12
12
/* TLS_SESS_STATE *tls_server_start(props)
13
13
/* const TLS_SERVER_START_PROPS *props;
15
/* TLS_SESS_STATE *tls_server_post_accept(TLScontext)
16
/* TLS_SESS_STATE *TLScontext;
15
18
/* void tls_server_stop(app_ctx, stream, failure, TLScontext)
16
19
/* TLS_APPL_STATE *app_ctx;
17
20
/* VSTREAM *stream;
21
24
/* This module is the interface between Postfix TLS servers,
22
25
/* the OpenSSL library, and the TLS entropy and cache manager.
27
/* See "EVENT_DRIVEN APPLICATIONS" below for using this code
28
/* in event-driven programs.
24
30
/* tls_server_init() is called once when the SMTP server
26
32
/* Certificate details are also decided during this phase,
29
35
/* tls_server_start() activates the TLS feature for the VSTREAM
30
36
/* passed as argument. We assume that network buffers are flushed
31
/* and the TLS handshake can begin immediately.
37
/* and the TLS handshake can begin immediately.
33
39
/* tls_server_stop() sends the "close notify" alert via
34
40
/* SSL_shutdown() to the peer and resets all connection specific
69
75
/* certificate is available.
71
77
/* If no peer certificate is presented the peer_status is set to 0.
78
/* EVENT_DRIVEN APPLICATIONS
81
/* Event-driven programs manage multiple I/O channels. Such
82
/* programs cannot use the synchronous VSTREAM-over-TLS
83
/* implementation that the current TLS library provides,
84
/* including tls_server_stop() and the underlying tls_stream(3)
85
/* and tls_bio_ops(3) routines.
87
/* With the current TLS library implementation, this means
88
/* that the application is responsible for calling and retrying
89
/* SSL_accept(), SSL_read(), SSL_write() and SSL_shutdown().
91
/* To maintain control over TLS I/O, an event-driven server
92
/* invokes tls_server_start() with a null VSTREAM argument.
93
/* Then, tls_server_start() performs all the necessary
94
/* preparations before the TLS handshake and returns a partially
95
/* populated TLS context. The event-driven application is then
96
/* responsible for invoking SSL_accept(), and if successful,
97
/* for invoking tls_server_post_accept() to finish the work
98
/* that was started by tls_server_start(). In case of unrecoverable
99
/* failure, tls_server_post_accept() destroys the TLS context
100
/* and returns a null pointer value.
369
399
| ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L)
370
400
| ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L));
402
#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
405
* Some sites may want to give the client less rope. On the other hand,
406
* this could trigger inter-operability issues, the client should not
407
* offer ciphers it implements poorly, but this hasn't stopped some
408
* vendors from getting it wrong.
410
* XXX: Given OpenSSL's security history, nobody should still be using
411
* 0.9.7, let alone 0.9.6 or earlier. Warning added to TLS_README.html.
413
if (var_tls_preempt_clist)
414
SSL_CTX_set_options(server_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
373
418
* Set the call-back routine to debug handshake progress.
584
626
TLScontext->serverid = mystrdup(props->serverid);
585
627
TLScontext->am_server = 1;
629
TLScontext->fpt_dgst = mystrdup(props->fpt_dgst);
630
TLScontext->stream = props->stream;
587
632
ERR_clear_error();
588
633
if ((TLScontext->con = (SSL *) SSL_new(app_ctx->ssl_ctx)) == 0) {
589
634
msg_warn("Could not allocate 'TLScontext->con' with SSL_new()");
602
* The TLS connection is realized by a BIO_pair, so obtain the pair.
604
* XXX There is no need to store the internal_bio handle in the TLScontext
605
* structure. It will be attached to and destroyed with TLScontext->con.
606
* The network_bio, however, needs to be freed explicitly, so we need to
607
* store its handle in TLScontext.
609
if (!BIO_new_bio_pair(&TLScontext->internal_bio, TLS_BIO_BUFSIZE,
610
&TLScontext->network_bio, TLS_BIO_BUFSIZE)) {
611
msg_warn("Could not obtain BIO_pair");
613
tls_free_context(TLScontext);
618
647
* Before really starting anything, try to seed the PRNG a little bit
629
658
SSL_set_accept_state(TLScontext->con);
632
* Connect the SSL connection with the Postfix side of the BIO-pair for
633
* reading and writing.
635
SSL_set_bio(TLScontext->con, TLScontext->internal_bio,
636
TLScontext->internal_bio);
639
661
* If the debug level selected is high enough, all of the data is dumped:
640
662
* 3 will dump the SSL negotiation, 4 will dump everything.
647
669
BIO_set_callback(SSL_get_rbio(TLScontext->con), tls_bio_dump_cb);
672
* If we don't trigger the handshake in the library, leave control over
673
* SSL_accept/read/write/etc with the application.
675
if (props->stream == 0)
679
* Connect the SSL connection with the network socket.
681
if (SSL_set_fd(TLScontext->con, vstream_fileno(props->stream)) != 1) {
682
msg_info("SSL_set_fd error to %s", props->namaddr);
684
uncache_session(app_ctx->ssl_ctx, TLScontext);
685
tls_free_context(TLScontext);
690
* Turn on non-blocking I/O so that we can enforce timeouts on network
693
non_blocking(vstream_fileno(props->stream), NON_BLOCKING);
650
696
* Start TLS negotiations. This process is a black box that invokes our
651
697
* call-backs for session caching and certificate verification.
661
707
tls_free_context(TLScontext);
710
return (tls_server_post_accept(TLScontext));
713
/* tls_server_post_accept - post-handshake processing */
715
TLS_SESS_STATE *tls_server_post_accept(TLS_SESS_STATE *TLScontext)
717
const SSL_CIPHER *cipher;
719
char buf[CCERT_BUFSIZ];
664
721
/* Only loglevel==4 dumps everything */
665
if (props->log_level < 4)
722
if (TLScontext->log_level < 4)
666
723
BIO_set_callback(SSL_get_rbio(TLScontext->con), 0);
683
740
if (SSL_get_verify_result(TLScontext->con) == X509_V_OK)
684
741
TLScontext->peer_status |= TLS_CERT_FLAG_TRUSTED;
686
if (props->log_level >= 2) {
743
if (TLScontext->log_level >= 2) {
687
744
X509_NAME_oneline(X509_get_subject_name(peer),
688
745
buf, sizeof(buf));
689
746
msg_info("subject=%s", buf);
694
751
TLScontext->peer_CN = tls_peer_CN(peer, TLScontext);
695
752
TLScontext->issuer_CN = tls_issuer_CN(peer, TLScontext);
696
TLScontext->peer_fingerprint = tls_fingerprint(peer, props->fpt_dgst);
753
TLScontext->peer_fingerprint =
754
tls_fingerprint(peer, TLScontext->fpt_dgst);
698
if (props->log_level >= 1) {
756
if (TLScontext->log_level >= 1) {
699
757
msg_info("%s: %s: subject_CN=%s, issuer=%s, fingerprint=%s",
701
759
TLS_CERT_IS_TRUSTED(TLScontext) ? "Trusted" : "Untrusted",
702
760
TLScontext->peer_CN, TLScontext->issuer_CN,
703
761
TLScontext->peer_fingerprint);
719
777
&(TLScontext->cipher_algbits));
722
* The TLS engine is active. Switch to the tls_timed_read/write()
723
* functions and make the TLScontext available to those functions.
780
* If the library triggered the SSL handshake, switch to the
781
* tls_timed_read/write() functions and make the TLScontext available to
782
* those functions. Otherwise, leave control over SSL_read/write/etc.
783
* with the application.
725
tls_stream_start(props->stream, TLScontext);
785
if (TLScontext->stream != 0)
786
tls_stream_start(TLScontext->stream, TLScontext);
728
789
* All the key facts in a single log entry.
730
if (props->log_level >= 1)
791
if (TLScontext->log_level >= 1)
731
792
msg_info("%s TLS connection established from %s: %s with cipher %s "
732
793
"(%d/%d bits)", !TLS_CERT_IS_PRESENT(TLScontext) ? "Anonymous"
733
794
: TLS_CERT_IS_TRUSTED(TLScontext) ? "Trusted" : "Untrusted",
734
props->namaddr, TLScontext->protocol, TLScontext->cipher_name,
795
TLScontext->namaddr, TLScontext->protocol, TLScontext->cipher_name,
735
796
TLScontext->cipher_usebits, TLScontext->cipher_algbits);