1
/* Licensed to the Apache Software Foundation (ASF) under one or more
2
* contributor license agreements. See the NOTICE file distributed with
3
* this work for additional information regarding copyright ownership.
4
* The ASF licenses this file to You under the Apache License, Version 2.0
5
* (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
8
* http://www.apache.org/licenses/LICENSE-2.0
10
* Unless required by applicable law or agreed to in writing, software
11
* distributed under the License is distributed on an "AS IS" BASIS,
12
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
* See the License for the specific language governing permissions and
14
* limitations under the License.
18
* _ __ ___ ___ __| | ___ ___| | mod_ssl
19
* | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
20
* | | | | | | (_) | (_| | \__ \__ \ |
21
* |_| |_| |_|\___/ \__,_|___|___/___/_|
24
* The SSL engine kernel
26
/* ``It took me fifteen years to discover
27
I had no talent for programming, but
28
I couldn't give it up because by that
29
time I was too famous.''
31
#include "ssl_private.h"
33
static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn);
36
* Post Read Request Handler
38
int ssl_hook_ReadReq(request_rec *r)
40
SSLConnRec *sslconn = myConnConfig(r->connection);
47
if (sslconn->non_ssl_request) {
51
int port = ap_get_server_port(r);
53
if (!ap_is_default_port(port, r)) {
54
thisport = apr_psprintf(r->pool, ":%u", port);
57
thisurl = ap_escape_html(r->pool,
58
apr_psprintf(r->pool, "https://%s%s/",
59
ap_get_server_name(r),
62
errmsg = apr_psprintf(r->pool,
63
"Reason: You're speaking plain HTTP "
64
"to an SSL-enabled server port.<br />\n"
65
"Instead use the HTTPS scheme to access "
66
"this URL, please.<br />\n"
68
"<a href=\"%s\"><b>%s</b></a></blockquote>",
71
apr_table_setn(r->notes, "error-notes", errmsg);
73
/* Now that we have caught this error, forget it. we are done
74
* with using SSL on this request.
76
sslconn->non_ssl_request = 0;
79
return HTTP_BAD_REQUEST;
83
* Get the SSL connection structure and perform the
84
* delayed interlinking from SSL back to request_rec
90
SSL_set_app_data2(ssl, r);
93
* Log information about incoming HTTPS requests
95
if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
96
ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
97
"%s HTTPS request received for child %ld (server %s)",
98
(r->connection->keepalives <= 0 ?
100
apr_psprintf(r->pool, "Subsequent (No.%d)",
101
r->connection->keepalives+1)),
103
ssl_util_vhostid(r->pool, r->server));
106
/* SetEnvIf ssl-*-shutdown flags can only be per-server,
107
* so they won't change across keepalive requests
109
if (sslconn->shutdown_type == SSL_SHUTDOWN_TYPE_UNSET) {
110
ssl_configure_env(r, sslconn);
117
* Move SetEnvIf information from request_rec to conn_rec/BUFF
118
* to allow the close connection handler to use them.
121
static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn)
124
const apr_array_header_t *arr = apr_table_elts(r->subprocess_env);
125
const apr_table_entry_t *elts = (const apr_table_entry_t *)arr->elts;
127
sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_STANDARD;
129
for (i = 0; i < arr->nelts; i++) {
130
const char *key = elts[i].key;
134
/* being case-sensitive here.
135
* and not checking for the -shutdown since these are the only
136
* SetEnvIf "flags" we support
138
if (!strncmp(key+1, "sl-", 3)) {
140
if (!strncmp(key, "unclean", 7)) {
141
sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_UNCLEAN;
143
else if (!strncmp(key, "accurate", 8)) {
144
sslconn->shutdown_type = SSL_SHUTDOWN_TYPE_ACCURATE;
146
return; /* should only ever be one ssl-*-shutdown */
156
int ssl_hook_Access(request_rec *r)
158
SSLDirConfigRec *dc = myDirConfig(r);
159
SSLSrvConfigRec *sc = mySrvConfig(r->server);
160
SSLConnRec *sslconn = myConnConfig(r->connection);
161
SSL *ssl = sslconn ? sslconn->ssl : NULL;
163
apr_array_header_t *requires;
164
ssl_require_t *ssl_requires;
167
BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
170
X509_STORE *cert_store = NULL;
171
X509_STORE_CTX cert_store_ctx;
172
STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
173
SSL_CIPHER *cipher = NULL;
174
int depth, verify_old, verify, n;
177
ctx = SSL_get_SSL_CTX(ssl);
181
* Support for SSLRequireSSL directive
183
if (dc->bSSLRequired && !ssl) {
184
if (sc->enabled == SSL_ENABLED_OPTIONAL) {
185
/* This vhost was configured for optional SSL, just tell the
186
* client that we need to upgrade.
188
apr_table_setn(r->err_headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
189
apr_table_setn(r->err_headers_out, "Connection", "Upgrade");
191
return HTTP_UPGRADE_REQUIRED;
194
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
195
"access to %s failed, reason: %s",
196
r->filename, "SSL connection required");
198
/* remember forbidden access for strict require option */
199
apr_table_setn(r->notes, "ssl-access-forbidden", "1");
201
return HTTP_FORBIDDEN;
205
* Check to see whether SSL is in use; if it's not, then no
206
* further access control checks are relevant. (the test for
207
* sc->enabled is probably strictly unnecessary)
209
if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
214
* Support for per-directory reconfigured SSL connection parameters.
216
* This is implemented by forcing an SSL renegotiation with the
217
* reconfigured parameter suite. But Apache's internal API processing
218
* makes our life very hard here, because when internal sub-requests occur
219
* we nevertheless should avoid multiple unnecessary SSL handshakes (they
220
* require extra network I/O and especially time to perform).
222
* But the optimization for filtering out the unnecessary handshakes isn't
223
* obvious and trivial. Especially because while Apache is in its
224
* sub-request processing the client could force additional handshakes,
225
* too. And these take place perhaps without our notice. So the only
226
* possibility is to explicitly _ask_ OpenSSL whether the renegotiation
227
* has to be performed or not. It has to performed when some parameters
228
* which were previously known (by us) are not those we've now
229
* reconfigured (as known by OpenSSL) or (in optimized way) at least when
230
* the reconfigured parameter suite is stronger (more restrictions) than
231
* the currently active one.
235
* Override of SSLCipherSuite
237
* We provide two options here:
239
* o The paranoid and default approach where we force a renegotiation when
240
* the cipher suite changed in _any_ way (which is straight-forward but
241
* often forces renegotiations too often and is perhaps not what the
242
* user actually wanted).
244
* o The optimized and still secure way where we force a renegotiation
245
* only if the currently active cipher is no longer contained in the
246
* reconfigured/new cipher suite. Any other changes are not important
247
* because it's the servers choice to select a cipher from the ones the
248
* client supports. So as long as the current cipher is still in the new
249
* cipher suite we're happy. Because we can assume we would have
250
* selected it again even when other (better) ciphers exists now in the
251
* new cipher suite. This approach is fine because the user explicitly
252
* has to enable this via ``SSLOptions +OptRenegotiate''. So we do no
253
* implicit optimizations.
255
if (dc->szCipherSuite) {
256
/* remember old state */
258
if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
259
cipher = SSL_get_current_cipher(ssl);
262
cipher_list_old = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
264
if (cipher_list_old) {
265
cipher_list_old = sk_SSL_CIPHER_dup(cipher_list_old);
269
/* configure new state */
270
if (!modssl_set_cipher_list(ssl, dc->szCipherSuite)) {
271
ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
273
"Unable to reconfigure (per-directory) "
274
"permitted SSL ciphers");
275
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
277
if (cipher_list_old) {
278
sk_SSL_CIPHER_free(cipher_list_old);
281
return HTTP_FORBIDDEN;
284
/* determine whether a renegotiation has to be forced */
285
cipher_list = (STACK_OF(SSL_CIPHER) *)SSL_get_ciphers(ssl);
287
if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) {
289
if ((!cipher && cipher_list) ||
290
(cipher && !cipher_list))
294
else if (cipher && cipher_list &&
295
(sk_SSL_CIPHER_find(cipher_list, cipher) < 0))
302
if ((!cipher_list_old && cipher_list) ||
303
(cipher_list_old && !cipher_list))
307
else if (cipher_list_old && cipher_list) {
309
!renegotiate && (n < sk_SSL_CIPHER_num(cipher_list));
312
SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list, n);
314
if (sk_SSL_CIPHER_find(cipher_list_old, value) < 0) {
320
!renegotiate && (n < sk_SSL_CIPHER_num(cipher_list_old));
323
SSL_CIPHER *value = sk_SSL_CIPHER_value(cipher_list_old, n);
325
if (sk_SSL_CIPHER_find(cipher_list, value) < 0) {
333
if (cipher_list_old) {
334
sk_SSL_CIPHER_free(cipher_list_old);
339
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
340
"Reconfigured cipher suite will force renegotiation");
345
* override of SSLVerifyDepth
347
* The depth checks are handled by us manually inside the verify callback
348
* function and not by OpenSSL internally (and our function is aware of
349
* both the per-server and per-directory contexts). So we cannot ask
350
* OpenSSL about the currently verify depth. Instead we remember it in our
351
* ap_ctx attached to the SSL* of OpenSSL. We've to force the
352
* renegotiation if the reconfigured/new verify depth is less than the
353
* currently active/remembered verify depth (because this means more
354
* restriction on the certificate chain).
356
if (dc->nVerifyDepth != UNSET) {
357
/* XXX: doesnt look like sslconn->verify_depth is actually used */
358
if (!(n = sslconn->verify_depth)) {
359
sslconn->verify_depth = n = sc->server->auth.verify_depth;
362
/* determine whether a renegotiation has to be forced */
363
if (dc->nVerifyDepth < n) {
365
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
366
"Reduced client verification depth will force "
372
* override of SSLVerifyClient
374
* We force a renegotiation if the reconfigured/new verify type is
375
* stronger than the currently active verify type.
377
* The order is: none << optional_no_ca << optional << require
379
* Additionally the following optimization is possible here: When the
380
* currently active verify type is "none" but a client certificate is
381
* already known/present, it's enough to manually force a client
382
* verification but at least skip the I/O-intensive renegotation
385
if (dc->nVerifyClient != SSL_CVERIFY_UNSET) {
386
/* remember old state */
387
verify_old = SSL_get_verify_mode(ssl);
388
/* configure new state */
389
verify = SSL_VERIFY_NONE;
391
if (dc->nVerifyClient == SSL_CVERIFY_REQUIRE) {
392
verify |= SSL_VERIFY_PEER_STRICT;
395
if ((dc->nVerifyClient == SSL_CVERIFY_OPTIONAL) ||
396
(dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA))
398
verify |= SSL_VERIFY_PEER;
401
modssl_set_verify(ssl, verify, ssl_callback_SSLVerify);
402
SSL_set_verify_result(ssl, X509_V_OK);
404
/* determine whether we've to force a renegotiation */
405
if (!renegotiate && verify != verify_old) {
406
if (((verify_old == SSL_VERIFY_NONE) &&
407
(verify != SSL_VERIFY_NONE)) ||
409
(!(verify_old & SSL_VERIFY_PEER) &&
410
(verify & SSL_VERIFY_PEER)) ||
412
(!(verify_old & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) &&
413
(verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
418
if ((dc->nOptions & SSL_OPT_OPTRENEGOTIATE) &&
419
(verify_old == SSL_VERIFY_NONE) &&
420
((peercert = SSL_get_peer_certificate(ssl)) != NULL))
422
renegotiate_quick = TRUE;
426
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
428
"Changed client verification type will force "
430
renegotiate_quick ? "quick " : "");
436
* override SSLCACertificateFile & SSLCACertificatePath
437
* This is only enabled if the SSL_set_cert_store() function
438
* is available in the ssl library. the 1.x based mod_ssl
439
* used SSL_CTX_set_cert_store which is not thread safe.
442
#ifdef HAVE_SSL_SET_CERT_STORE
444
* check if per-dir and per-server config field are not the same.
445
* if f is defined in per-dir and not defined in per-server
446
* or f is defined in both but not the equal ...
448
#define MODSSL_CFG_NE(f) \
449
(dc->f && (!sc->f || (sc->f && strNE(dc->f, sc->f))))
451
#define MODSSL_CFG_CA(f) \
452
(dc->f ? dc->f : sc->f)
454
if (MODSSL_CFG_NE(szCACertificateFile) ||
455
MODSSL_CFG_NE(szCACertificatePath))
457
STACK_OF(X509_NAME) *ca_list;
458
const char *ca_file = MODSSL_CFG_CA(szCACertificateFile);
459
const char *ca_path = MODSSL_CFG_CA(szCACertificatePath);
461
cert_store = X509_STORE_new();
463
if (!X509_STORE_load_locations(cert_store, ca_file, ca_path)) {
464
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
465
"Unable to reconfigure verify locations "
466
"for client authentication");
467
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
469
X509_STORE_free(cert_store);
471
return HTTP_FORBIDDEN;
474
/* SSL_free will free cert_store */
475
SSL_set_cert_store(ssl, cert_store);
477
if (!(ca_list = ssl_init_FindCAList(r->server, r->pool,
480
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
481
"Unable to determine list of available "
482
"CA certificates for client authentication");
484
return HTTP_FORBIDDEN;
487
SSL_set_client_CA_list(ssl, ca_list);
490
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
491
"Changed client verification locations will force "
494
#endif /* HAVE_SSL_SET_CERT_STORE */
496
/* If a renegotiation is now required for this location, and the
497
* request includes a message body (and the client has not
498
* requested a "100 Continue" response), then the client will be
499
* streaming the request body over the wire already. In that
500
* case, it is not possible to stop and perform a new SSL
501
* handshake immediately; once the SSL library moves to the
502
* "accept" state, it will reject the SSL packets which the client
503
* is sending for the request body.
505
* To allow authentication to complete in this auth hook, the
506
* solution used here is to fill a (bounded) buffer with the
507
* request body, and then to reinject that request body later.
509
if (renegotiate && !renegotiate_quick
510
&& (apr_table_get(r->headers_in, "transfer-encoding")
511
|| (apr_table_get(r->headers_in, "content-length")
512
&& strcmp(apr_table_get(r->headers_in, "content-length"), "0")))
513
&& !r->expecting_100) {
516
/* Fill the I/O buffer with the request body if possible. */
517
rv = ssl_io_buffer_fill(r);
520
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
521
"could not buffer message body to allow "
522
"SSL renegotiation to proceed");
528
* now do the renegotiation if anything was actually reconfigured
532
* Now we force the SSL renegotation by sending the Hello Request
533
* message to the client. Here we have to do a workaround: Actually
534
* OpenSSL returns immediately after sending the Hello Request (the
535
* intent AFAIK is because the SSL/TLS protocol says it's not a must
536
* that the client replies to a Hello Request). But because we insist
537
* on a reply (anything else is an error for us) we have to go to the
538
* ACCEPT state manually. Using SSL_set_accept_state() doesn't work
539
* here because it resets too much of the connection. So we set the
540
* state explicitly and continue the handshake manually.
542
ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
543
"Requesting connection re-negotiation");
545
if (renegotiate_quick) {
546
STACK_OF(X509) *cert_stack;
548
/* perform just a manual re-verification of the peer */
549
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
550
"Performing quick renegotiation: "
551
"just re-verifying the peer");
553
cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl);
555
cert = SSL_get_peer_certificate(ssl);
557
if (!cert_stack && cert) {
558
/* client cert is in the session cache, but there is
559
* no chain, since ssl3_get_client_certificate()
560
* sk_X509_shift-ed the peer cert out of the chain.
561
* we put it back here for the purpose of quick_renegotiation.
563
cert_stack = sk_new_null();
564
sk_X509_push(cert_stack, MODSSL_PCHAR_CAST cert);
567
if (!cert_stack || (sk_X509_num(cert_stack) == 0)) {
568
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
569
"Cannot find peer certificate chain");
571
return HTTP_FORBIDDEN;
575
(cert_store = SSL_CTX_get_cert_store(ctx))))
577
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
578
"Cannot find certificate storage");
580
return HTTP_FORBIDDEN;
584
cert = sk_X509_value(cert_stack, 0);
587
X509_STORE_CTX_init(&cert_store_ctx, cert_store, cert, cert_stack);
588
depth = SSL_get_verify_depth(ssl);
591
X509_STORE_CTX_set_depth(&cert_store_ctx, depth);
594
X509_STORE_CTX_set_ex_data(&cert_store_ctx,
595
SSL_get_ex_data_X509_STORE_CTX_idx(),
598
if (!modssl_X509_verify_cert(&cert_store_ctx)) {
599
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
600
"Re-negotiation verification step failed");
601
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
604
SSL_set_verify_result(ssl, cert_store_ctx.error);
605
X509_STORE_CTX_cleanup(&cert_store_ctx);
607
if (cert_stack != SSL_get_peer_cert_chain(ssl)) {
608
/* we created this ourselves, so free it */
609
sk_X509_pop_free(cert_stack, X509_free);
613
request_rec *id = r->main ? r->main : r;
615
/* do a full renegotiation */
616
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
617
"Performing full renegotiation: "
618
"complete handshake protocol");
620
SSL_set_session_id_context(ssl,
621
(unsigned char *)&id,
624
SSL_renegotiate(ssl);
625
SSL_do_handshake(ssl);
627
if (SSL_get_state(ssl) != SSL_ST_OK) {
628
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
629
"Re-negotiation request failed");
631
r->connection->aborted = 1;
632
return HTTP_FORBIDDEN;
635
ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
636
"Awaiting re-negotiation handshake");
638
/* XXX: Should replace SSL_set_state with SSL_renegotiate(ssl);
639
* However, this causes failures in perl-framework currently,
640
* perhaps pre-test if we have already negotiated?
642
SSL_set_state(ssl, SSL_ST_ACCEPT);
643
SSL_do_handshake(ssl);
645
if (SSL_get_state(ssl) != SSL_ST_OK) {
646
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
647
"Re-negotiation handshake failed: "
648
"Not accepted by client!?");
650
r->connection->aborted = 1;
651
return HTTP_FORBIDDEN;
656
* Remember the peer certificate's DN
658
if ((cert = SSL_get_peer_certificate(ssl))) {
659
if (sslconn->client_cert) {
660
X509_free(sslconn->client_cert);
662
sslconn->client_cert = cert;
663
sslconn->client_dn = NULL;
667
* Finally check for acceptable renegotiation results
669
if (dc->nVerifyClient != SSL_CVERIFY_NONE) {
670
BOOL do_verify = (dc->nVerifyClient == SSL_CVERIFY_REQUIRE);
672
if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
673
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
674
"Re-negotiation handshake failed: "
675
"Client verification failed");
677
return HTTP_FORBIDDEN;
681
if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {
682
ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
683
"Re-negotiation handshake failed: "
684
"Client certificate missing");
686
return HTTP_FORBIDDEN;
694
* Also check that SSLCipherSuite has been enforced as expected.
697
cipher = SSL_get_current_cipher(ssl);
698
if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) {
699
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
700
"SSL cipher suite not renegotiated: "
701
"access to %s denied using cipher %s",
703
SSL_CIPHER_get_name(cipher));
704
return HTTP_FORBIDDEN;
709
/* If we're trying to have the user name set from a client
710
* certificate then we need to set it here. This should be safe as
711
* the user name probably isn't important from an auth checking point
712
* of view as the certificate supplied acts in that capacity.
713
* However, if FakeAuth is being used then this isn't the case so
714
* we need to postpone setting the username until later.
716
if ((dc->nOptions & SSL_OPT_FAKEBASICAUTH) == 0 && dc->szUserName) {
717
char *val = ssl_var_lookup(r->pool, r->server, r->connection,
718
r, (char *)dc->szUserName);
724
* Check SSLRequire boolean expressions
726
requires = dc->aRequirement;
727
ssl_requires = (ssl_require_t *)requires->elts;
729
for (i = 0; i < requires->nelts; i++) {
730
ssl_require_t *req = &ssl_requires[i];
731
ok = ssl_expr_exec(r, req->mpExpr);
734
cp = apr_psprintf(r->pool,
736
"SSL requirement expression: %s",
737
ssl_expr_get_error());
739
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
740
"access to %s failed, reason: %s",
743
/* remember forbidden access for strict require option */
744
apr_table_setn(r->notes, "ssl-access-forbidden", "1");
746
return HTTP_FORBIDDEN;
750
ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
751
"Access to %s denied for %s "
752
"(requirement expression not fulfilled)",
753
r->filename, r->connection->remote_ip);
755
ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
756
"Failed expression: %s", req->cpExpr);
758
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
759
"access to %s failed, reason: %s",
761
"SSL requirement expression not fulfilled "
762
"(see SSL logfile for more details)");
764
/* remember forbidden access for strict require option */
765
apr_table_setn(r->notes, "ssl-access-forbidden", "1");
767
return HTTP_FORBIDDEN;
772
* Else access is granted from our point of view (except vendor
773
* handlers override). But we have to return DECLINED here instead
774
* of OK, because mod_auth and other modules still might want to
782
* Authentication Handler:
783
* Fake a Basic authentication from the X509 client certificate.
785
* This must be run fairly early on to prevent a real authentication from
786
* occuring, in particular it must be run before anything else that
787
* authenticates a user. This means that the Module statement for this
788
* module should be LAST in the Configuration file.
790
int ssl_hook_UserCheck(request_rec *r)
792
SSLConnRec *sslconn = myConnConfig(r->connection);
793
SSLSrvConfigRec *sc = mySrvConfig(r->server);
794
SSLDirConfigRec *dc = myDirConfig(r);
796
const char *auth_line, *username, *password;
799
* Additionally forbid access (again)
800
* when strict require option is used.
802
if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) &&
803
(apr_table_get(r->notes, "ssl-access-forbidden")))
805
return HTTP_FORBIDDEN;
809
* We decline when we are in a subrequest. The Authorization header
810
* would already be present if it was added in the main request.
812
if (!ap_is_initial_req(r)) {
817
* Make sure the user is not able to fake the client certificate
818
* based authentication by just entering an X.509 Subject DN
819
* ("/XX=YYY/XX=YYY/..") as the username and "password" as the
822
if ((auth_line = apr_table_get(r->headers_in, "Authorization"))) {
823
if (strcEQ(ap_getword(r->pool, &auth_line, ' '), "Basic")) {
824
while ((*auth_line == ' ') || (*auth_line == '\t')) {
828
auth_line = ap_pbase64decode(r->pool, auth_line);
829
username = ap_getword_nulls(r->pool, &auth_line, ':');
830
password = auth_line;
832
if ((username[0] == '/') && strEQ(password, "password")) {
833
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
834
"Encountered FakeBasicAuth spoof: %s", username);
835
return HTTP_FORBIDDEN;
841
* We decline operation in various situations...
842
* - SSLOptions +FakeBasicAuth not configured
843
* - r->user already authenticated
845
* - client did not present a certificate
847
if (!((sc->enabled == SSL_ENABLED_TRUE || sc->enabled == SSL_ENABLED_OPTIONAL)
848
&& sslconn && sslconn->ssl && sslconn->client_cert) ||
849
!(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user)
854
if (!sslconn->client_dn) {
855
X509_NAME *name = X509_get_subject_name(sslconn->client_cert);
856
char *cp = X509_NAME_oneline(name, NULL, 0);
857
sslconn->client_dn = apr_pstrdup(r->connection->pool, cp);
861
clientdn = (char *)sslconn->client_dn;
864
* Fake a password - which one would be immaterial, as, it seems, an empty
865
* password in the users file would match ALL incoming passwords, if only
866
* we were using the standard crypt library routine. Unfortunately, OpenSSL
867
* "fixes" a "bug" in crypt and thus prevents blank passwords from
868
* working. (IMHO what they really fix is a bug in the users of the code
869
* - failing to program correctly for shadow passwords). We need,
870
* therefore, to provide a password. This password can be matched by
871
* adding the string "xxj31ZMTZzkVA" as the password in the user file.
872
* This is just the crypted variant of the word "password" ;-)
874
auth_line = apr_pstrcat(r->pool, "Basic ",
875
ap_pbase64encode(r->pool,
876
apr_pstrcat(r->pool, clientdn,
879
apr_table_set(r->headers_in, "Authorization", auth_line);
881
ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
882
"Faking HTTP Basic Auth header: \"Authorization: %s\"",
888
/* authorization phase */
889
int ssl_hook_Auth(request_rec *r)
891
SSLDirConfigRec *dc = myDirConfig(r);
894
* Additionally forbid access (again)
895
* when strict require option is used.
897
if ((dc->nOptions & SSL_OPT_STRICTREQUIRE) &&
898
(apr_table_get(r->notes, "ssl-access-forbidden")))
900
return HTTP_FORBIDDEN;
910
static const char *ssl_hook_Fixup_vars[] = {
911
"SSL_VERSION_INTERFACE",
912
"SSL_VERSION_LIBRARY",
914
"SSL_COMPRESS_METHOD",
917
"SSL_CIPHER_USEKEYSIZE",
918
"SSL_CIPHER_ALGKEYSIZE",
920
"SSL_CLIENT_M_VERSION",
921
"SSL_CLIENT_M_SERIAL",
922
"SSL_CLIENT_V_START",
924
"SSL_CLIENT_V_REMAIN",
927
"SSL_CLIENT_S_DN_ST",
930
"SSL_CLIENT_S_DN_OU",
931
"SSL_CLIENT_S_DN_CN",
937
"SSL_CLIENT_S_DN_UID",
938
"SSL_CLIENT_S_DN_Email",
941
"SSL_CLIENT_I_DN_ST",
944
"SSL_CLIENT_I_DN_OU",
945
"SSL_CLIENT_I_DN_CN",
951
"SSL_CLIENT_I_DN_UID",
952
"SSL_CLIENT_I_DN_Email",
955
"SSL_SERVER_M_VERSION",
956
"SSL_SERVER_M_SERIAL",
957
"SSL_SERVER_V_START",
961
"SSL_SERVER_S_DN_ST",
964
"SSL_SERVER_S_DN_OU",
965
"SSL_SERVER_S_DN_CN",
971
"SSL_SERVER_S_DN_UID",
972
"SSL_SERVER_S_DN_Email",
975
"SSL_SERVER_I_DN_ST",
978
"SSL_SERVER_I_DN_OU",
979
"SSL_SERVER_I_DN_CN",
985
"SSL_SERVER_I_DN_UID",
986
"SSL_SERVER_I_DN_Email",
993
int ssl_hook_Fixup(request_rec *r)
995
SSLConnRec *sslconn = myConnConfig(r->connection);
996
SSLSrvConfigRec *sc = mySrvConfig(r->server);
997
SSLDirConfigRec *dc = myDirConfig(r);
998
apr_table_t *env = r->subprocess_env;
999
char *var, *val = "";
1000
STACK_OF(X509) *peer_certs;
1004
if (sc->enabled == SSL_ENABLED_OPTIONAL && !(sslconn && sslconn->ssl)) {
1005
apr_table_setn(r->headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
1009
* Check to see if SSL is on
1011
if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) && sslconn && (ssl = sslconn->ssl))) {
1016
* Annotate the SSI/CGI environment with standard SSL information
1018
/* the always present HTTPS (=HTTP over SSL) flag! */
1019
apr_table_setn(env, "HTTPS", "on");
1021
/* standard SSL environment variables */
1022
if (dc->nOptions & SSL_OPT_STDENVVARS) {
1023
for (i = 0; ssl_hook_Fixup_vars[i]; i++) {
1024
var = (char *)ssl_hook_Fixup_vars[i];
1025
val = ssl_var_lookup(r->pool, r->server, r->connection, r, var);
1026
if (!strIsEmpty(val)) {
1027
apr_table_setn(env, var, val);
1033
* On-demand bloat up the SSI/CGI environment with certificate data
1035
if (dc->nOptions & SSL_OPT_EXPORTCERTDATA) {
1036
val = ssl_var_lookup(r->pool, r->server, r->connection,
1037
r, "SSL_SERVER_CERT");
1039
apr_table_setn(env, "SSL_SERVER_CERT", val);
1041
val = ssl_var_lookup(r->pool, r->server, r->connection,
1042
r, "SSL_CLIENT_CERT");
1044
apr_table_setn(env, "SSL_CLIENT_CERT", val);
1046
if ((peer_certs = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl))) {
1047
for (i = 0; i < sk_X509_num(peer_certs); i++) {
1048
var = apr_psprintf(r->pool, "SSL_CLIENT_CERT_CHAIN_%d", i);
1049
val = ssl_var_lookup(r->pool, r->server, r->connection,
1052
apr_table_setn(env, var, val);
1061
/* _________________________________________________________________
1063
** OpenSSL Callback Functions
1064
** _________________________________________________________________
1068
* Handle out temporary RSA private keys on demand
1070
* The background of this as the TLSv1 standard explains it:
1072
* | D.1. Temporary RSA keys
1074
* | US Export restrictions limit RSA keys used for encryption to 512
1075
* | bits, but do not place any limit on lengths of RSA keys used for
1076
* | signing operations. Certificates often need to be larger than 512
1077
* | bits, since 512-bit RSA keys are not secure enough for high-value
1078
* | transactions or for applications requiring long-term security. Some
1079
* | certificates are also designated signing-only, in which case they
1080
* | cannot be used for key exchange.
1082
* | When the public key in the certificate cannot be used for encryption,
1083
* | the server signs a temporary RSA key, which is then exchanged. In
1084
* | exportable applications, the temporary RSA key should be the maximum
1085
* | allowable length (i.e., 512 bits). Because 512-bit RSA keys are
1086
* | relatively insecure, they should be changed often. For typical
1087
* | electronic commerce applications, it is suggested that keys be
1088
* | changed daily or every 500 transactions, and more often if possible.
1089
* | Note that while it is acceptable to use the same temporary key for
1090
* | multiple transactions, it must be signed each time it is used.
1092
* | RSA key generation is a time-consuming process. In many cases, a
1093
* | low-priority process can be assigned the task of key generation.
1094
* | Whenever a new key is completed, the existing temporary key can be
1095
* | replaced with the new one.
1097
* XXX: base on comment above, if thread support is enabled,
1098
* we should spawn a low-priority thread to generate new keys
1101
* So we generated 512 and 1024 bit temporary keys on startup
1102
* which we now just hand out on demand....
1105
RSA *ssl_callback_TmpRSA(SSL *ssl, int export, int keylen)
1107
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
1108
SSLModConfigRec *mc = myModConfig(c->base_server);
1111
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
1112
"handing out temporary %d bit RSA key", keylen);
1114
/* doesn't matter if export flag is on,
1115
* we won't be asked for keylen > 512 in that case.
1116
* if we are asked for a keylen > 1024, it is too expensive
1117
* to generate on the fly.
1118
* XXX: any reason not to generate 2048 bit keys at startup?
1123
idx = SSL_TMP_KEY_RSA_512;
1128
idx = SSL_TMP_KEY_RSA_1024;
1131
return (RSA *)mc->pTmpKeys[idx];
1135
* Hand out the already generated DH parameters...
1137
DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
1139
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
1140
SSLModConfigRec *mc = myModConfig(c->base_server);
1143
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
1144
"handing out temporary %d bit DH key", keylen);
1148
idx = SSL_TMP_KEY_DH_512;
1153
idx = SSL_TMP_KEY_DH_1024;
1156
return (DH *)mc->pTmpKeys[idx];
1160
* This OpenSSL callback function is called when OpenSSL
1161
* does client authentication and verifies the certificate chain.
1163
int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
1165
/* Get Apache context back through OpenSSL context */
1166
SSL *ssl = X509_STORE_CTX_get_ex_data(ctx,
1167
SSL_get_ex_data_X509_STORE_CTX_idx());
1168
conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
1169
server_rec *s = conn->base_server;
1170
request_rec *r = (request_rec *)SSL_get_app_data2(ssl);
1172
SSLSrvConfigRec *sc = mySrvConfig(s);
1173
SSLDirConfigRec *dc = r ? myDirConfig(r) : NULL;
1174
SSLConnRec *sslconn = myConnConfig(conn);
1175
modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
1177
/* Get verify ingredients */
1178
int errnum = X509_STORE_CTX_get_error(ctx);
1179
int errdepth = X509_STORE_CTX_get_error_depth(ctx);
1183
* Log verification information
1185
if (s->loglevel >= APLOG_DEBUG) {
1186
X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
1187
char *sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
1188
char *iname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
1190
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1191
"Certificate Verification: "
1192
"depth: %d, subject: %s, issuer: %s",
1194
sname ? sname : "-unknown-",
1195
iname ? iname : "-unknown-");
1207
* Check for optionally acceptable non-verifiable issuer situation
1209
if (dc && (dc->nVerifyClient != SSL_CVERIFY_UNSET)) {
1210
verify = dc->nVerifyClient;
1213
verify = mctx->auth.verify_mode;
1216
if (verify == SSL_CVERIFY_NONE) {
1218
* SSLProxyVerify is either not configured or set to "none".
1219
* (this callback doesn't happen in the server context if SSLVerify
1220
* is not configured or set to "none")
1225
if (ssl_verify_error_is_optional(errnum) &&
1226
(verify == SSL_CVERIFY_OPTIONAL_NO_CA))
1228
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1229
"Certificate Verification: Verifiable Issuer is "
1230
"configured as optional, therefore we're accepting "
1233
sslconn->verify_info = "GENEROUS";
1238
* Additionally perform CRL-based revocation checks
1241
if (!(ok = ssl_callback_SSLVerify_CRL(ok, ctx, conn))) {
1242
errnum = X509_STORE_CTX_get_error(ctx);
1247
* If we already know it's not ok, log the real reason
1250
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
1251
"Certificate Verification: Error (%d): %s",
1252
errnum, X509_verify_cert_error_string(errnum));
1254
if (sslconn->client_cert) {
1255
X509_free(sslconn->client_cert);
1256
sslconn->client_cert = NULL;
1258
sslconn->client_dn = NULL;
1259
sslconn->verify_error = X509_verify_cert_error_string(errnum);
1263
* Finally check the depth of the certificate verification
1265
if (dc && (dc->nVerifyDepth != UNSET)) {
1266
depth = dc->nVerifyDepth;
1269
depth = mctx->auth.verify_depth;
1272
if (errdepth > depth) {
1273
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
1274
"Certificate Verification: Certificate Chain too long "
1275
"(chain has %d certificates, but maximum allowed are "
1279
errnum = X509_V_ERR_CERT_CHAIN_TOO_LONG;
1280
sslconn->verify_error = X509_verify_cert_error_string(errnum);
1286
* And finally signal OpenSSL the (perhaps changed) state
1291
int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
1293
server_rec *s = c->base_server;
1294
SSLSrvConfigRec *sc = mySrvConfig(s);
1295
SSLConnRec *sslconn = myConnConfig(c);
1296
modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
1298
X509_NAME *subject, *issuer;
1305
* Unless a revocation store for CRLs was created we
1306
* cannot do any CRL-based verification, of course.
1313
* Determine certificate ingredients in advance
1315
cert = X509_STORE_CTX_get_current_cert(ctx);
1316
subject = X509_get_subject_name(cert);
1317
issuer = X509_get_issuer_name(cert);
1320
* OpenSSL provides the general mechanism to deal with CRLs but does not
1321
* use them automatically when verifying certificates, so we do it
1322
* explicitly here. We will check the CRL for the currently checked
1323
* certificate, if there is such a CRL in the store.
1325
* We come through this procedure for each certificate in the certificate
1326
* chain, starting with the root-CA's certificate. At each step we've to
1327
* both verify the signature on the CRL (to make sure it's a valid CRL)
1328
* and it's revocation list (to make sure the current certificate isn't
1329
* revoked). But because to check the signature on the CRL we need the
1330
* public key of the issuing CA certificate (which was already processed
1331
* one round before), we've a little problem. But we can both solve it and
1332
* at the same time optimize the processing by using the following
1333
* verification scheme (idea and code snippets borrowed from the GLOBUS
1336
* 1. We'll check the signature of a CRL in each step when we find a CRL
1337
* through the _subject_ name of the current certificate. This CRL
1338
* itself will be needed the first time in the next round, of course.
1339
* But we do the signature processing one round before this where the
1340
* public key of the CA is available.
1342
* 2. We'll check the revocation list of a CRL in each step when
1343
* we find a CRL through the _issuer_ name of the current certificate.
1344
* This CRLs signature was then already verified one round before.
1346
* This verification scheme allows a CA to revoke its own certificate as
1351
* Try to retrieve a CRL corresponding to the _subject_ of
1352
* the current certificate in order to verify it's integrity.
1354
memset((char *)&obj, 0, sizeof(obj));
1355
rc = SSL_X509_STORE_lookup(mctx->crl,
1356
X509_LU_CRL, subject, &obj);
1359
if ((rc > 0) && crl) {
1361
* Log information about CRL
1362
* (A little bit complicated because of ASN.1 and BIOs...)
1364
if (s->loglevel >= APLOG_DEBUG) {
1365
char buff[512]; /* should be plenty */
1366
BIO *bio = BIO_new(BIO_s_mem());
1368
BIO_printf(bio, "CA CRL: Issuer: ");
1369
X509_NAME_print(bio, issuer, 0);
1371
BIO_printf(bio, ", lastUpdate: ");
1372
ASN1_UTCTIME_print(bio, X509_CRL_get_lastUpdate(crl));
1374
BIO_printf(bio, ", nextUpdate: ");
1375
ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(crl));
1377
n = BIO_read(bio, buff, sizeof(buff) - 1);
1382
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, "%s", buff);
1386
* Verify the signature on this CRL
1388
pubkey = X509_get_pubkey(cert);
1389
rc = X509_CRL_verify(crl, pubkey);
1390
#ifdef OPENSSL_VERSION_NUMBER
1391
/* Only refcounted in OpenSSL */
1393
EVP_PKEY_free(pubkey);
1396
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
1397
"Invalid signature on CRL");
1399
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
1400
X509_OBJECT_free_contents(&obj);
1405
* Check date of CRL to make sure it's not expired
1407
i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
1410
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
1411
"Found CRL has invalid nextUpdate field");
1413
X509_STORE_CTX_set_error(ctx,
1414
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
1415
X509_OBJECT_free_contents(&obj);
1421
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
1422
"Found CRL is expired - "
1423
"revoking all certificates until you get updated CRL");
1425
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
1426
X509_OBJECT_free_contents(&obj);
1431
X509_OBJECT_free_contents(&obj);
1435
* Try to retrieve a CRL corresponding to the _issuer_ of
1436
* the current certificate in order to check for revocation.
1438
memset((char *)&obj, 0, sizeof(obj));
1439
rc = SSL_X509_STORE_lookup(mctx->crl,
1440
X509_LU_CRL, issuer, &obj);
1443
if ((rc > 0) && crl) {
1445
* Check if the current certificate is revoked by this CRL
1447
n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
1449
for (i = 0; i < n; i++) {
1450
X509_REVOKED *revoked =
1451
sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
1453
ASN1_INTEGER *sn = X509_REVOKED_get_serialNumber(revoked);
1455
if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(cert))) {
1456
if (s->loglevel >= APLOG_DEBUG) {
1457
char *cp = X509_NAME_oneline(issuer, NULL, 0);
1458
long serial = ASN1_INTEGER_get(sn);
1460
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
1461
"Certificate with serial %ld (0x%lX) "
1462
"revoked per CRL from issuer %s",
1463
serial, serial, cp);
1467
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
1468
X509_OBJECT_free_contents(&obj);
1474
X509_OBJECT_free_contents(&obj);
1480
#define SSLPROXY_CERT_CB_LOG_FMT \
1481
"Proxy client certificate callback: (%s) "
1483
static void modssl_proxy_info_log(server_rec *s,
1487
SSLSrvConfigRec *sc = mySrvConfig(s);
1492
if (s->loglevel < APLOG_DEBUG) {
1496
name = X509_get_subject_name(info->x509);
1497
dn = X509_NAME_oneline(name, name_buf, sizeof(name_buf));
1499
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1500
SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s",
1501
sc->vhost_id, msg, dn ? dn : "-uknown-");
1505
* caller will decrement the cert and key reference
1506
* so we need to increment here to prevent them from
1509
#define modssl_set_cert_info(info, cert, pkey) \
1510
*cert = info->x509; \
1511
X509_reference_inc(*cert); \
1512
*pkey = info->x_pkey->dec_pkey; \
1513
EVP_PKEY_reference_inc(*pkey)
1515
int ssl_callback_proxy_cert(SSL *ssl, MODSSL_CLIENT_CERT_CB_ARG_TYPE **x509, EVP_PKEY **pkey)
1517
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
1518
server_rec *s = c->base_server;
1519
SSLSrvConfigRec *sc = mySrvConfig(s);
1520
X509_NAME *ca_name, *issuer;
1522
STACK_OF(X509_NAME) *ca_list;
1523
STACK_OF(X509_INFO) *certs = sc->proxy->pkp->certs;
1526
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1527
SSLPROXY_CERT_CB_LOG_FMT "entered",
1530
if (!certs || (sk_X509_INFO_num(certs) <= 0)) {
1531
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
1532
SSLPROXY_CERT_CB_LOG_FMT
1533
"downstream server wanted client certificate "
1534
"but none are configured", sc->vhost_id);
1538
ca_list = SSL_get_client_CA_list(ssl);
1540
if (!ca_list || (sk_X509_NAME_num(ca_list) <= 0)) {
1542
* downstream server didn't send us a list of acceptable CA certs,
1543
* so we send the first client cert in the list.
1545
info = sk_X509_INFO_value(certs, 0);
1547
modssl_proxy_info_log(s, info, "no acceptable CA list");
1549
modssl_set_cert_info(info, x509, pkey);
1554
for (i = 0; i < sk_X509_NAME_num(ca_list); i++) {
1555
ca_name = sk_X509_NAME_value(ca_list, i);
1557
for (j = 0; j < sk_X509_INFO_num(certs); j++) {
1558
info = sk_X509_INFO_value(certs, j);
1559
issuer = X509_get_issuer_name(info->x509);
1561
if (X509_NAME_cmp(issuer, ca_name) == 0) {
1562
modssl_proxy_info_log(s, info, "found acceptable cert");
1564
modssl_set_cert_info(info, x509, pkey);
1571
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1572
SSLPROXY_CERT_CB_LOG_FMT
1573
"no client certificate found!?", sc->vhost_id);
1578
static void ssl_session_log(server_rec *s,
1579
const char *request,
1586
char buf[SSL_SESSION_ID_STRING_LEN];
1587
char timeout_str[56] = {'\0'};
1589
if (s->loglevel < APLOG_DEBUG) {
1594
apr_snprintf(timeout_str, sizeof(timeout_str),
1595
"timeout=%lds ", (timeout - time(NULL)));
1598
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1599
"Inter-Process Session Cache: "
1600
"request=%s status=%s id=%s %s(session %s)",
1602
SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
1603
timeout_str, result);
1607
* This callback function is executed by OpenSSL whenever a new SSL_SESSION is
1608
* added to the internal OpenSSL session cache. We use this hook to spread the
1609
* SSL_SESSION also to the inter-process disk-cache to make share it with our
1610
* other Apache pre-forked server processes.
1612
int ssl_callback_NewSessionCacheEntry(SSL *ssl, SSL_SESSION *session)
1614
/* Get Apache context back through OpenSSL context */
1615
conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
1616
server_rec *s = conn->base_server;
1617
SSLSrvConfigRec *sc = mySrvConfig(s);
1618
long timeout = sc->session_cache_timeout;
1624
* Set the timeout also for the internal OpenSSL cache, because this way
1625
* our inter-process cache is consulted only when it's really necessary.
1627
SSL_set_timeout(session, timeout);
1630
* Store the SSL_SESSION in the inter-process cache with the
1631
* same expire time, so it expires automatically there, too.
1633
id = SSL_SESSION_get_session_id(session);
1634
idlen = SSL_SESSION_get_session_id_length(session);
1636
timeout += modssl_session_get_time(session);
1638
rc = ssl_scache_store(s, id, idlen, timeout, session);
1640
ssl_session_log(s, "SET", id, idlen,
1641
rc == TRUE ? "OK" : "BAD",
1642
"caching", timeout);
1645
* return 0 which means to OpenSSL that the session is still
1646
* valid and was not freed by us with SSL_SESSION_free().
1652
* This callback function is executed by OpenSSL whenever a
1653
* SSL_SESSION is looked up in the internal OpenSSL cache and it
1654
* was not found. We use this to lookup the SSL_SESSION in the
1655
* inter-process disk-cache where it was perhaps stored by one
1656
* of our other Apache pre-forked server processes.
1658
SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *ssl,
1660
int idlen, int *do_copy)
1662
/* Get Apache context back through OpenSSL context */
1663
conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
1664
server_rec *s = conn->base_server;
1665
SSL_SESSION *session;
1668
* Try to retrieve the SSL_SESSION from the inter-process cache
1670
session = ssl_scache_retrieve(s, id, idlen);
1672
ssl_session_log(s, "GET", id, idlen,
1673
session ? "FOUND" : "MISSED",
1674
session ? "reuse" : "renewal", 0);
1677
* Return NULL or the retrieved SSL_SESSION. But indicate (by
1678
* setting do_copy to 0) that the reference count on the
1679
* SSL_SESSION should not be incremented by the SSL library,
1680
* because we will no longer hold a reference to it ourself.
1688
* This callback function is executed by OpenSSL whenever a
1689
* SSL_SESSION is removed from the the internal OpenSSL cache.
1690
* We use this to remove the SSL_SESSION in the inter-process
1693
void ssl_callback_DelSessionCacheEntry(SSL_CTX *ctx,
1694
SSL_SESSION *session)
1697
SSLSrvConfigRec *sc;
1702
* Get Apache context back through OpenSSL context
1704
if (!(s = (server_rec *)SSL_CTX_get_app_data(ctx))) {
1705
return; /* on server shutdown Apache is already gone */
1708
sc = mySrvConfig(s);
1711
* Remove the SSL_SESSION from the inter-process cache
1713
id = SSL_SESSION_get_session_id(session);
1714
idlen = SSL_SESSION_get_session_id_length(session);
1716
ssl_scache_remove(s, id, idlen);
1718
ssl_session_log(s, "REM", id, idlen,
1725
* This callback function is executed while OpenSSL processes the
1726
* SSL handshake and does SSL record layer stuff. We use it to
1727
* trace OpenSSL's processing in out SSL logfile.
1729
void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE ssl, int where, int rc)
1733
SSLSrvConfigRec *sc;
1736
* find corresponding server
1738
if (!(c = (conn_rec *)SSL_get_app_data((SSL *)ssl))) {
1743
if (!(sc = mySrvConfig(s))) {
1748
* create the various trace messages
1750
if (s->loglevel >= APLOG_DEBUG) {
1751
if (where & SSL_CB_HANDSHAKE_START) {
1752
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1753
"%s: Handshake: start", SSL_LIBRARY_NAME);
1755
else if (where & SSL_CB_HANDSHAKE_DONE) {
1756
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1757
"%s: Handshake: done", SSL_LIBRARY_NAME);
1759
else if (where & SSL_CB_LOOP) {
1760
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1762
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
1764
else if (where & SSL_CB_READ) {
1765
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1767
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
1769
else if (where & SSL_CB_WRITE) {
1770
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1772
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
1774
else if (where & SSL_CB_ALERT) {
1775
char *str = (where & SSL_CB_READ) ? "read" : "write";
1776
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1777
"%s: Alert: %s:%s:%s",
1778
SSL_LIBRARY_NAME, str,
1779
SSL_alert_type_string_long(rc),
1780
SSL_alert_desc_string_long(rc));
1782
else if (where & SSL_CB_EXIT) {
1784
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1785
"%s: Exit: failed in %s",
1786
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
1789
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1790
"%s: Exit: error in %s",
1791
SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
1797
* Because SSL renegotations can happen at any time (not only after
1798
* SSL_accept()), the best way to log the current connection details is
1799
* right after a finished handshake.
1801
if (where & SSL_CB_HANDSHAKE_DONE) {
1802
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
1803
"Connection: Client IP: %s, Protocol: %s, "
1804
"Cipher: %s (%s/%s bits)",
1805
ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"),
1806
ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"),
1807
ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"),
1808
ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"),
1809
ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE"));
added
removed
modules/ssl/ssl_engine_kernel.c
