httpd-2.2.x-sni.patch - server name indication support for Apache 2.2 (see RFC 4366, "Transport Layer Security (TLS) Extensions") Last updated 2009-04-08 based on a patch from the EdelKey project (http://www.edelweb.fr/EdelKey/files/apache-2.2.0+0.9.9+servername.patch) Needs openssl-SNAP-20060330 / OpenSSL 0.9.8f or later to work properly (ftp://ftp.openssl.org/snapshot/). OpenSSL versions prior to 0.9.8j must be configured explicitly for TLS extension support at compile time ("./config enable-tlsext"). Index: httpd-2.2.x/modules/ssl/ssl_private.h =================================================================== --- httpd-2.2.x/modules/ssl/ssl_private.h (revision 763153) +++ httpd-2.2.x/modules/ssl/ssl_private.h (working copy) @@ -35,6 +35,7 @@ #include "http_connection.h" #include "http_request.h" #include "http_protocol.h" +#include "http_vhost.h" #include "util_script.h" #include "util_filter.h" #include "util_ebcdic.h" @@ -562,6 +563,9 @@ int ssl_callback_NewSessionCacheEntry(SSL SSL_SESSION *ssl_callback_GetSessionCacheEntry(SSL *, unsigned char *, int, int *); void ssl_callback_DelSessionCacheEntry(SSL_CTX *, SSL_SESSION *); void ssl_callback_LogTracingState(MODSSL_INFO_CB_ARG_TYPE, int, int); +#ifndef OPENSSL_NO_TLSEXT +int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *); +#endif /** Session Cache Support */ void ssl_scache_init(server_rec *, apr_pool_t *); Index: httpd-2.2.x/modules/ssl/ssl_engine_init.c =================================================================== --- httpd-2.2.x/modules/ssl/ssl_engine_init.c (revision 763153) +++ httpd-2.2.x/modules/ssl/ssl_engine_init.c (working copy) @@ -358,6 +358,33 @@ static void ssl_init_server_check(server_rec *s, } } +#ifndef OPENSSL_NO_TLSEXT +static void ssl_init_ctx_tls_extensions(server_rec *s, + apr_pool_t *p, + apr_pool_t *ptemp, + modssl_ctx_t *mctx) +{ + /* + * Configure TLS extensions support + */ + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + "Configuring TLS extension handling"); + + /* + * Server name indication (SNI) + */ + if (!SSL_CTX_set_tlsext_servername_callback(mctx->ssl_ctx, + ssl_callback_ServerNameIndication) || + !SSL_CTX_set_tlsext_servername_arg(mctx->ssl_ctx, mctx)) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + "Unable to initialize TLS servername extension " + "callback (incompatible OpenSSL version?)"); + ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); + ssl_die(); + } +} +#endif + static void ssl_init_ctx_protocol(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, @@ -690,6 +717,9 @@ static void ssl_init_ctx(server_rec *s, if (mctx->pks) { /* XXX: proxy support? */ ssl_init_ctx_cert_chain(s, p, ptemp, mctx); +#ifndef OPENSSL_NO_TLSEXT + ssl_init_ctx_tls_extensions(s, p, ptemp, mctx); +#endif } } @@ -1039,9 +1069,19 @@ void ssl_init_CheckServers(server_rec *base_server klen = strlen(key); if ((ps = (server_rec *)apr_hash_get(table, key, klen))) { - ap_log_error(APLOG_MARK, APLOG_WARNING, 0, + ap_log_error(APLOG_MARK, +#ifdef OPENSSL_NO_TLSEXT + APLOG_WARNING, +#else + APLOG_DEBUG, +#endif + 0, base_server, +#ifdef OPENSSL_NO_TLSEXT "Init: SSL server IP/port conflict: " +#else + "Init: SSL server IP/port overlap: " +#endif "%s (%s:%d) vs. %s (%s:%d)", ssl_util_vhostid(p, s), (s->defn_name ? s->defn_name : "unknown"), @@ -1058,8 +1098,14 @@ void ssl_init_CheckServers(server_rec *base_server if (conflict) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server, +#ifdef OPENSSL_NO_TLSEXT "Init: You should not use name-based " "virtual hosts in conjunction with SSL!!"); +#else + "Init: Name-based SSL virtual hosts only " + "work for clients with TLS server name indication " + "support (RFC 4366)"); +#endif } } Index: httpd-2.2.x/modules/ssl/ssl_engine_vars.c =================================================================== --- httpd-2.2.x/modules/ssl/ssl_engine_vars.c (revision 763153) +++ httpd-2.2.x/modules/ssl/ssl_engine_vars.c (working copy) @@ -320,6 +320,12 @@ static char *ssl_var_lookup_ssl(apr_pool_t *p, con else if (ssl != NULL && strcEQ(var, "COMPRESS_METHOD")) { result = ssl_var_lookup_ssl_compress_meth(ssl); } +#ifndef OPENSSL_NO_TLSEXT + else if (ssl != NULL && strcEQ(var, "TLS_SNI")) { + result = apr_pstrdup(p, SSL_get_servername(ssl, + TLSEXT_NAMETYPE_host_name)); + } +#endif return result; } Index: httpd-2.2.x/modules/ssl/ssl_engine_kernel.c =================================================================== --- httpd-2.2.x/modules/ssl/ssl_engine_kernel.c (revision 763153) +++ httpd-2.2.x/modules/ssl/ssl_engine_kernel.c (working copy) @@ -31,6 +31,9 @@ #include "ssl_private.h" static void ssl_configure_env(request_rec *r, SSLConnRec *sslconn); +#ifndef OPENSSL_NO_TLSEXT +static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s); +#endif /* * Post Read Request Handler @@ -39,6 +42,9 @@ int ssl_hook_ReadReq(request_rec *r) { SSLConnRec *sslconn = myConnConfig(r->connection); SSL *ssl; +#ifndef OPENSSL_NO_TLSEXT + const char *servername; +#endif if (!sslconn) { return DECLINED; @@ -87,6 +93,34 @@ int ssl_hook_ReadReq(request_rec *r) if (!ssl) { return DECLINED; } +#ifndef OPENSSL_NO_TLSEXT + if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) { + char *host, *scope_id; + apr_port_t port; + apr_status_t rv; + + /* + * The SNI extension supplied a hostname. So don't accept requests + * with either no hostname or a different hostname. + */ + if (!r->hostname) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, + "Hostname %s provided via SNI, but no hostname" + " provided in HTTP request", servername); + return HTTP_BAD_REQUEST; + } + rv = apr_parse_addr_port(&host, &scope_id, &port, r->hostname, r->pool); + if (rv != APR_SUCCESS || scope_id) { + return HTTP_BAD_REQUEST; + } + if (strcmp(host, servername)) { + ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, + "Hostname %s provided via SNI and hostname %s provided" + " via HTTP are different", servername, host); + return HTTP_BAD_REQUEST; + } + } +#endif SSL_set_app_data2(ssl, r); /* @@ -252,7 +286,7 @@ int ssl_hook_Access(request_rec *r) * has to enable this via ``SSLOptions +OptRenegotiate''. So we do no * implicit optimizations. */ - if (dc->szCipherSuite) { + if (dc->szCipherSuite || (r->server != r->connection->base_server)) { /* remember old state */ if (dc->nOptions & SSL_OPT_OPTRENEGOTIATE) { @@ -267,7 +301,10 @@ int ssl_hook_Access(request_rec *r) } /* configure new state */ - if (!modssl_set_cipher_list(ssl, dc->szCipherSuite)) { + if ((dc->szCipherSuite || sc->server->auth.cipher_suite) && + !modssl_set_cipher_list(ssl, dc->szCipherSuite ? + dc->szCipherSuite : + sc->server->auth.cipher_suite)) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server, "Unable to reconfigure (per-directory) " @@ -334,8 +371,13 @@ int ssl_hook_Access(request_rec *r) sk_SSL_CIPHER_free(cipher_list_old); } - /* tracing */ if (renegotiate) { +#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE + if (sc->cipher_server_pref == TRUE) { + SSL_set_options(ssl, SSL_OP_CIPHER_SERVER_PREFERENCE); + } +#endif + /* tracing */ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "Reconfigured cipher suite will force renegotiation"); } @@ -353,19 +395,15 @@ int ssl_hook_Access(request_rec *r) * currently active/remembered verify depth (because this means more * restriction on the certificate chain). */ - if (dc->nVerifyDepth != UNSET) { - /* XXX: doesnt look like sslconn->verify_depth is actually used */ - if (!(n = sslconn->verify_depth)) { - sslconn->verify_depth = n = sc->server->auth.verify_depth; - } - - /* determine whether a renegotiation has to be forced */ - if (dc->nVerifyDepth < n) { - renegotiate = TRUE; - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, - "Reduced client verification depth will force " - "renegotiation"); - } + n = sslconn->verify_depth; + sslconn->verify_depth = (dc->nVerifyDepth != UNSET) ? + dc->nVerifyDepth : sc->server->auth.verify_depth; + if ((sslconn->verify_depth < n) || + ((n == 0) && (sc->server->auth.verify_depth == 0))) { + renegotiate = TRUE; + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, + "Reduced client verification depth will force " + "renegotiation"); } /* @@ -382,18 +420,22 @@ int ssl_hook_Access(request_rec *r) * verification but at least skip the I/O-intensive renegotation * handshake. */ - if (dc->nVerifyClient != SSL_CVERIFY_UNSET) { + if ((dc->nVerifyClient != SSL_CVERIFY_UNSET) || + (sc->server->auth.verify_mode != SSL_CVERIFY_UNSET)) { /* remember old state */ verify_old = SSL_get_verify_mode(ssl); /* configure new state */ verify = SSL_VERIFY_NONE; - if (dc->nVerifyClient == SSL_CVERIFY_REQUIRE) { + if ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) || + (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE)) { verify |= SSL_VERIFY_PEER_STRICT; } if ((dc->nVerifyClient == SSL_CVERIFY_OPTIONAL) || - (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA)) + (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA) || + (sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL) || + (sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA)) { verify |= SSL_VERIFY_PEER; } @@ -491,6 +533,40 @@ int ssl_hook_Access(request_rec *r) "Changed client verification locations will force " "renegotiation"); } +#else +#ifndef OPENSSL_NO_TLSEXT +#define MODSSL_CFG_CA_NE(f, sc1, sc2) \ + (sc1->server->auth.f && \ + (!sc2->server->auth.f || \ + sc2->server->auth.f && strNE(sc1->server->auth.f, sc2->server->auth.f))) + + /* If we're handling a request for a vhost other than the default one, + * then we need to make sure that client authentication is properly + * enforced. For clients supplying an SNI extension, the peer certificate + * verification has happened in the handshake already (and r->server + * has been set to r->connection->base_server). For non-SNI requests, + * an additional check is needed here. If client authentication is + * configured as mandatory, then we can only proceed if the CA list + * doesn't have to be changed (SSL_set_cert_store() would be required + * for this). + */ + if ((r->server != r->connection->base_server) && + (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) && + renegotiate && + !(SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) { + SSLSrvConfigRec *bssc = mySrvConfig(r->connection->base_server); + + if (MODSSL_CFG_CA_NE(ca_cert_file, sc, bssc) || + MODSSL_CFG_CA_NE(ca_cert_path, sc, bssc)) { + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, + "Non-default virtual host with SSLVerify set to 'require' " + "and VirtualHost-specific CA certificate list is only " + "supported for clients with TLS server name indication " + "(SNI) support"); + return HTTP_FORBIDDEN; + } + } +#endif /* OPENSSL_NO_TLSEXT */ #endif /* HAVE_SSL_SET_CERT_STORE */ /* If a renegotiation is now required for this location, and the @@ -675,8 +751,10 @@ int ssl_hook_Access(request_rec *r) /* * Finally check for acceptable renegotiation results */ - if (dc->nVerifyClient != SSL_CVERIFY_NONE) { - BOOL do_verify = (dc->nVerifyClient == SSL_CVERIFY_REQUIRE); + if ((dc->nVerifyClient != SSL_CVERIFY_NONE) || + (sc->server->auth.verify_mode != SSL_CVERIFY_NONE)) { + BOOL do_verify = ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) || + (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE)); if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server, @@ -1006,6 +1084,9 @@ int ssl_hook_Fixup(request_rec *r) SSLDirConfigRec *dc = myDirConfig(r); apr_table_t *env = r->subprocess_env; char *var, *val = ""; +#ifndef OPENSSL_NO_TLSEXT + const char *servername; +#endif STACK_OF(X509) *peer_certs; SSL *ssl; int i; @@ -1027,6 +1108,13 @@ int ssl_hook_Fixup(request_rec *r) /* the always present HTTPS (=HTTP over SSL) flag! */ apr_table_setn(env, "HTTPS", "on"); +#ifndef OPENSSL_NO_TLSEXT + /* add content of SNI TLS extension (if supplied with ClientHello) */ + if ((servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name))) { + apr_table_set(env, "SSL_TLS_SNI", servername); + } +#endif + /* standard SSL environment variables */ if (dc->nOptions & SSL_OPT_STDENVVARS) { for (i = 0; ssl_hook_Fixup_vars[i]; i++) { @@ -1175,8 +1263,8 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX SSL *ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl); - server_rec *s = conn->base_server; request_rec *r = (request_rec *)SSL_get_app_data2(ssl); + server_rec *s = r ? r->server : conn->base_server; SSLSrvConfigRec *sc = mySrvConfig(s); SSLDirConfigRec *dc = r ? myDirConfig(r) : NULL; @@ -1299,7 +1387,10 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c) { - server_rec *s = c->base_server; + SSL *ssl = X509_STORE_CTX_get_ex_data(ctx, + SSL_get_ex_data_X509_STORE_CTX_idx()); + request_rec *r = (request_rec *)SSL_get_app_data2(ssl); + server_rec *s = r ? r->server : c->base_server; SSLSrvConfigRec *sc = mySrvConfig(s); SSLConnRec *sslconn = myConnConfig(c); modssl_ctx_t *mctx = myCtxConfig(sslconn, sc); @@ -1819,3 +1910,141 @@ void ssl_callback_LogTracingState(MODSSL_INFO_CB_A } } +#ifndef OPENSSL_NO_TLSEXT +/* + * This callback function is executed when OpenSSL encounters an extended + * client hello with a server name indication extension ("SNI", cf. RFC 4366). + */ +int ssl_callback_ServerNameIndication(SSL *ssl, int *al, modssl_ctx_t *mctx) +{ + const char *servername = + SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name); + + if (servername) { + conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); + if (c) { + if (ap_vhost_iterate_given_conn(c, ssl_find_vhost, + (void *)servername)) { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, + "SSL virtual host for servername %s found", + servername); + return SSL_TLSEXT_ERR_OK; + } + else { + ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, + "No matching SSL virtual host for servername " + "%s found (using default/first virtual host)", + servername); + return SSL_TLSEXT_ERR_ALERT_WARNING; + } + } + } + + return SSL_TLSEXT_ERR_NOACK; +} + +/* + * Find a (name-based) SSL virtual host where either the ServerName + * or one of the ServerAliases matches the supplied name (to be used + * with ap_vhost_iterate_given_conn()) + */ +static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s) +{ + SSLSrvConfigRec *sc; + SSL *ssl; + BOOL found = FALSE; + apr_array_header_t *names; + int i; + + /* check ServerName */ + if (!strcasecmp(servername, s->server_hostname)) { + found = TRUE; + } + + /* + * if not matched yet, check ServerAlias entries + * (adapted from vhost.c:matches_aliases()) + */ + if (!found) { + names = s->names; + if (names) { + char **name = (char **)names->elts; + for (i = 0; i < names->nelts; ++i) { + if (!name[i]) + continue; + if (!strcasecmp(servername, name[i])) { + found = TRUE; + break; + } + } + } + } + + /* if still no match, check ServerAlias entries with wildcards */ + if (!found) { + names = s->wild_names; + if (names) { + char **name = (char **)names->elts; + for (i = 0; i < names->nelts; ++i) { + if (!name[i]) + continue; + if (!ap_strcasecmp_match(servername, name[i])) { + found = TRUE; + break; + } + } + } + } + + /* set SSL_CTX (if matched) */ + if (found && (ssl = ((SSLConnRec *)myConnConfig(c))->ssl) && + (sc = mySrvConfig(s))) { + SSL_set_SSL_CTX(ssl, sc->server->ssl_ctx); + /* + * SSL_set_SSL_CTX() only deals with the server cert, + * so we need to duplicate a few additional settings + * from the ctx by hand + */ + SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx)); + if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) || + (SSL_num_renegotiations(ssl) == 0)) { + /* + * Only initialize the verification settings from the ctx + * if they are not yet set, or if we're called when a new + * SSL connection is set up (num_renegotiations == 0). + * Otherwise, we would possibly reset a per-directory + * configuration which was put into effect by ssl_hook_Access. + */ + SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx), + SSL_CTX_get_verify_callback(ssl->ctx)); + } + + /* + * We also need to make sure that the correct mctx + * (accessed through the c->base_server->module_config vector) + * is assigned to the connection - the CRL callback e.g. + * makes use of it for retrieving its store (mctx->crl). + * Since logging in callbacks uses c->base_server in many + * cases, it also ensures that these messages are routed + * to the proper log. + */ + c->base_server = s; + + /* + * There is one special filter callback, which is set + * very early depending on the base_server's log level. + * If this is not the first vhost we're now selecting + * (and the first vhost doesn't use APLOG_DEBUG), then + * we need to set that callback here. + */ + if (c->base_server->loglevel >= APLOG_DEBUG) { + BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb); + BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl); + } + + return 1; + } + + return 0; +} +#endif Index: httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h =================================================================== --- httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h (revision 763153) +++ httpd-2.2.x/modules/ssl/ssl_toolkit_compat.h (working copy) @@ -264,6 +264,12 @@ typedef void (*modssl_popfree_fn)(char *data); #define SSL_SESS_CACHE_NO_INTERNAL SSL_SESS_CACHE_NO_INTERNAL_LOOKUP #endif +#ifndef OPENSSL_NO_TLSEXT +#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME +#define OPENSSL_NO_TLSEXT +#endif +#endif + #endif /* SSL_TOOLKIT_COMPAT_H */ /** @} */