Append :!aNULL:!eNULL:!EXP to the cipher string settings,
instead of prepending !aNULL:!eNULL:!EXP: (as was the case in 2.4.7
and later). Enables support for configuring the SUITEB* cipher
strings introduced in OpenSSL 1.0.2. PR 58213.
Apply the same treatment to the "SSLOpenSSLConfCmd CipherString ..." directive.
Proposed by: kbrand
Reviewed by: ylavic, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1706007 13f79535-47bb-0310-9956-ffa450edef68
r1677153, r1677154, r1677155, r1677156, r1677159, r1677830, r1677832,
r1677834, r1677835 from trunk
mod_ssl namespacing
Proposed by: kbrand
Reviewed by: ylavic, jorton
mod_ssl namespacing: Rename ssl_util_ssl.h macros from SSL_foo to MODSSL_foo.
For related discussion, see the dev@ thread starting at:
http://mail-archives.apache.org/mod_mbox/httpd-dev/201504.mbox/%3C20150415163613.GC15209%40fintan.stsp.name%3E
mod_ssl namespacing: Rename SSL_init_app_data2_idx, SSL_get_app_data2,
and SSL_set_app_data2 from SSL_* to modssl_*. Update references in
README.dsov.* files. Rename static variable SSL_app_data2_idx to just
app_data2_idx since the symbol is internal to ssl_util_ssl.c.
mod_ssl namespacing: SSL_read_PrivateKey -> modssl_read_privatekey
mod_ssl namespacing: SSL_smart_shutdown -> modssl_smart_shutdown
mod_ssl namespacing: SSL_X509_getBC -> modssl_X509_getBC
mod_ssl namespacing: Make SSL_ASN1_STRING_to_utf8 a static function inside
ssl_util_ssl.c (no callers outside this file). The new static function name
chosen is convert_asn1_to_utf8, based on the assumption that neither SSL_
nor ASN1_ are safe prefixes to use without potential future overlap.
mod_ssl namespacing: Rename SSL_X509_NAME_ENTRY_to_string to
modssl_X509_NAME_ENTRY_to_string.
mod_ssl namespacing: SSL_X509_NAME_to_string -> modssl_X509_NAME_to_string
mod_ssl namespacing: SSL_X509_getSAN -> modssl_X509_getSAN
mod_ssl namespacing: Make SSL_X509_getIDs a static function inside the
file ssl_util_ssl.c (no outside callers). Rename to just getIDs().
mod_ssl namespacing: SSL_X509_match_name -> modssl_X509_match_name
mod_ssl namespacing: SSL_X509_INFO_load_file -> modssl_X509_INFO_load_file
mod_ssl namespacing: Merge SSL_X509_INFO_load_path() into its only caller
ssl_init_proxy_certs() in ssl_engine_init.c. No functional change.
Review by: kbrand
mod_ssl namespacing: Move modssl_X509_INFO_load_file() into ssl_engine_init.c
and make it a static function called load_x509_info().
mod_ssl namespacing: Move SSL_CTX_use_certificate_chain() into ssl_engine_init.c
and make it a static function called use_certificate_chain().
mod_ssl namespacing: Rename SSL_SESSION_id2sz() to modssl_SSL_SESSION_id2sz().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1706002 13f79535-47bb-0310-9956-ffa450edef68
adding ap_get_protocol(c) which safeguards against NULL returns, for use instead of direct calling ap_run_protocol_get
changed Protocols to let vhosts override servers, removed old H2Engine example from readme
creating ap_array_index in util, forwarding scheme into request processing, enabling SSL vars only when scheme is not http:, delayed connection creation until task worker assignment
removed unnecessary lingering_close and sbh update on end of protocol upgrade handling
introducing ap_array_index in util, used in protocol and mod_h2
fixes existing protocol missing in selection if not explicitly proposed
new directive ProtocolsHonorOrder, added documentation for Protocols feature, changed preference selection and config merging
removed accidental code
new Protocols directive and core API changes to enable protocol switching on HTTP Upgrade or ALPN, implemented in mod_ssl and mod_h2
SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse
proxy configuration, a remote attacker could send a carefully crafted
request which could crash a server process, resulting in denial of
service.
Thanks to Marek Kroemeke working with HP's Zero Day Initiative for
reporting this issue.
* server/util.c (ap_parse_token_list_strict): New function.
* modules/proxy/proxy_util.c (find_conn_headers): Use it here.
* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response):
Send a 400 for a malformed Connection header.
Submitted by: Edward Lu, breser, covener
http, mod_ssl: Introduce and return the 421 (Misdirected Request) status code
for clients requesting a hostname on a reused connection whose SNI (from the
TLS handshake) does not match.
PR 5802.
This allows HTTP/2 clients to fall back to a new connection as per:
https://tools.ietf.org/html/rfc7540#section-9.1.2
Proposed by: Stefan Eissing <stefan eissing.org>
Reviewed by: ylavic
c89
Allowing protocol_propose hooks to be called with offers=NULL, clarifying semantics as proposed by chaosed0@gmail.com
giving ap_array_index a start parameter, adding ap_array_contains
ap_process_request needs exportation for use in mod_h2 on Windows
final final change to the new ap_array_str_* functions after review
changed Protocols default to http/1.1 only, updated documentation, changed ap_select_protocol() to return NULL when no protocol could be agreed upon
mod_ssl: fix compiler warning (bad cast).
improvements in ap_select_protocol(), supplied by yann ylavic
Submitted by: icing, jorton, ylavic, covener, icing, icing, gsmith, icing, icing, ylavic, icing
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1705672 13f79535-47bb-0310-9956-ffa450edef68
SSL_CTX_set_tmp_ecdh increases reference count, so we have to call
EC_KEY_free, otherwise eckey will not be freed.
Backports: r1666363
Author: jkaluza
Reviewed by: rjung, ylavic, wrowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1682074 13f79535-47bb-0310-9956-ffa450edef68
mod_ssl: follow up to r1527291.
Always prepend "!aNULL:!eNULL:" to SSL_DEFAULT_CIPHER_LIST (default for
SSL[Proxy]CipherSuite) since we support OpenSSL versions where this was
not yet included by default.
Submitted by: ylavic
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1679989 13f79535-47bb-0310-9956-ffa450edef68
mod_ssl: Add SSLSessionTickets (on|off).
It controls the use of TLS session tickets (RFC 5077).
Default is unchanged (on).
Using session tickets without restarting the web server with
an appropriate frequency (e.g. daily) compromises perfect forward
secrecy. As long as we do not have a nice key management
there needs to be a way to deactivate the use of session tickets.
Submitted by: rjung
Reviewed by: rjung, covener, ylavic
Backported by: rjung
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652074 13f79535-47bb-0310-9956-ffa450edef68
ssl: Axe needless string duplication in setup for call to apr_proc_create()
Fix sscanf format spotted by cppcheck
fix indent.
fix style
Private function doesn't need ap_ prefix.
tab vs space
rename variables: s should be the server_rec
Submitted by: trawick, jailletc36, jailletc36, jailletc36, takashi, jailletc36, sf
Reviewed by: jailletc36, ylavic, covener
Backported by: jailletc36
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1642403 13f79535-47bb-0310-9956-ffa450edef68
Move OCSP stapling information from a per-certificate store
(ex_data attached to an X509 *) to a per-server hash which is
allocated from the pconf pool. Fixes PR 54357, PR 56919 and
a leak with the certinfo_free cleanup function (missing
OCSP_CERTID_free).
* modules/ssl/ssl_util_stapling.c: drop certinfo_free, and add
ssl_stapling_certid_free (used with apr_pool_cleanup_register).
Switch to a stapling_certinfo hash which is keyed by the SHA-1
digest of the certificate's DER encoding, rework ssl_stapling_init_cert
to only store info once per certificate (allocated from the pconf
to the extent possible) and extend the logging.
* modules/ssl/ssl_private.h: adjust prototype for
ssl_stapling_init_cert, replace ssl_stapling_ex_init with
ssl_stapling_certinfo_hash_init
* modules/ssl/ssl_engine_init.c: adjust ssl_stapling_* calls
Based on initial work by Alex Bligh <alex alex.org.uk>
Follow up to r1629372: ensure compatibily with OpenSSL < 1.0 (sk_OPENSSL_STRING_value).
Follow up to r1629372 and r1629485: ensure compatibily with OpenSSL < 1.0 (sk_OPENSSL_STRING_[num|value|pop] macros).
Submitted by: kbrand, ylavic, ylavic
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1634529 13f79535-47bb-0310-9956-ffa450edef68
Add missing APLOGNO.
Refactor to keep APLOGNO on the same line as ap_log_error, when applicable.
Add missing APLOGNO.
Refactor some lines to keep APLOGNO on the same line as ap_log_error, when applicable.
Split lines longer than 80.
Improve alignment.
Submitted by: jailletc36
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1622706 13f79535-47bb-0310-9956-ffa450edef68
For better compatibility with mod_nss:
* modules/ssl/ssl_engine_config.c (ssl_config_server_new): Default
sc->enabled to UNSET.
* modules/ssl/ssl_engine_init.c (ssl_init_Module): Only override
sc->enabled based on the protocol iff sc->enabled is UNSET; allows
"SSLEngine off" to override the Listen-based default.
Submitted by: jorton
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608759 13f79535-47bb-0310-9956-ffa450edef68
Bring SNI behavior into better conformance with RFC 6066:
- no longer send a warning-level unrecognized_name(112) alert
when no matching vhost is found (PR 56241)
- at startup, only issue warnings about IP/port conflicts and name-based
SSL vhosts when running with an OpenSSL without TLS extension support
(almost 5 years after SNI was added to 2.2.x, the
"[...] only work for clients with TLS server name indication support"
warning feels obsolete)
Proposed by: kbrand
Reviewed by: jorton, ylavic
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1588424 13f79535-47bb-0310-9956-ffa450edef68
A bug in some older versions of OpenSSL will cause a crash
in SSL_get_certificate for servers where the certificate hasn't
been sent.
Workaround by setting the ssl structure to client mode which
bypasses the faulty code in OpenSSL. Normally setting a server
ssl structure to client mode would cause problems later on:
but we are freeing the structure immediately without attempting
to use it.
Submitted by: drh
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1577137 13f79535-47bb-0310-9956-ffa450edef68
Throw away the myCtxVar{Set,Get} abomination and introduce
a pphrase_cb_arg_t struct instead, for passing stuff between
ssl_pphrase_Handle and ssl_pphrase_Handle_CB. Prefer struct
members instead of using additional local variables, to make
the data flow more transparent. (Doesn't "vastly simplify"
the code yet, but hopefully we'll get there when further
stripping down ssl_pphrase_Handle.)
Remove the hardcoded algorithm-type dependency for the SSLCertificateFile
and SSLCertificateKeyFile directives, and deprecate SSLCertificateChainFile
Splitting the patch into smaller pieces turned out to be infeasible,
unfortunately, due to the heavily intertwined code in ssl_engine_config.c,
ssl_engine_init.c and ssl_engine_pphrase.c, which all depends on the
modssl_pk_server_t data structure. For better comprehensibility,
a detailed listing of the changes follows:
ssl_private.h
- drop the X509 certs and EVP_PKEY keys arrays from modssl_pk_server_t
- use apr_array_header_t for cert_files and key_files
- drop tPublicCert from SSLModConfigRec
- drop the ssl_algo_t struct and the SSL_ALGO_* and SSL_AIDX_* constants
ssl_engine_config.c
- change to apr_array_header_t for SSLCertificate[Key]File
- drop ssl_cmd_check_aidx_max, i.e. allow an arbitrary number of certs
and keys (in theory; currently OpenSSL does not support more than
one cert/key per algorithm type)
- add deprecation warning for SSLCertificateChainFile
ssl_engine_init.c
- configure server certs/keys in ssl_init_server_certs (no longer via
ssl_pphrase_Handle in ssl_init_Module)
- in ssl_init_server_certs, read in certificates and keys with standard
OpenSSL API functions (SSL_CTX_use_*_file), and only fall back to
ssl_load_encrypted_pkey when encountering an encrypted private key
- drop ssl_server_import_cert, ssl_server_import_key, ssl_init_server_check,
and ssl_init_ctx_cleanup_server
- move the "problematic re-initialization" check to ssl_init_server_ctx
ssl_engine_pphrase.c
- use servername:port:index as the key identifier, instead of the
previously used servername:port:algorithm
- ssl_pphrase_Handle overhaul: remove all cert/public-key handling,
make it only load a single (encrypted) private key, and rename
to ssl_load_encrypted_pkey
- in the passphrase prompt message, show the private key file name
instead of the vhost id and the algorithm name
- do no longer supply the algorithm name as an argument to "exec"-type
passphrase prompting programs
ssl_util.c
- drop ssl_util_algotypeof, ssl_util_algotypestr, ssl_asn1_keystr,
and ssl_asn1_table_keyfmt
ssl_util_ssl.{c,h}
- drop SSL_read_X509
- constify the filename arg for SSL_read_PrivateKey
CodeWarrior compiler doesnt allow vars as struct inits.
Remove per-certificate chain handling code (obsoleted by
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b9fa413a08d436d6b522749b5e808fcd931fd943)
make the ppcb_arg initialization a bit more uniform and easier to read
Followup fix for r1553824:
also pass the file name to ssl_load_encrypted_pkey, to make sure that we
retry with the same filename we used for SSL_CTX_use_PrivateKey_file first
With OpenSSL 1.0.2 or later, enable OCSP stapling in a loop based on
SSL_CTX_set_current_cert(), near the end of ssl_init_server_ctx.
update APLOGNO for r1564760
Submitted by: kbrand, fuankg, kbrand, kbrand, kbrand, kbrand, kbrand
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1573360 13f79535-47bb-0310-9956-ffa450edef68
Remove SSLPKCS7CertificateFile support:
- was never documented, so very unlikely that it was ever used
- adds complexity without apparent benefit; PKCS#7 files can
be trivially converted to a file for use with SSLCertificateChainFile
(concatenated X509 CERTIFICATE chunks, openssl pkcs7 -print_certs...)
- only supports PKCS7 files with PEM encoding, i.e. relies on a
non-standardized PEM header (cf. RFC 2315 and draft-josefsson-pkix-textual)
- issues pointed out in http://mail-archives.apache.org/mod_mbox/httpd-dev/200607.mbox/%3C20060723093125.GA19423@redhat.com%3E
were never fully addressed (cf. r424707 and r424735)
- has never worked in vhost context due to a cfgMergeString
call missing from modssl_ctx_cfg_merge
Proposed by: kbrand
Reviewed by: covener, druggeri
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1556290 13f79535-47bb-0310-9956-ffa450edef68
Streamline ephemeral key handling:
- drop support for ephemeral RSA keys (only allowed/needed
for export ciphers)
- drop pTmpKeys from the per-process SSLModConfigRec, and remove
the temp key generation at startup (unnecessary for DHE/ECDHE)
- unconditionally disable null and export-grade ciphers by always
prepending "!aNULL:!eNULL:!EXP:" to any cipher suite string
- do not configure per-connection SSL_tmp_*_callbacks, as it is
sufficient to set them for the SSL_CTX
- set default curve for ECDHE at startup, obviating the need
for a per-handshake callback, for the time being (and also
configure SSL_OP_SINGLE_ECDH_USE, previously left out)
For additional background, see
https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C52358ED1.2070704@velox.ch%3E
Follow-up fixes for r1526168:
- drop SSL_TMP_KEY_* constants from ssl_private.h, too
- make sure we also disable aNULL, eNULL and EXP ciphers
for per-directory SSLCipherSuite directives
- apply the same treatment to SSLProxyCipherSuite
Increase minimum required OpenSSL version to 0.9.8a (in preparation
for the next mod_ssl commit, which will rely on the get_rfcX_prime_Y
functions added in that release):
- remove obsolete #defines / macros
- in ssl_private.h, regroup definitions based on whether
they depend on TLS extension support or not
- for ECC and SRP support, set HAVE_X and change the rather awkward
#ifndef OPENSSL_NO_X lines accordingly
For the discussion prior to taking this step, see
https://mail-archives.apache.org/mod_mbox/httpd-dev/201309.mbox/%3C524275C7.9060408%40velox.ch%3E
Improve ephemeral key handling (companion to r1526168):
- allow to configure custom DHE or ECDHE parameters via the
SSLCertificateFile directive, and adapt its documentation
accordingly (addresses PR 49559)
- add standardized DH parameters from RFCs 2409 and 3526,
use them based on the length of the certificate's RSA/DSA key,
and add a FAQ entry for clients which limit DH support
to 1024 bits (such as Java 7 and earlier)
- move ssl_dh_GetParamFromFile() from ssl_engine_dh.c to
ssl_util_ssl.c, and add ssl_ec_GetParamFromFile()
- drop ssl_engine_dh.c from mod_ssl
For the standardized DH parameters, OpenSSL version 0.9.8a
or later is required, which was therefore made a new minimum
requirement in r1527294.
PR 55616 (add missing APLOGNO), part 2
Submitted by: kbrand
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1542327 13f79535-47bb-0310-9956-ffa450edef68
mod_ssl: add support for subjectAltName-based host name checking in proxy mode
(PR 54030)
factor out code from ssl_engine_init.c:ssl_check_public_cert()
to ssl_util_ssl.c:SSL_X509_match_name()
introduce new SSLProxyCheckPeerName directive, which should eventually
obsolete SSLProxyCheckPeerCN
ssl_engine_io.c:ssl_io_filter_handshake(): avoid code duplication
when aborting with HTTP_BAD_GATEWAY
Fix warning about discarding 'const' qualifier from pointer
Submitted by: kbrand, sf
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1485667 13f79535-47bb-0310-9956-ffa450edef68
mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
in the error log to debug level. [William Rowe]
Submitted by: wrowe
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1465989 13f79535-47bb-0310-9956-ffa450edef68
for TLS, RFC 5054).
Including some improvements as suggested by Kaspar
PR: 51075
Submitted by: Quinn Slack <sqs cs stanford edu>, Christophe Renou,
Peter Sylvester
Backported by: sf
Reviewed by: sf, minfrin, rjung
Backports of r1347980 and r1348653 form trunk.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1420057 13f79535-47bb-0310-9956-ffa450edef68
the main error log, pointing to the appropriate virtual host error log.
Backport of r1348660 from trunk.
Submitted by: sf
Reviewed by: rjung, covener
Backported by: rjung
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1369464 13f79535-47bb-0310-9956-ffa450edef68
Initialize EC temporary key on server startup, as for DH and
RSA. This fixes a race condition that could lead to a crash with threaded
MPMs.
Submitted by: sf
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1308862 13f79535-47bb-0310-9956-ffa450edef68
Set OPENSSL_NO_SSL_INTERN when compiling against OpenSSL 1.0.1
or later, so that mod_ssl retains binary compatibility with future
versions when internal structures are changed. Use API functions
where available, and fall back to direct access for OpenSSL up
to 1.0.0, where needed.
Remove SSL_make_ciphersuite() from ssl_util_ssl.[ch], as it was
never used by any released version of mod_ssl.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1222920 13f79535-47bb-0310-9956-ffa450edef68
Streamline TLS session ticket key handling (added in r1200040):
- drop the SSLTicketKeyDefault directive, and only support a single
ticket key per server/vhost
- rename the SSLTicketKeyFile directive to SSLSessionTicketKeyFile,
remove the keyname parameter
- move ticket key parameters from SSLSrvConfigRec to modssl_ctx_t
- configure the tlsext_ticket_key_cb only when in server mode
- add documentation for SSLSessionTicketKeyFile
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1213395 13f79535-47bb-0310-9956-ffa450edef68
Various fixes for log message tags:
- Remove tags in ssl_log_ssl_error() and ssl_log_cert_error()
- Instead add tags to various ssl_log_xerror, ssl_log_cxerror
calls (ssl_log_rxerror is unused).
- likewise for modssl_proxy_info_log()
- Fix spelling of APLOG_NOERRNO in coccinelle script
- add support for ssl_log_*error and ap_log_cserror
- add some more tags missing due to APLOG_NOERRNO spelling error
- Remove tags from example modules (we don't want people to blindly copy
those)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1211682 13f79535-47bb-0310-9956-ffa450edef68
* SSLTicketKeyFile: To store the private information for the encryption of the ticket.
* SSLTicketKeyDefault To set the default, otherwise the first listed token is used. This enables key rotation across servers.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1200040 13f79535-47bb-0310-9956-ffa450edef68
Always set SSL_MODE_RELEASE_BUFFERS in ab.
PR: 51618
Submitted by: Cristian Rodríguez <crrodriguez opensuse org>, Stefan Fritsch
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1178079 13f79535-47bb-0310-9956-ffa450edef68
extension into account when checking the cert against the configured
ServerName. PR 32652, PR 47051.
Replace SSL_X509_getCN() by SSL_X509_getIDs(), which returns an array
of a cert's DNS-IDs and CN-IDs (terms as coined by RFC 6125).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1176752 13f79535-47bb-0310-9956-ffa450edef68
