Apache HTTPD
ssl_engine_kernel.c
Go to the documentation of this file.
1/* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17/* _ _
18 * _ __ ___ ___ __| | ___ ___| | mod_ssl
19 * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
20 * | | | | | | (_) | (_| | \__ \__ \ |
21 * |_| |_| |_|\___/ \__,_|___|___/___/_|
22 * |_____|
23 * ssl_engine_kernel.c
24 * The SSL engine kernel
25 */
26 /* ``It took me fifteen years to discover
27 I had no talent for programming, but
28 I couldn't give it up because by that
29 time I was too famous.''
30 -- Unknown */
31#include "ssl_private.h"
32#include "mod_ssl.h"
33#include "util_md5.h"
34#include "scoreboard.h"
35
36static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
37#ifdef HAVE_TLSEXT
38static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s);
39#endif
40
41#define SWITCH_STATUS_LINE "HTTP/1.1 101 Switching Protocols"
42#define UPGRADE_HEADER "Upgrade: TLS/1.0, HTTP/1.1"
43#define CONNECTION_HEADER "Connection: Upgrade"
44
45/* Perform an upgrade-to-TLS for the given request, per RFC 2817. */
46static apr_status_t upgrade_connection(request_rec *r)
47{
48 struct conn_rec *conn = r->connection;
49 apr_bucket_brigade *bb;
50 SSLConnRec *sslconn;
51 apr_status_t rv;
52 SSL *ssl;
53
54 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02028)
55 "upgrading connection to TLS");
56
57 bb = apr_brigade_create(r->pool, conn->bucket_alloc);
58
59 rv = ap_fputs(conn->output_filters, bb, SWITCH_STATUS_LINE CRLF
60 UPGRADE_HEADER CRLF CONNECTION_HEADER CRLF CRLF);
61 if (rv == APR_SUCCESS) {
62 APR_BRIGADE_INSERT_TAIL(bb,
63 apr_bucket_flush_create(conn->bucket_alloc));
64 rv = ap_pass_brigade(conn->output_filters, bb);
65 }
66
67 if (rv) {
68 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02029)
69 "failed to send 101 interim response for connection "
70 "upgrade");
71 return rv;
72 }
73
74 ssl_init_ssl_connection(conn, r);
75
76 sslconn = myConnConfig(conn);
77 ssl = sslconn->ssl;
78
79 /* Perform initial SSL handshake. */
80 SSL_set_accept_state(ssl);
81 SSL_do_handshake(ssl);
82
83 if (!SSL_is_init_finished(ssl)) {
84 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02030)
85 "TLS upgrade handshake failed");
86 ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
87
88 return APR_ECONNABORTED;
89 }
90
91 return APR_SUCCESS;
92}
93
94/* Perform a speculative (and non-blocking) read from the connection
95 * filters for the given request, to determine whether there is any
96 * pending data to read. Return non-zero if there is, else zero. */
97static int has_buffered_data(request_rec *r)
98{
99 apr_bucket_brigade *bb;
100 apr_off_t len;
101 apr_status_t rv;
102 int result;
103
104 bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
105
106 rv = ap_get_brigade(r->connection->input_filters, bb, AP_MODE_SPECULATIVE,
107 APR_NONBLOCK_READ, 1);
108 result = rv == APR_SUCCESS
109 && apr_brigade_length(bb, 1, &len) == APR_SUCCESS
110 && len > 0;
111
112 apr_brigade_destroy(bb);
113
114 return result;
115}
116
117/* If a renegotiation is required for the location, and the request
118 * includes a message body (and the client has not requested a "100
119 * Continue" response), then the client will be streaming the request
120 * body over the wire already. In that case, it is not possible to
121 * stop and perform a new SSL handshake immediately; once the SSL
122 * library moves to the "accept" state, it will reject the SSL packets
123 * which the client is sending for the request body.
124 *
125 * To allow authentication to complete in the hook, the solution used
126 * here is to fill a (bounded) buffer with the request body, and then
127 * to reinject that request body later.
128 *
129 * This function is called to fill the renegotiation buffer for the
130 * location as required, or fail. Returns zero on success or HTTP_
131 * error code on failure.
132 */
133static int fill_reneg_buffer(request_rec *r, SSLDirConfigRec *dc)
134{
135 int rv;
136 apr_size_t rsize;
137
138 /* ### this is HTTP/1.1 specific, special case for protocol? */
139 if (r->expecting_100 || !ap_request_has_body(r)) {
140 return 0;
141 }
142
143 rsize = dc->nRenegBufferSize == UNSET ? DEFAULT_RENEG_BUFFER_SIZE : dc->nRenegBufferSize;
144 if (rsize > 0) {
145 /* Fill the I/O buffer with the request body if possible. */
146 rv = ssl_io_buffer_fill(r, rsize);
147 }
148 else {
149 /* If the reneg buffer size is set to zero, just fail. */
150 rv = HTTP_REQUEST_ENTITY_TOO_LARGE;
151 }
152
153 return rv;
154}
155
156#ifdef HAVE_TLSEXT
157static int ap_array_same_str_set(apr_array_header_t *s1, apr_array_header_t *s2)
158{
159 int i;
160 const char *c;
161
162 if (s1 == s2) {
163 return 1;
164 }
165 else if (!s1 || !s2 || (s1->nelts != s2->nelts)) {
166 return 0;
167 }
168
169 for (i = 0; i < s1->nelts; i++) {
170 c = APR_ARRAY_IDX(s1, i, const char *);
171 if (!c || !ap_array_str_contains(s2, c)) {
172 return 0;
173 }
174 }
175 return 1;
176}
177
178static int ssl_pk_server_compatible(modssl_pk_server_t *pks1,
179 modssl_pk_server_t *pks2)
180{
181 if (!pks1 || !pks2) {
182 return 0;
183 }
184 /* both have the same certificates? */
185 if ((pks1->ca_name_path != pks2->ca_name_path)
186 && (!pks1->ca_name_path || !pks2->ca_name_path
187 || strcmp(pks1->ca_name_path, pks2->ca_name_path))) {
188 return 0;
189 }
190 if ((pks1->ca_name_file != pks2->ca_name_file)
191 && (!pks1->ca_name_file || !pks2->ca_name_file
192 || strcmp(pks1->ca_name_file, pks2->ca_name_file))) {
193 return 0;
194 }
195 if (!ap_array_same_str_set(pks1->cert_files, pks2->cert_files)
196 || !ap_array_same_str_set(pks1->key_files, pks2->key_files)) {
197 return 0;
198 }
199 return 1;
200}
201
202static int ssl_auth_compatible(modssl_auth_ctx_t *a1,
203 modssl_auth_ctx_t *a2)
204{
205 if (!a1 || !a2) {
206 return 0;
207 }
208 /* both have the same verification */
209 if ((a1->verify_depth != a2->verify_depth)
210 || (a1->verify_mode != a2->verify_mode)) {
211 return 0;
212 }
213 /* both have the same ca path/file */
214 if ((a1->ca_cert_path != a2->ca_cert_path)
215 && (!a1->ca_cert_path || !a2->ca_cert_path
216 || strcmp(a1->ca_cert_path, a2->ca_cert_path))) {
217 return 0;
218 }
219 if ((a1->ca_cert_file != a2->ca_cert_file)
220 && (!a1->ca_cert_file || !a2->ca_cert_file
221 || strcmp(a1->ca_cert_file, a2->ca_cert_file))) {
222 return 0;
223 }
224 /* both have the same ca cipher suite string */
225 if ((a1->cipher_suite != a2->cipher_suite)
226 && (!a1->cipher_suite || !a2->cipher_suite
227 || strcmp(a1->cipher_suite, a2->cipher_suite))) {
228 return 0;
229 }
230 /* both have the same ca cipher suite string */
231 if ((a1->tls13_ciphers != a2->tls13_ciphers)
232 && (!a1->tls13_ciphers || !a2->tls13_ciphers
233 || strcmp(a1->tls13_ciphers, a2->tls13_ciphers))) {
234 return 0;
235 }
236 return 1;
237}
238
239static int ssl_ctx_compatible(modssl_ctx_t *ctx1,
240 modssl_ctx_t *ctx2)
241{
242 if (!ctx1 || !ctx2
243 || (ctx1->protocol != ctx2->protocol)
244 || !ssl_auth_compatible(&ctx1->auth, &ctx2->auth)
245 || !ssl_pk_server_compatible(ctx1->pks, ctx2->pks)) {
246 return 0;
247 }
248 return 1;
249}
250
251static int ssl_server_compatible(server_rec *s1, server_rec *s2)
252{
253 SSLSrvConfigRec *sc1 = s1? mySrvConfig(s1) : NULL;
254 SSLSrvConfigRec *sc2 = s2? mySrvConfig(s2) : NULL;
255
256 /* both use the same TLS protocol? */
257 if (!sc1 || !sc2
258 || !ssl_ctx_compatible(sc1->server, sc2->server)) {
259 return 0;
260 }
261
262 return 1;
263}
264#endif
265
266/*
267 * Post Read Request Handler
268 */
269int ssl_hook_ReadReq(request_rec *r)
270{
271 SSLSrvConfigRec *sc = mySrvConfig(r->server);
272 SSLConnRec *sslconn;
273 const char *upgrade;
274#ifdef HAVE_TLSEXT
275 const char *servername;
276#endif
277 SSL *ssl;
278
279 /* Perform TLS upgrade here if "SSLEngine optional" is configured,
280 * SSL is not already set up for this connection, and the client
281 * has sent a suitable Upgrade header. */
282 if (sc->enabled == SSL_ENABLED_OPTIONAL && !myConnConfig(r->connection)
283 && (upgrade = apr_table_get(r->headers_in, "Upgrade")) != NULL
284 && ap_find_token(r->pool, upgrade, "TLS/1.0")) {
285 if (upgrade_connection(r)) {
286 return AP_FILTER_ERROR;
287 }
288 }
289
290 /* If we are on a slave connection, we do not expect to have an SSLConnRec,
291 * but our master connection might. */
292 sslconn = myConnConfig(r->connection);
293 if (!(sslconn && sslconn->ssl) && r->connection->master) {
294 sslconn = myConnConfig(r->connection->master);
295 }
296
297 /* If "SSLEngine optional" is configured, this is not an SSL
298 * connection, and this isn't a subrequest, send an Upgrade
299 * response header. Note this must happen before map_to_storage
300 * and OPTIONS * request processing is completed.
301 */
302 if (sc->enabled == SSL_ENABLED_OPTIONAL && !(sslconn && sslconn->ssl)
303 && !r->main) {
304 apr_table_setn(r->headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
305 apr_table_mergen(r->headers_out, "Connection", "upgrade");
306 }
307
308 if (!sslconn) {
309 return DECLINED;
310 }
311
312 if (sslconn->service_unavailable) {
313 /* This is set when the SSL properties of this connection are
314 * incomplete or if this connection was made to challenge a
315 * particular hostname (ACME). We never serve any request on
316 * such a connection. */
317 /* TODO: a retry-after indicator would be nice here */
318 return HTTP_SERVICE_UNAVAILABLE;
319 }
320
321 if (sslconn->non_ssl_request == NON_SSL_SET_ERROR_MSG) {
322 apr_table_setn(r->notes, "error-notes",
323 "Reason: You're speaking plain HTTP to an SSL-enabled "
324 "server port.<br />\n Instead use the HTTPS scheme to "
325 "access this URL, please.<br />\n");
326
327 /* Now that we have caught this error, forget it. we are done
328 * with using SSL on this request.
329 */
330 sslconn->non_ssl_request = NON_SSL_OK;
331
332 return HTTP_BAD_REQUEST;
333 }
334
335 /*
336 * Get the SSL connection structure and perform the
337 * delayed interlinking from SSL back to request_rec
338 */
339 ssl = sslconn->ssl;
340 if (!ssl) {
341 return DECLINED;
342 }
343#ifdef HAVE_TLSEXT
344 /*
345 * Perform SNI checks only on the initial request. In particular,
346 * if these checks detect a problem, the checks shouldn't return an
347 * error again when processing an ErrorDocument redirect for the
348 * original problem.
349 */
350 if (r->proxyreq != PROXYREQ_PROXY && ap_is_initial_req(r)) {
351 server_rec *handshakeserver = sslconn->server;
352 SSLSrvConfigRec *hssc = mySrvConfig(handshakeserver);
353
354 if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
355 /*
356 * The SNI extension supplied a hostname. So don't accept requests
357 * with either no hostname or a hostname that selected a different
358 * virtual host than the one used for the handshake, causing
359 * different SSL parameters to be applied, such as SSLProtocol,
360 * SSLCACertificateFile/Path and SSLCADNRequestFile/Path which
361 * cannot be renegotiated (SSLCA* due to current limitations in
362 * OpenSSL, see:
363 * http://mail-archives.apache.org/mod_mbox/httpd-dev/200806.mbox/%[email protected]%3E
364 * and
365 * http://mail-archives.apache.org/mod_mbox/httpd-dev/201312.mbox/%3CCAKQ1sVNpOrdiBm-UPw1hEdSN7YQXRRjeaT-MCWbW_7mN%3DuFiOw%40mail.gmail.com%3E
366 * )
367 */
368 if (!r->hostname) {
369 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02031)
370 "Hostname %s provided via SNI, but no hostname"
371 " provided in HTTP request", servername);
372 return HTTP_BAD_REQUEST;
373 }
374 if (r->server != handshakeserver
375 && !ssl_server_compatible(sslconn->server, r->server)) {
376 /*
377 * The request does not select the virtual host that was
378 * selected by the SNI and its SSL parameters are different
379 */
380
381 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02032)
382 "Hostname %s provided via SNI and hostname %s provided"
383 " via HTTP have no compatible SSL setup",
384 servername, r->hostname);
385 return HTTP_MISDIRECTED_REQUEST;
386 }
387 }
388 else if (((sc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
389 || hssc->strict_sni_vhost_check == SSL_ENABLED_TRUE)
390 && r->connection->vhost_lookup_data) {
391 /*
392 * We are using a name based configuration here, but no hostname was
393 * provided via SNI. Don't allow that if are requested to do strict
394 * checking. Check whether this strict checking was set up either in the
395 * server config we used for handshaking or in our current server.
396 * This should avoid insecure configuration by accident.
397 */
398 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02033)
399 "No hostname was provided via SNI for a name based"
400 " virtual host");
401 apr_table_setn(r->notes, "error-notes",
402 "Reason: The client software did not provide a "
403 "hostname using Server Name Indication (SNI), "
404 "which is required to access this server.<br />\n");
405 return HTTP_FORBIDDEN;
406 }
407 }
408#endif
409 modssl_set_app_data2(ssl, r);
410
411 /*
412 * Log information about incoming HTTPS requests
413 */
414 if (APLOGrinfo(r) && ap_is_initial_req(r)) {
415 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02034)
416 "%s HTTPS request received for child %ld (server %s)",
417 (r->connection->keepalives <= 0 ?
418 "Initial (No.1)" :
419 apr_psprintf(r->pool, "Subsequent (No.%d)",
420 r->connection->keepalives+1)),
421 r->connection->id,
422 ssl_util_vhostid(r->pool, r->server));
423 }
424
425 /* SetEnvIf ssl-*-shutdown flags can only be per-server,
426 * so they won't change across keepalive requests
427 */
428 if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
429 ssl_configure_env(r, sslconn);
430 }
431
432 return DECLINED;
433}
434
435/*
436 * Move SetEnvIf information from request_rec to conn_rec/BUFF
437 * to allow the close connection handler to use them.
438 */
439
440static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn)
441{
442 int i;
443 const apr_array_header_t *arr = apr_table_elts(r->subprocess_env);
444 const apr_table_entry_t *elts = (const apr_table_entry_t *)arr->elts;
445
446 sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_STANDARD;
447
448 for (i = 0; i < arr->nelts; i++) {
449 const char *key = elts[i].key;
450
451 switch (*key) {
452 case 's':
453 /* being case-sensitive here.
454 * and not checking for the -shutdown since these are the only
455 * SetEnvIf "flags" we support
456 */
457 if (!strncmp(key+1, "sl-", 3)) {
458 key += 4;
459 if (!strncmp(key, "unclean", 7)) {
460 sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
461 }
462 else if (!strncmp(key, "accurate", 8)) {
463 sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_ACCURATE;
464 }
465 return; /* should only ever be one ssl-*-shutdown */
466 }
467 break;
468 }
469 }
470}
471
472static int ssl_check_post_client_verify(request_rec *r, SSLSrvConfigRec *sc,
473 SSLDirConfigRec *dc, SSLConnRec *sslconn,
474 SSL *ssl)
475{
476 X509 *cert;
477
478 /*
479 * Remember the peer certificate's DN
480 */
481 if ((cert = SSL_get_peer_certificate(ssl))) {
482 if (sslconn->client_cert) {
483 X509_free(sslconn->client_cert);
484 }
485 sslconn->client_cert = cert;
486 sslconn->client_dn = NULL;
487 }
488
489 /*
490 * Finally check for acceptable renegotiation results
491 */
492 if ((dc->nVerifyClient != SSL_CVERIFY_NONE) ||
493 (sc->server->auth.verify_mode != SSL_CVERIFY_NONE)) {
494 BOOL do_verify = ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
495 (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE));
496
497 if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
498 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02262)
499 "Re-negotiation handshake failed: "
500 "Client verification failed");
501
502 return HTTP_FORBIDDEN;
503 }
504
505 if (do_verify) {
506 if (cert == NULL) {
507 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02263)
508 "Re-negotiation handshake failed: "
509 "Client certificate missing");
510
511 return HTTP_FORBIDDEN;
512 }
513 }
514 }
515 return OK;
516}
517
518/*
519 * Access Handler, classic flavour, for SSL/TLS up to v1.2
520 * where everything can be renegotiated and no one is happy.
521 */
522static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirConfigRec *dc,
523 SSLConnRec *sslconn, SSL *ssl)
524{
525 server_rec *handshakeserver = sslconn ? sslconn->server : NULL;
526 SSLSrvConfigRec *hssc = handshakeserver? mySrvConfig(handshakeserver) : NULL;
527 SSL_CTX *ctx = ssl ? SSL_get_SSL_CTX(ssl) : NULL;
528 BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
529 X509 *peercert;
530 X509_STORE *cert_store = NULL;
531 X509_STORE_CTX *cert_store_ctx;
532 STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
533 const SSL_CIPHER *cipher = NULL;
534 int depth, verify_old, verify, n, rc;
535 const char *ncipher_suite;
536
537#ifdef HAVE_SRP
538 /*
539 * Support for per-directory reconfigured SSL connection parameters
540 *
541 * We do not force any renegotiation if the user is already authenticated
542 * via SRP.
543 *
544 */
545 if (SSL_get_srp_username(ssl)) {
546 return DECLINED;
547 }
548#endif
549
550 /*
551 * Support for per-directory reconfigured SSL connection parameters.
552 *
553 * This is implemented by forcing an SSL renegotiation with the
554 * reconfigured parameter suite. But Apache's internal API processing
555 * makes our life very hard here, because when internal sub-requests occur
556 * we nevertheless should avoid multiple unnecessary SSL handshakes (they
557 * require extra network I/O and especially time to perform).
558 *
559 * But the optimization for filtering out the unnecessary handshakes isn't
560 * obvious and trivial. Especially because while Apache is in its
561 * sub-request processing the client could force additional handshakes,
562 * too. And these take place perhaps without our notice. So the only
563 * possibility is to explicitly _ask_ OpenSSL whether the renegotiation
564 * has to be performed or not. It has to performed when some parameters
565 * which were previously known (by us) are not those we've now
566 * reconfigured (as known by OpenSSL) or (in optimized way) at least when
567 * the reconfigured parameter suite is stronger (more restrictions) than
568 * the currently active one.
569 */
570
571 /*
572 * Override of SSLCipherSuite
573 *
574 * We provide two options here:
575 *
576 * o The paranoid and default approach where we force a renegotiation when
577 * the cipher suite changed in _any_ way (which is straight-forward but
578 * often forces renegotiations too often and is perhaps not what the
579 * user actually wanted).
580 *
581 * o The optimized and still secure way where we force a renegotiation
582 * only if the currently active cipher is no longer contained in the
583 * reconfigured/new cipher suite. Any other changes are not important
584 * because it's the servers choice to select a cipher from the ones the
585 * client supports. So as long as the current cipher is still in the new
586 * cipher suite we're happy. Because we can assume we would have
587 * selected it again even when other (better) ciphers exists now in the
588 * new cipher suite. This approach is fine because the user explicitly
589 * has to enable this via ``SSLOptions +OptRenegotiate''. So we do no
590 * implicit optimizations.
591 */
592 ncipher_suite = (dc->szCipherSuite?
593 dc->szCipherSuite : (r->server != handshakeserver)?
594 sc->server->auth.cipher_suite : NULL);
595
596 if (ncipher_suite && (!sslconn->cipher_suite
597 || strcmp(ncipher_suite, sslconn->cipher_suite))) {
598 /* remember old state */
599
600 if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
601 cipher = SSL_get_current_cipher(ssl);
602 }
603 else {
604 cipher_list_old = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
605
606 if (cipher_list_old) {
607 cipher_list_old = sk_SSL_CIPHER_dup(cipher_list_old);
608 }
609 }
610
611 /* configure new state */
612 if (r->connection->master) {
613 /* TODO: this categorically fails changed cipher suite settings
614 * on slave connections. We could do better by
615 * - create a new SSL* from our SSL_CTX and set cipher suite there,
616 * and retrieve ciphers, free afterwards
617 * Modifying the SSL on a slave connection is no good.
618 */
619 apr_table_setn(r->notes, "ssl-renegotiate-forbidden", "cipher-suite");
620 return HTTP_FORBIDDEN;
621 }
622
623 if (!SSL_set_cipher_list(ssl, ncipher_suite)) {
624 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02253)
625 "Unable to reconfigure (per-directory) "
626 "permitted SSL ciphers");
627 ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
628
629 if (cipher_list_old) {
630 sk_SSL_CIPHER_free(cipher_list_old);
631 }
632
633 return HTTP_FORBIDDEN;
634 }
635
636 /* determine whether a renegotiation has to be forced */
637 cipher_list = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
638
639 if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
640 /* optimized way */
641 if ((!cipher && cipher_list) ||
642 (cipher && !cipher_list))
643 {
644 renegotiate = TRUE;
645 }
646 else if (cipher && cipher_list &&
647 (sk_SSL_CIPHER_find(cipher_list, cipher) < 0))
648 {
649 renegotiate = TRUE;
650 }
651 }
652 else {
653 /* paranoid way */
654 if ((!cipher_list_old && cipher_list) ||
655 (cipher_list_old && !cipher_list))
656 {
657 renegotiate = TRUE;
658 }
659 else if (cipher_list_old && cipher_list) {
660 for (n = 0;
661 !renegotiate && (n < sk_SSL_CIPHER_num(cipher_list));
662 n++)
663 {
664 const SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list, n);
665
666 if (sk_SSL_CIPHER_find(cipher_list_old, value) < 0) {
667 renegotiate = TRUE;
668 }
669 }
670
671 for (n = 0;
672 !renegotiate && (n < sk_SSL_CIPHER_num(cipher_list_old));
673 n++)
674 {
675 const SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list_old, n);
676
677 if (sk_SSL_CIPHER_find(cipher_list, value) < 0) {
678 renegotiate = TRUE;
679 }
680 }
681 }
682 }
683
684 /* cleanup */
685 if (cipher_list_old) {
686 sk_SSL_CIPHER_free(cipher_list_old);
687 }
688
689 if (renegotiate) {
690 if (r->connection->master) {
691 /* The request causes renegotiation on a slave connection.
692 * This is not allowed since we might have concurrent requests
693 * on this connection.
694 */
695 apr_table_setn(r->notes, "ssl-renegotiate-forbidden", "cipher-suite");
696 return HTTP_FORBIDDEN;
697 }
698
699#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
700 if (sc->cipher_server_pref == TRUE) {
701 SSL_set_options(ssl, SSL_OP_CIPHER_SERVER_PREFERENCE);
702 }
703#endif
704 /* tracing */
705 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02220)
706 "Reconfigured cipher suite will force renegotiation");
707 }
708 }
709
710 /*
711 * override of SSLVerifyClient
712 *
713 * We force a renegotiation if the reconfigured/new verify type is
714 * stronger than the currently active verify type.
715 *
716 * The order is: none << optional_no_ca << optional << require
717 *
718 * Additionally the following optimization is possible here: When the
719 * currently active verify type is "none" but a client certificate is
720 * already known/present, it's enough to manually force a client
721 * verification but at least skip the I/O-intensive renegotiation
722 * handshake.
723 */
724 if ((dc->nVerifyClient != SSL_CVERIFY_UNSET) ||
725 (sc->server->auth.verify_mode != SSL_CVERIFY_UNSET)) {
726
727 /* remember old state */
728 verify_old = SSL_get_verify_mode(ssl);
729 /* configure new state */
730 verify = SSL_VERIFY_NONE;
731
732 if ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
733 (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE)) {
734 verify |= SSL_VERIFY_PEER_STRICT;
735 }
736
737 if ((dc->nVerifyClient == SSL_CVERIFY_OPTIONAL) ||
738 (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA) ||
739 (sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL) ||
740 (sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
741 {
742 verify |= SSL_VERIFY_PEER;
743 }
744
745 /* TODO: this seems premature since we do not know if there
746 * are any changes required.
747 */
748 SSL_set_verify(ssl, verify, ssl_callback_SSLVerify);
749 SSL_set_verify_result(ssl, X509_V_OK);
750
751 /* determine whether we've to force a renegotiation */
752 if (!renegotiate && verify != verify_old) {
753 if (((verify_old == SSL_VERIFY_NONE) &&
754 (verify != SSL_VERIFY_NONE)) ||
755
756 (!(verify_old & SSL_VERIFY_PEER) &&
757 (verify & SSL_VERIFY_PEER)) ||
758
759 (!(verify_old & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) &&
760 (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
761 {
762 renegotiate = TRUE;
763 if (r->connection->master) {
764 /* The request causes renegotiation on a slave connection.
765 * This is not allowed since we might have concurrent requests
766 * on this connection.
767 */
768 apr_table_setn(r->notes, "ssl-renegotiate-forbidden", "verify-client");
769 SSL_set_verify(ssl, verify_old, ssl_callback_SSLVerify);
770 return HTTP_FORBIDDEN;
771 }
772 /* optimization */
773
774 if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&
775 (verify_old == SSL_VERIFY_NONE) &&
776 ((peercert = SSL_get_peer_certificate(ssl)) != NULL))
777 {
778 renegotiate_quick = TRUE;
779 X509_free(peercert);
780 }
781
782 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02255)
783 "Changed client verification type will force "
784 "%srenegotiation",
785 renegotiate_quick ? "quick " : "");
786 }
787 else if (verify != SSL_VERIFY_NONE) {
788 /*
789 * override of SSLVerifyDepth
790 *
791 * The depth checks are handled by us manually inside the
792 * verify callback function and not by OpenSSL internally
793 * (and our function is aware of both the per-server and
794 * per-directory contexts). So we cannot ask OpenSSL about
795 * the currently verify depth. Instead we remember it in our
796 * SSLConnRec attached to the SSL* of OpenSSL. We've to force
797 * the renegotiation if the reconfigured/new verify depth is
798 * less than the currently active/remembered verify depth
799 * (because this means more restriction on the certificate
800 * chain).
801 */
802 n = (sslconn->verify_depth != UNSET)
803 ? sslconn->verify_depth
804 : hssc->server->auth.verify_depth;
805 /* determine the new depth */
806 sslconn->verify_depth = (dc->nVerifyDepth != UNSET)
807 ? dc->nVerifyDepth
808 : sc->server->auth.verify_depth;
809 if (sslconn->verify_depth < n) {
810 renegotiate = TRUE;
811 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02254)
812 "Reduced client verification depth will "
813 "force renegotiation");
814 }
815 }
816 }
817 /* If we're handling a request for a vhost other than the default one,
818 * then we need to make sure that client authentication is properly
819 * enforced. For clients supplying an SNI extension, the peer
820 * certificate verification has happened in the handshake already
821 * (and r->server == handshakeserver). For non-SNI requests,
822 * an additional check is needed here. If client authentication
823 * is configured as mandatory, then we can only proceed if the
824 * CA list doesn't have to be changed (OpenSSL doesn't provide
825 * an option to change the list for an existing session).
826 */
827 if ((r->server != handshakeserver)
828 && renegotiate
829 && ((verify & SSL_VERIFY_PEER) ||
830 (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
831#define MODSSL_CFG_CA_NE(f, sc1, sc2) \
832 (sc1->server->auth.f && \
833 (!sc2->server->auth.f || \
834 strNE(sc1->server->auth.f, sc2->server->auth.f)))
835
836 if (MODSSL_CFG_CA_NE(ca_cert_file, sc, hssc) ||
837 MODSSL_CFG_CA_NE(ca_cert_path, sc, hssc)) {
838 if (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
839 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02256)
840 "Non-default virtual host with SSLVerify set to "
841 "'require' and VirtualHost-specific CA certificate "
842 "list is only available to clients with TLS server "
843 "name indication (SNI) support");
844 SSL_set_verify(ssl, verify_old, NULL);
845 return HTTP_FORBIDDEN;
846 } else
847 /* let it pass, possibly with an "incorrect" peer cert,
848 * so make sure the SSL_CLIENT_VERIFY environment variable
849 * will indicate partial success only, later on.
850 */
851 sslconn->verify_info = "GENEROUS";
852 }
853 }
854 }
855
856 /* Fill reneg buffer if required. */
857 if (renegotiate && !renegotiate_quick) {
858 rc = fill_reneg_buffer(r, dc);
859 if (rc) {
860 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02257)
861 "could not buffer message body to allow "
862 "SSL renegotiation to proceed");
863 return rc;
864 }
865 }
866
867 /*
868 * now do the renegotiation if anything was actually reconfigured
869 */
870 if (renegotiate) {
871 /*
872 * Now we force the SSL renegotiation by sending the Hello Request
873 * message to the client. Here we have to do a workaround: Actually
874 * OpenSSL returns immediately after sending the Hello Request (the
875 * intent AFAIK is because the SSL/TLS protocol says it's not a must
876 * that the client replies to a Hello Request). But because we insist
877 * on a reply (anything else is an error for us) we have to go to the
878 * ACCEPT state manually. Using SSL_set_accept_state() doesn't work
879 * here because it resets too much of the connection. So we set the
880 * state explicitly and continue the handshake manually.
881 */
882 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02221)
883 "Requesting connection re-negotiation");
884
885 if (renegotiate_quick) {
886 STACK_OF(X509) *cert_stack;
887 X509 *cert;
888
889 /* perform just a manual re-verification of the peer */
890 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02258)
891 "Performing quick renegotiation: "
892 "just re-verifying the peer");
893
894 cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl);
895
896 cert = SSL_get_peer_certificate(ssl);
897
898 if (!cert_stack || (sk_X509_num(cert_stack) == 0)) {
899 if (!cert) {
900 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02222)
901 "Cannot find peer certificate chain");
902
903 return HTTP_FORBIDDEN;
904 }
905
906 /* client cert is in the session cache, but there is
907 * no chain, since ssl3_get_client_certificate()
908 * sk_X509_shift-ed the peer cert out of the chain.
909 * we put it back here for the purpose of quick_renegotiation.
910 */
911 cert_stack = sk_X509_new_null();
912 sk_X509_push(cert_stack, cert);
913 }
914
915 if (!(cert_store ||
916 (cert_store = SSL_CTX_get_cert_store(ctx))))
917 {
918 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02223)
919 "Cannot find certificate storage");
920
921 return HTTP_FORBIDDEN;
922 }
923
924 if (!cert) {
925 cert = sk_X509_value(cert_stack, 0);
926 }
927
928 cert_store_ctx = X509_STORE_CTX_new();
929 X509_STORE_CTX_init(cert_store_ctx, cert_store, cert, cert_stack);
930 depth = SSL_get_verify_depth(ssl);
931
932 if (depth >= 0) {
933 X509_STORE_CTX_set_depth(cert_store_ctx, depth);
934 }
935
936 X509_STORE_CTX_set_ex_data(cert_store_ctx,
937 SSL_get_ex_data_X509_STORE_CTX_idx(),
938 (char *)ssl);
939
940 if (!X509_verify_cert(cert_store_ctx)) {
941 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02224)
942 "Re-negotiation verification step failed");
943 ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
944 }
945
946 SSL_set_verify_result(ssl, X509_STORE_CTX_get_error(cert_store_ctx));
947 X509_STORE_CTX_cleanup(cert_store_ctx);
948 X509_STORE_CTX_free(cert_store_ctx);
949
950 if (cert_stack != SSL_get_peer_cert_chain(ssl)) {
951 /* we created this ourselves, so free it */
952 sk_X509_pop_free(cert_stack, X509_free);
953 }
954 }
955 else {
956 char peekbuf[1];
957 const char *reneg_support;
958 request_rec *id = r->main ? r->main : r;
959
960 /* Additional mitigation for CVE-2009-3555: At this point,
961 * before renegotiating, an (entire) request has been read
962 * from the connection. An attacker may have sent further
963 * data to "prefix" any subsequent request by the victim's
964 * client after the renegotiation; this data may already
965 * have been read and buffered. Forcing a connection
966 * closure after the response ensures such data will be
967 * discarded. Legimately pipelined HTTP requests will be
968 * retried anyway with this approach. */
969 if (has_buffered_data(r)) {
970 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02259)
971 "insecure SSL re-negotiation required, but "
972 "a pipelined request is present; keepalive "
973 "disabled");
974 r->connection->keepalive = AP_CONN_CLOSE;
975 }
976
977#if defined(SSL_get_secure_renegotiation_support)
978 reneg_support = SSL_get_secure_renegotiation_support(ssl) ?
979 "client does" : "client does not";
980#else
981 reneg_support = "server does not";
982#endif
983 /* Perform a full renegotiation. */
984 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02260)
985 "Performing full renegotiation: complete handshake "
986 "protocol (%s support secure renegotiation)",
987 reneg_support);
988
989 SSL_set_session_id_context(ssl,
990 (unsigned char *)&id,
991 sizeof(id));
992
993 /* Toggle the renegotiation state to allow the new
994 * handshake to proceed. */
995 modssl_set_reneg_state(sslconn, RENEG_ALLOW);
996
997 SSL_renegotiate(ssl);
998 SSL_do_handshake(ssl);
999
1000 if (!SSL_is_init_finished(ssl)) {
1001 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02225)
1002 "Re-negotiation request failed");
1003 ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
1004
1005 r->connection->keepalive = AP_CONN_CLOSE;
1006 return HTTP_FORBIDDEN;
1007 }
1008
1009 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02226)
1010 "Awaiting re-negotiation handshake");
1011
1012 /* XXX: Should replace setting state with SSL_renegotiate(ssl);
1013 * However, this causes failures in perl-framework currently,
1014 * perhaps pre-test if we have already negotiated?
1015 */
1016 /* Need to trigger renegotiation handshake by reading.
1017 * Peeking 0 bytes actually works.
1018 * See: http://marc.info/?t=145493359200002&r=1&w=2
1019 */
1020 SSL_peek(ssl, peekbuf, 0);
1021
1022 modssl_set_reneg_state(sslconn, RENEG_REJECT);
1023
1024 if (!SSL_is_init_finished(ssl)) {
1025 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02261)
1026 "Re-negotiation handshake failed");
1027 ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
1028
1029 r->connection->keepalive = AP_CONN_CLOSE;
1030 return HTTP_FORBIDDEN;
1031 }
1032
1033 /* Full renegotiation successful, we now have handshaken with
1034 * this server's parameters.
1035 */
1036 sslconn->server = r->server;
1037 }
1038
1039 /*
1040 * Finally check for acceptable renegotiation results
1041 */
1042 if (OK != (rc = ssl_check_post_client_verify(r, sc, dc, sslconn, ssl))) {
1043 return rc;
1044 }
1045
1046 /*
1047 * Also check that SSLCipherSuite has been enforced as expected.
1048 */
1049 if (cipher_list) {
1050 cipher = SSL_get_current_cipher(ssl);
1051 if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) {
1052 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02264)
1053 "SSL cipher suite not renegotiated: "
1054 "access to %s denied using cipher %s",
1055 r->filename,
1056 SSL_CIPHER_get_name(cipher));
1057 return HTTP_FORBIDDEN;
1058 }
1059 }
1060 /* remember any new cipher suite used in renegotiation */
1061 if (ncipher_suite) {
1062 sslconn->cipher_suite = ncipher_suite;
1063 }
1064 }
1065
1066 return DECLINED;
1067}
1068
1069#if SSL_HAVE_PROTOCOL_TLSV1_3
1070/*
1071 * Access Handler, modern flavour, for SSL/TLS v1.3 and onward.
1072 * Only client certificates can be requested, everything else stays.
1073 */
1074static int ssl_hook_Access_modern(request_rec *r, SSLSrvConfigRec *sc, SSLDirConfigRec *dc,
1075 SSLConnRec *sslconn, SSL *ssl)
1076{
1077 if ((dc->nVerifyClient != SSL_CVERIFY_UNSET) ||
1078 (sc->server->auth.verify_mode != SSL_CVERIFY_UNSET)) {
1079 int vmode_inplace, vmode_needed;
1080 int change_vmode = FALSE;
1081 int n, rc;
1082
1083 vmode_inplace = SSL_get_verify_mode(ssl);
1084 vmode_needed = SSL_VERIFY_NONE;
1085
1086 if ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
1087 (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE)) {
1088 vmode_needed |= SSL_VERIFY_PEER_STRICT;
1089 }
1090
1091 if ((dc->nVerifyClient == SSL_CVERIFY_OPTIONAL) ||
1092 (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA) ||
1093 (sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL) ||
1094 (sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
1095 {
1096 vmode_needed |= SSL_VERIFY_PEER;
1097 }
1098
1099 if (vmode_needed == SSL_VERIFY_NONE) {
1100 return DECLINED;
1101 }
1102
1103 vmode_needed |= SSL_VERIFY_CLIENT_ONCE;
1104 if (vmode_inplace != vmode_needed) {
1105 /* Need to change, if new setting is more restrictive than existing one */
1106
1107 if ((vmode_inplace == SSL_VERIFY_NONE)
1108 || (!(vmode_inplace & SSL_VERIFY_PEER)
1109 && (vmode_needed & SSL_VERIFY_PEER))
1110 || (!(vmode_inplace & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
1111 && (vmode_needed & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
1112 /* need to change the effective verify mode */
1113 change_vmode = TRUE;
1114 }
1115 else {
1116 /* FIXME: does this work with TLSv1.3? Is this more than re-inspecting
1117 * the certificate we should already have? */
1118 /*
1119 * override of SSLVerifyDepth
1120 *
1121 * The depth checks are handled by us manually inside the
1122 * verify callback function and not by OpenSSL internally
1123 * (and our function is aware of both the per-server and
1124 * per-directory contexts). So we cannot ask OpenSSL about
1125 * the currently verify depth. Instead we remember it in our
1126 * SSLConnRec attached to the SSL* of OpenSSL. We've to force
1127 * the renegotiation if the reconfigured/new verify depth is
1128 * less than the currently active/remembered verify depth
1129 * (because this means more restriction on the certificate
1130 * chain).
1131 */
1132 n = (sslconn->verify_depth != UNSET)?
1133 sslconn->verify_depth : sc->server->auth.verify_depth;
1134 /* determine the new depth */
1135 sslconn->verify_depth = (dc->nVerifyDepth != UNSET)
1136 ? dc->nVerifyDepth
1137 : sc->server->auth.verify_depth;
1138 if (sslconn->verify_depth < n) {
1139 change_vmode = TRUE;
1140 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(10128)
1141 "Reduced client verification depth will "
1142 "force renegotiation");
1143 }
1144 }
1145 }
1146
1147 /* Fill reneg buffer if required. */
1148 if (change_vmode) {
1149 char peekbuf[1];
1150
1151 if (r->connection->master) {
1152 /* FIXME: modifying the SSL on a slave connection is no good.
1153 * We would need to push this back to the master connection
1154 * somehow.
1155 */
1156 apr_table_setn(r->notes, "ssl-renegotiate-forbidden", "verify-client");
1157 return HTTP_FORBIDDEN;
1158 }
1159
1160 rc = fill_reneg_buffer(r, dc);
1161 if (rc) {
1162 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10228)
1163 "could not buffer message body to allow "
1164 "TLS Post-Handshake Authentication to proceed");
1165 return rc;
1166 }
1167
1168 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(10129)
1169 "verify client post handshake");
1170
1171 SSL_set_verify(ssl, vmode_needed, ssl_callback_SSLVerify);
1172
1173 if (SSL_verify_client_post_handshake(ssl) != 1) {
1174 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10158)
1175 "cannot perform post-handshake authentication");
1176 ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
1177 apr_table_setn(r->notes, "error-notes",
1178 "Reason: Cannot perform Post-Handshake Authentication.<br />");
1179 SSL_set_verify(ssl, vmode_inplace, NULL);
1180 return HTTP_FORBIDDEN;
1181 }
1182
1183 modssl_set_app_data2(ssl, r);
1184
1185 SSL_do_handshake(ssl);
1186 /* Need to trigger renegotiation handshake by reading.
1187 * Peeking 0 bytes actually works.
1188 * See: http://marc.info/?t=145493359200002&r=1&w=2
1189 */
1190 SSL_peek(ssl, peekbuf, 0);
1191
1192 modssl_set_app_data2(ssl, NULL);
1193
1194 /*
1195 * Finally check for acceptable renegotiation results
1196 */
1197 if (OK != (rc = ssl_check_post_client_verify(r, sc, dc, sslconn, ssl))) {
1198 SSL_set_verify(ssl, vmode_inplace, NULL);
1199 return rc;
1200 }
1201 }
1202 }
1203
1204 return DECLINED;
1205}
1206#endif
1207
1208int ssl_hook_Access(request_rec *r)
1209{
1210 SSLDirConfigRec *dc = myDirConfig(r);
1211 SSLSrvConfigRec *sc = mySrvConfig(r->server);
1212 SSLConnRec *sslconn = myConnConfig(r->connection);
1213 SSL *ssl = sslconn ? sslconn->ssl : NULL;
1214 apr_array_header_t *requires;
1215 ssl_require_t *ssl_requires;
1216 int ok, i, ret;
1217
1218 /* On a slave connection, we do not expect to have an SSLConnRec, but
1219 * our master connection might have one. */
1220 if (!(sslconn && ssl) && r->connection->master) {
1221 sslconn = myConnConfig(r->connection->master);
1222 ssl = sslconn ? sslconn->ssl : NULL;
1223 }
1224
1225 /*
1226 * We should have handshaken here, otherwise we are being
1227 * redirected (ErrorDocument) from a renegotiation failure below.
1228 * The access is still forbidden in the latter case, let ap_die() handle
1229 * this recursive (same) error.
1230 */
1231 if (ssl && !SSL_is_init_finished(ssl)) {
1232 return HTTP_FORBIDDEN;
1233 }
1234
1235 /*
1236 * Support for SSLRequireSSL directive
1237 */
1238 if (dc->bSSLRequired && !ssl) {
1239 if ((sc->enabled == SSL_ENABLED_OPTIONAL) && !r->connection->master) {
1240 /* This vhost was configured for optional SSL, just tell the
1241 * client that we need to upgrade.
1242 */
1243 apr_table_setn(r->err_headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
1244 apr_table_setn(r->err_headers_out, "Connection", "Upgrade");
1245
1246 return HTTP_UPGRADE_REQUIRED;
1247 }
1248
1249 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02219)
1250 "access to %s failed, reason: %s",
1251 r->filename, "SSL connection required");
1252
1253 /* remember forbidden access for strict require option */
1254 apr_table_setn(r->notes, "ssl-access-forbidden", "1");
1255
1256 return HTTP_FORBIDDEN;
1257 }
1258
1259 /*
1260 * Check to see whether SSL is in use; if it's not, then no
1261 * further access control checks are relevant. (the test for
1262 * sc->enabled is probably strictly unnecessary)
1263 */
1264 if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
1265 return DECLINED;
1266 }
1267
1268#if SSL_HAVE_PROTOCOL_TLSV1_3
1269 /* TLSv1.3+ is less complicated here. Branch off into a new codeline
1270 * and avoid messing with the past. */
1271 if (SSL_version(ssl) >= TLS1_3_VERSION) {
1272 ret = ssl_hook_Access_modern(r, sc, dc, sslconn, ssl);
1273 }
1274 else
1275#endif
1276 {
1277 ret = ssl_hook_Access_classic(r, sc, dc, sslconn, ssl);
1278 }
1279
1280 if (ret != DECLINED) {
1281 return ret;
1282 }
1283
1284 /* If we're trying to have the user name set from a client
1285 * certificate then we need to set it here. This should be safe as
1286 * the user name probably isn't important from an auth checking point
1287 * of view as the certificate supplied acts in that capacity.
1288 * However, if FakeAuth is being used then this isn't the case so
1289 * we need to postpone setting the username until later.
1290 */
1291 if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
1292 char *val = ssl_var_lookup(r->pool, r->server, r->connection,
1293 r, (char *)dc->szUserName);
1294 if (val && val[0])
1295 r->user = val;
1296 else
1297 ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02227)
1298 "Failed to set r->user to '%s'", dc->szUserName);
1299 }
1300
1301 /*
1302 * Check SSLRequire boolean expressions
1303 */
1304 requires = dc->aRequirement;
1305 ssl_requires = (ssl_require_t *)requires->elts;
1306
1307 for (i = 0; i < requires->nelts; i++) {
1308 ssl_require_t *req = &ssl_requires[i];
1309 const char *errstring;
1310 ok = ap_expr_exec(r, req->mpExpr, &errstring);
1311
1312 if (ok < 0) {
1313 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02265)
1314 "access to %s failed, reason: Failed to execute "
1315 "SSL requirement expression: %s",
1316 r->filename, errstring);
1317
1318 /* remember forbidden access for strict require option */
1319 apr_table_setn(r->notes, "ssl-access-forbidden", "1");
1320
1321 return HTTP_FORBIDDEN;
1322 }
1323
1324 if (ok != 1) {
1325 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02266)
1326 "Access to %s denied for %s "
1327 "(requirement expression not fulfilled)",
1328 r->filename, r->useragent_ip);
1329
1330 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02228)
1331 "Failed expression: %s", req->cpExpr);
1332
1333 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02229)
1334 "access to %s failed, reason: %s",
1335 r->filename,
1336 "SSL requirement expression not fulfilled");
1337
1338 /* remember forbidden access for strict require option */
1339 apr_table_setn(r->notes, "ssl-access-forbidden", "1");
1340
1341 return HTTP_FORBIDDEN;
1342 }
1343 }
1344
1345 /*
1346 * Else access is granted from our point of view (except vendor
1347 * handlers override). But we have to return DECLINED here instead
1348 * of OK, because mod_auth and other modules still might want to
1349 * deny access.
1350 */
1351
1352 return DECLINED;
1353}
1354
1355/*
1356 * Authentication Handler:
1357 * Fake a Basic authentication from the X509 client certificate.
1358 *
1359 * This must be run fairly early on to prevent a real authentication from
1360 * occurring, in particular it must be run before anything else that
1361 * authenticates a user. This means that the Module statement for this
1362 * module should be LAST in the Configuration file.
1363 */
1364int ssl_hook_UserCheck(request_rec *r)
1365{
1366 SSLConnRec *sslconn;
1367 SSLDirConfigRec *dc = myDirConfig(r);
1368 char *clientdn;
1369 const char *auth_line, *username, *password;
1370
1371 /*
1372 * Additionally forbid access (again)
1373 * when strict require option is used.
1374 */
1375 if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) &&
1376 (apr_table_get(r->notes, "ssl-access-forbidden")))
1377 {
1378 return HTTP_FORBIDDEN;
1379 }
1380
1381 /*
1382 * We decline when we are in a subrequest. The Authorization header
1383 * would already be present if it was added in the main request.
1384 */
1385 if (!ap_is_initial_req(r)) {
1386 return DECLINED;
1387 }
1388
1389 /*
1390 * Make sure the user is not able to fake the client certificate
1391 * based authentication by just entering an X.509 Subject DN
1392 * ("/XX=YYY/XX=YYY/..") as the username and "password" as the
1393 * password.
1394 */
1395 if ((auth_line = apr_table_get(r->headers_in, "Authorization"))) {
1396 if (strcEQ(ap_getword(r->pool, &auth_line, ' '), "Basic")) {
1397 while ((*auth_line == ' ') || (*auth_line == '\t')) {
1398 auth_line++;
1399 }
1400
1401 auth_line = ap_pbase64decode(r->pool, auth_line);
1402 username = ap_getword_nulls(r->pool, &auth_line, ':');
1403 password = auth_line;
1404
1405 if ((username[0] == '/') && strEQ(password, "password")) {
1406 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02035)
1407 "Encountered FakeBasicAuth spoof: %s", username);
1408 return HTTP_FORBIDDEN;
1409 }
1410 }
1411 }
1412
1413 /*
1414 * We decline operation in various situations...
1415 * - TLS not enabled
1416 * - client did not present a certificate
1417 * - SSLOptions +FakeBasicAuth not configured
1418 * - r->user already authenticated
1419 */
1420 if (!modssl_request_is_tls(r, &sslconn)
1421 || !sslconn->client_cert
1422 || !(dc->nOptions & SSL_OPT_FAKEBASICAUTH)
1423 || r->user) {
1424 return DECLINED;
1425 }
1426
1427 if (!sslconn->client_dn) {
1428 X509_NAME *name = X509_get_subject_name(sslconn->client_cert);
1429 char *cp = X509_NAME_oneline(name, NULL, 0);
1430 sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
1431 OPENSSL_free(cp);
1432 }
1433
1434 clientdn = (char *)sslconn->client_dn;
1435
1436 /*
1437 * Fake a password - which one would be immaterial, as, it seems, an empty
1438 * password in the users file would match ALL incoming passwords, if only
1439 * we were using the standard crypt library routine. Unfortunately, OpenSSL
1440 * "fixes" a "bug" in crypt and thus prevents blank passwords from
1441 * working. (IMHO what they really fix is a bug in the users of the code
1442 * - failing to program correctly for shadow passwords). We need,
1443 * therefore, to provide a password. This password can be matched by
1444 * adding the string "xxj31ZMTZzkVA" as the password in the user file.
1445 * This is just the crypted variant of the word "password" ;-)
1446 */
1447 auth_line = apr_pstrcat(r->pool, "Basic ",
1448 ap_pbase64encode(r->pool,
1449 apr_pstrcat(r->pool, clientdn,
1450 ":password", NULL)),
1451 NULL);
1452 apr_table_setn(r->headers_in, "Authorization", auth_line);
1453
1454 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02036)
1455 "Faking HTTP Basic Auth header: \"Authorization: %s\"",
1456 auth_line);
1457
1458 return DECLINED;
1459}
1460
1461/* authorization phase */
1462int ssl_hook_Auth(request_rec *r)
1463{
1464 SSLDirConfigRec *dc = myDirConfig(r);
1465
1466 /*
1467 * Additionally forbid access (again)
1468 * when strict require option is used.
1469 */
1470 if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) &&
1471 (apr_table_get(r->notes, "ssl-access-forbidden")))
1472 {
1473 return HTTP_FORBIDDEN;
1474 }
1475
1476 return DECLINED;
1477}
1478
1479/*
1480 * Fixup Handler
1481 */
1482
1483static const char *const ssl_hook_Fixup_vars[] = {
1484 "SSL_VERSION_INTERFACE",
1485 "SSL_VERSION_LIBRARY",
1486 "SSL_PROTOCOL",
1487 "SSL_SECURE_RENEG",
1488 "SSL_COMPRESS_METHOD",
1489 "SSL_CIPHER",
1490 "SSL_CIPHER_EXPORT",
1491 "SSL_CIPHER_USEKEYSIZE",
1492 "SSL_CIPHER_ALGKEYSIZE",
1493 "SSL_CLIENT_VERIFY",
1494 "SSL_CLIENT_M_VERSION",
1495 "SSL_CLIENT_M_SERIAL",
1496 "SSL_CLIENT_V_START",
1497 "SSL_CLIENT_V_END",
1498 "SSL_CLIENT_V_REMAIN",
1499 "SSL_CLIENT_S_DN",
1500 "SSL_CLIENT_I_DN",
1501 "SSL_CLIENT_A_KEY",
1502 "SSL_CLIENT_A_SIG",
1503 "SSL_CLIENT_CERT_RFC4523_CEA",
1504 "SSL_SERVER_M_VERSION",
1505 "SSL_SERVER_M_SERIAL",
1506 "SSL_SERVER_V_START",
1507 "SSL_SERVER_V_END",
1508 "SSL_SERVER_S_DN",
1509 "SSL_SERVER_I_DN",
1510 "SSL_SERVER_A_KEY",
1511 "SSL_SERVER_A_SIG",
1512 "SSL_SESSION_ID",
1513 "SSL_SESSION_RESUMED",
1514#ifdef HAVE_SRP
1515 "SSL_SRP_USER",
1516 "SSL_SRP_USERINFO",
1517#endif
1518 NULL
1519};
1520
1521int ssl_hook_Fixup(request_rec *r)
1522{
1523 SSLDirConfigRec *dc = myDirConfig(r);
1524 apr_table_t *env = r->subprocess_env;
1525 char *var, *val = "";
1526#ifdef HAVE_TLSEXT
1527 const char *servername;
1528#endif
1529 STACK_OF(X509) *peer_certs;
1530 SSLConnRec *sslconn;
1531 SSL *ssl;
1532 int i;
1533
1534 if (!modssl_request_is_tls(r, &sslconn)) {
1535 return DECLINED;
1536 }
1537 ssl = sslconn->ssl;
1538
1539 /*
1540 * Annotate the SSI/CGI environment with standard SSL information
1541 */
1542 /* the always present HTTPS (=HTTP over SSL) flag! */
1543 apr_table_setn(env, "HTTPS", "on");
1544
1545#ifdef HAVE_TLSEXT
1546 /* add content of SNI TLS extension (if supplied with ClientHello) */
1547 if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) {
1548 apr_table_set(env, "SSL_TLS_SNI", servername);
1549 }
1550#endif
1551
1552 /* standard SSL environment variables */
1553 if (dc->nOptions & SSL_OPT_STDENVVARS) {
1554 modssl_var_extract_dns(env, ssl, r->pool);
1555 modssl_var_extract_san_entries(env, ssl, r->pool);
1556
1557 for (i = 0; ssl_hook_Fixup_vars[i]; i++) {
1558 var = (char *)ssl_hook_Fixup_vars[i];
1559 val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
1560 if (!strIsEmpty(val)) {
1561 apr_table_setn(env, var, val);
1562 }
1563 }
1564 }
1565
1566 /*
1567 * On-demand bloat up the SSI/CGI environment with certificate data
1568 */
1569 if (dc->nOptions & SSL_OPT_EXPORTCERTDATA) {
1570 val = ssl_var_lookup(r->pool, r->server, r->connection,
1571 r, "SSL_SERVER_CERT");
1572
1573 apr_table_setn(env, "SSL_SERVER_CERT", val);
1574
1575 val = ssl_var_lookup(r->pool, r->server, r->connection,
1576 r, "SSL_CLIENT_CERT");
1577
1578 apr_table_setn(env, "SSL_CLIENT_CERT", val);
1579
1580 if ((peer_certs = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl))) {
1581 for (i = 0; i < sk_X509_num(peer_certs); i++) {
1582 var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
1583 val = ssl_var_lookup(r->pool, r->server, r->connection,
1584 r, var);
1585 if (val) {
1586 apr_table_setn(env, var, val);
1587 }
1588 }
1589 }
1590 }
1591
1592
1593#ifdef SSL_get_secure_renegotiation_support
1594 apr_table_setn(r->notes, "ssl-secure-reneg",
1595 SSL_get_secure_renegotiation_support(ssl) ? "1" : "0");
1596#endif
1597
1598 return DECLINED;
1599}
1600
1601/* _________________________________________________________________
1602**
1603** Authz providers for use with mod_authz_core
1604** _________________________________________________________________
1605*/
1606
1607static authz_status ssl_authz_require_ssl_check(request_rec *r,
1608 const char *require_line,
1609 const void *parsed)
1610{
1611 if (modssl_request_is_tls(r, NULL))
1612 return AUTHZ_GRANTED;
1613 else
1614 return AUTHZ_DENIED;
1615}
1616
1617static const char *ssl_authz_require_ssl_parse(cmd_parms *cmd,
1618 const char *require_line,
1619 const void **parsed)
1620{
1621 if (require_line && require_line[0])
1622 return "'Require ssl' does not take arguments";
1623
1624 return NULL;
1625}
1626
1632
1633static authz_status ssl_authz_verify_client_check(request_rec *r,
1634 const char *require_line,
1635 const void *parsed)
1636{
1637 SSLConnRec *sslconn = myConnConfig(r->connection);
1638 SSL *ssl = sslconn ? sslconn->ssl : NULL;
1639
1640 if (!ssl)
1641 return AUTHZ_DENIED;
1642
1643 if (sslconn->verify_error == NULL &&
1644 sslconn->verify_info == NULL &&
1645 SSL_get_verify_result(ssl) == X509_V_OK)
1646 {
1647 X509 *xs = SSL_get_peer_certificate(ssl);
1648
1649 if (xs) {
1650 X509_free(xs);
1651 return AUTHZ_GRANTED;
1652 }
1653 else {
1654 X509_free(xs);
1655 }
1656 }
1657
1658 return AUTHZ_DENIED;
1659}
1660
1661static const char *ssl_authz_verify_client_parse(cmd_parms *cmd,
1662 const char *require_line,
1663 const void **parsed)
1664{
1665 if (require_line && require_line[0])
1666 return "'Require ssl-verify-client' does not take arguments";
1667
1668 return NULL;
1669}
1670
1676
1677
1678
1679/* _________________________________________________________________
1680**
1681** OpenSSL Callback Functions
1682** _________________________________________________________________
1683*/
1684
1685#if MODSSL_USE_OPENSSL_PRE_1_1_API
1686/*
1687 * Hand out standard DH parameters, based on the authentication strength
1688 */
1689DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
1690{
1691 conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
1692 EVP_PKEY *pkey;
1693 int type;
1694
1695#ifdef SSL_CERT_SET_SERVER
1696 /*
1697 * When multiple certs/keys are configured for the SSL_CTX: make sure
1698 * that we get the private key which is indeed used for the current
1699 * SSL connection (available in OpenSSL 1.0.2 or later only)
1700 */
1701 SSL_set_current_cert(ssl, SSL_CERT_SET_SERVER);
1702#endif
1703 pkey = SSL_get_privatekey(ssl);
1704#if OPENSSL_VERSION_NUMBER < 0x10100000L
1705 type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
1706#else
1707 type = pkey ? EVP_PKEY_base_id(pkey) : EVP_PKEY_NONE;
1708#endif
1709
1710 /*
1711 * OpenSSL will call us with either keylen == 512 or keylen == 1024
1712 * (see the definition of SSL_EXPORT_PKEYLENGTH in ssl_locl.h).
1713 * Adjust the DH parameter length according to the size of the
1714 * RSA/DSA private key used for the current connection, and always
1715 * use at least 1024-bit parameters.
1716 * Note: This may cause interoperability issues with implementations
1717 * which limit their DH support to 1024 bit - e.g. Java 7 and earlier.
1718 * In this case, SSLCertificateFile can be used to specify fixed
1719 * 1024-bit DH parameters (with the effect that OpenSSL skips this
1720 * callback).
1721 */
1722 if ((type == EVP_PKEY_RSA) || (type == EVP_PKEY_DSA)) {
1723 keylen = EVP_PKEY_bits(pkey);
1724 }
1725
1726 ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
1727 "handing out built-in DH parameters for %d-bit authenticated connection", keylen);
1728
1729 return modssl_get_dh_params(keylen);
1730}
1731#endif
1732
1733/*
1734 * This OpenSSL callback function is called when OpenSSL
1735 * does client authentication and verifies the certificate chain.
1736 */
1737int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
1738{
1739 /* Get Apache context back through OpenSSL context */
1740 SSL *ssl = X509_STORE_CTX_get_ex_data(ctx,
1741 SSL_get_ex_data_X509_STORE_CTX_idx());
1742 conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
1743 request_rec *r = (request_rec *)modssl_get_app_data2(ssl);
1744 server_rec *s = r ? r->server : mySrvFromConn(conn);
1745
1746 SSLSrvConfigRec *sc = mySrvConfig(s);
1747 SSLConnRec *sslconn = myConnConfig(conn);
1748 SSLDirConfigRec *dc = r ? myDirConfig(r) : sslconn->dc;
1749 modssl_ctx_t *mctx = myConnCtxConfig(conn, sc);
1750 int crl_check_mode = mctx->crl_check_mask & ~SSL_CRLCHECK_FLAGS;
1751
1752 /* Get verify ingredients */
1753 int errnum = X509_STORE_CTX_get_error(ctx);
1754 int errdepth = X509_STORE_CTX_get_error_depth(ctx);
1755 int depth = UNSET;
1756 int verify = SSL_CVERIFY_UNSET;
1757
1758 /*
1759 * Log verification information
1760 */
1761 ssl_log_cxerror(SSLLOG_MARK, APLOG_DEBUG, 0, conn,
1762 X509_STORE_CTX_get_current_cert(ctx), APLOGNO(02275)
1763 "Certificate Verification, depth %d, "
1764 "CRL checking mode: %s (%x)", errdepth,
1765 crl_check_mode == SSL_CRLCHECK_CHAIN ? "chain" :
1766 crl_check_mode == SSL_CRLCHECK_LEAF ? "leaf" : "none",
1767 mctx->crl_check_mask);
1768
1769 /*
1770 * Check for optionally acceptable non-verifiable issuer situation
1771 */
1772 if (dc) {
1773 if (conn->outgoing) {
1774 verify = dc->proxy->auth.verify_mode;
1775 }
1776 else {
1777 verify = dc->nVerifyClient;
1778 }
1779 }
1780 if (!dc || (verify == SSL_CVERIFY_UNSET)) {
1781 verify = mctx->auth.verify_mode;
1782 }
1783
1784 if (verify == SSL_CVERIFY_NONE) {
1785 /*
1786 * SSLProxyVerify is either not configured or set to "none".
1787 * (this callback doesn't happen in the server context if SSLVerify
1788 * is not configured or set to "none")
1789 */
1790 return TRUE;
1791 }
1792
1793 if (ssl_verify_error_is_optional(errnum) &&
1794 (verify == SSL_CVERIFY_OPTIONAL_NO_CA))
1795 {
1796 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, conn, APLOGNO(02037)
1797 "Certificate Verification: Verifiable Issuer is "
1798 "configured as optional, therefore we're accepting "
1799 "the certificate");
1800
1801 sslconn->verify_info = "GENEROUS";
1802 ok = TRUE;
1803 }
1804
1805 /*
1806 * Expired certificates vs. "expired" CRLs: by default, OpenSSL
1807 * turns X509_V_ERR_CRL_HAS_EXPIRED into a "certificate_expired(45)"
1808 * SSL alert, but that's not really the message we should convey to the
1809 * peer (at the very least, it's confusing, and in many cases, it's also
1810 * inaccurate, as the certificate itself may very well not have expired
1811 * yet). We set the X509_STORE_CTX error to something which OpenSSL's
1812 * s3_both.c:ssl_verify_alarm_type() maps to SSL_AD_CERTIFICATE_UNKNOWN,
1813 * i.e. the peer will receive a "certificate_unknown(46)" alert.
1814 * We do not touch errnum, though, so that later on we will still log
1815 * the "real" error, as returned by OpenSSL.
1816 */
1817 if (!ok && errnum == X509_V_ERR_CRL_HAS_EXPIRED) {
1818 X509_STORE_CTX_set_error(ctx, -1);
1819 }
1820
1821 if (!ok && errnum == X509_V_ERR_UNABLE_TO_GET_CRL
1822 && (mctx->crl_check_mask & SSL_CRLCHECK_NO_CRL_FOR_CERT_OK)) {
1823 ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, conn,
1824 "Certificate Verification: Temporary error (%d): %s: "
1825 "optional therefore we're accepting the certificate",
1826 errnum, X509_verify_cert_error_string(errnum));
1827 X509_STORE_CTX_set_error(ctx, X509_V_OK);
1828 errnum = X509_V_OK;
1829 ok = TRUE;
1830 }
1831
1832#ifndef OPENSSL_NO_OCSP
1833 /*
1834 * Perform OCSP-based revocation checks
1835 */
1836 if (ok && ((mctx->ocsp_mask & SSL_OCSPCHECK_CHAIN) ||
1837 (errdepth == 0 && (mctx->ocsp_mask & SSL_OCSPCHECK_LEAF)))) {
1838 /* If there was an optional verification error, it's not
1839 * possible to perform OCSP validation since the issuer may be
1840 * missing/untrusted. Fail in that case. */
1841 if (ssl_verify_error_is_optional(errnum)) {
1842 X509_STORE_CTX_set_error(ctx, X509_V_ERR_APPLICATION_VERIFICATION);
1843 errnum = X509_V_ERR_APPLICATION_VERIFICATION;
1844 ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn, APLOGNO(02038)
1845 "cannot perform OCSP validation for cert "
1846 "if issuer has not been verified "
1847 "(optional_no_ca configured)");
1848 ok = FALSE;
1849 } else {
1850 ok = modssl_verify_ocsp(ctx, sc, s, conn, conn->pool);
1851 if (!ok) {
1852 errnum = X509_STORE_CTX_get_error(ctx);
1853 }
1854 }
1855 }
1856#endif
1857
1858 /*
1859 * If we already know it's not ok, log the real reason
1860 */
1861 if (!ok) {
1862 if (APLOGcinfo(conn)) {
1863 ssl_log_cxerror(SSLLOG_MARK, APLOG_INFO, 0, conn,
1864 X509_STORE_CTX_get_current_cert(ctx), APLOGNO(02276)
1865 "Certificate Verification: Error (%d): %s",
1866 errnum, X509_verify_cert_error_string(errnum));
1867 } else {
1868 ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn, APLOGNO(02039)
1869 "Certificate Verification: Error (%d): %s",
1870 errnum, X509_verify_cert_error_string(errnum));
1871 }
1872
1873 if (sslconn->client_cert) {
1874 X509_free(sslconn->client_cert);
1875 sslconn->client_cert = NULL;
1876 }
1877 sslconn->client_dn = NULL;
1878 sslconn->verify_error = X509_verify_cert_error_string(errnum);
1879 }
1880
1881 /*
1882 * Finally check the depth of the certificate verification
1883 */
1884 if (dc) {
1885 if (conn->outgoing) {
1886 depth = dc->proxy->auth.verify_depth;
1887 }
1888 else {
1889 depth = dc->nVerifyDepth;
1890 }
1891 }
1892 if (!dc || (depth == UNSET)) {
1893 depth = mctx->auth.verify_depth;
1894 }
1895
1896 if (errdepth > depth) {
1897 ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, conn, APLOGNO(02040)
1898 "Certificate Verification: Certificate Chain too long "
1899 "(chain has %d certificates, but maximum allowed are "
1900 "only %d)",
1901 errdepth, depth);
1902
1903 errnum = X509_V_ERR_CERT_CHAIN_TOO_LONG;
1904 sslconn->verify_error = X509_verify_cert_error_string(errnum);
1905
1906 ok = FALSE;
1907 }
1908
1909 /*
1910 * And finally signal OpenSSL the (perhaps changed) state
1911 */
1912 return ok;
1913}
1914
1915#define SSLPROXY_CERT_CB_LOG_FMT \
1916 "Proxy client certificate callback: (%s) "
1917
1918static void modssl_proxy_info_log(conn_rec *c,
1919 X509_INFO *info,
1920 const char *msg)
1921{
1922 ssl_log_cxerror(SSLLOG_MARK, APLOG_DEBUG, 0, c, info->x509, APLOGNO(02277)
1923 SSLPROXY_CERT_CB_LOG_FMT "%s, sending",
1924 (mySrvConfigFromConn(c))->vhost_id, msg);
1925}
1926
1927/*
1928 * caller will decrement the cert and key reference
1929 * so we need to increment here to prevent them from
1930 * being freed.
1931 */
1932#if MODSSL_USE_OPENSSL_PRE_1_1_API
1933#define modssl_set_cert_info(info, cert, pkey) \
1934 *cert = info->x509; \
1935 CRYPTO_add(&(*cert)->references, +1, CRYPTO_LOCK_X509); \
1936 *pkey = info->x_pkey->dec_pkey; \
1937 CRYPTO_add(&(*pkey)->references, +1, CRYPTO_LOCK_EVP_PKEY)
1938#else
1939#define modssl_set_cert_info(info, cert, pkey) \
1940 *cert = info->x509; \
1941 X509_up_ref(*cert); \
1942 *pkey = info->x_pkey->dec_pkey; \
1943 EVP_PKEY_up_ref(*pkey);
1944#endif
1945
1946int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
1947{
1948 conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
1949 server_rec *s = mySrvFromConn(c);
1950 SSLSrvConfigRec *sc = mySrvConfig(s);
1951 SSLDirConfigRec *dc = myDirConfigFromConn(c);
1952 X509_NAME *ca_name, *issuer, *ca_issuer;
1953 X509_INFO *info;
1954 X509 *ca_cert;
1955 STACK_OF(X509_NAME) *ca_list;
1956 STACK_OF(X509_INFO) *certs;
1957 STACK_OF(X509) *ca_certs;
1958 STACK_OF(X509) **ca_cert_chains;
1959 int i, j, k;
1960
1961 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02267)
1962 SSLPROXY_CERT_CB_LOG_FMT "entered",
1963 sc->vhost_id);
1964
1965 certs = (dc && dc->proxy) ? dc->proxy->pkp->certs : NULL;
1966 if (!certs || (sk_X509_INFO_num(certs) <= 0)) {
1967 ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(02268)
1968 SSLPROXY_CERT_CB_LOG_FMT
1969 "downstream server wanted client certificate "
1970 "but none are configured", sc->vhost_id);
1971 return FALSE;
1972 }
1973
1974 ca_list = SSL_get_client_CA_list(ssl);
1975
1976 if (!ca_list || (sk_X509_NAME_num(ca_list) <= 0)) {
1977 /*
1978 * downstream server didn't send us a list of acceptable CA certs,
1979 * so we send the first client cert in the list.
1980 */
1981 info = sk_X509_INFO_value(certs, 0);
1982
1983 modssl_proxy_info_log(c, info, APLOGNO(02278) "no acceptable CA list");
1984
1985 modssl_set_cert_info(info, x509, pkey);
1986
1987 return TRUE;
1988 }
1989
1990 ca_cert_chains = dc->proxy->pkp->ca_certs;
1991 for (i = 0; i < sk_X509_NAME_num(ca_list); i++) {
1992 ca_name = sk_X509_NAME_value(ca_list, i);
1993
1994 for (j = 0; j < sk_X509_INFO_num(certs); j++) {
1995 info = sk_X509_INFO_value(certs, j);
1996 issuer = X509_get_issuer_name(info->x509);
1997
1998 /* Search certs (by issuer name) one by one*/
1999 if (X509_NAME_cmp(issuer, ca_name) == 0) {
2000 modssl_proxy_info_log(c, info, APLOGNO(02279)
2001 "found acceptable cert");
2002
2003 modssl_set_cert_info(info, x509, pkey);
2004
2005 return TRUE;
2006 }
2007
2008 if (ca_cert_chains) {
2009 /*
2010 * Failed to find direct issuer - search intermediates
2011 * (by issuer name), if provided.
2012 */
2013 ca_certs = ca_cert_chains[j];
2014 for (k = 0; k < sk_X509_num(ca_certs); k++) {
2015 ca_cert = sk_X509_value(ca_certs, k);
2016 ca_issuer = X509_get_issuer_name(ca_cert);
2017
2018 if(X509_NAME_cmp(ca_issuer, ca_name) == 0 ) {
2019 modssl_proxy_info_log(c, info, APLOGNO(02280)
2020 "found acceptable cert by intermediate CA");
2021
2022 modssl_set_cert_info(info, x509, pkey);
2023
2024 return TRUE;
2025 }
2026 } /* end loop through chained certs */
2027 }
2028 } /* end loop through available certs */
2029 }
2030
2031 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02269)
2032 SSLPROXY_CERT_CB_LOG_FMT
2033 "no client certificate found!?", sc->vhost_id);
2034
2035 return FALSE;
2036}
2037
2038static void ssl_session_log(server_rec *s,
2039 const char *request,
2040 IDCONST unsigned char *id,
2041 unsigned int idlen,
2042 const char *status,
2043 const char *result,
2044 long timeout)
2045{
2046 char buf[MODSSL_SESSION_ID_STRING_LEN];
2047 char timeout_str[56] = {'\0'};
2048
2049 if (!APLOGdebug(s)) {
2050 return;
2051 }
2052
2053 if (timeout) {
2054 apr_snprintf(timeout_str, sizeof(timeout_str),
2055 "timeout=%lds ", timeout);
2056 }
2057
2058 ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, s,
2059 "Inter-Process Session Cache: "
2060 "request=%s status=%s id=%s %s(session %s)",
2061 request, status,
2062 modssl_SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
2063 timeout_str, result);
2064}
2065
2066/*
2067 * This callback function is executed by OpenSSL whenever a new SSL_SESSION is
2068 * added to the internal OpenSSL session cache. We use this hook to spread the
2069 * SSL_SESSION also to the inter-process disk-cache to make share it with our
2070 * other Apache pre-forked server processes.
2071 */
2072int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
2073{
2074 /* Get Apache context back through OpenSSL context */
2075 conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
2076 server_rec *s = mySrvFromConn(conn);
2077 SSLSrvConfigRec *sc = mySrvConfig(s);
2078 long timeout = sc->session_cache_timeout;
2079 BOOL rc;
2080 IDCONST unsigned char *id;
2081 unsigned int idlen;
2082
2083 /*
2084 * Set the timeout also for the internal OpenSSL cache, because this way
2085 * our inter-process cache is consulted only when it's really necessary.
2086 */
2087 SSL_set_timeout(session, timeout);
2088
2089 /*
2090 * Store the SSL_SESSION in the inter-process cache with the
2091 * same expire time, so it expires automatically there, too.
2092 */
2093#ifdef OPENSSL_NO_SSL_INTERN
2094 id = (unsigned char *)SSL_SESSION_get_id(session, &idlen);
2095#else
2096 id = session->session_id;
2097 idlen = session->session_id_length;
2098#endif
2099
2100 rc = ssl_scache_store(s, id, idlen,
2101 apr_time_from_sec(SSL_SESSION_get_time(session)
2102 + timeout),
2103 session, conn->pool);
2104
2105 ssl_session_log(s, "SET", id, idlen,
2106 rc == TRUE ? "OK" : "BAD",
2107 "caching", timeout);
2108
2109 /*
2110 * return 0 which means to OpenSSL that the session is still
2111 * valid and was not freed by us with SSL_SESSION_free().
2112 */
2113 return 0;
2114}
2115
2116/*
2117 * This callback function is executed by OpenSSL whenever a
2118 * SSL_SESSION is looked up in the internal OpenSSL cache and it
2119 * was not found. We use this to lookup the SSL_SESSION in the
2120 * inter-process disk-cache where it was perhaps stored by one
2121 * of our other Apache pre-forked server processes.
2122 */
2123SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl,
2124 IDCONST unsigned char *id,
2125 int idlen, int *do_copy)
2126{
2127 /* Get Apache context back through OpenSSL context */
2128 conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
2129 server_rec *s = mySrvFromConn(conn);
2130 SSL_SESSION *session;
2131
2132 /*
2133 * Try to retrieve the SSL_SESSION from the inter-process cache
2134 */
2135 session = ssl_scache_retrieve(s, id, idlen, conn->pool);
2136
2137 ssl_session_log(s, "GET", id, idlen,
2138 session ? "FOUND" : "MISSED",
2139 session ? "reuse" : "renewal", 0);
2140
2141 /*
2142 * Return NULL or the retrieved SSL_SESSION. But indicate (by
2143 * setting do_copy to 0) that the reference count on the
2144 * SSL_SESSION should not be incremented by the SSL library,
2145 * because we will no longer hold a reference to it ourself.
2146 */
2147 *do_copy = 0;
2148
2149 return session;
2150}
2151
2152/*
2153 * This callback function is executed by OpenSSL whenever a
2154 * SSL_SESSION is removed from the internal OpenSSL cache.
2155 * We use this to remove the SSL_SESSION in the inter-process
2156 * disk-cache, too.
2157 */
2158void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx,
2159 SSL_SESSION *session)
2160{
2161 server_rec *s;
2162 SSLSrvConfigRec *sc;
2163 IDCONST unsigned char *id;
2164 unsigned int idlen;
2165
2166 /*
2167 * Get Apache context back through OpenSSL context
2168 */
2169 if (!(s = (server_rec *)SSL_CTX_get_app_data(ctx))) {
2170 return; /* on server shutdown Apache is already gone */
2171 }
2172
2173 sc = mySrvConfig(s);
2174
2175 /*
2176 * Remove the SSL_SESSION from the inter-process cache
2177 */
2178#ifdef OPENSSL_NO_SSL_INTERN
2179 id = (unsigned char *)SSL_SESSION_get_id(session, &idlen);
2180#else
2181 id = session->session_id;
2182 idlen = session->session_id_length;
2183#endif
2184
2185 /* TODO: Do we need a temp pool here, or are we always shutting down? */
2186 ssl_scache_remove(s, id, idlen, sc->mc->pPool);
2187
2188 ssl_session_log(s, "REM", id, idlen,
2189 "OK", "dead", 0);
2190
2191 return;
2192}
2193
2194/* Dump debugginfo trace to the log file. */
2195static void log_tracing_state(const SSL *ssl, conn_rec *c,
2196 server_rec *s, int where, int rc)
2197{
2198 /*
2199 * create the various trace messages
2200 */
2201 if (where & SSL_CB_HANDSHAKE_START) {
2202 ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
2203 "%s: Handshake: start", MODSSL_LIBRARY_NAME);
2204 }
2205 else if (where & SSL_CB_HANDSHAKE_DONE) {
2206 ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
2207 "%s: Handshake: done", MODSSL_LIBRARY_NAME);
2208 }
2209 else if (where & SSL_CB_LOOP) {
2210 ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
2211 "%s: Loop: %s",
2212 MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
2213 }
2214 else if (where & SSL_CB_READ) {
2215 ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
2216 "%s: Read: %s",
2217 MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
2218 }
2219 else if (where & SSL_CB_WRITE) {
2220 ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
2221 "%s: Write: %s",
2222 MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
2223 }
2224 else if (where & SSL_CB_ALERT) {
2225 char *str = (where & SSL_CB_READ) ? "read" : "write";
2226 ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
2227 "%s: Alert: %s:%s:%s",
2228 MODSSL_LIBRARY_NAME, str,
2229 SSL_alert_type_string_long(rc),
2230 SSL_alert_desc_string_long(rc));
2231 }
2232 else if (where & SSL_CB_EXIT) {
2233 if (rc == 0) {
2234 ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
2235 "%s: Exit: failed in %s",
2236 MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
2237 }
2238 else if (rc < 0) {
2239 ap_log_cerror(APLOG_MARK, APLOG_TRACE3, 0, c,
2240 "%s: Exit: error in %s",
2241 MODSSL_LIBRARY_NAME, SSL_state_string_long(ssl));
2242 }
2243 }
2244
2245 /*
2246 * Because SSL renegotiations can happen at any time (not only after
2247 * SSL_accept()), the best way to log the current connection details is
2248 * right after a finished handshake.
2249 */
2250 if (where & SSL_CB_HANDSHAKE_DONE) {
2251 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02041)
2252 "Protocol: %s, Cipher: %s (%s/%s bits)",
2253 ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"),
2254 ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"),
2255 ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"),
2256 ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE"));
2257 }
2258}
2259
2260/*
2261 * This callback function is executed while OpenSSL processes the SSL
2262 * handshake and does SSL record layer stuff. It's used to trap
2263 * client-initiated renegotiations (where SSL_OP_NO_RENEGOTIATION is
2264 * not available), and for dumping everything to the log.
2265 */
2266void ssl_callback_Info(const SSL *ssl, int where, int rc)
2267{
2268 conn_rec *c;
2269 server_rec *s;
2270
2271 /* Retrieve the conn_rec and the associated SSLConnRec. */
2272 if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL) {
2273 return;
2274 }
2275
2276#ifndef SSL_OP_NO_RENEGOTIATION
2277 /* With OpenSSL < 1.1.1 (implying TLS v1.2 or earlier), this
2278 * callback is used to block client-initiated renegotiation. With
2279 * TLSv1.3 it is unnecessary since renegotiation is forbidden at
2280 * protocol level. Otherwise (TLSv1.2 with OpenSSL >=1.1.1),
2281 * SSL_OP_NO_RENEGOTIATION is used to block renegotiation. */
2282 {
2283 SSLConnRec *sslconn;
2284
2285 if ((sslconn = myConnConfig(c)) == NULL) {
2286 return;
2287 }
2288
2289 /* If the reneg state is to reject renegotiations, check the SSL
2290 * state machine and move to ABORT if a Client Hello is being
2291 * read. */
2292 if (!c->outgoing &&
2293 (where & SSL_CB_HANDSHAKE_START) &&
2294 sslconn->reneg_state == RENEG_REJECT) {
2295 sslconn->reneg_state = RENEG_ABORT;
2296 ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02042)
2297 "rejecting client initiated renegotiation");
2298 }
2299 /* If the first handshake is complete, change state to reject any
2300 * subsequent client-initiated renegotiation. */
2301 else if ((where & SSL_CB_HANDSHAKE_DONE)
2302 && sslconn->reneg_state == RENEG_INIT) {
2303 sslconn->reneg_state = RENEG_REJECT;
2304 }
2305 }
2306#endif
2307
2308 s = mySrvFromConn(c);
2309 if (s && APLOGdebug(s)) {
2310 log_tracing_state(ssl, c, s, where, rc);
2311 }
2312}
2313
2314#ifdef HAVE_TLSEXT
2315
2316static apr_status_t set_challenge_creds(conn_rec *c, const char *servername,
2317 SSL *ssl, X509 *cert, EVP_PKEY *key,
2318 const char *cert_pem, const char *key_pem)
2319{
2320 SSLConnRec *sslcon = myConnConfig(c);
2321 apr_status_t rv = APR_SUCCESS;
2322 int our_data = 0;
2323
2324 sslcon->service_unavailable = 1;
2325 if (cert_pem) {
2326 cert = NULL;
2327 key = NULL;
2328 our_data = 1;
2329
2330 rv = modssl_read_cert(c->pool, cert_pem, key_pem, NULL, NULL, &cert, &key);
2331 if (rv != APR_SUCCESS) {
2332 ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c, APLOGNO(10266)
2333 "Failed to parse PEM of challenge certificate %s",
2334 servername);
2335 goto cleanup;
2336 }
2337 }
2338
2339 if ((SSL_use_certificate(ssl, cert) < 1)) {
2340 ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c, APLOGNO(10086)
2341 "Failed to configure challenge certificate %s",
2342 servername);
2343 rv = APR_EGENERAL;
2344 goto cleanup;
2345 }
2346
2347 if (!SSL_use_PrivateKey(ssl, key)) {
2348 ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c, APLOGNO(10087)
2349 "error '%s' using Challenge key: %s",
2350 ERR_error_string(ERR_peek_last_error(), NULL),
2351 servername);
2352 rv = APR_EGENERAL;
2353 goto cleanup;
2354 }
2355
2356 if (SSL_check_private_key(ssl) < 1) {
2357 ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c, APLOGNO(10088)
2358 "Challenge certificate and private key %s "
2359 "do not match", servername);
2360 rv = APR_EGENERAL;
2361 goto cleanup;
2362 }
2363
2364cleanup:
2365 if (our_data && cert) X509_free(cert);
2366 if (our_data && key) EVP_PKEY_free(key);
2367 return APR_SUCCESS;
2368}
2369
2370/*
2371 * This function sets the virtual host from an extended
2372 * client hello with a server name indication extension ("SNI", cf. RFC 6066).
2373 */
2374static apr_status_t init_vhost(conn_rec *c, SSL *ssl, const char *servername)
2375{
2376 if (c) {
2377 SSLConnRec *sslcon = myConnConfig(c);
2378
2379 if (sslcon->vhost_found) {
2380 /* already found the vhost? */
2381 return sslcon->vhost_found > 0 ? APR_SUCCESS : APR_NOTFOUND;
2382 }
2383 sslcon->vhost_found = -1;
2384
2385 if (!servername) {
2386 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
2387 }
2388 if (servername) {
2389 if (ap_vhost_iterate_given_conn(c, ssl_find_vhost,
2390 (void *)servername)) {
2391 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02043)
2392 "SSL virtual host for servername %s found",
2393 servername);
2394
2395 sslcon->vhost_found = +1;
2396 return APR_SUCCESS;
2397 }
2398 else {
2399 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02044)
2400 "No matching SSL virtual host for servername "
2401 "%s found (using default/first virtual host)",
2402 servername);
2403 /*
2404 * RFC 6066 section 3 says "It is NOT RECOMMENDED to send
2405 * a warning-level unrecognized_name(112) alert, because
2406 * the client's behavior in response to warning-level alerts
2407 * is unpredictable."
2408 *
2409 * To maintain backwards compatibility in mod_ssl, we
2410 * no longer send any alert (neither warning- nor fatal-level),
2411 * i.e. we take the second action suggested in RFC 6066:
2412 * "If the server understood the ClientHello extension but
2413 * does not recognize the server name, the server SHOULD take
2414 * one of two actions: either abort the handshake by sending
2415 * a fatal-level unrecognized_name(112) alert or continue
2416 * the handshake."
2417 */
2418 }
2419 }
2420 else {
2421 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02645)
2422 "Server name not provided via TLS extension "
2423 "(using default/first virtual host)");
2424 }
2425 }
2426
2427 return APR_NOTFOUND;
2428}
2429
2430/*
2431 * This callback function is executed when OpenSSL encounters an extended
2432 * client hello with a server name indication extension ("SNI", cf. RFC 6066).
2433 */
2434int ssl_callback_ServerNameIndication(SSL *ssl, int *al, modssl_ctx_t *mctx)
2435{
2436 conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
2437 apr_status_t status = init_vhost(c, ssl, NULL);
2438
2439 return (status == APR_SUCCESS)? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
2440}
2441
2442#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
2443/*
2444 * This callback function is called when the ClientHello is received.
2445 */
2446int ssl_callback_ClientHello(SSL *ssl, int *al, void *arg)
2447{
2448 char *servername = NULL;
2449 conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
2450 const unsigned char *pos;
2451 size_t len, remaining;
2452 (void)arg;
2453
2454 /* We can't use SSL_get_servername() at this earliest OpenSSL connection
2455 * stage, and there is no SSL_client_hello_get0_servername() provided as
2456 * of OpenSSL 1.1.1. So the code below, that extracts the SNI from the
2457 * ClientHello's TLS extensions, is taken from some test code in OpenSSL,
2458 * i.e. client_hello_select_server_ctx() in "test/handshake_helper.c".
2459 */
2460
2461 /*
2462 * The server_name extension was given too much extensibility when it
2463 * was written, so parsing the normal case is a bit complex.
2464 */
2465 if (!SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &pos,
2466 &remaining)
2467 || remaining <= 2)
2468 goto give_up;
2469
2470 /* Extract the length of the supplied list of names. */
2471 len = (*(pos++) << 8);
2472 len += *(pos++);
2473 if (len + 2 != remaining)
2474 goto give_up;
2475 remaining = len;
2476
2477 /*
2478 * The list in practice only has a single element, so we only consider
2479 * the first one.
2480 */
2481 if (remaining <= 3 || *pos++ != TLSEXT_NAMETYPE_host_name)
2482 goto give_up;
2483 remaining--;
2484
2485 /* Now we can finally pull out the byte array with the actual hostname. */
2486 len = (*(pos++) << 8);
2487 len += *(pos++);
2488 if (len + 2 != remaining)
2489 goto give_up;
2490
2491 /* Use the SNI to switch to the relevant vhost, should it differ from
2492 * c->base_server.
2493 */
2494 servername = apr_pstrmemdup(c->pool, (const char *)pos, len);
2495
2496give_up:
2497 init_vhost(c, ssl, servername);
2498 return SSL_CLIENT_HELLO_SUCCESS;
2499}
2500#endif /* OPENSSL_VERSION_NUMBER < 0x10101000L */
2501
2502/*
2503 * Find a (name-based) SSL virtual host where either the ServerName
2504 * or one of the ServerAliases matches the supplied name (to be used
2505 * with ap_vhost_iterate_given_conn())
2506 */
2507static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s)
2508{
2509 SSLSrvConfigRec *sc;
2510 SSL *ssl;
2511 BOOL found;
2512 SSLConnRec *sslcon;
2513
2514 found = ssl_util_vhost_matches(servername, s);
2515
2516 /* set SSL_CTX (if matched) */
2517 sslcon = myConnConfig(c);
2518 if (found && (ssl = sslcon->ssl) &&
2519 (sc = mySrvConfig(s))) {
2520 SSL_CTX *ctx = SSL_set_SSL_CTX(ssl, sc->server->ssl_ctx);
2521
2522 /*
2523 * SSL_set_SSL_CTX() only deals with the server cert,
2524 * so we need to duplicate a few additional settings
2525 * from the ctx by hand
2526 */
2527 SSL_set_options(ssl, SSL_CTX_get_options(ctx));
2528#if OPENSSL_VERSION_NUMBER >= 0x1010007fL \
2529 && (!defined(LIBRESSL_VERSION_NUMBER) \
2530 || LIBRESSL_VERSION_NUMBER >= 0x20800000L)
2531 /*
2532 * Don't switch the protocol if none is configured for this vhost,
2533 * the default in this case is still the base server's SSLProtocol.
2534 */
2535 if (myConnCtxConfig(c, sc)->protocol_set) {
2536 SSL_set_min_proto_version(ssl, SSL_CTX_get_min_proto_version(ctx));
2537 SSL_set_max_proto_version(ssl, SSL_CTX_get_max_proto_version(ctx));
2538 }
2539#endif
2540 if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
2541 (SSL_num_renegotiations(ssl) == 0)) {
2542 /*
2543 * Only initialize the verification settings from the ctx
2544 * if they are not yet set, or if we're called when a new
2545 * SSL connection is set up (num_renegotiations == 0).
2546 * Otherwise, we would possibly reset a per-directory
2547 * configuration which was put into effect by ssl_hook_Access.
2548 */
2549 SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx),
2550 SSL_CTX_get_verify_callback(ctx));
2551 }
2552
2553 /*
2554 * Adjust the session id context. ssl_init_ssl_connection()
2555 * always picks the configuration of the first vhost when
2556 * calling SSL_new(), but we want to tie the session to the
2557 * vhost we have just switched to. Again, we have to make sure
2558 * that we're not overwriting a session id context which was
2559 * possibly set in ssl_hook_Access(), before triggering
2560 * a renegotiation.
2561 */
2562 if (SSL_num_renegotiations(ssl) == 0) {
2563 unsigned char *sid_ctx =
2564 (unsigned char *)ap_md5_binary(c->pool,
2565 (unsigned char *)sc->vhost_id,
2566 sc->vhost_id_len);
2567 SSL_set_session_id_context(ssl, sid_ctx, APR_MD5_DIGESTSIZE*2);
2568 }
2569
2570 /*
2571 * Save the found server into our SSLConnRec for later
2572 * retrieval
2573 */
2574 sslcon->server = s;
2575 sslcon->cipher_suite = sc->server->auth.cipher_suite;
2576 sslcon->service_unavailable = sc->server->pks?
2577 sc->server->pks->service_unavailable : 0;
2578
2579 ap_update_child_status_from_server(c->sbh, SERVER_BUSY_READ, c, s);
2580
2581 /*
2582 * There is one special filter callback, which is set
2583 * very early depending on the base_server's log level.
2584 * If this is not the first vhost we're now selecting
2585 * (and the first vhost doesn't use APLOG_TRACE4), then
2586 * we need to set that callback here.
2587 */
2588 modssl_set_io_callbacks(ssl, c, s);
2589
2590 return 1;
2591 }
2592
2593 return 0;
2594}
2595#endif /* HAVE_TLSEXT */
2596
2597#ifdef HAVE_TLS_SESSION_TICKETS
2598/*
2599 * This callback function is executed when OpenSSL needs a key for encrypting/
2600 * decrypting a TLS session ticket (RFC 5077) and a ticket key file has been
2601 * configured through SSLSessionTicketKeyFile.
2602 */
2603int ssl_callback_SessionTicket(SSL *ssl,
2604 unsigned char *keyname,
2605 unsigned char *iv,
2606 EVP_CIPHER_CTX *cipher_ctx,
2607#if OPENSSL_VERSION_NUMBER < 0x30000000L
2608 HMAC_CTX *hmac_ctx,
2609#else
2610 EVP_MAC_CTX *mac_ctx,
2611#endif
2612 int mode)
2613{
2614 conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
2615 server_rec *s = mySrvFromConn(c);
2616 SSLSrvConfigRec *sc = mySrvConfig(s);
2617 modssl_ctx_t *mctx = myConnCtxConfig(c, sc);
2618 modssl_ticket_key_t *ticket_key = mctx->ticket_key;
2619
2620 if (mode == 1) {
2621 /*
2622 * OpenSSL is asking for a key for encrypting a ticket,
2623 * see s3_srvr.c:ssl3_send_newsession_ticket()
2624 */
2625
2626 if (ticket_key == NULL) {
2627 /* should never happen, but better safe than sorry */
2628 return -1;
2629 }
2630
2631 memcpy(keyname, ticket_key->key_name, 16);
2632 if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) != 1) {
2633 return -1;
2634 }
2635 EVP_EncryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
2636 ticket_key->aes_key, iv);
2637
2638#if OPENSSL_VERSION_NUMBER < 0x30000000L
2639 HMAC_Init_ex(hmac_ctx, ticket_key->hmac_secret, 16,
2640 tlsext_tick_md(), NULL);
2641#else
2642 EVP_MAC_CTX_set_params(mac_ctx, ticket_key->mac_params);
2643#endif
2644
2645 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02289)
2646 "TLS session ticket key for %s successfully set, "
2647 "creating new session ticket", sc->vhost_id);
2648
2649 return 1;
2650 }
2651 else if (mode == 0) {
2652 /*
2653 * OpenSSL is asking for the decryption key,
2654 * see t1_lib.c:tls_decrypt_ticket()
2655 */
2656
2657 /* check key name */
2658 if (ticket_key == NULL || memcmp(keyname, ticket_key->key_name, 16)) {
2659 return 0;
2660 }
2661
2662 EVP_DecryptInit_ex(cipher_ctx, EVP_aes_128_cbc(), NULL,
2663 ticket_key->aes_key, iv);
2664
2665#if OPENSSL_VERSION_NUMBER < 0x30000000L
2666 HMAC_Init_ex(hmac_ctx, ticket_key->hmac_secret, 16,
2667 tlsext_tick_md(), NULL);
2668#else
2669 EVP_MAC_CTX_set_params(mac_ctx, ticket_key->mac_params);
2670#endif
2671
2672 ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02290)
2673 "TLS session ticket key for %s successfully set, "
2674 "decrypting existing session ticket", sc->vhost_id);
2675
2676 return 1;
2677 }
2678
2679 /* OpenSSL is not expected to call us with modes other than 1 or 0 */
2680 return -1;
2681}
2682#endif /* HAVE_TLS_SESSION_TICKETS */
2683
2684#ifdef HAVE_TLS_ALPN
2685
2686/*
2687 * This callback function is executed when the TLS Application-Layer
2688 * Protocol Negotiation Extension (ALPN, RFC 7301) is triggered by the Client
2689 * Hello, giving a list of desired protocol names (in descending preference)
2690 * to the server.
2691 * The callback has to select a protocol name or return an error if none of
2692 * the clients preferences is supported.
2693 * The selected protocol does not have to be on the client list, according
2694 * to RFC 7301, so no checks are performed.
2695 * The client protocol list is serialized as length byte followed by ASCII
2696 * characters (not null-terminated), followed by the next protocol name.
2697 */
2698int ssl_callback_alpn_select(SSL *ssl,
2699 const unsigned char **out, unsigned char *outlen,
2700 const unsigned char *in, unsigned int inlen,
2701 void *arg)
2702{
2703 conn_rec *c = (conn_rec*)SSL_get_app_data(ssl);
2704 SSLConnRec *sslconn;
2705 apr_array_header_t *client_protos;
2706 const char *proposed;
2707 size_t len;
2708 int i;
2709
2710 /* If the connection object is not available,
2711 * then there's nothing for us to do. */
2712 if (c == NULL) {
2713 return SSL_TLSEXT_ERR_OK;
2714 }
2715 sslconn = myConnConfig(c);
2716
2717 if (inlen == 0) {
2718 /* someone tries to trick us? */
2719 ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02837)
2720 "ALPN client protocol list empty");
2721 return SSL_TLSEXT_ERR_ALERT_FATAL;
2722 }
2723
2724 client_protos = apr_array_make(c->pool, 0, sizeof(char *));
2725 for (i = 0; i < inlen; ) {
2726 unsigned int plen = in[i++];
2727 if (plen + i > inlen) {
2728 /* someone tries to trick us? */
2729 ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02838)
2730 "ALPN protocol identifier too long");
2731 return SSL_TLSEXT_ERR_ALERT_FATAL;
2732 }
2733 APR_ARRAY_PUSH(client_protos, char *) =
2734 apr_pstrndup(c->pool, (const char *)in+i, plen);
2735 i += plen;
2736 }
2737
2738 /* The order the callbacks are invoked from TLS extensions is, unfortunately
2739 * not defined and older openssl versions do call ALPN selection before
2740 * they callback the SNI. We need to make sure that we know which vhost
2741 * we are dealing with so we respect the correct protocols.
2742 */
2743 init_vhost(c, ssl, NULL);
2744
2745 proposed = ap_select_protocol(c, NULL, sslconn->server, client_protos);
2746 if (!proposed) {
2747 proposed = ap_get_protocol(c);
2748 }
2749
2750 len = strlen(proposed);
2751 if (len > 255) {
2752 ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02840)
2753 "ALPN negotiated protocol name too long");
2754 return SSL_TLSEXT_ERR_ALERT_FATAL;
2755 }
2756 *out = (const unsigned char *)proposed;
2757 *outlen = (unsigned char)len;
2758
2759 if (strcmp(proposed, ap_get_protocol(c))) {
2760 apr_status_t status;
2761
2762 status = ap_switch_protocol(c, NULL, sslconn->server, proposed);
2763 if (status != APR_SUCCESS) {
2764 ap_log_cerror(APLOG_MARK, APLOG_ERR, status, c,
2765 APLOGNO(02908) "protocol switch to '%s' failed",
2766 proposed);
2767 return SSL_TLSEXT_ERR_ALERT_FATAL;
2768 }
2769
2770 /* protocol was switched, this could be a challenge protocol such as "acme-tls/1".
2771 * For that to work, we need to allow overrides to our ssl certificate.
2772 * However, exclude challenge checks on our best known traffic protocol.
2773 * (http/1.1 is the default, we never switch to it anyway.)
2774 */
2775 if (strcmp("h2", proposed)) {
2776 const char *servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
2777 X509 *cert;
2778 EVP_PKEY *key;
2779 const char *cert_pem, *key_pem;
2780
2781 if (ssl_is_challenge(c, servername, &cert, &key, &cert_pem, &key_pem)) {
2782 if (set_challenge_creds(c, servername, ssl, cert, key,
2783 cert_pem, key_pem) != APR_SUCCESS) {
2784 return SSL_TLSEXT_ERR_ALERT_FATAL;
2785 }
2786 SSL_set_verify(ssl, SSL_VERIFY_NONE, ssl_callback_SSLVerify);
2787 }
2788 }
2789 }
2790
2791 return SSL_TLSEXT_ERR_OK;
2792}
2793#endif /* HAVE_TLS_ALPN */
2794
2795#ifdef HAVE_SRP
2796
2797int ssl_callback_SRPServerParams(SSL *ssl, int *ad, void *arg)
2798{
2799 modssl_ctx_t *mctx = (modssl_ctx_t *)arg;
2800 char *username = SSL_get_srp_username(ssl);
2801 SRP_user_pwd *u;
2802
2803 if (username == NULL
2804#if OPENSSL_VERSION_NUMBER < 0x10100000L
2805 || (u = SRP_VBASE_get_by_user(mctx->srp_vbase, username)) == NULL) {
2806#else
2807 || (u = SRP_VBASE_get1_by_user(mctx->srp_vbase, username)) == NULL) {
2808#endif
2809 *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
2810 return SSL3_AL_FATAL;
2811 }
2812
2813 if (SSL_set_srp_server_param(ssl, u->N, u->g, u->s, u->v, u->info) < 0) {
2814#if OPENSSL_VERSION_NUMBER >= 0x10100000L
2815 SRP_user_pwd_free(u);
2816#endif
2817 *ad = SSL_AD_INTERNAL_ERROR;
2818 return SSL3_AL_FATAL;
2819 }
2820
2821 /* reset all other options */
2822#if OPENSSL_VERSION_NUMBER >= 0x10100000L
2823 SRP_user_pwd_free(u);
2824#endif
2825 SSL_set_verify(ssl, SSL_VERIFY_NONE, ssl_callback_SSLVerify);
2826 return SSL_ERROR_NONE;
2827}
2828
2829#endif /* HAVE_SRP */
2830
2831
2832#ifdef HAVE_OPENSSL_KEYLOG
2833/* Callback used with SSL_CTX_set_keylog_callback. */
2834void modssl_callback_keylog(const SSL *ssl, const char *line)
2835{
2836 conn_rec *conn = SSL_get_app_data(ssl);
2837 SSLSrvConfigRec *sc = mySrvConfig(conn->base_server);
2838
2839 if (sc && sc->mc->keylog_file) {
2840 apr_file_printf(sc->mc->keylog_file, "%s\n", line);
2841 }
2842}
2843#endif
n
int n
Definition ap_regex.h:278
len
const char apr_size_t len
Definition ap_regex.h:187
TRUE
#define TRUE
Definition abts.h:38
FALSE
#define FALSE
Definition abts.h:35
found
return found
Definition core.c:2840
r
request_rec * r
Definition http_config.h:1168
AP_FILTER_ERROR
#define AP_FILTER_ERROR
Definition httpd.h:473
DECLINED
#define DECLINED
Definition httpd.h:457
OK
#define OK
Definition httpd.h:456
ap_fputs
#define ap_fputs(f, bb, str)
Definition util_filter.h:569
ap_pass_brigade
apr_status_t ap_pass_brigade(ap_filter_t *filter, apr_bucket_brigade *bucket)
Definition util_filter.c:564
ap_get_brigade
apr_status_t ap_get_brigade(ap_filter_t *filter, apr_bucket_brigade *bucket, ap_input_mode_t mode, apr_read_type_e block, apr_off_t readbytes)
Definition util_filter.c:546
APLOGrinfo
#define APLOGrinfo(r)
Definition http_log.h:244
APLOGNO
#define APLOGNO(n)
Definition http_log.h:117
APLOG_INFO
#define APLOG_INFO
Definition http_log.h:70
ap_log_rerror
#define ap_log_rerror
Definition http_log.h:454
APLOG_ERR
#define APLOG_ERR
Definition http_log.h:67
APLOG_TRACE3
#define APLOG_TRACE3
Definition http_log.h:74
ap_log_error
#define ap_log_error
Definition http_log.h:370
ap_log_cerror
#define ap_log_cerror
Definition http_log.h:498
APLOGdebug
#define APLOGdebug(s)
Definition http_log.h:234
APLOG_MARK
#define APLOG_MARK
Definition http_log.h:283
APLOG_WARNING
#define APLOG_WARNING
Definition http_log.h:68
APLOG_TRACE2
#define APLOG_TRACE2
Definition http_log.h:73
APLOG_DEBUG
#define APLOG_DEBUG
Definition http_log.h:71
APLOGcinfo
#define APLOGcinfo(c)
Definition http_log.h:255
buf
const unsigned char * buf
Definition util_md5.h:50
ap_switch_protocol
apr_status_t ap_switch_protocol(conn_rec *c, request_rec *r, server_rec *s, const char *protocol)
Definition protocol.c:2532
ap_get_protocol
const char * ap_get_protocol(conn_rec *c)
Definition protocol.c:2397
ap_select_protocol
const char * ap_select_protocol(conn_rec *c, request_rec *r, server_rec *s, const apr_array_header_t *choices)
Definition protocol.c:2444
ap_is_initial_req
int ap_is_initial_req(request_rec *r)
Definition request.c:2567
arg
void const char * arg
Definition http_vhost.h:63
CRLF
#define CRLF
Definition httpd.h:724
APR_EGENERAL
#define APR_EGENERAL
Definition apr_errno.h:313
APR_ECONNABORTED
#define APR_ECONNABORTED
Definition apr_errno.h:769
APR_NOTFOUND
#define APR_NOTFOUND
Definition apr_errno.h:463
APR_MD5_DIGESTSIZE
#define APR_MD5_DIGESTSIZE
Definition apr_md5.h:68
APR_BRIGADE_INSERT_TAIL
#define APR_BRIGADE_INSERT_TAIL(b, e)
Definition apr_buckets.h:369
ctx
apr_brigade_flush void * ctx
Definition apr_buckets.h:802
APR_NONBLOCK_READ
@ APR_NONBLOCK_READ
Definition apr_buckets.h:59
mode
apr_dbd_transaction_t int mode
Definition apr_dbd.h:261
errnum
apr_dbd_t int errnum
Definition apr_dbd.h:353
pkey
apr_datum_t * pkey
Definition apr_dbm.h:158
server
apr_memcache_server_t * server
Definition apr_memcache.h:173
rc
apr_redis_t * rc
Definition apr_redis.h:173
ap_expr_exec
int ap_expr_exec(request_rec *r, const ap_expr_info_t *expr, const char **err)
Definition util_expr_eval.c:815
HTTP_BAD_REQUEST
#define HTTP_BAD_REQUEST
Definition httpd.h:508
HTTP_SERVICE_UNAVAILABLE
#define HTTP_SERVICE_UNAVAILABLE
Definition httpd.h:538
HTTP_UPGRADE_REQUIRED
#define HTTP_UPGRADE_REQUIRED
Definition httpd.h:530
HTTP_FORBIDDEN
#define HTTP_FORBIDDEN
Definition httpd.h:511
HTTP_REQUEST_ENTITY_TOO_LARGE
#define HTTP_REQUEST_ENTITY_TOO_LARGE
Definition httpd.h:521
HTTP_MISDIRECTED_REQUEST
#define HTTP_MISDIRECTED_REQUEST
Definition httpd.h:526
ssl_authz_provider_require_ssl
const authz_provider ssl_authz_provider_require_ssl
Definition ssl_engine_kernel.c:1627
DEFAULT_RENEG_BUFFER_SIZE
#define DEFAULT_RENEG_BUFFER_SIZE
Definition ssl_private.h:379
ssl_callback_NewSessionCacheEntry
int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
Definition ssl_engine_kernel.c:2072
SSLLOG_MARK
#define SSLLOG_MARK
Definition ssl_private.h:1156
modssl_get_dh_params
DH * modssl_get_dh_params(unsigned keylen)
Definition ssl_engine_init.c:162
modssl_request_is_tls
int modssl_request_is_tls(const request_rec *r, SSLConnRec **sslconn)
Definition ssl_util.c:103
SSL_OPT_OPTRENEGOTIATE
#define SSL_OPT_OPTRENEGOTIATE
Definition ssl_private.h:411
mySrvFromConn
#define mySrvFromConn(c)
Definition ssl_private.h:365
mySrvConfigFromConn
#define mySrvConfigFromConn(c)
Definition ssl_private.h:367
ssl_hook_Fixup
int ssl_hook_Fixup(request_rec *r)
Definition ssl_engine_kernel.c:1521
SSL_VERIFY_PEER_STRICT
#define SSL_VERIFY_PEER_STRICT
Definition ssl_private.h:463
ssl_hook_Auth
int ssl_hook_Auth(request_rec *r)
Definition ssl_engine_kernel.c:1462
SSL_OPT_STRICTREQUIRE
#define SSL_OPT_STRICTREQUIRE
Definition ssl_private.h:410
modssl_set_io_callbacks
void modssl_set_io_callbacks(SSL *ssl, conn_rec *c, server_rec *s)
Definition ssl_engine_io.c:2469
mySrvConfig
#define mySrvConfig(srv)
Definition ssl_private.h:358
ssl_init_ssl_connection
int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
Definition mod_ssl.c:575
ssl_verify_error_is_optional
#define ssl_verify_error_is_optional(errnum)
Definition ssl_private.h:466
myDirConfig
#define myDirConfig(req)
Definition ssl_private.h:360
myDirConfigFromConn
#define myDirConfigFromConn(c)
Definition ssl_private.h:366
ssl_util_vhostid
char * ssl_util_vhostid(apr_pool_t *, server_rec *)
Definition ssl_util.c:42
ssl_util_vhost_matches
unsigned int ssl_util_vhost_matches(const char *servername, server_rec *s)
Definition ssl_util.c:61
modssl_verify_ocsp
int modssl_verify_ocsp(X509_STORE_CTX *ctx, SSLSrvConfigRec *sc, server_rec *s, conn_rec *c, apr_pool_t *pool)
Definition ssl_engine_ocsp.c:262
ssl_callback_TmpDH
DH * ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
Definition ssl_engine_kernel.c:1689
modssl_set_reneg_state
void modssl_set_reneg_state(SSLConnRec *sslconn, modssl_reneg_state state)
Definition ssl_util_ssl.c:616
ssl_var_lookup
char * ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r, char *var)
Definition mod_nw_ssl.c:956
IDCONST
#define IDCONST
Definition ssl_private.h:189
ssl_scache_remove
void ssl_scache_remove(server_rec *, unsigned char *, int, apr_pool_t *)
Definition ssl_scache.c:176
myConnConfig
#define myConnConfig(c)
Definition ssl_private.h:354
ssl_scache_retrieve
SSL_SESSION * ssl_scache_retrieve(server_rec *, unsigned char *, int, apr_pool_t *)
Definition ssl_scache.c:147
ssl_log_ssl_error
void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s)
Definition ssl_engine_log.c:94
ssl_is_challenge
int ssl_is_challenge(conn_rec *c, const char *servername, X509 **pcert, EVP_PKEY **pkey, const char **pcert_pem, const char **pkey_pem)
Definition ssl_engine_init.c:196
ssl_callback_Info
void ssl_callback_Info(const SSL *ssl, int where, int rc)
Definition ssl_engine_kernel.c:2266
myConnCtxConfig
#define myConnCtxConfig(c, sc)
Definition ssl_private.h:362
ssl_scache_store
unsigned int ssl_scache_store(server_rec *, unsigned char *, int, apr_time_t, SSL_SESSION *, apr_pool_t *)
Definition ssl_scache.c:113
ssl_hook_ReadReq
int ssl_hook_ReadReq(request_rec *r)
Definition ssl_engine_kernel.c:269
ssl_callback_DelSessionCacheEntry
void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx, SSL_SESSION *session)
Definition ssl_engine_kernel.c:2158
SSL_OPT_STDENVVARS
#define SSL_OPT_STDENVVARS
Definition ssl_private.h:407
SSL_OPT_EXPORTCERTDATA
#define SSL_OPT_EXPORTCERTDATA
Definition ssl_private.h:408
ssl_authz_provider_verify_client
const authz_provider ssl_authz_provider_verify_client
Definition ssl_engine_kernel.c:1671
ssl_hook_UserCheck
int ssl_hook_UserCheck(request_rec *r)
Definition ssl_engine_kernel.c:1364
ssl_hook_Access
int ssl_hook_Access(request_rec *r)
Definition ssl_engine_kernel.c:1208
modssl_var_extract_dns
void modssl_var_extract_dns(apr_table_t *t, SSL *ssl, apr_pool_t *p)
Definition ssl_engine_vars.c:942
ssl_callback_GetSessionCacheEntry
SSL_SESSION * ssl_callback_GetSessionCacheEntry(SSL *ssl, unsigned char *id, int idlen, int *do_copy)
Definition ssl_engine_kernel.c:2123
BOOL
#define BOOL
Definition ssl_private.h:81
ssl_io_buffer_fill
int ssl_io_buffer_fill(request_rec *r, apr_size_t maxlen)
Definition ssl_engine_io.c:2023
ssl_callback_proxy_cert
int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
Definition ssl_engine_kernel.c:1946
SSL_OPT_FAKEBASICAUTH
#define SSL_OPT_FAKEBASICAUTH
Definition ssl_private.h:409
modssl_var_extract_san_entries
void modssl_var_extract_san_entries(apr_table_t *t, SSL *ssl, apr_pool_t *p)
Definition ssl_engine_vars.c:988
ssl_callback_SSLVerify
int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
Definition ssl_engine_kernel.c:1737
RENEG_INIT
@ RENEG_INIT
Definition ssl_private.h:562
RENEG_ALLOW
@ RENEG_ALLOW
Definition ssl_private.h:565
RENEG_ABORT
@ RENEG_ABORT
Definition ssl_private.h:567
RENEG_REJECT
@ RENEG_REJECT
Definition ssl_private.h:563
SSL_OCSPCHECK_CHAIN
@ SSL_OCSPCHECK_CHAIN
Definition ssl_private.h:491
SSL_OCSPCHECK_LEAF
@ SSL_OCSPCHECK_LEAF
Definition ssl_private.h:490
SSL_ENABLED_TRUE
@ SSL_ENABLED_TRUE
Definition ssl_private.h:520
SSL_ENABLED_FALSE
@ SSL_ENABLED_FALSE
Definition ssl_private.h:519
SSL_ENABLED_OPTIONAL
@ SSL_ENABLED_OPTIONAL
Definition ssl_private.h:521
SSL_CVERIFY_OPTIONAL
@ SSL_CVERIFY_OPTIONAL
Definition ssl_private.h:458
SSL_CVERIFY_OPTIONAL_NO_CA
@ SSL_CVERIFY_OPTIONAL_NO_CA
Definition ssl_private.h:460
SSL_CVERIFY_UNSET
@ SSL_CVERIFY_UNSET
Definition ssl_private.h:456
SSL_CVERIFY_NONE
@ SSL_CVERIFY_NONE
Definition ssl_private.h:457
SSL_CVERIFY_REQUIRE
@ SSL_CVERIFY_REQUIRE
Definition ssl_private.h:459
SSL_CRLCHECK_NO_CRL_FOR_CERT_OK
@ SSL_CRLCHECK_NO_CRL_FOR_CERT_OK
Definition ssl_private.h:482
SSL_CRLCHECK_LEAF
@ SSL_CRLCHECK_LEAF
Definition ssl_private.h:478
SSL_CRLCHECK_CHAIN
@ SSL_CRLCHECK_CHAIN
Definition ssl_private.h:479
SSL_SHUTDOWN_TYPE_STANDARD
@ SSL_SHUTDOWN_TYPE_STANDARD
Definition ssl_private.h:581
SSL_SHUTDOWN_TYPE_UNCLEAN
@ SSL_SHUTDOWN_TYPE_UNCLEAN
Definition ssl_private.h:582
SSL_SHUTDOWN_TYPE_ACCURATE
@ SSL_SHUTDOWN_TYPE_ACCURATE
Definition ssl_private.h:583
SSL_SHUTDOWN_TYPE_UNSET
@ SSL_SHUTDOWN_TYPE_UNSET
Definition ssl_private.h:580
modssl_read_cert
apr_status_t modssl_read_cert(apr_pool_t *p, const char *cert_pem, const char *key_pem, pem_password_cb *cb, void *ud, X509 **pcert, EVP_PKEY **pkey)
Definition ssl_util_ssl.c:544
MODSSL_SESSION_ID_STRING_LEN
#define MODSSL_SESSION_ID_STRING_LEN
Definition ssl_util_ssl.h:58
MODSSL_LIBRARY_NAME
#define MODSSL_LIBRARY_NAME
Definition ssl_util_ssl.h:42
modssl_set_app_data2
void modssl_set_app_data2(SSL *ssl, void *arg)
Definition ssl_util_ssl.c:65
modssl_get_app_data2
void * modssl_get_app_data2(SSL *ssl)
Definition ssl_util_ssl.c:60
ap_pbase64encode
char * ap_pbase64encode(apr_pool_t *p, char *string)
Definition util.c:2487
ap_getword
char * ap_getword(apr_pool_t *p, const char **line, char stop)
Definition util.c:723
ap_request_has_body
int ap_request_has_body(request_rec *r)
Definition util.c:2698
ap_pbase64decode
char * ap_pbase64decode(apr_pool_t *p, const char *bufcoded)
Definition util.c:2477
ap_find_token
int ap_find_token(apr_pool_t *p, const char *line, const char *tok)
Definition util.c:1726
ap_getword_nulls
char * ap_getword_nulls(apr_pool_t *p, const char **line, char stop)
Definition util.c:779
PROXYREQ_PROXY
#define PROXYREQ_PROXY
Definition httpd.h:1134
ap_array_str_contains
int ap_array_str_contains(const apr_array_header_t *array, const char *s)
Definition util.c:3446
AP_CONN_CLOSE
@ AP_CONN_CLOSE
Definition httpd.h:1145
size
apr_size_t size
Definition apr_allocator.h:115
val
apr_uint32_t val
Definition apr_atomic.h:66
value
const char * value
Definition apr_env.h:51
APR_SUCCESS
#define APR_SUCCESS
Definition apr_errno.h:225
apr_status_t
int apr_status_t
Definition apr_errno.h:44
key
const char * key
Definition apr_file_io.h:822
where
apr_seek_where_t where
Definition apr_file_io.h:688
cleanup
void const char apr_status_t(* cleanup)(void *))
Definition apr_file_io.h:834
type
int type
Definition apr_file_io.h:798
result
apr_array_header_t ** result
Definition apr_fnmatch.h:144
c
apr_vformatter_buff_t * c
Definition apr_lib.h:175
env
char const *const char const *const ** env
Definition apr_general.h:200
id
const char apr_uint32_t * id
Definition apr_network_io.h:468
s
const char * s
Definition apr_strings.h:95
APR_ARRAY_PUSH
#define APR_ARRAY_PUSH(ary, type)
Definition apr_tables.h:150
arr
const apr_array_header_t * arr
Definition apr_tables.h:187
APR_ARRAY_IDX
#define APR_ARRAY_IDX(ary, i, type)
Definition apr_tables.h:141
password
const char const char * password
Definition apr_thread_proc.h:572
in
apr_int32_t in
Definition apr_thread_proc.h:417
cmd
apr_cmdtype_e cmd
Definition apr_thread_proc.h:495
username
const char * username
Definition apr_thread_proc.h:571
status
int int status
Definition apr_thread_proc.h:760
apr_time_from_sec
#define apr_time_from_sec(sec)
Definition apr_time.h:78
authz_status
authz_status
Definition mod_auth.h:72
AUTHZ_DENIED
@ AUTHZ_DENIED
Definition mod_auth.h:73
AUTHZ_GRANTED
@ AUTHZ_GRANTED
Definition mod_auth.h:74
UNSET
#define UNSET
Definition mod_authz_core.c:92
out
static apr_file_t * out
Definition mod_info.c:85
strEQ
#define strEQ(s1, s2)
Definition mod_nw_ssl.c:88
strIsEmpty
#define strIsEmpty(s)
Definition mod_nw_ssl.c:98
strcEQ
#define strcEQ(s1, s2)
Definition mod_nw_ssl.c:93
NULL
return NULL
Definition mod_so.c:359
i
int i
Definition mod_so.c:347
mod_ssl.h
SSL extension module for Apache.
scoreboard.h
Apache scoreboard library.
SERVER_BUSY_READ
#define SERVER_BUSY_READ
Definition scoreboard.h:59
ap_update_child_status_from_server
int ap_update_child_status_from_server(ap_sb_handle_t *sbh, int status, conn_rec *c, server_rec *s)
Definition scoreboard.c:613
STACK_OF
STACK_OF(X509_NAME)
Definition ssl_engine_init.c:2304
modssl_set_cert_info
#define modssl_set_cert_info(info, cert, pkey)
Definition ssl_engine_kernel.c:1933
MODSSL_CFG_CA_NE
#define MODSSL_CFG_CA_NE(f, sc1, sc2)
upgrade_connection
static apr_status_t upgrade_connection(request_rec *r)
Definition ssl_engine_kernel.c:46
ssl_authz_verify_client_check
static authz_status ssl_authz_verify_client_check(request_rec *r, const char *require_line, const void *parsed)
Definition ssl_engine_kernel.c:1633
log_tracing_state
static void log_tracing_state(const SSL *ssl, conn_rec *c, server_rec *s, int where, int rc)
Definition ssl_engine_kernel.c:2195
ssl_check_post_client_verify
static int ssl_check_post_client_verify(request_rec *r, SSLSrvConfigRec *sc, SSLDirConfigRec *dc, SSLConnRec *sslconn, SSL *ssl)
Definition ssl_engine_kernel.c:472
ssl_configure_env
static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn)
Definition ssl_engine_kernel.c:440
SSLPROXY_CERT_CB_LOG_FMT
#define SSLPROXY_CERT_CB_LOG_FMT
Definition ssl_engine_kernel.c:1915
has_buffered_data
static int has_buffered_data(request_rec *r)
Definition ssl_engine_kernel.c:97
SWITCH_STATUS_LINE
#define SWITCH_STATUS_LINE
Definition ssl_engine_kernel.c:41
UPGRADE_HEADER
#define UPGRADE_HEADER
Definition ssl_engine_kernel.c:42
ssl_hook_Fixup_vars
static const char *const ssl_hook_Fixup_vars[]
Definition ssl_engine_kernel.c:1483
ssl_session_log
static void ssl_session_log(server_rec *s, const char *request, unsigned char *id, unsigned int idlen, const char *status, const char *result, long timeout)
Definition ssl_engine_kernel.c:2038
CONNECTION_HEADER
#define CONNECTION_HEADER
Definition ssl_engine_kernel.c:43
ssl_authz_require_ssl_parse
static const char * ssl_authz_require_ssl_parse(cmd_parms *cmd, const char *require_line, const void **parsed)
Definition ssl_engine_kernel.c:1617
ssl_authz_require_ssl_check
static authz_status ssl_authz_require_ssl_check(request_rec *r, const char *require_line, const void *parsed)
Definition ssl_engine_kernel.c:1607
ssl_hook_Access_classic
static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirConfigRec *dc, SSLConnRec *sslconn, SSL *ssl)
Definition ssl_engine_kernel.c:522
modssl_proxy_info_log
static void modssl_proxy_info_log(conn_rec *c, X509_INFO *info, const char *msg)
Definition ssl_engine_kernel.c:1918
fill_reneg_buffer
static int fill_reneg_buffer(request_rec *r, SSLDirConfigRec *dc)
Definition ssl_engine_kernel.c:133
ssl_authz_verify_client_parse
static const char * ssl_authz_verify_client_parse(cmd_parms *cmd, const char *require_line, const void **parsed)
Definition ssl_engine_kernel.c:1661
ssl_log_cxerror
void ssl_log_cxerror(const char *file, int line, int level, apr_status_t rv, conn_rec *c, X509 *cert, const char *fmt,...)
Definition ssl_engine_log.c:224
name
char * name
Definition ssl_engine_vars.c:563
ssl_private.h
Internal interfaces private to mod_ssl.
modssl_SSL_SESSION_id2sz
char * modssl_SSL_SESSION_id2sz(unsigned char *id, int idlen, char *str, int strsize)
Definition ssl_util_ssl.c:522
SSLConnRec::reneg_state
modssl_reneg_state reneg_state
Definition ssl_private.h:607
SSLDirConfigRec::bSSLRequired
unsigned int bSSLRequired
Definition ssl_private.h:852
SSLDirConfigRec::nVerifyClient
ssl_verify_t nVerifyClient
Definition ssl_private.h:858
SSLDirConfigRec::szCipherSuite
const char * szCipherSuite
Definition ssl_private.h:857
SSLDirConfigRec::nOptions
ssl_opt_t nOptions
Definition ssl_private.h:854
SSLDirConfigRec::nRenegBufferSize
apr_size_t nRenegBufferSize
Definition ssl_private.h:861
SSLDirConfigRec::aRequirement
apr_array_header_t * aRequirement
Definition ssl_private.h:853
SSLDirConfigRec::proxy
modssl_ctx_t * proxy
Definition ssl_private.h:863
SSLDirConfigRec::szUserName
const char * szUserName
Definition ssl_private.h:860
SSLModConfigRec::pPool
apr_pool_t * pPool
Definition ssl_private.h:648
SSLSrvConfigRec::cipher_server_pref
unsigned int cipher_server_pref
Definition ssl_private.h:834
SSLSrvConfigRec::vhost_id
const char * vhost_id
Definition ssl_private.h:831
SSLSrvConfigRec::mc
SSLModConfigRec * mc
Definition ssl_private.h:829
SSLSrvConfigRec::server
modssl_ctx_t * server
Definition ssl_private.h:836
SSLSrvConfigRec::enabled
ssl_enabled_t enabled
Definition ssl_private.h:830
apr_array_header_t
Definition apr_tables.h:62
apr_array_header_t::nelts
int nelts
Definition apr_tables.h:68
apr_array_header_t::elts
char * elts
Definition apr_tables.h:72
apr_bucket_brigade
Definition apr_buckets.h:258
apr_table_entry_t
Definition apr_tables.h:81
apr_table_entry_t::key
char * key
Definition apr_tables.h:83
apr_table_t
Definition apr_tables.c:332
authz_provider
Definition mod_auth.h:103
cmd_parms_struct
Definition http_config.h:288
conn_rec
Structure to store things which are per connection.
Definition httpd.h:1152
conn_rec::pool
apr_pool_t * pool
Definition httpd.h:1154
conn_rec::base_server
server_rec * base_server
Definition httpd.h:1156
conn_rec::keepalive
ap_conn_keepalive_e keepalive
Definition httpd.h:1223
conn_rec::input_filters
struct ap_filter_t * input_filters
Definition httpd.h:1195
conn_rec::output_filters
struct ap_filter_t * output_filters
Definition httpd.h:1197
conn_rec::outgoing
int outgoing
Definition httpd.h:1250
conn_rec::bucket_alloc
struct apr_bucket_alloc_t * bucket_alloc
Definition httpd.h:1201
conn_rec::keepalives
int keepalives
Definition httpd.h:1226
conn_rec::master
conn_rec * master
Definition httpd.h:1248
conn_rec::vhost_lookup_data
void * vhost_lookup_data
Definition httpd.h:1158
conn_rec::id
long id
Definition httpd.h:1187
modssl_auth_ctx_t
Definition ssl_private.h:718
modssl_auth_ctx_t::verify_mode
ssl_verify_t verify_mode
Definition ssl_private.h:727
modssl_auth_ctx_t::cipher_suite
const char * cipher_suite
Definition ssl_private.h:723
modssl_auth_ctx_t::verify_depth
int verify_depth
Definition ssl_private.h:726
modssl_ctx_t
Definition ssl_private.h:755
modssl_ctx_t::auth
modssl_auth_ctx_t auth
Definition ssl_private.h:800
modssl_ctx_t::ssl_ctx
SSL_CTX * ssl_ctx
Definition ssl_private.h:757
modssl_ctx_t::pkp
modssl_pk_proxy_t * pkp
Definition ssl_private.h:761
modssl_ctx_t::pks
modssl_pk_server_t * pks
Definition ssl_private.h:760
modssl_pk_server_t
Definition ssl_private.h:689
modssl_pk_server_t::service_unavailable
int service_unavailable
Definition ssl_private.h:700
request_rec
A structure that represents the current request.
Definition httpd.h:845
request_rec::user
char * user
Definition httpd.h:1005
request_rec::useragent_ip
char * useragent_ip
Definition httpd.h:1101
request_rec::notes
apr_table_t * notes
Definition httpd.h:985
request_rec::expecting_100
unsigned expecting_100
Definition httpd.h:951
request_rec::hostname
const char * hostname
Definition httpd.h:883
request_rec::pool
apr_pool_t * pool
Definition httpd.h:847
request_rec::filename
char * filename
Definition httpd.h:1018
request_rec::proxyreq
int proxyreq
Definition httpd.h:873
request_rec::connection
conn_rec * connection
Definition httpd.h:849
request_rec::err_headers_out
apr_table_t * err_headers_out
Definition httpd.h:981
request_rec::headers_in
apr_table_t * headers_in
Definition httpd.h:976
request_rec::main
request_rec * main
Definition httpd.h:860
request_rec::subprocess_env
apr_table_t * subprocess_env
Definition httpd.h:983
request_rec::server
server_rec * server
Definition httpd.h:851
request_rec::headers_out
apr_table_t * headers_out
Definition httpd.h:978
require_line
A structure to keep track of authorization requirements.
Definition http_core.h:316
server_rec
A structure to store information for each virtual server.
Definition httpd.h:1322
ssl_require_t
Definition ssl_private.h:527
ssl_require_t::cpExpr
const char * cpExpr
Definition ssl_private.h:528
ssl_require_t::mpExpr
ap_expr_info_t * mpExpr
Definition ssl_private.h:529
a1
static apr_array_header_t * a1
Definition testtable.c:33
var
#define var
Definition util_expr_scan.c:618
str
#define str
Definition util_expr_scan.c:617
AP_MODE_SPECULATIVE
@ AP_MODE_SPECULATIVE
Definition util_filter.h:53
ap_md5_binary
char * ap_md5_binary(apr_pool_t *p, const unsigned char *buf, int length)
Definition util_md5.c:53
util_md5.h
Apache MD5 library.
ap_vhost_iterate_given_conn
int ap_vhost_iterate_given_conn(conn_rec *conn, ap_vhost_iterate_conn_cb func_cb, void *baton)
Definition vhost.c:1229
timeout
IN ULONG IN INT timeout
Definition apr_arch_misc.h:482
info
INT info
Definition apr_arch_misc.h:388
keylen
static size_t keylen(KEY s)
Definition xmlparse.c:7166
Generated by doxygen 1.9.8