ccddc0wrowe }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
3568de757bac0b47256647504c186d17ca272f85rbb sslconn = myConnConfig(r->connection);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (!sslconn) {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz return DECLINED;
3568de757bac0b47256647504c186d17ca272f85rbb }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (sslconn->non_ssl_request == NON_SSL_SET_ERROR_MSG) {
3568de757bac0b47256647504c186d17ca272f85rbb apr_table_setn(r->notes, "error-notes",
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz "Reason: You're speaking plain HTTP to an SSL-enabled "
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz "server port.<br />\n Instead use the HTTPS scheme to "
3568de757bac0b47256647504c186d17ca272f85rbb "access this URL, please.<br />\n");
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
3568de757bac0b47256647504c186d17ca272f85rbb /* Now that we have caught this error, forget it. we are done
3568de757bac0b47256647504c186d17ca272f85rbb * with using SSL on this request.
3568de757bac0b47256647504c186d17ca272f85rbb */
3568de757bac0b47256647504c186d17ca272f85rbb sslconn->non_ssl_request = NON_SSL_OK;
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb return HTTP_BAD_REQUEST;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz /*
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * Get the SSL connection structure and perform the
3568de757bac0b47256647504c186d17ca272f85rbb * delayed interlinking from SSL back to request_rec
3568de757bac0b47256647504c186d17ca272f85rbb */
3568de757bac0b47256647504c186d17ca272f85rbb ssl = sslconn->ssl;
3568de757bac0b47256647504c186d17ca272f85rbb if (!ssl) {
3568de757bac0b47256647504c186d17ca272f85rbb return DECLINED;
3568de757bac0b47256647504c186d17ca272f85rbb }
3568de757bac0b47256647504c186d17ca272f85rbb#ifdef HAVE_TLSEXT
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz /*
3568de757bac0b47256647504c186d17ca272f85rbb * Perform SNI checks only on the initial request. In particular,
3568de757bac0b47256647504c186d17ca272f85rbb * if these checks detect a problem, the checks shouldn't return an
3568de757bac0b47256647504c186d17ca272f85rbb * error again when processing an ErrorDocument redirect for the
3568de757bac0b47256647504c186d17ca272f85rbb * original problem.
3568de757bac0b47256647504c186d17ca272f85rbb */
3568de757bac0b47256647504c186d17ca272f85rbb if (r->proxyreq != PROXYREQ_PROXY && ap_is_initial_req(r)) {
3568de757bac0b47256647504c186d17ca272f85rbb if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
397df70abe0bdd78a84fb6c38c02641bcfeadceasf char *host, *scope_id;
397df70abe0bdd78a84fb6c38c02641bcfeadceasf apr_port_t port;
397df70abe0bdd78a84fb6c38c02641bcfeadceasf apr_status_t rv;
397df70abe0bdd78a84fb6c38c02641bcfeadceasf
397df70abe0bdd78a84fb6c38c02641bcfeadceasf /*
3568de757bac0b47256647504c186d17ca272f85rbb * The SNI extension supplied a hostname. So don't accept requests
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding * with either no hostname or a different hostname as this could
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding * cause us to end up in a different virtual host as the one that
3568de757bac0b47256647504c186d17ca272f85rbb * was used for the handshake causing different SSL parameters to
239f998fbee5ac5b114b965bb76e217cce0003edstoddard * be applied as SSLProtocol, SSLCACertificateFile/Path and
78ae889ffe0fdfab72f56c6993b0f302cb48da55rbb * SSLCADNRequestFile/Path cannot be renegotiated (SSLCA* due
3568de757bac0b47256647504c186d17ca272f85rbb * to current limitations in OpenSSL, see
6653a33e820463abd4f81915b7a1eba0f602e200brianp * http://mail-archives.apache.org/mod_mbox/httpd-dev/200806.mbox/%3C48592955.2090303@velox.ch%3E
6653a33e820463abd4f81915b7a1eba0f602e200brianp * and
6653a33e820463abd4f81915b7a1eba0f602e200brianp * http://mail-archives.apache.org/mod_mbox/httpd-dev/201312.mbox/%3CCAKQ1sVNpOrdiBm-UPw1hEdSN7YQXRRjeaT-MCWbW_7mN%3DuFiOw%40mail.gmail.com%3E
41634f717c623556a16b27b25d7d909a66fe20f8wrowe * )
41634f717c623556a16b27b25d7d909a66fe20f8wrowe */
6653a33e820463abd4f81915b7a1eba0f602e200brianp if (!r->hostname) {
3568de757bac0b47256647504c186d17ca272f85rbb ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02031)
6653a33e820463abd4f81915b7a1eba0f602e200brianp "Hostname %s provided via SNI, but no hostname"
6653a33e820463abd4f81915b7a1eba0f602e200brianp " provided in HTTP request", servername);
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm return HTTP_BAD_REQUEST;
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm }
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick rv = apr_parse_addr_port(&host, &scope_id, &port, r->hostname, r->pool);
36c8049de63c446926139936c3d195330a0539cetrawick if (rv != APR_SUCCESS || scope_id) {
3568de757bac0b47256647504c186d17ca272f85rbb return HTTP_BAD_REQUEST;
dd028aa8111afb6534fece555e8c2d408894671etrawick }
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin if (strcasecmp(host, servername)) {
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02032)
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin "Hostname %s provided via SNI and hostname %s provided"
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin " via HTTP are different", servername, host);
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding return HTTP_BAD_REQUEST;
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin }
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin }
ca53a74f4012a45cbad48e940eddf27d866981f9dougm else if (((sc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
ca53a74f4012a45cbad48e940eddf27d866981f9dougm || (mySrvConfig(sslconn->server))->strict_sni_vhost_check
ca53a74f4012a45cbad48e940eddf27d866981f9dougm == SSL_ENABLED_TRUE)
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin && r->connection->vhost_lookup_data) {
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin /*
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin * We are using a name based configuration here, but no hostname was
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin * provided via SNI. Don't allow that if are requested to do strict
dd028aa8111afb6534fece555e8c2d408894671etrawick * checking. Check whether this strict checking was set up either in the
dd028aa8111afb6534fece555e8c2d408894671etrawick * server config we used for handshaking or in our current server.
6653a33e820463abd4f81915b7a1eba0f602e200brianp * This should avoid insecure configuration by accident.
6653a33e820463abd4f81915b7a1eba0f602e200brianp */
6653a33e820463abd4f81915b7a1eba0f602e200brianp ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, APLOGNO(02033)
6653a33e820463abd4f81915b7a1eba0f602e200brianp "No hostname was provided via SNI for a name based"
6653a33e820463abd4f81915b7a1eba0f602e200brianp " virtual host");
6653a33e820463abd4f81915b7a1eba0f602e200brianp apr_table_setn(r->notes, "error-notes",
6653a33e820463abd4f81915b7a1eba0f602e200brianp "Reason: The client software did not provide a "
6653a33e820463abd4f81915b7a1eba0f602e200brianp "hostname using Server Name Indication (SNI), "
6653a33e820463abd4f81915b7a1eba0f602e200brianp "which is required to access this server.<br />\n");
6653a33e820463abd4f81915b7a1eba0f602e200brianp return HTTP_FORBIDDEN;
6653a33e820463abd4f81915b7a1eba0f602e200brianp }
6653a33e820463abd4f81915b7a1eba0f602e200brianp }
6653a33e820463abd4f81915b7a1eba0f602e200brianp#endif
6653a33e820463abd4f81915b7a1eba0f602e200brianp SSL_set_app_data2(ssl, r);
6653a33e820463abd4f81915b7a1eba0f602e200brianp
6653a33e820463abd4f81915b7a1eba0f602e200brianp /*
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick * Log information about incoming HTTPS requests
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick */
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick if (APLOGrinfo(r) && ap_is_initial_req(r)) {
239f998fbee5ac5b114b965bb76e217cce0003edstoddard ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02034)
3568de757bac0b47256647504c186d17ca272f85rbb "%s HTTPS request received for child %ld (server %s)",
3568de757bac0b47256647504c186d17ca272f85rbb (r->connection->keepalives <= 0 ?
3568de757bac0b47256647504c186d17ca272f85rbb "Initial (No.1)" :
12901074f5d6b36d08be84d8637b6f2c21e0da26trawick apr_psprintf(r->pool, "Subsequent (No.%d)",
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard r->connection->keepalives+1)),
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard r->connection->id,
3568de757bac0b47256647504c186d17ca272f85rbb ssl_util_vhostid(r->pool, r->server));
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }
48d2edbfb84e5559b5da0f8d614ccab805cc67a8rbb
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* SetEnvIf ssl-*-shutdown flags can only be per-server,
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * so they won't change across keepalive requests
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding */
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding ssl_configure_env(r, sslconn);
3568de757bac0b47256647504c186d17ca272f85rbb }
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb return DECLINED;
3568de757bac0b47256647504c186d17ca272f85rbb}
3568de757bac0b47256647504c186d17ca272f85rbb
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard/*
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * Move SetEnvIf information from request_rec to conn_rec/BUFF
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * to allow the close connection handler to use them.
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluemstatic void ssl_configure_env(request_rec *r, SSLConnRec *sslconn)
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem{
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem int i;
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem const apr_array_header_t *arr = apr_table_elts(r->subprocess_env);
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem const apr_table_entry_t *elts = (const apr_table_entry_t *)arr->elts;
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_STANDARD;
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem for (i = 0; i < arr->nelts; i++) {
83a5021aef5ebb67395b93f75df4fd0f0b4fc8c8fuankg const char *key = elts[i].key;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem switch (*key) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard case 's':
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /* being case-sensitive here.
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * and not checking for the -shutdown since these are the only
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * SetEnvIf "flags" we support
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (!strncmp(key+1, "sl-", 3)) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard key += 4;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (!strncmp(key, "unclean", 7)) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard else if (!strncmp(key, "accurate", 8)) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_ACCURATE;
3568de757bac0b47256647504c186d17ca272f85rbb }
3568de757bac0b47256647504c186d17ca272f85rbb return; /* should only ever be one ssl-*-shutdown */
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick }
7cd5419264796cfeaf8215383cf0f89130a81fectrawick break;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
7cd5419264796cfeaf8215383cf0f89130a81fectrawick}
e8f95a682820a599fe41b22977010636be5c2717jim
98cd3186185bb28ae6c95a3f159899fcf56a663ftrawick/*
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick * Access Handler
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick */
3568de757bac0b47256647504c186d17ca272f85rbbint ssl_hook_Access(request_rec *r)
a72ba68ecbbc61e4b513e50d6000245c33f753dcwrowe{
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm SSLDirConfigRec *dc = myDirConfig(r);
397df70abe0bdd78a84fb6c38c02641bcfeadceasf SSLSrvConfigRec *sc = mySrvConfig(r->server);
397df70abe0bdd78a84fb6c38c02641bcfeadceasf SSLConnRec *sslconn = myConnConfig(r->connection);
397df70abe0bdd78a84fb6c38c02641bcfeadceasf SSL *ssl = sslconn ? sslconn->ssl : NULL;
397df70abe0bdd78a84fb6c38c02641bcfeadceasf server_rec *handshakeserver = sslconn ? sslconn->server : NULL;
397df70abe0bdd78a84fb6c38c02641bcfeadceasf SSL_CTX *ctx = NULL;
397df70abe0bdd78a84fb6c38c02641bcfeadceasf apr_array_header_t *requires;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz ssl_require_t *ssl_requires;
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm int ok, i;
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
3cbd177a6c885562f9ad0cf11695f044489c881dgregames X509 *cert;
dd028aa8111afb6534fece555e8c2d408894671etrawick X509 *peercert;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard X509_STORE *cert_store = NULL;
3cbd177a6c885562f9ad0cf11695f044489c881dgregames X509_STORE_CTX cert_store_ctx;
3cbd177a6c885562f9ad0cf11695f044489c881dgregames STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
3cbd177a6c885562f9ad0cf11695f044489c881dgregames const SSL_CIPHER *cipher = NULL;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard int depth, verify_old, verify, n;
5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (ssl) {
5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames ctx = SSL_get_SSL_CTX(ssl);
5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames }
5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /*
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm * Support for SSLRequireSSL directive
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (dc->bSSLRequired && !ssl) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (sc->enabled == SSL_ENABLED_OPTIONAL) {
ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard /* This vhost was configured for optional SSL, just tell the
7cd5419264796cfeaf8215383cf0f89130a81fectrawick * client that we need to upgrade.
7cd5419264796cfeaf8215383cf0f89130a81fectrawick */
7cd5419264796cfeaf8215383cf0f89130a81fectrawick apr_table_setn(r->err_headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
7cd5419264796cfeaf8215383cf0f89130a81fectrawick apr_table_setn(r->err_headers_out, "Connection", "Upgrade");
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
7cd5419264796cfeaf8215383cf0f89130a81fectrawick return HTTP_UPGRADE_REQUIRED;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
7cd5419264796cfeaf8215383cf0f89130a81fectrawick ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02219)
7cd5419264796cfeaf8215383cf0f89130a81fectrawick "access to %s failed, reason: %s",
7cd5419264796cfeaf8215383cf0f89130a81fectrawick r->filename, "SSL connection required");
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
7cd5419264796cfeaf8215383cf0f89130a81fectrawick /* remember forbidden access for strict require option */
7cd5419264796cfeaf8215383cf0f89130a81fectrawick apr_table_setn(r->notes, "ssl-access-forbidden", "1");
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
7cd5419264796cfeaf8215383cf0f89130a81fectrawick return HTTP_FORBIDDEN;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
7cd5419264796cfeaf8215383cf0f89130a81fectrawick /*
7cd5419264796cfeaf8215383cf0f89130a81fectrawick * Check to see whether SSL is in use; if it's not, then no
7cd5419264796cfeaf8215383cf0f89130a81fectrawick * further access control checks are relevant. (the test for
7cd5419264796cfeaf8215383cf0f89130a81fectrawick * sc->enabled is probably strictly unnecessary)
ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard return DECLINED;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard#ifdef HAVE_SRP
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /*
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * Support for per-directory reconfigured SSL connection parameters
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard *
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * We do not force any renegotiation if the user is already authenticated
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * via SRP.
3568de757bac0b47256647504c186d17ca272f85rbb *
7cd5419264796cfeaf8215383cf0f89130a81fectrawick */
7cd5419264796cfeaf8215383cf0f89130a81fectrawick if (SSL_get_srp_username(ssl)) {
7cd5419264796cfeaf8215383cf0f89130a81fectrawick return DECLINED;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
7cd5419264796cfeaf8215383cf0f89130a81fectrawick#endif
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm /*
3568de757bac0b47256647504c186d17ca272f85rbb * Support for per-directory reconfigured SSL connection parameters.
3568de757bac0b47256647504c186d17ca272f85rbb *
74fd6d9aeadb9022086259c5c1ae00bc0dda9c9astoddard * This is implemented by forcing an SSL renegotiation with the
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp * reconfigured parameter suite. But Apache's internal API processing
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp * makes our life very hard here, because when internal sub-requests occur
3568de757bac0b47256647504c186d17ca272f85rbb * we nevertheless should avoid multiple unnecessary SSL handshakes (they
3568de757bac0b47256647504c186d17ca272f85rbb * require extra network I/O and especially time to perform).
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard *
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * But the optimization for filtering out the unnecessary handshakes isn't
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * obvious and trivial. Especially because while Apache is in its
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * sub-request processing the client could force additional handshakes,
b5ffe4f30780fb159db08bd9f628980d2a092711sf * too. And these take place perhaps without our notice. So the only
b5ffe4f30780fb159db08bd9f628980d2a092711sf * possibility is to explicitly _ask_ OpenSSL whether the renegotiation
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * has to be performed or not. It has to performed when some parameters
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick * which were previously known (by us) are not those we've now
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * reconfigured (as known by OpenSSL) or (in optimized way) at least when
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * the reconfigured parameter suite is stronger (more restrictions) than
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * the currently active one.
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /*
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * Override of SSLCipherSuite
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz *
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * We provide two options here:
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard *
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * o The paranoid and default approach where we force a renegotiation when
dd028aa8111afb6534fece555e8c2d408894671etrawick * the cipher suite changed in _any_ way (which is straight-forward but
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * often forces renegotiations too often and is perhaps not what the
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * user actually wanted).
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard *
3568de757bac0b47256647504c186d17ca272f85rbb * o The optimized and still secure way where we force a renegotiation
3568de757bac0b47256647504c186d17ca272f85rbb * only if the currently active cipher is no longer contained in the
3568de757bac0b47256647504c186d17ca272f85rbb * reconfigured/new cipher suite. Any other changes are not important
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * because it's the servers choice to select a cipher from the ones the
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * client supports. So as long as the current cipher is still in the new
f714f1a7002928d785e53e70349700a7f595fee3trawick * cipher suite we're happy. Because we can assume we would have
f714f1a7002928d785e53e70349700a7f595fee3trawick * selected it again even when other (better) ciphers exists now in the
3568de757bac0b47256647504c186d17ca272f85rbb * new cipher suite. This approach is fine because the user explicitly
ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard * has to enable this via ``SSLOptions +OptRenegotiate''. So we do no
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh * implicit optimizations.
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh */
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh if (dc->szCipherSuite || (r->server != handshakeserver)) {
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh /* remember old state */
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard cipher = SSL_get_current_cipher(ssl);
663237d6bcc59ac0997d71d48a1baa55fa29a3d8jim }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard else {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard cipher_list_old = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
3568de757bac0b47256647504c186d17ca272f85rbb
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (cipher_list_old) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard cipher_list_old = sk_SSL_CIPHER_dup(cipher_list_old);
663237d6bcc59ac0997d71d48a1baa55fa29a3d8jim }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /* configure new state */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if ((dc->szCipherSuite || sc->server->auth.cipher_suite) &&
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz !SSL_set_cipher_list(ssl, dc->szCipherSuite ?
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard dc->szCipherSuite :
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard sc->server->auth.cipher_suite)) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02253)
3568de757bac0b47256647504c186d17ca272f85rbb "Unable to reconfigure (per-directory) "
ad83978f20c7d1a4323059d9af122e56fcd353bdstoddard "permitted SSL ciphers");
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (cipher_list_old) {
3568de757bac0b47256647504c186d17ca272f85rbb sk_SSL_CIPHER_free(cipher_list_old);
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh }
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh return HTTP_FORBIDDEN;
3568de757bac0b47256647504c186d17ca272f85rbb }
3568de757bac0b47256647504c186d17ca272f85rbb
663237d6bcc59ac0997d71d48a1baa55fa29a3d8jim /* determine whether a renegotiation has to be forced */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard cipher_list = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
3568de757bac0b47256647504c186d17ca272f85rbb if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz /* optimized way */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if ((!cipher && cipher_list) ||
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard (cipher && !cipher_list))
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard {
3568de757bac0b47256647504c186d17ca272f85rbb renegotiate = TRUE;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz else if (cipher && cipher_list &&
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard (sk_SSL_CIPHER_find(cipher_list, cipher) < 0))
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard renegotiate = TRUE;
3568de757bac0b47256647504c186d17ca272f85rbb }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz else {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz /* paranoid way */
3568de757bac0b47256647504c186d17ca272f85rbb if ((!cipher_list_old && cipher_list) ||
3568de757bac0b47256647504c186d17ca272f85rbb (cipher_list_old && !cipher_list))
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz renegotiate = TRUE;
3568de757bac0b47256647504c186d17ca272f85rbb }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard else if (cipher_list_old && cipher_list) {
3568de757bac0b47256647504c186d17ca272f85rbb for (n = 0;
3568de757bac0b47256647504c186d17ca272f85rbb !renegotiate && (n < sk_SSL_CIPHER_num(cipher_list));
3568de757bac0b47256647504c186d17ca272f85rbb n++)
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard {
3568de757bac0b47256647504c186d17ca272f85rbb SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list, n);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
3568de757bac0b47256647504c186d17ca272f85rbb if (sk_SSL_CIPHER_find(cipher_list_old, value) < 0) {
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick renegotiate = TRUE;
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick }
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz for (n = 0;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz !renegotiate && (n < sk_SSL_CIPHER_num(cipher_list_old));
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard n++)
beb70d51e435dc36c56a72b6cd83556c04db9283wrowe {
fe6baec9bbcd36f932b71a355120cd7b5a685d6cfielding SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list_old, n);
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb if (sk_SSL_CIPHER_find(cipher_list, value) < 0) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard renegotiate = TRUE;
3568de757bac0b47256647504c186d17ca272f85rbb }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /* cleanup */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (cipher_list_old) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard sk_SSL_CIPHER_free(cipher_list_old);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (renegotiate) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe if (sc->cipher_server_pref == TRUE) {
397df70abe0bdd78a84fb6c38c02641bcfeadceasf SSL_set_options(ssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
397df70abe0bdd78a84fb6c38c02641bcfeadceasf }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard#endif
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /* tracing */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02220)
8e9734d1a4af74c141e2a0f880bb51bb061fa03atrawick "Reconfigured cipher suite will force renegotiation");
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard }
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick /*
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick * override of SSLVerifyDepth
3568de757bac0b47256647504c186d17ca272f85rbb *
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * The depth checks are handled by us manually inside the verify callback
cb97ae2ff6969c2789b8e03f1bc4187fa73b6bafwrowe * function and not by OpenSSL internally (and our function is aware of
0f113d7123e8bd3e3e2e9b6373461a1a773bfccatrawick * both the per-server and per-directory contexts). So we cannot ask
0f113d7123e8bd3e3e2e9b6373461a1a773bfccatrawick * OpenSSL about the currently verify depth. Instead we remember it in our
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * SSLConnRec attached to the SSL* of OpenSSL. We've to force the
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * renegotiation if the reconfigured/new verify depth is less than the
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * currently active/remembered verify depth (because this means more
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * restriction on the certificate chain).
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard */
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard n = (sslconn->verify_depth != UNSET) ?
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard sslconn->verify_depth :
3568de757bac0b47256647504c186d17ca272f85rbb (mySrvConfig(handshakeserver))->server->auth.verify_depth;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /* determine the new depth */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz sslconn->verify_depth = (dc->nVerifyDepth != UNSET) ?
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard dc->nVerifyDepth : sc->server->auth.verify_depth;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard if (sslconn->verify_depth < n) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard renegotiate = TRUE;
3568de757bac0b47256647504c186d17ca272f85rbb ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02254)
3568de757bac0b47256647504c186d17ca272f85rbb "Reduced client verification depth will force "
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "renegotiation");
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /*
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * override of SSLVerifyClient
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick *
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * We force a renegotiation if the reconfigured/new verify type is
f886987cd0bd4220c14043c4d9be77ec22902e73trawick * stronger than the currently active verify type.
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick *
f886987cd0bd4220c14043c4d9be77ec22902e73trawick * The order is: none << optional_no_ca << optional << require
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick *
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * Additionally the following optimization is possible here: When the
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * currently active verify type is "none" but a client certificate is
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * already known/present, it's enough to manually force a client
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * verification but at least skip the I/O-intensive renegotiation
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * handshake.
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz */
a72ba68ecbbc61e4b513e50d6000245c33f753dcwrowe if ((dc->nVerifyClient != SSL_CVERIFY_UNSET) ||
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick (sc->server->auth.verify_mode != SSL_CVERIFY_UNSET)) {
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm /* remember old state */
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm verify_old = SSL_get_verify_mode(ssl);
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm /* configure new state */
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick verify = SSL_VERIFY_NONE;
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick if ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE)) {
3568de757bac0b47256647504c186d17ca272f85rbb verify |= SSL_VERIFY_PEER_STRICT;
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if ((dc->nVerifyClient == SSL_CVERIFY_OPTIONAL) ||
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA) ||
e8f95a682820a599fe41b22977010636be5c2717jim (sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL) ||
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm (sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz verify |= SSL_VERIFY_PEER;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm SSL_set_verify(ssl, verify, ssl_callback_SSLVerify);
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm SSL_set_verify_result(ssl, X509_V_OK);
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm /* determine whether we've to force a renegotiation */
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm if (!renegotiate && verify != verify_old) {
36c8049de63c446926139936c3d195330a0539cetrawick if (((verify_old == SSL_VERIFY_NONE) &&
36c8049de63c446926139936c3d195330a0539cetrawick (verify != SSL_VERIFY_NONE)) ||
36c8049de63c446926139936c3d195330a0539cetrawick
36c8049de63c446926139936c3d195330a0539cetrawick (!(verify_old & SSL_VERIFY_PEER) &&
36c8049de63c446926139936c3d195330a0539cetrawick (verify & SSL_VERIFY_PEER)) ||
36c8049de63c446926139936c3d195330a0539cetrawick
36c8049de63c446926139936c3d195330a0539cetrawick (!(verify_old & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) &&
36c8049de63c446926139936c3d195330a0539cetrawick (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
e8f95a682820a599fe41b22977010636be5c2717jim {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick renegotiate = TRUE;
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm /* optimization */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&
36c8049de63c446926139936c3d195330a0539cetrawick (verify_old == SSL_VERIFY_NONE) &&
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ((peercert = SSL_get_peer_certificate(ssl)) != NULL))
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick renegotiate_quick = TRUE;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick X509_free(peercert);
cb97ae2ff6969c2789b8e03f1bc4187fa73b6bafwrowe }
36c8049de63c446926139936c3d195330a0539cetrawick
36c8049de63c446926139936c3d195330a0539cetrawick ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02255)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "Changed client verification type will force "
e8f95a682820a599fe41b22977010636be5c2717jim "%srenegotiation",
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm renegotiate_quick ? "quick " : "");
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* If we're handling a request for a vhost other than the default one,
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * then we need to make sure that client authentication is properly
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * enforced. For clients supplying an SNI extension, the peer
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * certificate verification has happened in the handshake already
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * (and r->server == handshakeserver). For non-SNI requests,
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * an additional check is needed here. If client authentication
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * is configured as mandatory, then we can only proceed if the
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * CA list doesn't have to be changed (OpenSSL doesn't provide
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * an option to change the list for an existing session).
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if ((r->server != handshakeserver)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick && renegotiate
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick && ((verify & SSL_VERIFY_PEER) ||
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick SSLSrvConfigRec *hssc = mySrvConfig(handshakeserver);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick#define MODSSL_CFG_CA_NE(f, sc1, sc2) \
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick (sc1->server->auth.f && \
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick (!sc2->server->auth.f || \
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick strNE(sc1->server->auth.f, sc2->server->auth.f)))
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (MODSSL_CFG_CA_NE(ca_cert_file, sc, hssc) ||
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick MODSSL_CFG_CA_NE(ca_cert_path, sc, hssc)) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02256)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "Non-default virtual host with SSLVerify set to "
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "'require' and VirtualHost-specific CA certificate "
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "list is only available to clients with TLS server "
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "name indication (SNI) support");
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick SSL_set_verify(ssl, verify_old, NULL);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick return HTTP_FORBIDDEN;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick } else
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* let it pass, possibly with an "incorrect" peer cert,
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * so make sure the SSL_CLIENT_VERIFY environment variable
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * will indicate partial success only, later on.
e8f95a682820a599fe41b22977010636be5c2717jim */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick sslconn->verify_info = "GENEROUS";
f886987cd0bd4220c14043c4d9be77ec22902e73trawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
f886987cd0bd4220c14043c4d9be77ec22902e73trawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
f886987cd0bd4220c14043c4d9be77ec22902e73trawick /* If a renegotiation is now required for this location, and the
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm * request includes a message body (and the client has not
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm * requested a "100 Continue" response), then the client will be
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm * streaming the request body over the wire already. In that
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm * case, it is not possible to stop and perform a new SSL
3568de757bac0b47256647504c186d17ca272f85rbb * handshake immediately; once the SSL library moves to the
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp * "accept" state, it will reject the SSL packets which the client
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp * is sending for the request body.
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick *
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * To allow authentication to complete in this auth hook, the
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * solution used here is to fill a (bounded) buffer with the
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * request body, and then to reinject that request body later.
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (renegotiate && !renegotiate_quick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick && (apr_table_get(r->headers_in, "transfer-encoding")
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick || (apr_table_get(r->headers_in, "content-length")
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick && strcmp(apr_table_get(r->headers_in, "content-length"), "0")))
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick && !r->expecting_100) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick int rv;
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm apr_size_t rsize;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton rsize = dc->nRenegBufferSize == UNSET ? DEFAULT_RENEG_BUFFER_SIZE :
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton dc->nRenegBufferSize;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (rsize > 0) {
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm /* Fill the I/O buffer with the request body if possible. */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick rv = ssl_io_buffer_fill(r, rsize);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm else {
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick /* If the reneg buffer size is set to zero, just fail. */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick rv = HTTP_REQUEST_ENTITY_TOO_LARGE;
36c8049de63c446926139936c3d195330a0539cetrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (rv) {
f886987cd0bd4220c14043c4d9be77ec22902e73trawick ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02257)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "could not buffer message body to allow "
cb97ae2ff6969c2789b8e03f1bc4187fa73b6bafwrowe "SSL renegotiation to proceed");
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick return rv;
36c8049de63c446926139936c3d195330a0539cetrawick }
36c8049de63c446926139936c3d195330a0539cetrawick }
36c8049de63c446926139936c3d195330a0539cetrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /*
e8f95a682820a599fe41b22977010636be5c2717jim * now do the renegotiation if anything was actually reconfigured
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (renegotiate) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /*
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * Now we force the SSL renegotiation by sending the Hello Request
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * message to the client. Here we have to do a workaround: Actually
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * OpenSSL returns immediately after sending the Hello Request (the
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * intent AFAIK is because the SSL/TLS protocol says it's not a must
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * that the client replies to a Hello Request). But because we insist
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * on a reply (anything else is an error for us) we have to go to the
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * ACCEPT state manually. Using SSL_set_accept_state() doesn't work
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * here because it resets too much of the connection. So we set the
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * state explicitly and continue the handshake manually.
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02221)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "Requesting connection re-negotiation");
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (renegotiate_quick) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick STACK_OF(X509) *cert_stack;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* perform just a manual re-verification of the peer */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02258)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "Performing quick renegotiation: "
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "just re-verifying the peer");
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick cert = SSL_get_peer_certificate(ssl);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (!cert_stack && cert) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* client cert is in the session cache, but there is
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * no chain, since ssl3_get_client_certificate()
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * sk_X509_shift-ed the peer cert out of the chain.
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * we put it back here for the purpose of quick_renegotiation.
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick cert_stack = sk_X509_new_null();
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick sk_X509_push(cert_stack, cert);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
e8f95a682820a599fe41b22977010636be5c2717jim if (!cert_stack || (sk_X509_num(cert_stack) == 0)) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02222)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick "Cannot find peer certificate chain");
f886987cd0bd4220c14043c4d9be77ec22902e73trawick
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick return HTTP_FORBIDDEN;
f886987cd0bd4220c14043c4d9be77ec22902e73trawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
f886987cd0bd4220c14043c4d9be77ec22902e73trawick if (!(cert_store ||
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm (cert_store = SSL_CTX_get_cert_store(ctx))))
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm {
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02223)
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm "Cannot find certificate storage");
3568de757bac0b47256647504c186d17ca272f85rbb
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp return HTTP_FORBIDDEN;
72b6f1cf3e616473e1c26464b3193b13c2c09e87brianp }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
e8f95a682820a599fe41b22977010636be5c2717jim if (!cert) {
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick cert = sk_X509_value(cert_stack, 0);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick }
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
e8f95a682820a599fe41b22977010636be5c2717jim X509_STORE_CTX_init(&cert_store_ctx, cert_store, cert, cert_stack);
44d2e75323651320b480d8bc2f098448a08de4fcwrowe depth = SSL_get_verify_depth(ssl);
44d2e75323651320b480d8bc2f098448a08de4fcwrowe
44d2e75323651320b480d8bc2f098448a08de4fcwrowe if (depth >= 0) {
44d2e75323651320b480d8bc2f098448a08de4fcwrowe X509_STORE_CTX_set_depth(&cert_store_ctx, depth);
44d2e75323651320b480d8bc2f098448a08de4fcwrowe }
44d2e75323651320b480d8bc2f098448a08de4fcwrowe
44d2e75323651320b480d8bc2f098448a08de4fcwrowe X509_STORE_CTX_set_ex_data(&cert_store_ctx,
44d2e75323651320b480d8bc2f098448a08de4fcwrowe SSL_get_ex_data_X509_STORE_CTX_idx(),
44d2e75323651320b480d8bc2f098448a08de4fcwrowe (char *)ssl);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick if (!X509_verify_cert(&cert_store_ctx)) {
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02224)
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz "Re-negotiation verification step failed");
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe
3568de757bac0b47256647504c186d17ca272f85rbb SSL_set_verify_result(ssl, cert_store_ctx.error);
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe X509_STORE_CTX_cleanup(&cert_store_ctx);
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe if (cert_stack != SSL_get_peer_cert_chain(ssl)) {
f886987cd0bd4220c14043c4d9be77ec22902e73trawick /* we created this ourselves, so free it */
f886987cd0bd4220c14043c4d9be77ec22902e73trawick sk_X509_pop_free(cert_stack, X509_free);
f886987cd0bd4220c14043c4d9be77ec22902e73trawick }
f886987cd0bd4220c14043c4d9be77ec22902e73trawick }
f886987cd0bd4220c14043c4d9be77ec22902e73trawick else {
f886987cd0bd4220c14043c4d9be77ec22902e73trawick const char *reneg_support;
f886987cd0bd4220c14043c4d9be77ec22902e73trawick request_rec *id = r->main ? r->main : r;
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe /* Additional mitigation for CVE-2009-3555: At this point,
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe * before renegotiating, an (entire) request has been read
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowe * from the connection. An attacker may have sent further
3568de757bac0b47256647504c186d17ca272f85rbb * data to "prefix" any subsequent request by the victim's
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * client after the renegotiation; this data may already
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * have been read and buffered. Forcing a connection
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * closure after the response ensures such data will be
3568de757bac0b47256647504c186d17ca272f85rbb * discarded. Legimately pipelined HTTP requests will be
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz * retried anyway with this approach. */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if (has_buffered_data(r)) {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02259)
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz "insecure SSL re-negotiation required, but "
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz "a pipelined request is present; keepalive "
3568de757bac0b47256647504c186d17ca272f85rbb "disabled");
3568de757bac0b47256647504c186d17ca272f85rbb r->connection->keepalive = AP_CONN_CLOSE;
98fb535f829e2a95aabd82420931f476661fa8e3jorton }
98fb535f829e2a95aabd82420931f476661fa8e3jorton
e8f95a682820a599fe41b22977010636be5c2717jim#if defined(SSL_get_secure_renegotiation_support)
e8f95a682820a599fe41b22977010636be5c2717jim reneg_support = SSL_get_secure_renegotiation_support(ssl) ?
98fb535f829e2a95aabd82420931f476661fa8e3jorton "client does" : "client does not";
98fb535f829e2a95aabd82420931f476661fa8e3jorton#else
e8f95a682820a599fe41b22977010636be5c2717jim reneg_support = "server does not";
98fb535f829e2a95aabd82420931f476661fa8e3jorton#endif
98fb535f829e2a95aabd82420931f476661fa8e3jorton /* Perform a full renegotiation. */
98fb535f829e2a95aabd82420931f476661fa8e3jorton ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02260)
3568de757bac0b47256647504c186d17ca272f85rbb "Performing full renegotiation: complete handshake "
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz "protocol (%s support secure renegotiation)",
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz reneg_support);
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb SSL_set_session_id_context(ssl,
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding (unsigned char *)&id,
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding sizeof(id));
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding
85c5af648e9f414bd4f157490766d2fd5515a9f5rpluem /* Toggle the renegotiation state to allow the new
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe * handshake to proceed. */
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe sslconn->reneg_state = RENEG_ALLOW;
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe SSL_renegotiate(ssl);
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe SSL_do_handshake(ssl);
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe if (SSL_get_state(ssl) != SSL_ST_OK) {
85c5af648e9f414bd4f157490766d2fd5515a9f5rpluem ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02225)
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe "Re-negotiation request failed");
3568de757bac0b47256647504c186d17ca272f85rbb ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz r->connection->keepalive = AP_CONN_CLOSE;
3568de757bac0b47256647504c186d17ca272f85rbb return HTTP_FORBIDDEN;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz }
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz
3568de757bac0b47256647504c186d17ca272f85rbb ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02226)
3568de757bac0b47256647504c186d17ca272f85rbb "Awaiting re-negotiation handshake");
3568de757bac0b47256647504c186d17ca272f85rbb
3568de757bac0b47256647504c186d17ca272f85rbb /* XXX: Should replace setting state with SSL_renegotiate(ssl);
3568de757bac0b47256647504c186d17ca272f85rbb * However, this causes failures in perl-framework currently,
3568de757bac0b47256647504c186d17ca272f85rbb * perhaps pre-test if we have already negotiated?
ec020ca384efb30d501a5af796ddc3bb237d7b8fgregames */
3568de757bac0b47256647504c186d17ca272f85rbb#ifdef OPENSSL_NO_SSL_INTERN
ce03576b2434cec77f2921db9d5b6a0510581c23rederpj SSL_set_state(ssl, SSL_ST_ACCEPT);
397df70abe0bdd78a84fb6c38c02641bcfeadceasf#else
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick ssl->state = SSL_ST_ACCEPT;
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick#endif
397df70abe0bdd78a84fb6c38c02641bcfeadceasf SSL_do_handshake(ssl);
397df70abe0bdd78a84fb6c38c02641bcfeadceasf
397df70abe0bdd78a84fb6c38c02641bcfeadceasf sslconn->reneg_state = RENEG_REJECT;
397df70abe0bdd78a84fb6c38c02641bcfeadceasf
397df70abe0bdd78a84fb6c38c02641bcfeadceasf if (SSL_get_state(ssl) != SSL_ST_OK) {
9d0665da83d1e22c0ea0e5f6f940f70f75bf5237ianh ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02261)
3568de757bac0b47256647504c186d17ca272f85rbb "Re-negotiation handshake failed: "
3568de757bac0b47256647504c186d17ca272f85rbb "Not accepted by client!?");
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
7cd5419264796cfeaf8215383cf0f89130a81fectrawick r->connection->keepalive = AP_CONN_CLOSE;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick return HTTP_FORBIDDEN;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
7cd5419264796cfeaf8215383cf0f89130a81fectrawick
7cd5419264796cfeaf8215383cf0f89130a81fectrawick /*
73e8b26287de5c06fa470d36162e103dbac9c7e5wrowe * Remember the peer certificate's DN
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding */
b980ad7fdc218b4855cde9f75a747527f50c554dwrowe if ((cert = SSL_get_peer_certificate(ssl))) {
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe if (sslconn->client_cert) {
3568de757bac0b47256647504c186d17ca272f85rbb X509_free(sslconn->client_cert);
7cd5419264796cfeaf8215383cf0f89130a81fectrawick }
7cd5419264796cfeaf8215383cf0f89130a81fectrawick sslconn->client_cert = cert;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick sslconn->client_dn = NULL;
ca53a74f4012a45cbad48e940eddf27d866981f9dougm }
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding
36ef8f77bffe75d1aa327882be1b5bdbe2ff567asf /*
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding * Finally check for acceptable renegotiation results
302dc1f7b3feee23a91ad8f3cf3cb2edd95a557bmanoj */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz if ((dc->nVerifyClient != SSL_CVERIFY_NONE) ||
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz (sc->server->auth.verify_mode != SSL_CVERIFY_NONE)) {
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz BOOL do_verify = ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE));
0cb6873985efbf0cc9644114925df6baa4b32d5awrowe
3568de757bac0b47256647504c186d17ca272f85rbb if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02262)
3568de757bac0b47256647504c186d17ca272f85rbb "Re-negotiation handshake failed: "
"Client verification failed");
return HTTP_FORBIDDEN;
}
if (do_verify) {
if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02263)
"Re-negotiation handshake failed: "
"Client certificate missing");
return HTTP_FORBIDDEN;
}
X509_free(peercert);
}
}
/*
* Also check that SSLCipherSuite has been enforced as expected.
*/
if (cipher_list) {
cipher = SSL_get_current_cipher(ssl);
if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02264)
"SSL cipher suite not renegotiated: "
"access to %s denied using cipher %s",
r->filename,
SSL_CIPHER_get_name(cipher));
return HTTP_FORBIDDEN;
}
}
}
/* If we're trying to have the user name set from a client
* certificate then we need to set it here. This should be safe as
* the user name probably isn't important from an auth checking point
* of view as the certificate supplied acts in that capacity.
* However, if FakeAuth is being used then this isn't the case so
* we need to postpone setting the username until later.
*/
if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
char *val = ssl_var_lookup(r->pool, r->server, r->connection,
r, (char *)dc->szUserName);
if (val && val[0])
r->user = val;
else
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02227)
"Failed to set r->user to '%s'", dc->szUserName);
}
/*
* Check SSLRequire boolean expressions
*/
requires = dc->aRequirement;
ssl_requires = (ssl_require_t *)requires->elts;
for (i = 0; i < requires->nelts; i++) {
ssl_require_t *req = &ssl_requires[i];
const char *errstring;
ok = ap_expr_exec(r, req->mpExpr, &errstring);
if (ok < 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02265)
"access to %s failed, reason: Failed to execute "
"SSL requirement expression: %s",
r->filename, errstring);
/* remember forbidden access for strict require option */
apr_table_setn(r->notes, "ssl-access-forbidden", "1");
return HTTP_FORBIDDEN;
}
if (ok != 1) {
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02266)
"Access to %s denied for %s "
"(requirement expression not fulfilled)",
r->filename, r->useragent_ip);
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02228)
"Failed expression: %s", req->cpExpr);
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02229)
"access to %s failed, reason: %s",
r->filename,
"SSL requirement expression not fulfilled");
/* remember forbidden access for strict require option */
apr_table_setn(r->notes, "ssl-access-forbidden", "1");
return HTTP_FORBIDDEN;
}
}
/*
* Else access is granted from our point of view (except vendor
* handlers override). But we have to return DECLINED here instead
* of OK, because mod_auth and other modules still might want to
* deny access.
*/
return DECLINED;
}
/*
* Authentication Handler:
* Fake a Basic authentication from the X509 client certificate.
*
* This must be run fairly early on to prevent a real authentication from
* occuring, in particular it must be run before anything else that
* authenticates a user. This means that the Module statement for this
* module should be LAST in the Configuration file.
*/
int ssl_hook_UserCheck(request_rec *r)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r);
char *user;
const char *auth_line, *username, *password;
/*
* Additionally forbid access (again)
* when strict require option is used.
*/
if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) &&
(apr_table_get(r->notes, "ssl-access-forbidden")))
{
return HTTP_FORBIDDEN;
}
/*
* We decline when we are in a subrequest. The Authorization header
* would already be present if it was added in the main request.
*/
if (!ap_is_initial_req(r)) {
return DECLINED;
}
/*
* Make sure the user is not able to fake the client certificate
* based authentication by just entering an X.509 Subject DN
* ("/XX=YYY/XX=YYY/..") as the username and "password" as the
* password.
*/
if ((auth_line = apr_table_get(r->headers_in, "Authorization"))) {
if (strcEQ(ap_getword(r->pool, &auth_line, ' '), "Basic")) {
while ((*auth_line == ' ') || (*auth_line == '\t')) {
auth_line++;
}
auth_line = ap_pbase64decode(r->pool, auth_line);
username = ap_getword_nulls(r->pool, &auth_line, ':');
password = auth_line;
if ((username[0] == '/') && strEQ(password, "password")) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02035)
"Encountered FakeBasicAuth spoof: %s", username);
return HTTP_FORBIDDEN;
}
}
}
/*
* We decline operation in various situations...
* - SSLOptions +FakeBasicAuth not configured
* - r->user already authenticated
* - ssl not enabled
* - client did not present a certificate
*/
if (!((sc->enabled == SSL_ENABLED_TRUE || sc->enabled == SSL_ENABLED_OPTIONAL)
&& sslconn && sslconn->ssl && sslconn->client_cert) ||
!(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user)
{
return DECLINED;
}
if (!sslconn->client_dn) {
X509_NAME *name = X509_get_subject_name(sslconn->client_cert);
char *cp = X509_NAME_oneline(name, NULL, 0);
sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
OPENSSL_free(cp);
}
/* use SSLUserName if defined, otherwise use the full client DN */
if (dc->szUserName) {
user = ssl_var_lookup(r->pool, r->server, r->connection,
r, (char *)dc->szUserName);
if (!user || !user[0]) {
ap_log_rerror(
APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02434) "Failed to set FakeBasicAuth username to '%s', did not exist in certificate", dc->szUserName);
return DECLINED;
}
}
else {
user = (char *)sslconn->client_dn;
}
/*
* Fake a password - which one would be immaterial, as, it seems, an empty
* password in the users file would match ALL incoming passwords, if only
* we were using the standard crypt library routine. Unfortunately, OpenSSL
* "fixes" a "bug" in crypt and thus prevents blank passwords from
* working. (IMHO what they really fix is a bug in the users of the code
* - failing to program correctly for shadow passwords). We need,
* therefore, to provide a password. This password can be matched by
* adding the string "xxj31ZMTZzkVA" as the password in the user file.
* This is just the crypted variant of the word "password" ;-)
*/
auth_line = apr_pstrcat(r->pool, "Basic ",
ap_pbase64encode(r->pool,
apr_pstrcat(r->pool, user,
":password", NULL)),
NULL);
apr_table_setn(r->headers_in, "Authorization", auth_line);
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02036)
"Faking HTTP Basic Auth header: \"Authorization: %s\"",
auth_line);
return DECLINED;
}
/* authorization phase */
int ssl_hook_Auth(request_rec *r)
{
SSLDirConfigRec *dc = myDirConfig(r);
/*
* Additionally forbid access (again)
* when strict require option is used.
*/
if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) &&
(apr_table_get(r->notes, "ssl-access-forbidden")))
{
return HTTP_FORBIDDEN;
}
return DECLINED;
}
/*
* Fixup Handler
*/
static const char *ssl_hook_Fixup_vars[] = {
"SSL_VERSION_INTERFACE",
"SSL_VERSION_LIBRARY",
"SSL_PROTOCOL",
"SSL_SECURE_RENEG",
"SSL_COMPRESS_METHOD",
"SSL_CIPHER",
"SSL_CIPHER_EXPORT",
"SSL_CIPHER_USEKEYSIZE",
"SSL_CIPHER_ALGKEYSIZE",
"SSL_CLIENT_VERIFY",
"SSL_CLIENT_M_VERSION",
"SSL_CLIENT_M_SERIAL",
"SSL_CLIENT_V_START",
"SSL_CLIENT_V_END",
"SSL_CLIENT_V_REMAIN",
"SSL_CLIENT_S_DN",
"SSL_CLIENT_I_DN",
"SSL_CLIENT_A_KEY",
"SSL_CLIENT_A_SIG",
"SSL_SERVER_M_VERSION",
"SSL_SERVER_M_SERIAL",
"SSL_SERVER_V_START",
"SSL_SERVER_V_END",
"SSL_SERVER_S_DN",
"SSL_SERVER_I_DN",
"SSL_SERVER_A_KEY",
"SSL_SERVER_A_SIG",
"SSL_SESSION_ID",
"SSL_SESSION_RESUMED",
#ifdef HAVE_SRP
"SSL_SRP_USER",
"SSL_SRP_USERINFO",
#endif
NULL
};
int ssl_hook_Fixup(request_rec *r)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
SSLSrvConfigRec *sc = mySrvConfig(r->server);
SSLDirConfigRec *dc = myDirConfig(r);
apr_table_t *env = r->subprocess_env;
char *var, *val = "";
#ifdef HAVE_TLSEXT
const char *servername;
#endif
STACK_OF(X509) *peer_certs;
SSL *ssl;
int i;
/* If "SSLEngine optional" is configured, this is not an SSL
* connection, and this isn't a subrequest, send an Upgrade
* response header. */
if (sc->enabled == SSL_ENABLED_OPTIONAL && !(sslconn && sslconn->ssl)
&& !r->main) {
apr_table_setn(r->headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
apr_table_mergen(r->headers_out, "Connection", "upgrade");
}
/*
* Check to see if SSL is on
*/
if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) && sslconn && (ssl = sslconn->ssl))) {
return DECLINED;
}
/*
* Annotate the SSI/CGI environment with standard SSL information
*/
/* the always present HTTPS (=HTTP over SSL) flag! */
apr_table_setn(env, "HTTPS", "on");
#ifdef HAVE_TLSEXT
/* add content of SNI TLS extension (if supplied with ClientHello) */
if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
apr_table_set(env, "SSL_TLS_SNI", servername);
}
#endif
/* standard SSL environment variables */
if (dc->nOptions & SSL_OPT_STDENVVARS) {
modssl_var_extract_dns(env, sslconn->ssl, r->pool);
for (i = 0; ssl_hook_Fixup_vars[i]; i++) {
var = (char *)ssl_hook_Fixup_vars[i];
val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
if (!strIsEmpty(val)) {
apr_table_setn(env, var, val);
}
}
}
/*
* On-demand bloat up the SSI/CGI environment with certificate data
*/
if (dc->nOptions & SSL_OPT_EXPORTCERTDATA) {
val = ssl_var_lookup(r->pool, r->server, r->connection,
r, "SSL_SERVER_CERT");
apr_table_setn(env, "SSL_SERVER_CERT", val);
val = ssl_var_lookup(r->pool, r->server, r->connection,
r, "SSL_CLIENT_CERT");
apr_table_setn(env, "SSL_CLIENT_CERT", val);
if ((peer_certs = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl))) {
for (i = 0; i < sk_X509_num(peer_certs); i++) {
var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
val = ssl_var_lookup(r->pool, r->server, r->connection,
r, var);
if (val) {
apr_table_setn(env, var, val);
}
}
}
}
#ifdef SSL_get_secure_renegotiation_support
apr_table_setn(r->notes, "ssl-secure-reneg",
SSL_get_secure_renegotiation_support(ssl) ? "1" : "0");
#endif
return DECLINED;
}
/* _________________________________________________________________
**
** Authz providers for use with mod_authz_core
** _________________________________________________________________
*/
static authz_status ssl_authz_require_ssl_check(request_rec *r,
const char *require_line,
const void *parsed)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
SSL *ssl = sslconn ? sslconn->ssl : NULL;
if (ssl)
return AUTHZ_GRANTED;
else
return AUTHZ_DENIED;
}
static const char *ssl_authz_require_ssl_parse(cmd_parms *cmd,
const char *require_line,
const void **parsed)
{
if (require_line && require_line[0])
return "'Require ssl' does not take arguments";
return NULL;
}
const authz_provider ssl_authz_provider_require_ssl =
{
&ssl_authz_require_ssl_check,
&ssl_authz_require_ssl_parse,
};
static authz_status ssl_authz_verify_client_check(request_rec *r,
const char *require_line,
const void *parsed)
{
SSLConnRec *sslconn = myConnConfig(r->connection);
SSL *ssl = sslconn ? sslconn->ssl : NULL;
if (!ssl)
return AUTHZ_DENIED;
if (sslconn->verify_error == NULL &&
sslconn->verify_info == NULL &&
SSL_get_verify_result(ssl) == X509_V_OK)
{
X509 *xs = SSL_get_peer_certificate(ssl);
if (xs) {
X509_free(xs);
return AUTHZ_GRANTED;
}
else {
X509_free(xs);
}
}
return AUTHZ_DENIED;
}
static const char *ssl_authz_verify_client_parse(cmd_parms *cmd,
const char *require_line,
const void **parsed)
{
if (require_line && require_line[0])
return "'Require ssl-verify-client' does not take arguments";
return NULL;
}
const authz_provider ssl_authz_provider_verify_client =
{
&ssl_authz_verify_client_check,
&ssl_authz_verify_client_parse,
};
/* _________________________________________________________________
**
** OpenSSL Callback Functions
** _________________________________________________________________
*/
/*
* Hand out standard DH parameters, based on the authentication strength
*/
DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
{
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
EVP_PKEY *pkey;
int type;
#ifdef SSL_CERT_SET_SERVER
/*
* When multiple certs/keys are configured for the SSL_CTX: make sure
* that we get the private key which is indeed used for the current
* SSL connection (available in OpenSSL 1.0.2 or later only)
*/
SSL_set_current_cert(ssl, SSL_CERT_SET_SERVER);
#endif
pkey = SSL_get_privatekey(ssl);
type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
/*
* OpenSSL will call us with either keylen == 512 or keylen == 1024
* (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h).
* Adjust the DH parameter length according to the size of the
* RSA/DSA private key used for the current connection, and always
* use at least 1024-bit parameters.
* Note: This may cause interoperability issues with implementations
* which limit their DH support to 1024 bit - e.g. Java 7 and earlier.
* In this case, SSLCertificateFile can be used to specify fixed
* 1024-bit DH parameters (with the effect that OpenSSL skips this
* callback).
*/
if ((type == EVP_PKEY_RSA) || (type == EVP_PKEY_DSA)) {
keylen = EVP_PKEY_bits(pkey);
}
ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
"handing out built-in DH parameters for %d-bit authenticated connection", keylen);
return modssl_get_dh_params(keylen);
}
/*
* This OpenSSL callback function is called when OpenSSL
* does client authentication and verifies the certificate chain.
*/
int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
{
/* Get Apache context back through OpenSSL context */
SSL *ssl = X509_STORE_CTX_get_ex_data(ctx,
SSL_get_ex_data_X509_STORE_CTX_idx());
conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
request_rec *r = (request_rec *)SSL_get_app_data2(ssl);
server_rec *s = r ? r->server : mySrvFromConn(conn);
SSLSrvConfigRec *sc = mySrvConfig(s);
SSLDirConfigRec *dc = r ? myDirConfig(r) : NULL;
SSLConnRec *sslconn = myConnConfig(conn);
modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
/* Get verify ingredients */
int errnum = X509_STORE_CTX_get_error(ctx);
int errdepth = X509_STORE_CTX_get_error_depth(ctx);
int depth, verify;
/*
* Log verification information
*/
ssl_log_cxerror(SSLLOG_MARK, APLOG_DEBUG, 0, conn,
X509_STORE_CTX_get_current_cert(ctx), APLOGNO(02275)
"Certificate Verification, depth %d, "
"CRL checking mode: %s", errdepth,
mctx->crl_check_mode == SSL_CRLCHECK_CHAIN ?
"chain" : (mctx->crl_check_mode == SSL_CRLCHECK_LEAF ?
"leaf" : "none"));
/*
* Check for optionally acceptable non-verifiable issuer situation
*/
if (dc && (dc->nVerifyClient != SSL_CVERIFY_UNSET)) {
verify = dc->nVerifyClient;
}
else {
verify = mctx->auth.verify_mode;
}
if (verify == SSL_CVERIFY_NONE) {
/*
* SSLProxyVerify is either not configured or set to "none".
* (this callback doesn't happen in the server context if SSLVerify
* is not configured or set to "none")
*/
return TRUE;
}
if (ssl_verify_error_is_optional(errnum) &&
(verify == SSL_CVERIFY_OPTIONAL_NO_CA))
{
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, conn, APLOGNO(02037)
"Certificate Verification: Verifiable Issuer is "
"configured as optional, therefore we're accepting "
"the certificate");
sslconn->verify_info = "GENEROUS";
ok = TRUE;
}
/*
* Expired certificates vs. "expired" CRLs: by default, OpenSSL
* turns X509_V_ERR_CRL_HAS_EXPIRED into a "certificate_expired(45)"
* SSL alert, but that's not really the message we should convey to the
* peer (at the very least, it's confusing, and in many cases, it's also
* inaccurate, as the certificate itself may very well not have expired
* yet). We set the X509_STORE_CTX error to something which OpenSSL's
* s3_both.c:ssl_verify_alarm_type() maps to SSL_AD_CERTIFICATE_UNKNOWN,
* i.e. the peer will receive a "certificate_unknown(46)" alert.
* We do not touch errnum, though, so that later on we will still log
* the "real" error, as returned by OpenSSL.
*/
if (!ok && errnum == X509_V_ERR_CRL_HAS_EXPIRED) {
X509_STORE_CTX_set_error(ctx, -1);
}
#ifndef OPENSSL_NO_OCSP
/*
* Perform OCSP-based revocation checks
*/
if (ok && sc->server->ocsp_enabled == TRUE) {
/* If there was an optional verification error, it's not
* possible to perform OCSP validation since the issuer may be
* missing/untrusted. Fail in that case. */
if (ssl_verify_error_is_optional(errnum)) {
X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION);
errnum = X509_V_ERR_APPLICATION_VERIFICATION;
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn, APLOGNO(02038)
"cannot perform OCSP validation for cert "
"if issuer has not been verified "
"(optional_no_ca configured)");
ok = FALSE;
} else {
ok = modssl_verify_ocsp(ctx, sc, s, conn, conn->pool);
if (!ok) {
errnum = X509_STORE_CTX_get_error(ctx);
}
}
}
#endif
/*
* If we already know it's not ok, log the real reason
*/
if (!ok) {
if (APLOGcinfo(conn)) {
ssl_log_cxerror(SSLLOG_MARK, APLOG_INFO, 0, conn,
X509_STORE_CTX_get_current_cert(ctx), APLOGNO(02276)
"Certificate Verification: Error (%d): %s",
errnum, X509_verify_cert_error_string(errnum));
} else {
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn, APLOGNO(02039)
"Certificate Verification: Error (%d): %s",
errnum, X509_verify_cert_error_string(errnum));
}
if (sslconn->client_cert) {
X509_free(sslconn->client_cert);
sslconn->client_cert = NULL;
}
sslconn->client_dn = NULL;
sslconn->verify_error = X509_verify_cert_error_string(errnum);
}
/*
* Finally check the depth of the certificate verification
*/
if (dc && (dc->nVerifyDepth != UNSET)) {
depth = dc->nVerifyDepth;
}
else {
depth = mctx->auth.verify_depth;
}
if (errdepth > depth) {
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn, APLOGNO(02040)
"Certificate Verification: Certificate Chain too long "
"(chain has %d certificates, but maximum allowed are "
"only %d)",
errdepth, depth);
errnum = X509_V_ERR_CERT_CHAIN_TOO_LONG;
sslconn->verify_error = X509_verify_cert_error_string(errnum);
ok = FALSE;
}
/*
* And finally signal OpenSSL the (perhaps changed) state
*/
return ok;
}
#define SSLPROXY_CERT_CB_LOG_FMT \
"Proxy client certificate callback: (%s) "
static void modssl_proxy_info_log(conn_rec *c,
X509_INFO *info,
const char *msg)
{
ssl_log_cxerror(SSLLOG_MARK, APLOG_DEBUG, 0, c, info->x509, APLOGNO(02277)
SSLPROXY_CERT_CB_LOG_FMT "%s, sending",
(mySrvConfigFromConn(c))->vhost_id, msg);
}
/*
* caller will decrement the cert and key reference
* so we need to increment here to prevent them from
* being freed.
*/
#define modssl_set_cert_info(info, cert, pkey) \
*cert = info->x509; \
CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \
*pkey = info->x_pkey->dec_pkey; \
CRYPTO_add(&(*pkey)->references, +1, CRYPTO_LOCK_X509_PKEY)
int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
{
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
server_rec *s = mySrvFromConn(c);
SSLSrvConfigRec *sc = mySrvConfig(s);
X509_NAME *ca_name, *issuer, *ca_issuer;
X509_INFO *info;
X509 *ca_cert;
STACK_OF(X509_NAME) *ca_list;
STACK_OF(X509_INFO) *certs = sc->proxy->pkp->certs;
STACK_OF(X509) *ca_certs;
STACK_OF(X509) **ca_cert_chains;
int i, j, k;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02267)
SSLPROXY_CERT_CB_LOG_FMT "entered",
sc->vhost_id);
if (!certs || (sk_X509_INFO_num(certs) <= 0)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(02268)
SSLPROXY_CERT_CB_LOG_FMT
"downstream server wanted client certificate "
"but none are configured", sc->vhost_id);
return FALSE;
}
ca_list = SSL_get_client_CA_list(ssl);
if (!ca_list || (sk_X509_NAME_num(ca_list) <= 0)) {
/*
* downstream server didn't send us a list of acceptable CA certs,
* so we send the first client cert in the list.
*/
info = sk_X509_INFO_value(certs, 0);
modssl_proxy_info_log(c, info, APLOGNO(02278) "no acceptable CA list");
modssl_set_cert_info(info, x509, pkey);
return TRUE;
}
ca_cert_chains = sc->proxy->pkp->ca_certs;
for (i = 0; i < sk_X509_NAME_num(ca_list); i++) {
ca_name = sk_X509_NAME_value(ca_list, i);
for (j = 0; j < sk_X509_INFO_num(certs); j++) {
info = sk_X509_INFO_value(certs, j);
issuer = X509_get_issuer_name(info->x509);
/* Search certs (by issuer name) one by one*/
if (X509_NAME_cmp(issuer, ca_name) == 0) {
modssl_proxy_info_log(c, info, APLOGNO(02279)
"found acceptable cert");
modssl_set_cert_info(info, x509, pkey);
return TRUE;
}
if (ca_cert_chains) {
/*
* Failed to find direct issuer - search intermediates
* (by issuer name), if provided.
*/
ca_certs = ca_cert_chains[j];
for (k = 0; k < sk_X509_num(ca_certs); k++) {
ca_cert = sk_X509_value(ca_certs, k);
ca_issuer = X509_get_issuer_name(ca_cert);
if(X509_NAME_cmp(ca_issuer, ca_name) == 0 ) {
modssl_proxy_info_log(c, info, APLOGNO(02280)
"found acceptable cert by intermediate CA");
modssl_set_cert_info(info, x509, pkey);
return TRUE;
}
} /* end loop through chained certs */
}
} /* end loop through available certs */
}
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02269)
SSLPROXY_CERT_CB_LOG_FMT
"no client certificate found!?", sc->vhost_id);
return FALSE;
}
static void ssl_session_log(server_rec *s,
const char *request,
unsigned char *id,
unsigned int idlen,
const char *status,
const char *result,
long timeout)
{
char buf[SSL_SESSION_ID_STRING_LEN];
char timeout_str[56] = {'\0'};
if (!APLOGdebug(s)) {
return;
}
if (timeout) {
apr_snprintf(timeout_str, sizeof(timeout_str),
"timeout=%lds ", timeout);
}
ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, s,
"Inter-Process Session Cache: "
"request=%s status=%s id=%s %s(session %s)",
request, status,
SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
timeout_str, result);
}
/*
* This callback function is executed by OpenSSL whenever a new SSL_SESSION is
* added to the internal OpenSSL session cache. We use this hook to spread the
* SSL_SESSION also to the inter-process disk-cache to make share it with our
* other Apache pre-forked server processes.
*/
int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
{
/* Get Apache context back through OpenSSL context */
conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
server_rec *s = mySrvFromConn(conn);
SSLSrvConfigRec *sc = mySrvConfig(s);
long timeout = sc->session_cache_timeout;
BOOL rc;
unsigned char *id;
unsigned int idlen;
/*
* Set the timeout also for the internal OpenSSL cache, because this way
* our inter-process cache is consulted only when it's really necessary.
*/
SSL_set_timeout(session, timeout);
/*
* Store the SSL_SESSION in the inter-process cache with the
* same expire time, so it expires automatically there, too.
*/
#ifdef OPENSSL_NO_SSL_INTERN
id = (unsigned char *)SSL_SESSION_get_id(session, &idlen);
#else
id = session->session_id;
idlen = session->session_id_length;
#endif
rc = ssl_scache_store(s, id, idlen,
apr_time_from_sec(SSL_SESSION_get_time(session)
+ timeout),
session, conn->pool);
ssl_session_log(s, "SET", id, idlen,
rc == TRUE ? "OK" : "BAD",
"caching", timeout);
/*
* return 0 which means to OpenSSL that the session is still
* valid and was not freed by us with SSL_SESSION_free().
*/
return 0;
}
/*
* This callback function is executed by OpenSSL whenever a
* SSL_SESSION is looked up in the internal OpenSSL cache and it
* was not found. We use this to lookup the SSL_SESSION in the
* inter-process disk-cache where it was perhaps stored by one
* of our other Apache pre-forked server processes.
*/
SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl,
unsigned char *id,
int idlen, int *do_copy)
{
/* Get Apache context back through OpenSSL context */
conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
server_rec *s = mySrvFromConn(conn);
SSL_SESSION *session;
/*
* Try to retrieve the SSL_SESSION from the inter-process cache
*/
session = ssl_scache_retrieve(s, id, idlen, conn->pool);
ssl_session_log(s, "GET", id, idlen,
session ? "FOUND" : "MISSED",
session ? "reuse" : "renewal", 0);
/*
* Return NULL or the retrieved SSL_SESSION. But indicate (by
* setting do_copy to 0) that the reference count on the
* SSL_SESSION should not be incremented by the SSL library,
* because we will no longer hold a reference to it ourself.
*/
*do_copy = 0;
return session;
}
/*
* This callback function is executed by OpenSSL whenever a
* SSL_SESSION is removed from the the internal OpenSSL cache.
* We use this to remove the SSL_SESSION in the inter-process
* disk-cache, too.
*/
void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx,
SSL_SESSION *session)
{
server_rec *s;
SSLSrvConfigRec *sc;
unsigned char *id;
unsigned int idlen;
/*
* Get Apache context back through OpenSSL context
*/
if (!(s = (server_rec *)SSL_CTX_get_app_data(ctx))) {
return; /* on server shutdown Apache is already gone */
}
sc = mySrvConfig(s);
/*
* Remove the SSL_SESSION from the inter-process cache
*/
#ifdef OPENSSL_NO_SSL_INTERN
id = (unsigned char *)SSL_SESSION_get_id(session, &idlen);
#else
id = session->session_id;
idlen = session->session_id_length;
#endif
/* TODO: Do we need a temp pool here, or are we always shutting down? */
ssl_scache_remove(s, id, idlen, sc->mc->pPool);
ssl_session_log(s, "REM", id, idlen,
"OK", "dead", 0);
return;
}
/* Dump debugginfo trace to the log file. */
static void log_tracing_state(const SSL *ssl, conn_rec *c,
server_rec *s, int where, int rc)
{
/*
* create the various trace messages
*/
if (where & SSL_CB_HANDSHAKE_START) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
"%s: Handshake: start", SSL_LIBRARY_NAME);
}
else if (where & SSL_CB_HANDSHAKE_DONE) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
"%s: Handshake: done", SSL_LIBRARY_NAME);
}
else if (where & SSL_CB_LOOP) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
"%s: Loop: %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_READ) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
"%s: Read: %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_WRITE) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
"%s: Write: %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_ALERT) {
char *str = (where & SSL_CB_READ) ? "read" : "write";
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
"%s: Alert: %s:%s:%s",
SSL_LIBRARY_NAME, str,
SSL_alert_type_string_long(rc),
SSL_alert_desc_string_long(rc));
}
else if (where & SSL_CB_EXIT) {
if (rc == 0) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
"%s: Exit: failed in %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (rc < 0) {
ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
"%s: Exit: error in %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
}
/*
* Because SSL renegotiations can happen at any time (not only after
* SSL_accept()), the best way to log the current connection details is
* right after a finished handshake.
*/
if (where & SSL_CB_HANDSHAKE_DONE) {
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02041)
"Protocol: %s, Cipher: %s (%s/%s bits)",
ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"),
ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"),
ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"),
ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE"));
}
}
/*
* This callback function is executed while OpenSSL processes the SSL
* handshake and does SSL record layer stuff. It's used to trap
* client-initiated renegotiations, and for dumping everything to the
* log.
*/
void ssl_callback_Info(const SSL *ssl, int where, int rc)
{
conn_rec *c;
server_rec *s;
SSLConnRec *scr;
/* Retrieve the conn_rec and the associated SSLConnRec. */
if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL) {
return;
}
if ((scr = myConnConfig(c)) == NULL) {
return;
}
/* If the reneg state is to reject renegotiations, check the SSL
* state machine and move to ABORT if a Client Hello is being
* read. */
if ((where & SSL_CB_ACCEPT_LOOP) && scr->reneg_state == RENEG_REJECT) {
int state = SSL_get_state((SSL *)ssl);
if (state == SSL3_ST_SR_CLNT_HELLO_A
|| state == SSL23_ST_SR_CLNT_HELLO_A) {
scr->reneg_state = RENEG_ABORT;
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02042)
"rejecting client initiated renegotiation");
}
}
/* If the first handshake is complete, change state to reject any
* subsequent client-initiated renegotiation. */
else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_INIT) {
scr->reneg_state = RENEG_REJECT;
}
s = mySrvFromConn(c);
if (s && APLOGdebug(s)) {
log_tracing_state(ssl, c, s, where, rc);
}
}
#ifdef HAVE_TLSEXT
/*
* This callback function is executed when OpenSSL encounters an extended
* client hello with a server name indication extension ("SNI", cf. RFC 6066).
*/
int ssl_callback_ServerNameIndication(SSL *ssl, int *al, modssl_ctx_t *mctx)
{
const char *servername =
SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
if (c) {
if (servername) {
if (ap_vhost_iterate_given_conn(c, ssl_find_vhost,
(void *)servername)) {
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02043)
"SSL virtual host for servername %s found",
servername);
return SSL_TLSEXT_ERR_OK;
}
else {
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02044)
"No matching SSL virtual host for servername "
"%s found (using default/first virtual host)",
servername);
/*
* RFC 6066 section 3 says "It is NOT RECOMMENDED to send
* a warning-level unrecognized_name(112) alert, because
* the client's behavior in response to warning-level alerts
* is unpredictable."
*
* To maintain backwards compatibility in mod_ssl, we
* no longer send any alert (neither warning- nor fatal-level),
* i.e. we take the second action suggested in RFC 6066:
* "If the server understood the ClientHello extension but
* does not recognize the server name, the server SHOULD take
* one of two actions: either abort the handshake by sending
* a fatal-level unrecognized_name(112) alert or continue
* the handshake."
*/
}
}
else {
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02645)
"Server name not provided via TLS extension "
"(using default/first virtual host)");
}
}
return SSL_TLSEXT_ERR_NOACK;
}
/*
* Find a (name-based) SSL virtual host where either the ServerName
* or one of the ServerAliases matches the supplied name (to be used
* with ap_vhost_iterate_given_conn())
*/
static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s)
{
SSLSrvConfigRec *sc;
SSL *ssl;
BOOL found = FALSE;
apr_array_header_t *names;
int i;
SSLConnRec *sslcon;
/* check ServerName */
if (!strcasecmp(servername, s->server_hostname)) {
found = TRUE;
}
/*
* if not matched yet, check ServerAlias entries
* (adapted from vhost.c:matches_aliases())
*/
if (!found) {
names = s->names;
if (names) {
char **name = (char **)names->elts;
for (i = 0; i < names->nelts; ++i) {
if (!name[i])
continue;
if (!strcasecmp(servername, name[i])) {
found = TRUE;
break;
}
}
}
}
/* if still no match, check ServerAlias entries with wildcards */
if (!found) {
names = s->wild_names;
if (names) {
char **name = (char **)names->elts;
for (i = 0; i < names->nelts; ++i) {
if (!name[i])
continue;
if (!ap_strcasecmp_match(servername, name[i])) {
found = TRUE;
break;
}
}
}
}
/* set SSL_CTX (if matched) */
sslcon = myConnConfig(c);
if (found && (ssl = sslcon->ssl) &&
(sc = mySrvConfig(s))) {
SSL_CTX *ctx = SSL_set_SSL_CTX(ssl, sc->server->ssl_ctx);
/*
* SSL_set_SSL_CTX() only deals with the server cert,
* so we need to duplicate a few additional settings
* from the ctx by hand
*/
SSL_set_options(ssl, SSL_CTX_get_options(ctx));
if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
(SSL_num_renegotiations(ssl) == 0)) {
/*
* Only initialize the verification settings from the ctx
* if they are not yet set, or if we're called when a new
* SSL connection is set up (num_renegotiations == 0).
* Otherwise, we would possibly reset a per-directory
* configuration which was put into effect by ssl_hook_Access.
*/
SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx),
SSL_CTX_get_verify_callback(ctx));
}
/*
* Adjust the session id context. ssl_init_ssl_connection()
* always picks the configuration of the first vhost when
* calling SSL_new(), but we want to tie the session to the
* vhost we have just switched to. Again, we have to make sure
* that we're not overwriting a session id context which was
* possibly set in ssl_hook_Access(), before triggering
* a renegotiation.
*/
if (SSL_num_renegotiations(ssl) == 0) {
unsigned char *sid_ctx =
(unsigned char *)ap_md5_binary(c->pool,
(unsigned char *)sc->vhost_id,
sc->vhost_id_len);
SSL_set_session_id_context(ssl, sid_ctx, APR_MD5_DIGESTSIZE*2);
}
/*
* Save the found server into our SSLConnRec for later
* retrieval
*/
sslcon->server = s;
/*
* There is one special filter callback, which is set
* very early depending on the base_server's log level.
* If this is not the first vhost we're now selecting
* (and the first vhost doesn't use APLOG_TRACE4), then
* we need to set that callback here.
*/
if (APLOGtrace4(s)) {
BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
}
return 1;
}
return 0;
}
#endif /* HAVE_TLSEXT */
#ifdef HAVE_TLS_SESSION_TICKETS
/*
* This callback function is executed when OpenSSL needs a key for encrypting/
* decrypting a TLS session ticket (RFC 5077) and a ticket key file has been
* configured through SSLSessionTicketKeyFile.
*/
int ssl_callback_SessionTicket(SSL *ssl,
unsigned char *keyname,
unsigned char *iv,
EVP_CIPHER_CTX *cipher_ctx,
HMAC_CTX *hctx,
int mode)
{
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
server_rec *s = mySrvFromConn(c);
SSLSrvConfigRec *sc = mySrvConfig(s);
SSLConnRec *sslconn = myConnConfig(c);
modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
modssl_ticket_key_t *ticket_key = mctx->ticket_key;
if (mode == 1) {
/*
* OpenSSL is asking for a key for encrypting a ticket,
* see s3_srvr.c:ssl3_send_newsession_ticket()
*/
if (ticket_key == NULL) {
/* should never happen, but better safe than sorry */
return -1;
}
memcpy(keyname, ticket_key->key_name, 16);
RAND_pseudo_bytes(iv, EVP_MAX_IV_LENGTH);
EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
ticket_key->aes_key, iv);
HMAC_Init_ex(hctx, ticket_key->hmac_secret, 16, tlsext_tick_md(), NULL);
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02289)
"TLS session ticket key for %s successfully set, "
"creating new session ticket", sc->vhost_id);
return 0;
}
else if (mode == 0) {
/*
* OpenSSL is asking for the decryption key,
* see t1_lib.c:tls_decrypt_ticket()
*/
/* check key name */
if (ticket_key == NULL || memcmp(keyname, ticket_key->key_name, 16)) {
return 0;
}
EVP_DecryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
ticket_key->aes_key, iv);
HMAC_Init_ex(hctx, ticket_key->hmac_secret, 16, tlsext_tick_md(), NULL);
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02290)
"TLS session ticket key for %s successfully set, "
"decrypting existing session ticket", sc->vhost_id);
return 1;
}
/* OpenSSL is not expected to call us with modes other than 1 or 0 */
return -1;
}
#endif /* HAVE_TLS_SESSION_TICKETS */
#ifdef HAVE_TLS_NPN
/*
* This callback function is executed when SSL needs to decide what protocols
* to advertise during Next Protocol Negotiation (NPN). It must produce a
* string in wire format -- a sequence of length-prefixed strings -- indicating
* the advertised protocols. Refer to SSL_CTX_set_next_protos_advertised_cb
* in OpenSSL for reference.
*/
int ssl_callback_AdvertiseNextProtos(SSL *ssl, const unsigned char **data_out,
unsigned int *size_out, void *arg)
{
conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
SSLConnRec *sslconn = myConnConfig(c);
apr_array_header_t *protos;
int num_protos;
unsigned int size;
int i;
unsigned char *data;
unsigned char *start;
*data_out = NULL;
*size_out = 0;
/* If the connection object is not available, or there are no NPN
* hooks registered, then there's nothing for us to do. */
if (c == NULL || sslconn->npn_advertfns == NULL) {
return SSL_TLSEXT_ERR_OK;
}
/* Invoke our npn_advertise_protos hook, giving other modules a chance to
* add alternate protocol names to advertise. */
protos = apr_array_make(c->pool, 0, sizeof(char *));
for (i = 0; i < sslconn->npn_advertfns->nelts; i++) {
ssl_npn_advertise_protos fn =
APR_ARRAY_IDX(sslconn->npn_advertfns, i, ssl_npn_advertise_protos);
if (fn(c, protos) == DONE)
break;
}
num_protos = protos->nelts;
/* We now have a list of null-terminated strings; we need to concatenate
* them together into a single string, where each protocol name is prefixed
* by its length. First, calculate how long that string will be. */
size = 0;
for (i = 0; i < num_protos; ++i) {
const char *string = APR_ARRAY_IDX(protos, i, const char*);
unsigned int length = strlen(string);
/* If the protocol name is too long (the length must fit in one byte),
* then log an error and skip it. */
if (length > 255) {
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02307)
"SSL NPN protocol name too long (length=%u): %s",
length, string);
continue;
}
/* Leave room for the length prefix (one byte) plus the protocol name
* itself. */
size += 1 + length;
}
/* If there is nothing to advertise (either because no modules added
* anything to the protos array, or because all strings added to the array
* were skipped), then we're done. */
if (size == 0) {
return SSL_TLSEXT_ERR_OK;
}
/* Now we can build the string. Copy each protocol name string into the
* larger string, prefixed by its length. */
data = apr_palloc(c->pool, size * sizeof(unsigned char));
start = data;
for (i = 0; i < num_protos; ++i) {
const char *string = APR_ARRAY_IDX(protos, i, const char*);
apr_size_t length = strlen(string);
if (length > 255)
continue;
*start = (unsigned char)length;
++start;
memcpy(start, string, length * sizeof(unsigned char));
start += length;
}
/* Success. */
*data_out = data;
*size_out = size;
return SSL_TLSEXT_ERR_OK;
}
#endif /* HAVE_TLS_NPN */
#ifdef HAVE_SRP
int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg)
{
modssl_ctx_t *mctx = (modssl_ctx_t *)arg;
char *username = SSL_get_srp_username(ssl);
SRP_user_pwd *u;
if (username == NULL
|| (u = SRP_VBASE_get_by_user(mctx->srp_vbase, username)) == NULL) {
*ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
return SSL3_AL_FATAL;
}
if (SSL_set_srp_server_param(ssl, u->N, u->g, u->s, u->v, u->info) < 0) {
*ad = SSL_AD_INTERNAL_ERROR;
return SSL3_AL_FATAL;
}
/* reset all other options */
SSL_set_verify(ssl, SSL_VERIFY_NONE, ssl_callback_SSLVerify);
return SSL_ERROR_NONE;
}
#endif /* HAVE_SRP */