static void tls_init_cache(void)
{
static const char *tls_ctx_id = "pure-ftpd";
SSL_CTX_set_session_cache_mode(tls_ctx, SSL_SESS_CACHE_SERVER);
SSL_CTX_set_session_id_context(tls_ctx, (unsigned char *) tls_ctx_id,
(unsigned int) strlen(tls_ctx_id));
SSL_CTX_sess_set_cache_size(tls_ctx, 10);
SSL_CTX_set_timeout(tls_ctx, 60 * 60L);
}
/*
* call-seq:
* ctx.session_cache_size=(integer) -> integer
*
*/
static VALUE
ossl_sslctx_set_session_cache_size(VALUE self, VALUE arg)
{
SSL_CTX *ctx;
Data_Get_Struct(self, SSL_CTX, ctx);
SSL_CTX_sess_set_cache_size(ctx, NUM2LONG(arg));
return arg;
}
void swSSL_server_http_advise(SSL_CTX* ssl_context, swSSL_config *cfg)
{
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
SSL_CTX_set_alpn_select_cb(ssl_context, swSSL_alpn_advertised, cfg);
#endif
#ifdef TLSEXT_TYPE_next_proto_neg
SSL_CTX_set_next_protos_advertised_cb(ssl_context, swSSL_npn_advertised, cfg);
#endif
if (cfg->http)
{
SSL_CTX_set_session_id_context(ssl_context, (const unsigned char *) "HTTP", strlen("HTTP"));
SSL_CTX_set_session_cache_mode(ssl_context, SSL_SESS_CACHE_SERVER);
SSL_CTX_sess_set_cache_size(ssl_context, 1);
}
}
/* Create an SSL_CTX and do initialization that is common to all init modes. */
static SSL_CTX *ssl_init_common() {
SSL_CTX *ctx;
SSL_load_error_strings();
SSL_library_init();
ctx = SSL_CTX_new(SSLv23_client_method());
if (!ctx) {
fatal("OpenSSL failed to create a new SSL_CTX: %s",
ERR_error_string(ERR_get_error(), NULL));
}
/* Our SSL* will always have the SSL_SESSION* inside it, so we neither need to
* use nor waste memory for the session cache. (Use '1' because '0' means
* 'infinite'.) */
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF|SSL_SESS_CACHE_NO_AUTO_CLEAR);
SSL_CTX_sess_set_cache_size(ctx, 1);
SSL_CTX_set_timeout(ctx, 3600); /* pretty unnecessary */
return ctx;
}
int swSSL_server_config(SSL_CTX* ssl_context, swSSL_config *cfg)
{
#ifndef TLS1_2_VERSION
return SW_OK;
#endif
SSL_CTX_set_read_ahead(ssl_context, 1);
#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
SSL_CTX_set_alpn_select_cb(ssl_context, swSSL_alpn_advertised, cfg);
#endif
#ifdef TLSEXT_TYPE_next_proto_neg
SSL_CTX_set_next_protos_advertised_cb(ssl_context, swSSL_npn_advertised, cfg);
#endif
if (SSL_CTX_set_cipher_list(ssl_context, cfg->ciphers) == 0)
{
swWarn("SSL_CTX_set_cipher_list(\"%s\") failed", SW_SSL_CIPHER_LIST);
return SW_ERR;
}
if (cfg->prefer_server_ciphers)
{
SSL_CTX_set_options(ssl_context, SSL_OP_CIPHER_SERVER_PREFERENCE);
}
#ifndef LIBRESSL_VERSION_NUMBER
SSL_CTX_set_tmp_rsa_callback(ssl_context, swSSL_rsa512_key_callback);
#endif
swSSL_set_dhparam(ssl_context);
swSSL_set_ecdh_curve(ssl_context);
if (cfg->http)
{
SSL_CTX_set_session_id_context(ssl_context, (const unsigned char *) "HTTP", strlen("HTTP"));
SSL_CTX_set_session_cache_mode(ssl_context, SSL_SESS_CACHE_SERVER);
SSL_CTX_sess_set_cache_size(ssl_context, 1);
}
return SW_OK;
}
int ssl_server_init(char* ca_file, char *crt_file, char *key_file, char *dhp_file, char *ssl_cipher_list)
{
static const char *ssl_ctx_id = "httpd";
long ssl_options;
if (!crt_file || !f_exists(crt_file)) {
httpd_log("%s: Server certificate (%s) is not found!", SYSLOG_ID_SSL, crt_file);
httpd_log("Please manual build the certificate via \"%s\" script.", "https-cert.sh");
return -1;
}
if (!key_file || !f_exists(key_file)) {
httpd_log("%s: Server private key (%s) is not found!", SYSLOG_ID_SSL, key_file);
httpd_log("Please manual build the certificate via \"%s\" script.", "https-cert.sh");
return -1;
}
SSL_load_error_strings();
SSL_library_init();
ssl_ctx = SSL_CTX_new(SSLv23_server_method());
if (!ssl_ctx) {
httpd_log("%s: Unable to create SSL context!", SYSLOG_ID_SSL);
return -1;
}
ssl_options = SSL_OP_ALL | SSL_OP_NO_COMPRESSION | SSL_OP_NO_SSLv2 |
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
SSL_CTX_set_options(ssl_ctx, ssl_options);
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_NONE, NULL);
if (ssl_cipher_list && strlen(ssl_cipher_list) > 2) {
if (SSL_CTX_set_cipher_list(ssl_ctx, ssl_cipher_list) != 1) {
httpd_log("%s: Cannot set SSL cipher list (%s)!", SYSLOG_ID_SSL, ssl_cipher_list);
} else {
SSL_CTX_set_options(ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
}
}
if (ca_file && f_exists(ca_file)) {
if (SSL_CTX_load_verify_locations(ssl_ctx, ca_file, NULL) != 1) {
httpd_log("%s: Cannot load CA certificate (%s)!", SYSLOG_ID_SSL, ca_file);
}
}
if (SSL_CTX_use_certificate_file(ssl_ctx, crt_file, SSL_FILETYPE_PEM) != 1) {
httpd_log("%s: Cannot load server certificate (%s)!", SYSLOG_ID_SSL, crt_file);
ssl_server_uninit();
return 1;
}
if (SSL_CTX_use_PrivateKey_file(ssl_ctx, key_file, SSL_FILETYPE_PEM) != 1) {
httpd_log("%s: Cannot load server private key (%s)!", SYSLOG_ID_SSL, key_file);
ssl_server_uninit();
return 1;
}
if (SSL_CTX_check_private_key(ssl_ctx) != 1) {
httpd_log("%s: Private key does not match the certificate!", SYSLOG_ID_SSL);
ssl_server_uninit();
return 1;
}
if (dhp_file && f_exists(dhp_file)) {
/* DH parameters from file */
BIO *bio = BIO_new_file(dhp_file, "r");
if (bio) {
DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
BIO_free(bio);
if (dh) {
SSL_CTX_set_tmp_dh(ssl_ctx, dh);
SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_DH_USE);
DH_free(dh);
} else {
httpd_log("%s: Cannot load DH parameters (%s)!", SYSLOG_ID_SSL, dhp_file);
}
}
} else {
/* Default DH parameters from RFC5114 */
DH *dh = DH_new();
if (dh) {
dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
dh->length = 160;
if (dh->p && dh->g) {
SSL_CTX_set_tmp_dh(ssl_ctx, dh);
SSL_CTX_set_options(ssl_ctx, SSL_OP_SINGLE_DH_USE);
}
DH_free(dh);
}
}
SSL_CTX_set_default_read_ahead(ssl_ctx, 1);
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_SERVER);
SSL_CTX_set_session_id_context(ssl_ctx, (unsigned char *)ssl_ctx_id, strlen(ssl_ctx_id));
SSL_CTX_sess_set_cache_size(ssl_ctx, 10);
SSL_CTX_set_info_callback(ssl_ctx, http_ssl_info_cb);
return 0;
}
PUBLIC int sslOpen()
{
RandBuf randBuf;
trace(7, "Initializing SSL");
randBuf.now = time(0);
randBuf.pid = getpid();
RAND_seed((void*) &randBuf, sizeof(randBuf));
#if BIT_UNIX_LIKE
trace(6, "OpenSsl: Before calling RAND_load_file");
RAND_load_file("/dev/urandom", 256);
trace(6, "OpenSsl: After calling RAND_load_file");
#endif
CRYPTO_malloc_init();
#if !BIT_WIN_LIKE
OpenSSL_add_all_algorithms();
#endif
SSL_library_init();
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
if ((sslctx = SSL_CTX_new(SSLv23_server_method())) == 0) {
error("Unable to create SSL context");
return -1;
}
/*
Set the client certificate verification locations
*/
if (*BIT_GOAHEAD_CA) {
if ((!SSL_CTX_load_verify_locations(sslctx, BIT_GOAHEAD_CA, NULL)) || (!SSL_CTX_set_default_verify_paths(sslctx))) {
error("Unable to read cert verification locations");
sslClose();
return -1;
}
}
/*
Set the server certificate and key files
*/
if (*BIT_GOAHEAD_KEY && sslSetKeyFile(BIT_GOAHEAD_KEY) < 0) {
sslClose();
return -1;
}
if (*BIT_GOAHEAD_CERTIFICATE && sslSetCertFile(BIT_GOAHEAD_CERTIFICATE) < 0) {
sslClose();
return -1;
}
SSL_CTX_set_tmp_rsa_callback(sslctx, rsaCallback);
#if VERIFY_CLIENT
if (verifyPeer) {
SSL_CTX_set_verify(context, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verifyX509Certificate);
#if FUTURE && KEEP
SSL_CTX_set_verify_depth(context, VERIFY_DEPTH);
#endif
} else {
SSL_CTX_set_verify(sslctx, SSL_VERIFY_NONE, verifyX509Certificate);
}
#else
SSL_CTX_set_verify(sslctx, SSL_VERIFY_NONE, verifyX509Certificate);
#endif
/*
Set the certificate authority list for the client
*/
if (BIT_GOAHEAD_CA && *BIT_GOAHEAD_CA) {
SSL_CTX_set_client_CA_list(sslctx, SSL_load_client_CA_file(BIT_GOAHEAD_CA));
}
SSL_CTX_set_cipher_list(sslctx, BIT_GOAHEAD_CIPHERS);
SSL_CTX_set_options(sslctx, SSL_OP_ALL);
SSL_CTX_sess_set_cache_size(sslctx, 128);
#ifdef SSL_OP_NO_TICKET
SSL_CTX_set_options(sslctx, SSL_OP_NO_TICKET);
#endif
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
SSL_CTX_set_options(sslctx, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#endif
SSL_CTX_set_mode(sslctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_AUTO_RETRY);
SSL_CTX_set_options(sslctx, SSL_OP_NO_SSLv2);
/*
Ensure we generate a new private key for each connection
*/
SSL_CTX_set_options(sslctx, SSL_OP_SINGLE_DH_USE);
return 0;
}
int
evhtp_ssl_init(evhtp * htp, evhtp_ssl_cfg * cfg) {
long cache_mode;
evhtp_ssl_scache_init init_cb = NULL;
evhtp_ssl_scache_add add_cb = NULL;
evhtp_ssl_scache_get get_cb = NULL;
evhtp_ssl_scache_del del_cb = NULL;
if (cfg == NULL || htp == NULL || cfg->pemfile == NULL) {
return -1;
}
SSL_library_init();
SSL_load_error_strings();
RAND_poll();
STACK_OF(SSL_COMP) * comp_methods = SSL_COMP_get_compression_methods();
sk_SSL_COMP_zero(comp_methods);
htp->ssl_cfg = cfg;
htp->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
SSL_CTX_set_options(htp->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
SSL_CTX_set_timeout(htp->ssl_ctx, 60 * 60 * 48);
#endif
SSL_CTX_set_options(htp->ssl_ctx, cfg->ssl_opts);
if (cfg->ciphers != NULL) {
SSL_CTX_set_cipher_list(htp->ssl_ctx, cfg->ciphers);
}
SSL_CTX_load_verify_locations(htp->ssl_ctx, cfg->cafile, cfg->capath);
X509_STORE_set_flags(SSL_CTX_get_cert_store(htp->ssl_ctx), cfg->store_flags);
SSL_CTX_set_verify(htp->ssl_ctx, cfg->verify_peer, cfg->x509_verify_cb);
if (cfg->x509_chk_issued_cb != NULL) {
htp->ssl_ctx->cert_store->check_issued = cfg->x509_chk_issued_cb;
}
if (cfg->verify_depth) {
SSL_CTX_set_verify_depth(htp->ssl_ctx, cfg->verify_depth);
}
switch (cfg->scache_type) {
case evhtp_ssl_scache_type_disabled:
cache_mode = SSL_SESS_CACHE_OFF;
break;
case evhtp_ssl_scache_type_user:
cache_mode = SSL_SESS_CACHE_SERVER |
SSL_SESS_CACHE_NO_INTERNAL |
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
init_cb = cfg->scache_init;
add_cb = cfg->scache_add;
get_cb = cfg->scache_get;
del_cb = cfg->scache_del;
break;
case evhtp_ssl_scache_type_builtin:
cache_mode = SSL_SESS_CACHE_SERVER |
SSL_SESS_CACHE_NO_INTERNAL |
SSL_SESS_CACHE_NO_INTERNAL_LOOKUP;
#if 0
init_cb = _evhtp_ssl_builtin_init;
add_cb = _evhtp_ssl_builtin_add;
get_cb = _evhtp_ssl_builtin_get;
del_cb = _evhtp_ssl_builtin_del;
#endif
break;
case evhtp_ssl_scache_type_internal:
default:
cache_mode = SSL_SESS_CACHE_SERVER;
break;
} /* switch */
SSL_CTX_use_certificate_file(htp->ssl_ctx, cfg->pemfile, SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(htp->ssl_ctx, cfg->privfile ? cfg->privfile: cfg->pemfile, SSL_FILETYPE_PEM);
SSL_CTX_set_session_id_context(htp->ssl_ctx,
(const unsigned char*)&session_id_context,
sizeof(session_id_context));
SSL_CTX_set_app_data(htp->ssl_ctx, htp);
SSL_CTX_set_session_cache_mode(htp->ssl_ctx, cache_mode);
if (cache_mode != SSL_SESS_CACHE_OFF) {
SSL_CTX_sess_set_cache_size(htp->ssl_ctx,
cfg->scache_size ? cfg->scache_size : 1024);
if (cfg->scache_type == evhtp_ssl_scache_type_builtin ||
cfg->scache_type == evhtp_ssl_scache_type_user) {
SSL_CTX_sess_set_new_cb(htp->ssl_ctx, _evhtp_ssl_add_scache_ent);
SSL_CTX_sess_set_get_cb(htp->ssl_ctx, _evhtp_ssl_get_scache_ent);
SSL_CTX_sess_set_remove_cb(htp->ssl_ctx, _evhtp_ssl_delete_scache_ent);
if (cfg->scache_init) {
cfg->args = (cfg->scache_init)(htp);
}
}
}
return 0;
} /* evhtp_use_ssl */
int context_init(SERVICE_OPTIONS *section) { /* init SSL context */
/* create SSL context */
if(section->option.client)
section->ctx=SSL_CTX_new(section->client_method);
else /* server mode */
section->ctx=SSL_CTX_new(section->server_method);
if(!section->ctx) {
sslerror("SSL_CTX_new");
return 1; /* FAILED */
}
SSL_CTX_set_ex_data(section->ctx, opt_index, section); /* for callbacks */
/* load certificate and private key to be verified by the peer server */
#ifdef HAVE_OSSL_ENGINE_H
if(section->option.client && section->engine) {
if(SSL_CTX_set_client_cert_engine(section->ctx, section->engine))
s_log(LOG_INFO, "Client certificate engine (%s) enabled",
ENGINE_get_id(section->engine));
else /* no client certificate functionality in this engine */
sslerror("SSL_CTX_set_client_cert_engine"); /* ignore error */
}
#endif
if(load_cert(section))
return 1; /* FAILED */
/* initialize verification of the peer server certificate */
if(verify_init(section))
return 1; /* FAILED */
/* initialize DH/ECDH server mode */
if(!section->option.client) {
#ifndef OPENSSL_NO_TLSEXT
SSL_CTX_set_tlsext_servername_arg(section->ctx, section);
SSL_CTX_set_tlsext_servername_callback(section->ctx, servername_cb);
#endif /* OPENSSL_NO_TLSEXT */
#ifndef OPENSSL_NO_DH
init_dh(section); /* ignore the result (errors are not critical) */
#endif /* OPENSSL_NO_DH */
#ifndef OPENSSL_NO_ECDH
init_ecdh(section); /* ignore the result (errors are not critical) */
#endif /* OPENSSL_NO_ECDH */
}
/* setup session cache */
if(!section->option.client) {
unsigned int servname_len=strlen(section->servname);
if(servname_len>SSL_MAX_SSL_SESSION_ID_LENGTH)
servname_len=SSL_MAX_SSL_SESSION_ID_LENGTH;
if(!SSL_CTX_set_session_id_context(section->ctx,
(unsigned char *)section->servname, servname_len)) {
sslerror("SSL_CTX_set_session_id_context");
return 1; /* FAILED */
}
}
SSL_CTX_set_session_cache_mode(section->ctx, SSL_SESS_CACHE_BOTH);
SSL_CTX_sess_set_cache_size(section->ctx, section->session_size);
SSL_CTX_set_timeout(section->ctx, section->session_timeout);
if(section->option.sessiond) {
SSL_CTX_sess_set_new_cb(section->ctx, sess_new_cb);
SSL_CTX_sess_set_get_cb(section->ctx, sess_get_cb);
SSL_CTX_sess_set_remove_cb(section->ctx, sess_remove_cb);
}
/* set info callback */
SSL_CTX_set_info_callback(section->ctx, info_callback);
/* ciphers, options, mode */
if(section->cipher_list)
if(!SSL_CTX_set_cipher_list(section->ctx, section->cipher_list)) {
sslerror("SSL_CTX_set_cipher_list");
return 1; /* FAILED */
}
s_log(LOG_DEBUG, "SSL options set: 0x%08lX",
SSL_CTX_set_options(section->ctx, section->ssl_options));
#ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode(section->ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
SSL_MODE_RELEASE_BUFFERS);
#else
SSL_CTX_set_mode(section->ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#endif
return 0; /* OK */
}
/*
Open the SSL module
*/
PUBLIC int sslOpen()
{
RandBuf randBuf;
X509_STORE *store;
uchar resume[16];
char *ciphers;
trace(7, "Initializing SSL");
randBuf.now = time(0);
randBuf.pid = getpid();
RAND_seed((void*) &randBuf, sizeof(randBuf));
#if ME_UNIX_LIKE
trace(6, "OpenSsl: Before calling RAND_load_file");
RAND_load_file("/dev/urandom", 256);
trace(6, "OpenSsl: After calling RAND_load_file");
#endif
CRYPTO_malloc_init();
#if !ME_WIN_LIKE
OpenSSL_add_all_algorithms();
#endif
SSL_library_init();
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
if ((sslctx = SSL_CTX_new(SSLv23_server_method())) == 0) {
error("Unable to create SSL context");
return -1;
}
/*
Set the server certificate and key files
*/
if (*ME_GOAHEAD_SSL_KEY && sslSetKeyFile(ME_GOAHEAD_SSL_KEY) < 0) {
sslClose();
return -1;
}
if (*ME_GOAHEAD_SSL_CERTIFICATE && sslSetCertFile(ME_GOAHEAD_SSL_CERTIFICATE) < 0) {
sslClose();
return -1;
}
if (ME_GOAHEAD_SSL_VERIFY_PEER) {
SSL_CTX_set_verify(sslctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verifyClientCertificate);
SSL_CTX_set_verify_depth(sslctx, VERIFY_DEPTH);
} else {
SSL_CTX_set_verify(sslctx, SSL_VERIFY_NONE, verifyClientCertificate);
}
/*
Set the client certificate verification locations
*/
if (ME_GOAHEAD_SSL_AUTHORITY && *ME_GOAHEAD_SSL_AUTHORITY) {
if ((!SSL_CTX_load_verify_locations(sslctx, ME_GOAHEAD_SSL_AUTHORITY, NULL)) ||
(!SSL_CTX_set_default_verify_paths(sslctx))) {
error("Unable to read cert verification locations");
sslClose();
return -1;
}
/*
Define the list of CA certificates to send to the client before they send their client
certificate for validation
*/
SSL_CTX_set_client_CA_list(sslctx, SSL_load_client_CA_file(ME_GOAHEAD_SSL_AUTHORITY));
}
if (ME_GOAHEAD_SSL_REVOKE && *ME_GOAHEAD_SSL_REVOKE) {
store = SSL_CTX_get_cert_store(sslctx);
if (!X509_STORE_load_locations(store, ME_GOAHEAD_SSL_REVOKE, 0)) {
error("Cannot load certificate revoke list: %s", ME_GOAHEAD_SSL_REVOKE);
sslClose();
return -1;
}
}
/*
Configure DH parameters
*/
dhKey = getDhKey();
SSL_CTX_set_tmp_dh_callback(sslctx, dhcallback);
/*
Configure cipher suite
*/
if (ME_GOAHEAD_SSL_CIPHERS && *ME_GOAHEAD_SSL_CIPHERS) {
ciphers = ME_GOAHEAD_SSL_CIPHERS;
} else {
ciphers = OPENSSL_DEFAULT_CIPHERS;
}
ciphers = mapCipherNames(ciphers);
trace(5, "Using OpenSSL ciphers: %s", ciphers);
if (SSL_CTX_set_cipher_list(sslctx, ciphers) != 1) {
error("Unable to set cipher list \"%s\"", ciphers);
sslClose();
wfree(ciphers);
return -1;
}
wfree(ciphers);
/*
Define default OpenSSL options
*/
SSL_CTX_set_options(sslctx, SSL_OP_ALL);
/*
Ensure we generate a new private key for each connection
*/
SSL_CTX_set_options(sslctx, SSL_OP_SINGLE_DH_USE);
/*
Define a session reuse context
*/
RAND_bytes(resume, sizeof(resume));
SSL_CTX_set_session_id_context(sslctx, resume, sizeof(resume));
/*
Elliptic Curve initialization
*/
#if SSL_OP_SINGLE_ECDH_USE
#ifdef SSL_CTX_set_ecdh_auto
SSL_CTX_set_ecdh_auto(sslctx, 1);
#else
{
EC_KEY *ecdh;
cchar *name;
int nid;
name = ME_GOAHEAD_SSL_CURVE;
if ((nid = OBJ_sn2nid(name)) == 0) {
error("Unknown curve name \"%s\"", name);
sslClose();
return -1;
}
if ((ecdh = EC_KEY_new_by_curve_name(nid)) == 0) {
error("Unable to create curve \"%s\"", name);
sslClose();
return -1;
}
SSL_CTX_set_options(sslctx, SSL_OP_SINGLE_ECDH_USE);
SSL_CTX_set_tmp_ecdh(sslctx, ecdh);
EC_KEY_free(ecdh);
}
#endif
#endif
SSL_CTX_set_mode(sslctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_AUTO_RETRY | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
SSL_CTX_set_options(sslctx, SSL_OP_MSIE_SSLV2_RSA_PADDING);
#endif
#ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode(sslctx, SSL_MODE_RELEASE_BUFFERS);
#endif
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
SSL_CTX_set_mode(sslctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
#endif
/*
Select the required protocols
Disable both SSLv2 and SSLv3 by default - they are insecure
*/
SSL_CTX_set_options(sslctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(sslctx, SSL_OP_NO_SSLv3);
#if defined(SSL_OP_NO_TLSv1) && ME_GOAHEAD_SSL_NO_V1
SSL_CTX_set_options(sslctx, SSL_OP_NO_TLSv1);
#endif
#if defined(SSL_OP_NO_TLSv1_1) && ME_GOAHEAD_SSL_NO_V1_1
SSL_CTX_set_options(sslctx, SSL_OP_NO_TLSv1_1);
#endif
#if defined(SSL_OP_NO_TLSv1_2) && ME_GOAHEAD_SSL_NO_V1_2
SSL_CTX_set_options(sslctx, SSL_OP_NO_TLSv1_2);
#endif
#if defined(SSL_OP_NO_TICKET)
/*
Ticket based session reuse is enabled by default
*/
#if defined(ME_GOAHEAD_SSL_TICKET)
if (ME_GOAHEAD_SSL_TICKET) {
SSL_CTX_clear_options(sslctx, SSL_OP_NO_TICKET);
} else {
SSL_CTX_set_options(sslctx, SSL_OP_NO_TICKET);
}
#else
SSL_CTX_clear_options(sslctx, SSL_OP_NO_TICKET);
#endif
#endif
#if defined(SSL_OP_NO_COMPRESSION)
/*
CRIME attack targets compression
*/
SSL_CTX_clear_options(sslctx, SSL_OP_NO_COMPRESSION);
#endif
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
/*
Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers.
Defaults to true.
*/
#if defined(ME_GOAHEAD_SSL_EMPTY_FRAGMENTS)
if (ME_GOAHEAD_SSL_EMPTY_FRAGMENTS) {
/* SSL_OP_ALL disables empty fragments. Only needed for ancient browsers like IE-6 on SSL-3.0/TLS-1.0 */
SSL_CTX_clear_options(sslctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
} else {
SSL_CTX_set_options(sslctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
}
#else
SSL_CTX_set_options(sslctx, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
#endif
#endif
#if defined(ME_GOAHEAD_SSL_CACHE)
/*
Set the number of sessions supported. Default in OpenSSL is 20K.
*/
SSL_CTX_sess_set_cache_size(sslctx, ME_GOAHEAD_SSL_CACHE);
#else
SSL_CTX_sess_set_cache_size(sslctx, 256);
#endif
return 0;
}
int context_init(SERVICE_OPTIONS *section) { /* init SSL context */
/* create SSL context */
if(section->option.client)
section->ctx=SSL_CTX_new(section->client_method);
else /* server mode */
section->ctx=SSL_CTX_new(section->server_method);
if(!section->ctx) {
sslerror("SSL_CTX_new");
return 1; /* FAILED */
}
SSL_CTX_set_ex_data(section->ctx, index_opt, section); /* for callbacks */
/* load certificate and private key to be verified by the peer server */
#if !defined(OPENSSL_NO_ENGINE) && OPENSSL_VERSION_NUMBER>=0x0090809fL
/* SSL_CTX_set_client_cert_engine() was introduced in OpenSSL 0.9.8i */
if(section->option.client && section->engine) {
if(SSL_CTX_set_client_cert_engine(section->ctx, section->engine))
s_log(LOG_INFO, "Client certificate engine (%s) enabled",
ENGINE_get_id(section->engine));
else /* no client certificate functionality in this engine */
sslerror("SSL_CTX_set_client_cert_engine"); /* ignore error */
}
#endif
if(auth_init(section))
return 1; /* FAILED */
/* initialize verification of the peer server certificate */
if(verify_init(section))
return 1; /* FAILED */
/* initialize DH/ECDH server mode */
if(!section->option.client) {
#ifndef OPENSSL_NO_TLSEXT
SSL_CTX_set_tlsext_servername_arg(section->ctx, section);
SSL_CTX_set_tlsext_servername_callback(section->ctx, servername_cb);
#endif /* OPENSSL_NO_TLSEXT */
#ifndef OPENSSL_NO_DH
dh_init(section); /* ignore the result (errors are not critical) */
#endif /* OPENSSL_NO_DH */
#ifndef OPENSSL_NO_ECDH
ecdh_init(section); /* ignore the result (errors are not critical) */
#endif /* OPENSSL_NO_ECDH */
}
/* setup session cache */
if(!section->option.client) {
unsigned servname_len=(unsigned)strlen(section->servname);
if(servname_len>SSL_MAX_SSL_SESSION_ID_LENGTH)
servname_len=SSL_MAX_SSL_SESSION_ID_LENGTH;
if(!SSL_CTX_set_session_id_context(section->ctx,
(unsigned char *)section->servname, servname_len)) {
sslerror("SSL_CTX_set_session_id_context");
return 1; /* FAILED */
}
}
#ifdef SSL_SESS_CACHE_NO_INTERNAL_STORE
/* the default cache mode is just SSL_SESS_CACHE_SERVER */
SSL_CTX_set_session_cache_mode(section->ctx,
SSL_SESS_CACHE_SERVER|SSL_SESS_CACHE_NO_INTERNAL_STORE);
#endif
SSL_CTX_sess_set_cache_size(section->ctx, section->session_size);
SSL_CTX_set_timeout(section->ctx, section->session_timeout);
SSL_CTX_sess_set_new_cb(section->ctx, sess_new_cb);
SSL_CTX_sess_set_get_cb(section->ctx, sess_get_cb);
SSL_CTX_sess_set_remove_cb(section->ctx, sess_remove_cb);
/* set info callback */
SSL_CTX_set_info_callback(section->ctx, info_callback);
/* ciphers, options, mode */
if(section->cipher_list)
if(!SSL_CTX_set_cipher_list(section->ctx, section->cipher_list)) {
sslerror("SSL_CTX_set_cipher_list");
return 1; /* FAILED */
}
SSL_CTX_set_options(section->ctx,
(SSL_OPTIONS_TYPE)(section->ssl_options_set));
#if OPENSSL_VERSION_NUMBER>=0x009080dfL
SSL_CTX_clear_options(section->ctx,
(SSL_OPTIONS_TYPE)(section->ssl_options_clear));
s_log(LOG_DEBUG, "SSL options: 0x%08lX (+0x%08lX, -0x%08lX)",
SSL_CTX_get_options(section->ctx),
section->ssl_options_set, section->ssl_options_clear);
#else /* OpenSSL older than 0.9.8m */
s_log(LOG_DEBUG, "SSL options: 0x%08lX (+0x%08lX)",
SSL_CTX_get_options(section->ctx),
section->ssl_options_set);
#endif /* OpenSSL 0.9.8m or later */
/* initialize OpenSSL CONF options */
if(conf_init(section))
return 1; /* FAILED */
#ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode(section->ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
SSL_MODE_RELEASE_BUFFERS);
#else
SSL_CTX_set_mode(section->ctx,
SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#endif
return 0; /* OK */
}
/*
* Start up the SSL Context for the application, and start a listen on the
* SSL port (usually 443, and defined by SSL_PORT)
* Return 0 on success, -1 on failure.
*/
int websSSLOpen()
{
char *certFile, *keyFile, *CApath, *CAfile;
SSL_METHOD *meth;
/*
* Install and initialize the SSL library
*/
apps_startup();
printf("ssl.c: SSL: Initializing SSL\n");
SSL_load_error_strings();
SSLeay_add_ssl_algorithms();
/*
* Important! Enable both SSL versions 2 and 3
*/
meth = SSLv23_server_method();
sslctx = SSL_CTX_new(meth);
if (sslctx == NULL) {
printf("SSL: Unable to create SSL context!\n");
return -1;
}
/*
* Adjust some SSL Context variables
*/
SSL_CTX_set_quiet_shutdown(sslctx, 1);
SSL_CTX_set_options(sslctx, 0);
SSL_CTX_sess_set_cache_size(sslctx, 128);
/*
* Set the certificate verification locations
*/
CApath = DEFAULT_CA_PATH;
CAfile = DEFAULT_CA_FILE;
if ((!SSL_CTX_load_verify_locations(sslctx, CAfile, CApath)) ||
(!SSL_CTX_set_default_verify_paths(sslctx))) {
printf("SSL: Unable to set cert verification locations!\n");
websSSLClose();
return -1;
}
/*
* Setting up certificates for the SSL server.
* Set the certificate and key files for the SSL context.
*/
certFile = DEFAULT_CERT_FILE;
keyFile = NULL;
if (websSSLSetCertStuff(sslctx, certFile, keyFile) != 0) {
websSSLClose();
return -1;
}
/*
* Set the RSA callback for the SSL context
*/
SSL_CTX_set_tmp_rsa_callback(sslctx, websSSLTempRSACallback);
/*
* Set the verification callback for the SSL context
*/
SSL_CTX_set_verify(sslctx, SSL_VERIFY_NONE, websSSLVerifyCallback);
/*
* Set the certificate authority list for the client
*/
SSL_CTX_set_client_CA_list(sslctx, SSL_load_client_CA_file(CAfile));
/*
* Open the socket
*/
sslListenSock = socketOpenConnection(NULL, SSL_PORT,
websSSLAccept, SOCKET_BLOCK);
if (sslListenSock < 0) {
trace(2, T("SSL: Unable to open SSL socket on port <%d>!\n"),
SSL_PORT);
return -1;
}
return 0;
}
static void SSLInfoCallback(const SSL *s, int where, int ret) {
#else
static void SSLInfoCallback(SSL *s, int where, int ret) {
#endif
if(where & SSL_CB_LOOP)
printf("SSL state (%s): %s\r\n",
where & SSL_ST_CONNECT ? "connect" :
where & SSL_ST_ACCEPT ? "accept" :
"undefined", SSL_state_string_long(s));
else if(where & SSL_CB_ALERT)
printf("SSL alert (%s): %s: %s\r\n",
where & SSL_CB_READ ? "read" : "write",
SSL_alert_type_string_long(ret),
SSL_alert_desc_string_long(ret));
else if(where==SSL_CB_HANDSHAKE_DONE)
print_stats();
else
if (where & SSL_CB_EXIT)
{
if (ret == 0)
printf("%failed in %s\r\n",
SSL_state_string_long(s));
}
}
#endif /*DEBUG_SSL*/
static void CDECL LockSSL(int iMode,
int iType,
const char* pszFileName,
int iLine)
{
if(iMode & CRYPTO_LOCK)
{
#ifdef _WIN32
EnterCriticalSection(&lock);
#else
pthread_mutex_lock(&lock);
#endif
}
else
{
if(iMode & CRYPTO_UNLOCK)
{
#ifdef _WIN32
LeaveCriticalSection(&lock);
#else
pthread_mutex_unlock(&lock);
#endif
}
}
}
SSL_CTX* SSLMakeCtx(const SSLOptions& sslOpt,
int iServer)
{
SSL_CTX* pSSLCtx;
if(iServer)
{
pSSLCtx = SSL_CTX_new(SSLv23_server_method());
}
else
{
pSSLCtx = SSL_CTX_new(SSLv23_client_method());
}
if(!pSSLCtx)
{
SysLogMessage(LOG_LEV_ERROR,
"Cannot create SSL context, ssl support is disabled\r\n");
return (NULL);
}
int iSSLOpt = SSL_OP_ALL;
#ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
iSSLOpt |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
#endif
SSL_CTX_set_options(pSSLCtx,
iSSLOpt);
#if SSLEAY_VERSION_NUMBER >= 0x00906000L
SSL_CTX_set_mode(pSSLCtx,
SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#endif /* OpenSSL-0.9.6 */
/*
SSL_CTX_set_session_cache_mode(pSSLCtx,
SSL_SESS_CACHE_OFF);
*/
SSL_CTX_set_session_cache_mode(pSSLCtx,
SSL_SESS_CACHE_BOTH);
SSL_CTX_sess_set_cache_size(pSSLCtx,
128);
if(!sslOpt.pszCertFile)
{
SysLogMessage(LOG_LEV_ERROR,
"Certificate file not found, ssl support is disabled\r\n");
SSL_CTX_free(pSSLCtx);
return (NULL);
}
if(!SSL_CTX_use_certificate_chain_file(pSSLCtx,
sslOpt.pszCertFile))
{
SysLogMessage(LOG_LEV_ERROR,
"Error reading certificate file: %s, ssl support is disabled\r\n",
sslOpt.pszCertFile);
SSL_CTX_free(pSSLCtx);
return (NULL);
}
SSL_CTX_use_RSAPrivateKey_file(pSSLCtx,
sslOpt.pszCertFile,
SSL_FILETYPE_PEM);
if(!SSL_CTX_check_private_key(pSSLCtx))
{
SysLogMessage(LOG_LEV_ERROR,
"Private key does not match the certificate, ssl support is disabled\r\n");
SSL_CTX_free(pSSLCtx);
return (NULL);
}
#ifdef DEBUG_SSL
SSL_CTX_set_info_callback(pSSLCtx,
SSLInfoCallback);
#endif
if(!SSL_CTX_set_cipher_list(pSSLCtx,
SSL_DEFAULT_CIPHER_LIST))
{
SysLogMessage(LOG_LEV_ERROR,
"Cannot set ciphers: %s, ssl support is disabled\r\n",
SSL_DEFAULT_CIPHER_LIST);
SSL_CTX_free(pSSLCtx);
return (NULL);
}
return (pSSLCtx);
}
/*
TODO:
Add option --verify to mysqld to be able to change verification mode
*/
struct st_VioSSLAcceptorFd*
new_VioSSLAcceptorFd(const char *key_file,
const char *cert_file,
const char *ca_file,
const char *ca_path,
const char *cipher)
{
int verify = (SSL_VERIFY_PEER |
SSL_VERIFY_CLIENT_ONCE);
struct st_VioSSLAcceptorFd* ptr;
int result;
DH *dh;
DBUG_ENTER("new_VioSSLAcceptorFd");
ptr= ((struct st_VioSSLAcceptorFd*)
my_malloc(sizeof(struct st_VioSSLAcceptorFd),MYF(0)));
ptr->ssl_context=0;
ptr->ssl_method=0;
/* FIXME: constants! */
ptr->session_id_context= ptr;
if (!ssl_algorithms_added)
{
DBUG_PRINT("info", ("todo: OpenSSL_add_all_algorithms()"));
ssl_algorithms_added = TRUE;
SSL_library_init();
OpenSSL_add_all_algorithms();
}
#ifdef __NETWARE__
netware_ssl_init();
#endif
if (!ssl_error_strings_loaded)
{
DBUG_PRINT("info", ("todo: SSL_load_error_strings()"));
ssl_error_strings_loaded = TRUE;
SSL_load_error_strings();
}
ptr->ssl_method= TLSv1_server_method();
ptr->ssl_context= SSL_CTX_new(ptr->ssl_method);
if (ptr->ssl_context == 0)
{
DBUG_PRINT("error", ("SSL_CTX_new failed"));
report_errors();
goto ctor_failure;
}
if (cipher)
{
result=SSL_CTX_set_cipher_list(ptr->ssl_context, cipher);
DBUG_PRINT("info",("SSL_set_cipher_list() returned %d",result));
}
/* SSL_CTX_set_quiet_shutdown(ctx,1); */
SSL_CTX_sess_set_cache_size(ptr->ssl_context,128);
/* DH? */
SSL_CTX_set_verify(ptr->ssl_context, verify, vio_verify_callback);
SSL_CTX_set_session_id_context(ptr->ssl_context,
(const uchar*) &(ptr->session_id_context),
sizeof(ptr->session_id_context));
/*
SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
*/
if (vio_set_cert_stuff(ptr->ssl_context, cert_file, key_file) == -1)
{
DBUG_PRINT("error", ("vio_set_cert_stuff failed"));
report_errors();
goto ctor_failure;
}
if (SSL_CTX_load_verify_locations( ptr->ssl_context, ca_file, ca_path) == 0)
{
DBUG_PRINT("warning", ("SSL_CTX_load_verify_locations failed"));
if (SSL_CTX_set_default_verify_paths(ptr->ssl_context)==0)
{
DBUG_PRINT("error", ("SSL_CTX_set_default_verify_paths failed"));
report_errors();
goto ctor_failure;
}
}
/* DH stuff */
dh=get_dh512();
SSL_CTX_set_tmp_dh(ptr->ssl_context,dh);
DH_free(dh);
DBUG_RETURN(ptr);
ctor_failure:
DBUG_PRINT("exit", ("there was an error"));
my_free((gptr) ptr,MYF(0));
DBUG_RETURN(0);
}
void SSLContext::setSessionCacheSize(std::size_t size)
{
assert(isForServerUse());
SSL_CTX_sess_set_cache_size(_sslContext, static_cast<long>(size));
}
TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props)
{
SSL_CTX *server_ctx;
long off = 0;
int verify_flags = SSL_VERIFY_NONE;
int cachable;
int protomask;
TLS_APPL_STATE *app_ctx;
const EVP_MD *md_alg;
unsigned int md_len;
if (props->log_level >= 2)
msg_info("initializing the server-side TLS engine");
/*
* Load (mostly cipher related) TLS-library internal main.cf parameters.
*/
tls_param_init();
/*
* Detect mismatch between compile-time headers and run-time library.
*/
tls_check_version();
/*
* Initialize the OpenSSL library by the book! To start with, we must
* initialize the algorithms. We want cleartext error messages instead of
* just error codes, so we load the error_strings.
*/
SSL_load_error_strings();
OpenSSL_add_ssl_algorithms();
/*
* First validate the protocols. If these are invalid, we can't continue.
*/
protomask = tls_protocol_mask(props->protocols);
if (protomask == TLS_PROTOCOL_INVALID) {
/* tls_protocol_mask() logs no warning. */
msg_warn("Invalid TLS protocol list \"%s\": disabling TLS support",
props->protocols);
return (0);
}
/*
* Create an application data index for SSL objects, so that we can
* attach TLScontext information; this information is needed inside
* tls_verify_certificate_callback().
*/
if (TLScontext_index < 0) {
if ((TLScontext_index = SSL_get_ex_new_index(0, 0, 0, 0, 0)) < 0) {
msg_warn("Cannot allocate SSL application data index: "
"disabling TLS support");
return (0);
}
}
/*
* Register SHA-2 digests, if implemented and not already registered.
* Improves interoperability with clients and servers that prematurely
* deploy SHA-2 certificates.
*/
#if defined(LN_sha256) && defined(NID_sha256) && !defined(OPENSSL_NO_SHA256)
if (!EVP_get_digestbyname(LN_sha224))
EVP_add_digest(EVP_sha224());
if (!EVP_get_digestbyname(LN_sha256))
EVP_add_digest(EVP_sha256());
#endif
#if defined(LN_sha512) && defined(NID_sha512) && !defined(OPENSSL_NO_SHA512)
if (!EVP_get_digestbyname(LN_sha384))
EVP_add_digest(EVP_sha384());
if (!EVP_get_digestbyname(LN_sha512))
EVP_add_digest(EVP_sha512());
#endif
/*
* If the administrator specifies an unsupported digest algorithm, fail
* now, rather than in the middle of a TLS handshake.
*/
if ((md_alg = EVP_get_digestbyname(props->fpt_dgst)) == 0) {
msg_warn("Digest algorithm \"%s\" not found: disabling TLS support",
props->fpt_dgst);
return (0);
}
/*
* Sanity check: Newer shared libraries may use larger digests.
*/
if ((md_len = EVP_MD_size(md_alg)) > EVP_MAX_MD_SIZE) {
msg_warn("Digest algorithm \"%s\" output size %u too large:"
" disabling TLS support", props->fpt_dgst, md_len);
return (0);
}
/*
* Initialize the PRNG (Pseudo Random Number Generator) with some seed
* from external and internal sources. Don't enable TLS without some real
* entropy.
*/
if (tls_ext_seed(var_tls_daemon_rand_bytes) < 0) {
msg_warn("no entropy for TLS key generation: disabling TLS support");
return (0);
}
tls_int_seed();
/*
* The SSL/TLS specifications require the client to send a message in the
* oldest specification it understands with the highest level it
* understands in the message. Netscape communicator can still
* communicate with SSLv2 servers, so it sends out a SSLv2 client hello.
* To deal with it, our server must be SSLv2 aware (even if we don't like
* SSLv2), so we need to have the SSLv23 server here. If we want to limit
* the protocol level, we can add an option to not use SSLv2/v3/TLSv1
* later.
*/
ERR_clear_error();
if ((server_ctx = SSL_CTX_new(SSLv23_server_method())) == 0) {
msg_warn("cannot allocate server SSL_CTX: disabling TLS support");
tls_print_errors();
return (0);
}
/*
* See the verify callback in tls_verify.c
*/
SSL_CTX_set_verify_depth(server_ctx, props->verifydepth + 1);
/*
* Protocol work-arounds, OpenSSL version dependent.
*/
#ifdef SSL_OP_NO_TICKET
off |= SSL_OP_NO_TICKET;
#endif
off |= tls_bug_bits();
SSL_CTX_set_options(server_ctx, off);
/*
* Global protocol selection.
*/
if (protomask != 0)
SSL_CTX_set_options(server_ctx,
((protomask & TLS_PROTOCOL_TLSv1) ? SSL_OP_NO_TLSv1 : 0L)
| ((protomask & TLS_PROTOCOL_TLSv1_1) ? SSL_OP_NO_TLSv1_1 : 0L)
| ((protomask & TLS_PROTOCOL_TLSv1_2) ? SSL_OP_NO_TLSv1_2 : 0L)
| ((protomask & TLS_PROTOCOL_SSLv3) ? SSL_OP_NO_SSLv3 : 0L)
| ((protomask & TLS_PROTOCOL_SSLv2) ? SSL_OP_NO_SSLv2 : 0L));
#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
/*
* Some sites may want to give the client less rope. On the other hand,
* this could trigger inter-operability issues, the client should not
* offer ciphers it implements poorly, but this hasn't stopped some
* vendors from getting it wrong.
*
* XXX: Given OpenSSL's security history, nobody should still be using
* 0.9.7, let alone 0.9.6 or earlier. Warning added to TLS_README.html.
*/
if (var_tls_preempt_clist)
SSL_CTX_set_options(server_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
#endif
/*
* Set the call-back routine to debug handshake progress.
*/
if (props->log_level >= 2)
SSL_CTX_set_info_callback(server_ctx, tls_info_callback);
/*
* Load the CA public key certificates for both the server cert and for
* the verification of client certificates. As provided by OpenSSL we
* support two types of CA certificate handling: One possibility is to
* add all CA certificates to one large CAfile, the other possibility is
* a directory pointed to by CApath, containing separate files for each
* CA with softlinks named after the hash values of the certificate. The
* first alternative has the advantage that the file is opened and read
* at startup time, so that you don't have the hassle to maintain another
* copy of the CApath directory for chroot-jail.
*/
if (tls_set_ca_certificate_info(server_ctx,
props->CAfile, props->CApath) < 0) {
/* tls_set_ca_certificate_info() already logs a warning. */
SSL_CTX_free(server_ctx); /* 200411 */
return (0);
}
/*
* Load the server public key certificate and private key from file and
* check whether the cert matches the key. We can use RSA certificates
* ("cert") DSA certificates ("dcert") or ECDSA certificates ("eccert").
* All three can be made available at the same time. The CA certificates
* for all three are handled in the same setup already finished. Which
* one is used depends on the cipher negotiated (that is: the first
* cipher listed by the client which does match the server). A client
* with RSA only (e.g. Netscape) will use the RSA certificate only. A
* client with openssl-library will use RSA first if not especially
* changed in the cipher setup.
*/
if (tls_set_my_certificate_key_info(server_ctx,
props->cert_file,
props->key_file,
props->dcert_file,
props->dkey_file,
props->eccert_file,
props->eckey_file) < 0) {
/* tls_set_my_certificate_key_info() already logs a warning. */
SSL_CTX_free(server_ctx); /* 200411 */
return (0);
}
/*
* According to the OpenSSL documentation, temporary RSA key is needed
* export ciphers are in use. We have to provide one, so well, we just do
* it.
*/
SSL_CTX_set_tmp_rsa_callback(server_ctx, tls_tmp_rsa_cb);
/*
* Diffie-Hellman key generation parameters can either be loaded from
* files (preferred) or taken from compiled in values. First, set the
* callback that will select the values when requested, then load the
* (possibly) available DH parameters from files. We are generous with
* the error handling, since we do have default values compiled in, so we
* will not abort but just log the error message.
*/
SSL_CTX_set_tmp_dh_callback(server_ctx, tls_tmp_dh_cb);
if (*props->dh1024_param_file != 0)
tls_set_dh_from_file(props->dh1024_param_file, 1024);
if (*props->dh512_param_file != 0)
tls_set_dh_from_file(props->dh512_param_file, 512);
/*
* Enable EECDH if available, errors are not fatal, we just keep going
* with any remaining key-exchange algorithms.
*/
(void) tls_set_eecdh_curve(server_ctx, props->eecdh_grade);
/*
* If we want to check client certificates, we have to indicate it in
* advance. By now we only allow to decide on a global basis. If we want
* to allow certificate based relaying, we must ask the client to provide
* one with SSL_VERIFY_PEER. The client now can decide, whether it
* provides one or not. We can enforce a failure of the negotiation with
* SSL_VERIFY_FAIL_IF_NO_PEER_CERT, if we do not allow a connection
* without one. In the "server hello" following the initialization by the
* "client hello" the server must provide a list of CAs it is willing to
* accept. Some clever clients will then select one from the list of
* available certificates matching these CAs. Netscape Communicator will
* present the list of certificates for selecting the one to be sent, or
* it will issue a warning, if there is no certificate matching the
* available CAs.
*
* With regard to the purpose of the certificate for relaying, we might like
* a later negotiation, maybe relaying would already be allowed for other
* reasons, but this would involve severe changes in the internal postfix
* logic, so we have to live with it the way it is.
*/
if (props->ask_ccert)
verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
SSL_CTX_set_verify(server_ctx, verify_flags,
tls_verify_certificate_callback);
if (*props->CAfile)
SSL_CTX_set_client_CA_list(server_ctx,
SSL_load_client_CA_file(props->CAfile));
/*
* Initialize our own TLS server handle, before diving into the details
* of TLS session cache management.
*/
app_ctx = tls_alloc_app_context(server_ctx);
/*
* The session cache is implemented by the tlsmgr(8) server.
*
* XXX 200502 Surprise: when OpenSSL purges an entry from the in-memory
* cache, it also attempts to purge the entry from the on-disk cache.
* This is undesirable, especially when we set the in-memory cache size
* to 1. For this reason we don't allow OpenSSL to purge on-disk cache
* entries, and leave it up to the tlsmgr process instead. Found by
* Victor Duchovni.
*/
if (tls_mgr_policy(props->cache_type, &cachable) != TLS_MGR_STAT_OK)
cachable = 0;
if (cachable || props->set_sessid) {
/*
* Initialize the session cache.
*
* With a large number of concurrent smtpd(8) processes, it is not a
* good idea to cache multiple large session objects in each process.
* We set the internal cache size to 1, and don't register a
* "remove_cb" so as to avoid deleting good sessions from the
* external cache prematurely (when the internal cache is full,
* OpenSSL removes sessions from the external cache also)!
*
* This makes SSL_CTX_remove_session() not useful for flushing broken
* sessions from the external cache, so we must delete them directly
* (not via a callback).
*
* Set a session id context to identify to what type of server process
* created a session. In our case, the context is simply the name of
* the mail system: "Postfix/TLS".
*/
SSL_CTX_sess_set_cache_size(server_ctx, 1);
SSL_CTX_set_session_id_context(server_ctx,
(void *) &server_session_id_context,
sizeof(server_session_id_context));
SSL_CTX_set_session_cache_mode(server_ctx,
SSL_SESS_CACHE_SERVER |
SSL_SESS_CACHE_NO_AUTO_CLEAR);
if (cachable) {
app_ctx->cache_type = mystrdup(props->cache_type);
SSL_CTX_sess_set_get_cb(server_ctx, get_server_session_cb);
SSL_CTX_sess_set_new_cb(server_ctx, new_server_session_cb);
}
/*
* OpenSSL ignores timed-out sessions. We need to set the internal
* cache timeout at least as high as the external cache timeout. This
* applies even if no internal cache is used.
*/
SSL_CTX_set_timeout(server_ctx, props->scache_timeout);
} else {
/*
* If we have no external cache, disable all caching. No use wasting
* server memory resources with sessions they are unlikely to be able
* to reuse.
*/
SSL_CTX_set_session_cache_mode(server_ctx, SSL_SESS_CACHE_OFF);
}
return (app_ctx);
}
/*
Create and initialize an SSL configuration for a route. This configuration is used by all requests for
a given route. An application can have different SSL configurations for different routes. There is also
a default SSL configuration that is used when a route does not define a configuration and one for clients.
*/
static int configOss(MprSsl *ssl, int flags, char **errorMsg)
{
OpenConfig *cfg;
X509_STORE *store;
SSL_CTX *ctx;
cchar *key;
uchar resume[16];
int verifyMode;
assert(ssl);
if (ssl->config && !ssl->changed) {
return 0;
}
if ((ssl->config = mprAllocObj(OpenConfig, manageOpenConfig)) == 0) {
return MPR_ERR_MEMORY;
}
cfg = ssl->config;
if ((ctx = SSL_CTX_new(SSLv23_method())) == 0) {
mprLog("error openssl", 0, "Unable to create SSL context");
return MPR_ERR_CANT_INITIALIZE;
}
SSL_CTX_set_app_data(ctx, (void*) ssl);
if (ssl->verifyPeer && !(ssl->caFile || ssl->caPath)) {
*errorMsg = sfmt("Cannot verify peer due to undefined CA certificates");
SSL_CTX_free(ctx);
return MPR_ERR_CANT_INITIALIZE;
}
/*
Configure the certificates
*/
if (ssl->certFile) {
if (setCertFile(ctx, ssl->certFile) < 0) {
SSL_CTX_free(ctx);
return MPR_ERR_CANT_INITIALIZE;
}
key = (ssl->keyFile == 0) ? ssl->certFile : ssl->keyFile;
if (key) {
if (setKeyFile(ctx, key) < 0) {
SSL_CTX_free(ctx);
return MPR_ERR_CANT_INITIALIZE;
}
if (!SSL_CTX_check_private_key(ctx)) {
mprLog("error openssl", 0, "Check of private key file failed: %s", key);
SSL_CTX_free(ctx);
return MPR_ERR_CANT_INITIALIZE;
}
}
}
if (ssl->ciphers) {
ssl->ciphers = mapCipherNames(ssl->ciphers);
}
if (!ssl->ciphers && (flags & MPR_SOCKET_SERVER)) {
ssl->ciphers = sclone(OPENSSL_DEFAULT_CIPHERS);
}
if (ssl->ciphers) {
mprLog("info openssl", 5, "Using SSL ciphers: %s", ssl->ciphers);
if (SSL_CTX_set_cipher_list(ctx, ssl->ciphers) != 1) {
*errorMsg = sfmt("Unable to set cipher list \"%s\"", ssl->ciphers);
SSL_CTX_free(ctx);
return MPR_ERR_CANT_INITIALIZE;
}
}
verifyMode = ssl->verifyPeer ? SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT : SSL_VERIFY_NONE;
if (verifyMode != SSL_VERIFY_NONE) {
if (!(ssl->caFile || ssl->caPath)) {
*errorMsg = sclone("No defined certificate authority file");
SSL_CTX_free(ctx);
return MPR_ERR_CANT_INITIALIZE;
}
if ((!SSL_CTX_load_verify_locations(ctx, (char*) ssl->caFile, (char*) ssl->caPath)) ||
(!SSL_CTX_set_default_verify_paths(ctx))) {
*errorMsg = sfmt("Unable to set certificate locations: %s: %s", ssl->caFile, ssl->caPath);
SSL_CTX_free(ctx);
return MPR_ERR_CANT_INITIALIZE;
}
if (ssl->caFile) {
STACK_OF(X509_NAME) *certNames;
certNames = SSL_load_client_CA_file(ssl->caFile);
if (certNames) {
/*
Define the list of CA certificates to send to the client
before they send their client certificate for validation
*/
SSL_CTX_set_client_CA_list(ctx, certNames);
}
}
store = SSL_CTX_get_cert_store(ctx);
if (ssl->revoke && !X509_STORE_load_locations(store, ssl->revoke, 0)) {
mprLog("error openssl", 0, "Cannot load certificate revoke list: %s", ssl->revoke);
SSL_CTX_free(ctx);
return MPR_ERR_CANT_INITIALIZE;
}
if (flags & MPR_SOCKET_SERVER) {
SSL_CTX_set_verify_depth(ctx, ssl->verifyDepth);
}
}
/*
Define callbacks
*/
SSL_CTX_set_verify(ctx, verifyMode, verifyPeerCertificate);
if (flags & MPR_SOCKET_SERVER) {
SSL_CTX_set_tlsext_servername_callback(ctx, sniHostname);
}
/*
Configure DH parameters
*/
SSL_CTX_set_tmp_dh_callback(ctx, dhcallback);
cfg->dhKey = getDhKey();
/*
Define default OpenSSL options
Ensure we generate a new private key for each connection
Disable SSLv2 and SSLv3 by default -- they are insecure.
*/
cfg->setFlags = SSL_OP_ALL | SSL_OP_SINGLE_DH_USE | SSL_OP_SINGLE_ECDH_USE | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
#ifdef SSL_OP_NO_TLSv1
if (!(ssl->protocols & MPR_PROTO_TLSV1)) {
cfg->setFlags |= SSL_OP_NO_TLSv1;
}
#endif
#ifdef SSL_OP_NO_TLSv1_1
if (!(ssl->protocols & MPR_PROTO_TLSV1_1)) {
cfg->setFlags |= SSL_OP_NO_TLSv1_1;
}
#endif
#ifdef SSL_OP_NO_TLSv1_2
if (!(ssl->protocols & MPR_PROTO_TLSV1_2)) {
cfg->setFlags |= SSL_OP_NO_TLSv1_2;
}
#endif
#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
cfg->setFlags |= SSL_OP_MSIE_SSLV2_RSA_PADDING;
#endif
#if defined(SSL_OP_NO_TICKET)
/*
Ticket based session reuse is enabled by default
*/
#if defined(ME_MPR_SSL_TICKET)
if (ME_MPR_SSL_TICKET) {
cfg->clearFlags |= SSL_OP_NO_TICKET;
} else {
cfg->setFlags |= SSL_OP_NO_TICKET;
}
#else
cfg->clearFlags |= SSL_OP_NO_TICKET;
#endif
#endif
#if defined(SSL_OP_NO_COMPRESSION)
/*
CRIME attack targets compression
*/
cfg->clearFlags |= SSL_OP_NO_COMPRESSION;
#endif
#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
/*
Force a new session on renegotiation. Default to true.
This is required when using SNI and changing context during the SSL hello
*/
#if defined(ME_MPR_SSL_RENEGOTIATE)
if (ME_MPR_SSL_RENEGOTIATE) {
cfg->clearFlags |= SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
} else {
cfg->setFlags |= SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
}
#else
cfg->setFlags |= SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
#endif
#endif
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
/*
Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers.
Defaults to true.
*/
#if defined(ME_MPR_SSL_EMPTY_FRAGMENTS)
if (ME_MPR_SSL_EMPTY_FRAGMENTS) {
/* SSL_OP_ALL disables empty fragments. Only needed for ancient browsers like IE-6 on SSL-3.0/TLS-1.0 */
cfg->clearFlags |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
} else {
cfg->setFlags |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
}
#else
cfg->setFlags |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
#endif
#endif
/*
Define a session reuse context
*/
RAND_bytes(resume, sizeof(resume));
SSL_CTX_set_session_id_context(ctx, resume, sizeof(resume));
/*
Elliptic Curve initialization
*/
#if SSL_OP_SINGLE_ECDH_USE
#ifdef SSL_CTX_set_ecdh_auto
/* This is supported in OpenSSL 1.0.2 */
SSL_CTX_set_ecdh_auto(ctx, 1);
#else
{
EC_KEY *ecdh;
cchar *name;
int nid;
name = ME_MPR_SSL_CURVE;
if ((nid = OBJ_sn2nid(name)) == 0) {
*errorMsg = sfmt("Unknown curve name \"%s\"", name);
SSL_CTX_free(ctx);
return MPR_ERR_CANT_INITIALIZE;
}
if ((ecdh = EC_KEY_new_by_curve_name(nid)) == 0) {
*errorMsg = sfmt("Unable to create curve \"%s\"", name);
SSL_CTX_free(ctx);
return MPR_ERR_CANT_INITIALIZE;
}
SSL_CTX_set_tmp_ecdh(ctx, ecdh);
EC_KEY_free(ecdh);
}
#endif
#endif
SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_AUTO_RETRY | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
#endif
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
SSL_CTX_set_mode(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
#endif
#if defined(ME_MPR_SSL_CACHE)
/*
Set the number of sessions supported. Default in OpenSSL is 20K.
*/
SSL_CTX_sess_set_cache_size(ctx, ME_MPR_SSL_CACHE);
#else
SSL_CTX_sess_set_cache_size(ctx, 1024);
#endif
SSL_CTX_set_options(ctx, cfg->setFlags);
SSL_CTX_clear_options(ctx, cfg->clearFlags);
cfg->ctx = ctx;
ssl->changed = 0;
ssl->config = cfg;
return 0;
}
/*
* Create Global context SSL and use it in every new session
*
* - Load the trusted CAs
* - Load the Private key & the certificate
* - Set the Context options & Verify options
*/
static SSL_CTX *init_tls_ctx(EAP_TLS_CONF *conf)
{
SSL_METHOD *meth;
SSL_CTX *ctx;
X509_STORE *certstore;
int verify_mode = SSL_VERIFY_NONE;
int ctx_options = 0;
int type;
/*
* Add all the default ciphers and message digests
* Create our context.
*/
SSL_library_init();
SSL_load_error_strings();
/*
* SHA256 is in all versions of OpenSSL, but isn't
* initialized by default. It's needed for WiMAX
* certificates.
*/
#ifdef HAVE_OPENSSL_EVP_SHA256
EVP_add_digest(EVP_sha256());
#endif
meth = TLSv1_method();
ctx = SSL_CTX_new(meth);
/*
* Identify the type of certificates that needs to be loaded
*/
if (conf->file_type) {
type = SSL_FILETYPE_PEM;
} else {
type = SSL_FILETYPE_ASN1;
}
/*
* Set the password to load private key
*/
if (conf->private_key_password) {
#ifdef __APPLE__
/*
* We don't want to put the private key password in eap.conf, so check
* for our special string which indicates we should get the password
* programmatically.
*/
const char* special_string = "Apple:UseCertAdmin";
if (strncmp(conf->private_key_password,
special_string,
strlen(special_string)) == 0)
{
char cmd[256];
const long max_password_len = 128;
snprintf(cmd, sizeof(cmd) - 1,
"/usr/sbin/certadmin --get-private-key-passphrase \"%s\"",
conf->private_key_file);
DEBUG2("rlm_eap: Getting private key passphrase using command \"%s\"", cmd);
FILE* cmd_pipe = popen(cmd, "r");
if (!cmd_pipe) {
radlog(L_ERR, "rlm_eap: %s command failed. Unable to get private_key_password", cmd);
radlog(L_ERR, "rlm_eap: Error reading private_key_file %s", conf->private_key_file);
return NULL;
}
free(conf->private_key_password);
conf->private_key_password = malloc(max_password_len * sizeof(char));
if (!conf->private_key_password) {
radlog(L_ERR, "rlm_eap: Can't malloc space for private_key_password");
radlog(L_ERR, "rlm_eap: Error reading private_key_file %s", conf->private_key_file);
pclose(cmd_pipe);
return NULL;
}
fgets(conf->private_key_password, max_password_len, cmd_pipe);
pclose(cmd_pipe);
/* Get rid of newline at end of password. */
conf->private_key_password[strlen(conf->private_key_password) - 1] = '\0';
DEBUG2("rlm_eap: Password from command = \"%s\"", conf->private_key_password);
}
#endif
SSL_CTX_set_default_passwd_cb_userdata(ctx, conf->private_key_password);
SSL_CTX_set_default_passwd_cb(ctx, cbtls_password);
}
/*
* Load our keys and certificates
*
* If certificates are of type PEM then we can make use
* of cert chain authentication using openssl api call
* SSL_CTX_use_certificate_chain_file. Please see how
* the cert chain needs to be given in PEM from
* openSSL.org
*/
if (type == SSL_FILETYPE_PEM) {
if (!(SSL_CTX_use_certificate_chain_file(ctx, conf->certificate_file))) {
radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
radlog(L_ERR, "rlm_eap_tls: Error reading certificate file %s", conf->certificate_file);
return NULL;
}
} else if (!(SSL_CTX_use_certificate_file(ctx, conf->certificate_file, type))) {
radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
radlog(L_ERR, "rlm_eap_tls: Error reading certificate file %s", conf->certificate_file);
return NULL;
}
/* Load the CAs we trust */
if (conf->ca_file || conf->ca_path) {
if (!SSL_CTX_load_verify_locations(ctx, conf->ca_file, conf->ca_path)) {
radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
radlog(L_ERR, "rlm_eap_tls: Error reading Trusted root CA list %s",conf->ca_file );
return NULL;
}
}
if (conf->ca_file && *conf->ca_file) SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(conf->ca_file));
if (!(SSL_CTX_use_PrivateKey_file(ctx, conf->private_key_file, type))) {
radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
radlog(L_ERR, "rlm_eap_tls: Error reading private key file %s", conf->private_key_file);
return NULL;
}
/*
* Check if the loaded private key is the right one
*/
if (!SSL_CTX_check_private_key(ctx)) {
radlog(L_ERR, "rlm_eap_tls: Private key does not match the certificate public key");
return NULL;
}
/*
* Set ctx_options
*/
ctx_options |= SSL_OP_NO_SSLv2;
ctx_options |= SSL_OP_NO_SSLv3;
#ifdef SSL_OP_NO_TICKET
ctx_options |= SSL_OP_NO_TICKET ;
#endif
/*
* SSL_OP_SINGLE_DH_USE must be used in order to prevent
* small subgroup attacks and forward secrecy. Always
* using
*
* SSL_OP_SINGLE_DH_USE has an impact on the computer
* time needed during negotiation, but it is not very
* large.
*/
ctx_options |= SSL_OP_SINGLE_DH_USE;
/*
* SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS to work around issues
* in Windows Vista client.
* http://www.openssl.org/~bodo/tls-cbc.txt
* http://www.nabble.com/(RADIATOR)-Radiator-Version-3.16-released-t2600070.html
*/
ctx_options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
SSL_CTX_set_options(ctx, ctx_options);
/*
* TODO: Set the RSA & DH
* SSL_CTX_set_tmp_rsa_callback(ctx, cbtls_rsa);
* SSL_CTX_set_tmp_dh_callback(ctx, cbtls_dh);
*/
/*
* set the message callback to identify the type of
* message. For every new session, there can be a
* different callback argument.
*
* SSL_CTX_set_msg_callback(ctx, cbtls_msg);
*/
/* Set Info callback */
SSL_CTX_set_info_callback(ctx, cbtls_info);
/*
* Callbacks, etc. for session resumption.
*/
if (conf->session_cache_enable) {
SSL_CTX_sess_set_new_cb(ctx, cbtls_new_session);
SSL_CTX_sess_set_get_cb(ctx, cbtls_get_session);
SSL_CTX_sess_set_remove_cb(ctx, cbtls_remove_session);
SSL_CTX_set_quiet_shutdown(ctx, 1);
}
/*
* Check the certificates for revocation.
*/
#ifdef X509_V_FLAG_CRL_CHECK
if (conf->check_crl) {
certstore = SSL_CTX_get_cert_store(ctx);
if (certstore == NULL) {
radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
radlog(L_ERR, "rlm_eap_tls: Error reading Certificate Store");
return NULL;
}
X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK);
}
#endif
/*
* Set verify modes
* Always verify the peer certificate
*/
verify_mode |= SSL_VERIFY_PEER;
verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
verify_mode |= SSL_VERIFY_CLIENT_ONCE;
SSL_CTX_set_verify(ctx, verify_mode, cbtls_verify);
if (conf->verify_depth) {
SSL_CTX_set_verify_depth(ctx, conf->verify_depth);
}
/* Load randomness */
if (!(RAND_load_file(conf->random_file, 1024*1024))) {
radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
radlog(L_ERR, "rlm_eap_tls: Error loading randomness");
return NULL;
}
/*
* Set the cipher list if we were told to
*/
if (conf->cipher_list) {
if (!SSL_CTX_set_cipher_list(ctx, conf->cipher_list)) {
radlog(L_ERR, "rlm_eap_tls: Error setting cipher list");
return NULL;
}
}
/*
* Setup session caching
*/
if (conf->session_cache_enable) {
/*
* Create a unique context Id per EAP-TLS configuration.
*/
if (conf->session_id_name) {
snprintf(conf->session_context_id,
sizeof(conf->session_context_id),
"FreeRADIUS EAP-TLS %s",
conf->session_id_name);
} else {
snprintf(conf->session_context_id,
sizeof(conf->session_context_id),
"FreeRADIUS EAP-TLS %p", conf);
}
/*
* Cache it, and DON'T auto-clear it.
*/
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_AUTO_CLEAR);
SSL_CTX_set_session_id_context(ctx,
(unsigned char *) conf->session_context_id,
(unsigned int) strlen(conf->session_context_id));
/*
* Our timeout is in hours, this is in seconds.
*/
SSL_CTX_set_timeout(ctx, conf->session_timeout * 3600);
/*
* Set the maximum number of entries in the
* session cache.
*/
SSL_CTX_sess_set_cache_size(ctx, conf->session_cache_size);
} else {
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
}
/*
* Register the application indices. We can't use
* hard-coded "0" and "1" as before, because we need to
* set up a "free" handler for the cached session
* information.
*/
if (eaptls_handle_idx < 0) {
eaptls_handle_idx = SSL_get_ex_new_index(0, &eaptls_handle_idx,
NULL, NULL, NULL);
}
if (eaptls_conf_idx < 0) {
eaptls_conf_idx = SSL_get_ex_new_index(0, &eaptls_conf_idx,
NULL, NULL, NULL);
}
if (eaptls_store_idx < 0) {
eaptls_store_idx = SSL_get_ex_new_index(0, "eaptls_store_idx",
NULL, NULL, NULL);
}
if (eaptls_session_idx < 0) {
eaptls_session_idx = SSL_get_ex_new_index(0, &eaptls_session_idx,
NULL, NULL,
eaptls_session_free);
}
return ctx;
}
SSLConn *SSLConn_new(SSLConnConfig *config, SSLConnError *err) {
SSLConn *result;
SSL_CTX *ctx;
SSL *ssl;
BIO *bio;
if (config->is_server) {
ctx = SSL_CTX_new(SSLv23_server_method());
} else {
ctx = SSL_CTX_new(SSLv23_client_method());
}
if (!ctx) {
goto error;
}
SSL_CTX_set_verify(ctx, config->verify_mode, NULL);
SSL_CTX_set_options(ctx, config->options);
if (config->is_server) {
assert(config->private_key && config->cert);
}
if (config->private_key) {
if (!SSL_CTX_use_PrivateKey(ctx, config->private_key)) {
goto error;
}
}
if (config->cert) {
if (!SSL_CTX_use_certificate(ctx, config->cert)) {
goto error;
}
}
if (config->cipher_list) {
if (!SSL_CTX_set_cipher_list(ctx, config->cipher_list)) {
goto error;
}
}
if (config->sess_cache_size >= 0) {
SSL_CTX_sess_set_cache_size(ctx, config->sess_cache_size);
}
if (config->session_id_context) {
if (!SSL_CTX_set_session_id_context(ctx, config->session_id_context,
strlen(config->session_id_context))) {
goto error;
}
}
ssl = SSL_new(ctx);
if (!ssl) {
goto error;
}
SSL_set_mode(ssl, SSL_MODE_ENABLE_PARTIAL_WRITE |
SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
bio = BIO_new(&goconn_bio_method);
if (!bio) {
goto error;
}
bio->ptr = config->ptr;
SSL_set_bio(ssl, bio, bio);
result = malloc(sizeof(SSLConn));
result->ssl = ssl;
result->ctx = ctx;
result->is_server = config->is_server;
ERR_remove_state(0);
return result;
error:
handle_error(err);
if (ssl != NULL) SSL_free(ssl);
if (ctx != NULL) SSL_CTX_free(ctx);
ERR_remove_state(0);
return NULL;
}
int MaOpenSslConfig::start()
{
const SSL_METHOD *meth;
char *hostName;
if (keyFile == 0) {
mprError(MPR_L, MPR_LOG, "OpenSSL: Cant start SSL: missing key file");
return MPR_ERR_CANT_INITIALIZE;
}
if (certFile == 0) {
mprError(MPR_L, MPR_LOG, "OpenSSL: Cant start SSL: missing certificate file");
return MPR_ERR_CANT_INITIALIZE;
}
//
// Depending on the order in the configuration file, we may get called
// by sslModule::start() before OpenSslModule::start has run. So we
// must initialize here.
//
openSslModule->start();
hostName = host->getName();
if (protocols == MPR_HTTP_PROTO_SSLV2) {
meth = SSLv2_server_method();
} else {
meth = SSLv23_server_method();
}
context = SSL_CTX_new(meth);
mprAssert(context);
if (context == 0) {
mprError(MPR_L, MPR_LOG, "OpenSSL: Unable to create SSL context");
return MPR_ERR_CANT_CREATE;
}
SSL_CTX_set_app_data(context, (void*) this);
SSL_CTX_set_quiet_shutdown(context, 1);
SSL_CTX_sess_set_cache_size(context, 512);
//
// Configure the certificate for this host
//
if (configureCertificates(context, keyFile, certFile) != 0) {
SSL_CTX_free(context);
context = 0;
return MPR_ERR_CANT_INITIALIZE;
}
mprLog(4, "SSL: %s: Using ciphers %s\n", hostName, ciphers);
SSL_CTX_set_cipher_list(context, ciphers);
//
// Configure the client verification certificate locations
//
if (verifyClient) {
if (caFile == 0 && caPath == 0) {
mprError(MPR_L, MPR_LOG,
"OpenSSL: Must define CA certificates if using client verification");
SSL_CTX_free(context);
context = 0;
return MPR_ERR_BAD_STATE;
}
if (caFile || caPath) {
if ((!SSL_CTX_load_verify_locations(context, caFile, caPath)) ||
(!SSL_CTX_set_default_verify_paths(context))) {
mprError(MPR_L, MPR_LOG,
"OpenSSL: Unable to set certificate locations");
SSL_CTX_free(context);
context = 0;
return MPR_ERR_CANT_ACCESS;
}
if (caFile) {
STACK_OF(X509_NAME) *certNames;
certNames = SSL_load_client_CA_file(caFile);
if (certNames == 0) {
} else {
//
// Define the list of CA certificates to send to the client
// before they send their client certificate for validation
//
SSL_CTX_set_client_CA_list(context, certNames);
}
}
}
mprLog(4, "SSL: %s: is verifying client connections\n", hostName);
if (caFile) {
mprLog(4, "SSL: %s: Using certificates from %s\n", hostName,
caFile);
} else if (caPath) {
mprLog(4, "SSL: %s: Using certificates from directory %s\n",
hostName, caPath);
}
SSL_CTX_set_verify(context, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, verifyX509Certificate);
SSL_CTX_set_verify_depth(context, verifyDepth);
} else {
SSL_CTX_set_verify(context, SSL_VERIFY_NONE, verifyX509Certificate);
}
//
// Define callbacks
//
SSL_CTX_set_tmp_rsa_callback(context, rsaCallback);
SSL_CTX_set_tmp_dh_callback(context, dhCallback);
//
// Enable all buggy client work-arounds
//
SSL_CTX_set_options(context, SSL_OP_ALL);
#ifdef SSL_OP_NO_TICKET
SSL_CTX_set_options(context, SSL_OP_NO_TICKET);
#endif
#ifdef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
SSL_CTX_set_options(context, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#endif
SSL_CTX_set_mode(context, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_AUTO_RETRY);
//
// Select the required protocols
//
SSL_CTX_set_options(context, SSL_OP_NO_SSLv2);
if (!(protocols & MPR_HTTP_PROTO_SSLV3)) {
SSL_CTX_set_options(context, SSL_OP_NO_SSLv3);
mprLog(4, "SSL: %s: Disabling SSLv3\n", hostName);
}
if (!(protocols & MPR_HTTP_PROTO_TLSV1)) {
SSL_CTX_set_options(context, SSL_OP_NO_TLSv1);
mprLog(4, "SSL: %s: Disabling TLSv1\n", hostName);
}
//
// Ensure we generate a new private key for each connection
//
SSL_CTX_set_options(context, SSL_OP_SINGLE_DH_USE);
//
// Pre-generate some keys that are slow to compute
//
rsaKey512 = RSA_generate_key(512, RSA_F4, 0, 0);
rsaKey1024 = RSA_generate_key(1024, RSA_F4, 0, 0);
dhKey512 = get_dh512();
dhKey1024 = get_dh1024();
return 0;
}
SSL_CTX *uwsgi_ssl_new_server_context(char *name, char *crt, char *key, char *ciphers, char *client_ca) {
SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
if (!ctx) {
uwsgi_log("[uwsgi-ssl] unable to initialize context \"%s\"\n", name);
return NULL;
}
// this part is taken from nginx and stud, removing unneeded functionality
// stud (for me) has made the best choice on choosing DH approach
long ssloptions = SSL_OP_NO_SSLv2 | SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
// disable compression (if possibile)
#ifdef SSL_OP_NO_COMPRESSION
ssloptions |= SSL_OP_NO_COMPRESSION;
#endif
// release/reuse buffers as soon as possibile
#ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
#endif
if (SSL_CTX_use_certificate_chain_file(ctx, crt) <= 0) {
uwsgi_log("[uwsgi-ssl] unable to assign certificate %s for context \"%s\"\n", crt, name);
SSL_CTX_free(ctx);
return NULL;
}
// this part is based from stud
BIO *bio = BIO_new_file(crt, "r");
if (bio) {
DH *dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
BIO_free(bio);
if (dh) {
SSL_CTX_set_tmp_dh(ctx, dh);
DH_free(dh);
#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
#ifndef OPENSSL_NO_ECDH
#ifdef NID_X9_62_prime256v1
EC_KEY *ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
SSL_CTX_set_tmp_ecdh(ctx, ecdh);
EC_KEY_free(ecdh);
#endif
#endif
#endif
}
}
if (SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM) <= 0) {
uwsgi_log("[uwsgi-ssl] unable to assign key %s for context \"%s\"\n", key, name);
SSL_CTX_free(ctx);
return NULL;
}
// if ciphers are specified, prefer server ciphers
if (ciphers && strlen(ciphers) > 0) {
if (SSL_CTX_set_cipher_list(ctx, ciphers) == 0) {
uwsgi_log("[uwsgi-ssl] unable to set requested ciphers (%s) for context \"%s\"\n", ciphers, name);
SSL_CTX_free(ctx);
return NULL;
}
ssloptions |= SSL_OP_CIPHER_SERVER_PREFERENCE;
}
// set session context (if possibile), this is required for client certificate authentication
if (name) {
SSL_CTX_set_session_id_context(ctx, (unsigned char *) name, strlen(name));
}
if (client_ca) {
if (client_ca[0] == '!') {
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, uwsgi_ssl_verify_callback);
client_ca++;
}
else {
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, uwsgi_ssl_verify_callback);
}
// in the future we should allow to set the verify depth
SSL_CTX_set_verify_depth(ctx, 1);
if (SSL_CTX_load_verify_locations(ctx, client_ca, NULL) == 0) {
uwsgi_log("[uwsgi-ssl] unable to set ssl verify locations (%s) for context \"%s\"\n", client_ca, name);
SSL_CTX_free(ctx);
return NULL;
}
STACK_OF(X509_NAME) * list = SSL_load_client_CA_file(client_ca);
if (!list) {
uwsgi_log("unable to load client CA certificate (%s) for context \"%s\"\n", client_ca, name);
SSL_CTX_free(ctx);
return NULL;
}
SSL_CTX_set_client_CA_list(ctx, list);
}
SSL_CTX_set_info_callback(ctx, uwsgi_ssl_info_cb);
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
SSL_CTX_set_tlsext_servername_callback(ctx, uwsgi_sni_cb);
#endif
// disable session caching by default
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
if (uwsgi.ssl_sessions_use_cache) {
// we need to early initialize locking and caching
uwsgi_setup_locking();
uwsgi_cache_create_all();
uwsgi.ssl_sessions_cache = uwsgi_cache_by_name(uwsgi.ssl_sessions_use_cache);
if (!uwsgi.ssl_sessions_cache) {
// check for default cache
if (!strcmp(uwsgi.ssl_sessions_use_cache, "true") && uwsgi.caches) {
uwsgi.ssl_sessions_cache = uwsgi.caches;
}
else {
uwsgi_log("unable to find cache \"%s\"\n", uwsgi.ssl_sessions_use_cache ? uwsgi.ssl_sessions_use_cache : "default");
exit(1);
}
}
if (!uwsgi.ssl_sessions_cache->max_items) {
uwsgi_log("you have to enable uWSGI cache to use it as SSL session store !!!\n");
exit(1);
}
if (uwsgi.ssl_sessions_cache->blocksize < 4096) {
uwsgi_log("cache blocksize for SSL session store must be at least 4096 bytes\n");
exit(1);
}
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER|
SSL_SESS_CACHE_NO_INTERNAL|
SSL_SESS_CACHE_NO_AUTO_CLEAR);
#ifdef SSL_OP_NO_TICKET
ssloptions |= SSL_OP_NO_TICKET;
#endif
// just for fun
SSL_CTX_sess_set_cache_size(ctx, 0);
// set the callback for ssl sessions
SSL_CTX_sess_set_new_cb(ctx, uwsgi_ssl_session_new_cb);
SSL_CTX_sess_set_get_cb(ctx, uwsgi_ssl_session_get_cb);
SSL_CTX_sess_set_remove_cb(ctx, uwsgi_ssl_session_remove_cb);
}
SSL_CTX_set_timeout(ctx, uwsgi.ssl_sessions_timeout);
SSL_CTX_set_options(ctx, ssloptions);
return ctx;
}
SslContext_t::SslContext_t (bool is_server, const string &privkeyfile, const string &certchainfile):
pCtx (NULL),
PrivateKey (NULL),
Certificate (NULL)
{
/* TODO: the usage of the specified private-key and cert-chain filenames only applies to
* client-side connections at this point. Server connections currently use the default materials.
* That needs to be fixed asap.
* Also, in this implementation, server-side connections use statically defined X-509 defaults.
* One thing I'm really not clear on is whether or not you have to explicitly free X509 and EVP_PKEY
* objects when we call our destructor, or whether just calling SSL_CTX_free is enough.
*/
if (!bLibraryInitialized) {
bLibraryInitialized = true;
SSL_library_init();
OpenSSL_add_ssl_algorithms();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
ERR_load_crypto_strings();
InitializeDefaultCredentials();
}
bIsServer = is_server;
pCtx = SSL_CTX_new (is_server ? SSLv23_server_method() : SSLv23_client_method());
if (!pCtx)
throw std::runtime_error ("no SSL context");
SSL_CTX_set_options (pCtx, SSL_OP_ALL);
//SSL_CTX_set_options (pCtx, (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3));
#ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode (pCtx, SSL_MODE_RELEASE_BUFFERS);
#endif
if (is_server) {
// The SSL_CTX calls here do NOT allocate memory.
int e;
if (privkeyfile.length() > 0)
e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
else
e = SSL_CTX_use_PrivateKey (pCtx, DefaultPrivateKey);
if (e <= 0) ERR_print_errors_fp(stderr);
assert (e > 0);
if (certchainfile.length() > 0)
e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
else
e = SSL_CTX_use_certificate (pCtx, DefaultCertificate);
if (e <= 0) ERR_print_errors_fp(stderr);
assert (e > 0);
}
SSL_CTX_set_cipher_list (pCtx, "ALL:!ADH:!LOW:!EXP:!DES-CBC3-SHA:@STRENGTH");
if (is_server) {
SSL_CTX_sess_set_cache_size (pCtx, 128);
SSL_CTX_set_session_id_context (pCtx, (unsigned char*)"eventmachine", 12);
}
else {
int e;
if (privkeyfile.length() > 0) {
e = SSL_CTX_use_PrivateKey_file (pCtx, privkeyfile.c_str(), SSL_FILETYPE_PEM);
if (e <= 0) ERR_print_errors_fp(stderr);
assert (e > 0);
}
if (certchainfile.length() > 0) {
e = SSL_CTX_use_certificate_chain_file (pCtx, certchainfile.c_str());
if (e <= 0) ERR_print_errors_fp(stderr);
assert (e > 0);
}
}
}
/*
Create and initialize an SSL configuration for a route. This configuration is used by all requests for
a given route. An application can have different SSL configurations for different routes. There is also
a default SSL configuration that is used when a route does not define a configuration and one for clients.
*/
static OpenConfig *createOpenSslConfig(MprSocket *sp)
{
MprSsl *ssl;
OpenConfig *cfg;
X509_STORE *store;
SSL_CTX *context;
cchar *key;
uchar resume[16];
int verifyMode;
ssl = sp->ssl;
assert(ssl);
if ((ssl->config = mprAllocObj(OpenConfig, manageOpenConfig)) == 0) {
return 0;
}
cfg = ssl->config;
if ((context = SSL_CTX_new(SSLv23_method())) == 0) {
mprLog("error openssl", 0, "Unable to create SSL context");
return 0;
}
SSL_CTX_set_app_data(context, (void*) ssl);
if (ssl->verifyPeer && !(ssl->caFile || ssl->caPath)) {
sp->errorMsg = sfmt("Cannot verify peer due to undefined CA certificates");
SSL_CTX_free(context);
return 0;
}
/*
Configure the certificates
*/
if (ssl->certFile) {
if (SSL_CTX_use_certificate_chain_file(context, ssl->certFile) <= 0) {
if (SSL_CTX_use_certificate_file(context, ssl->certFile, SSL_FILETYPE_ASN1) <= 0) {
mprLog("error openssl", 0, "Cannot open certificate file: %s", ssl->certFile);
SSL_CTX_free(context);
return 0;
}
}
key = (ssl->keyFile == 0) ? ssl->certFile : ssl->keyFile;
if (key) {
if (SSL_CTX_use_PrivateKey_file(context, key, SSL_FILETYPE_PEM) <= 0) {
/* attempt ASN1 for self-signed format */
if (SSL_CTX_use_PrivateKey_file(context, key, SSL_FILETYPE_ASN1) <= 0) {
mprLog("error openssl", 0, "Cannot open private key file: %s", key);
SSL_CTX_free(context);
return 0;
}
}
if (!SSL_CTX_check_private_key(context)) {
mprLog("error openssl", 0, "Check of private key file failed: %s", key);
SSL_CTX_free(context);
return 0;
}
}
}
if (ssl->ciphers) {
ssl->ciphers = mapCipherNames(ssl->ciphers);
}
if (!ssl->ciphers && (sp->flags & MPR_SOCKET_SERVER)) {
ssl->ciphers = sclone(OPENSSL_DEFAULT_CIPHERS);
}
if (ssl->ciphers) {
mprLog("info openssl", 5, "Using SSL ciphers: %s", ssl->ciphers);
if (SSL_CTX_set_cipher_list(context, ssl->ciphers) != 1) {
sp->errorMsg = sfmt("Unable to set cipher list \"%s\". %s", ssl->ciphers, getOssError(sp));
SSL_CTX_free(context);
return 0;
}
}
verifyMode = ssl->verifyPeer ? SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT : SSL_VERIFY_NONE;
if (verifyMode != SSL_VERIFY_NONE) {
if (!(ssl->caFile || ssl->caPath)) {
sp->errorMsg = sclone("No defined certificate authority file");
SSL_CTX_free(context);
return 0;
}
if ((!SSL_CTX_load_verify_locations(context, (char*) ssl->caFile, (char*) ssl->caPath)) ||
(!SSL_CTX_set_default_verify_paths(context))) {
sp->errorMsg = sfmt("Unable to set certificate locations: %s: %s", ssl->caFile, ssl->caPath);
SSL_CTX_free(context);
return 0;
}
if (ssl->caFile) {
STACK_OF(X509_NAME) *certNames;
certNames = SSL_load_client_CA_file(ssl->caFile);
if (certNames) {
/*
Define the list of CA certificates to send to the client
before they send their client certificate for validation
*/
SSL_CTX_set_client_CA_list(context, certNames);
}
}
store = SSL_CTX_get_cert_store(context);
if (ssl->revokeList && !X509_STORE_load_locations(store, ssl->revokeList, 0)) {
mprLog("error openssl", 0, "Cannot load certificate revoke list: %s", ssl->revokeList);
SSL_CTX_free(context);
return 0;
}
if (sp->flags & MPR_SOCKET_SERVER) {
SSL_CTX_set_verify_depth(context, ssl->verifyDepth);
}
}
/*
Define callbacks
*/
SSL_CTX_set_verify(context, verifyMode, verifyPeerCertificate);
/*
Configure DH parameters
*/
SSL_CTX_set_tmp_dh_callback(context, dhcallback);
cfg->dhKey = getDhKey();
/*
Define default OpenSSL options
*/
SSL_CTX_set_options(context, SSL_OP_ALL);
/*
Ensure we generate a new private key for each connection
*/
SSL_CTX_set_options(context, SSL_OP_SINGLE_DH_USE);
/*
Define a session reuse context
*/
RAND_bytes(resume, sizeof(resume));
SSL_CTX_set_session_id_context(context, resume, sizeof(resume));
/*
Elliptic Curve initialization
*/
#if SSL_OP_SINGLE_ECDH_USE
#ifdef SSL_CTX_set_ecdh_auto
SSL_CTX_set_ecdh_auto(context, 1);
#else
{
EC_KEY *ecdh;
cchar *name;
int nid;
name = ME_MPR_SSL_CURVE;
if ((nid = OBJ_sn2nid(name)) == 0) {
sp->errorMsg = sfmt("Unknown curve name \"%s\"", name);
SSL_CTX_free(context);
return 0;
}
if ((ecdh = EC_KEY_new_by_curve_name(nid)) == 0) {
sp->errorMsg = sfmt("Unable to create curve \"%s\"", name);
SSL_CTX_free(context);
return 0;
}
SSL_CTX_set_options(context, SSL_OP_SINGLE_ECDH_USE);
SSL_CTX_set_tmp_ecdh(context, ecdh);
EC_KEY_free(ecdh);
}
#endif
#endif
SSL_CTX_set_mode(context, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_AUTO_RETRY | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
#ifdef SSL_OP_MSIE_SSLV2_RSA_PADDING
SSL_CTX_set_options(context, SSL_OP_MSIE_SSLV2_RSA_PADDING);
#endif
#ifdef SSL_MODE_RELEASE_BUFFERS
SSL_CTX_set_mode(context, SSL_MODE_RELEASE_BUFFERS);
#endif
#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
SSL_CTX_set_mode(context, SSL_OP_CIPHER_SERVER_PREFERENCE);
#endif
/*
Select the required protocols
Disable SSLv2 and SSLv3 by default -- they are insecure.
*/
SSL_CTX_set_options(context, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(context, SSL_OP_NO_SSLv3);
#ifdef SSL_OP_NO_TLSv1
if (!(ssl->protocols & MPR_PROTO_TLSV1)) {
SSL_CTX_set_options(context, SSL_OP_NO_TLSv1);
}
#endif
#ifdef SSL_OP_NO_TLSv1_1
if (!(ssl->protocols & MPR_PROTO_TLSV1_1)) {
SSL_CTX_set_options(context, SSL_OP_NO_TLSv1_1);
}
#endif
#ifdef SSL_OP_NO_TLSv1_2
if (!(ssl->protocols & MPR_PROTO_TLSV1_2)) {
SSL_CTX_set_options(context, SSL_OP_NO_TLSv1_2);
}
#endif
/*
Options set via main.me mpr.ssl.*
*/
#if defined(SSL_OP_NO_TICKET)
/*
Ticket based session reuse is enabled by default
*/
#if defined(ME_MPR_SSL_TICKET)
if (ME_MPR_SSL_TICKET) {
SSL_CTX_clear_options(context, SSL_OP_NO_TICKET);
} else {
SSL_CTX_set_options(context, SSL_OP_NO_TICKET);
}
#else
SSL_CTX_clear_options(context, SSL_OP_NO_TICKET);
#endif
#endif
#if defined(SSL_OP_NO_COMPRESSION)
/*
Use of compression is not secure. Disabled by default.
*/
#if defined(ME_MPR_SSL_COMPRESSION)
if (ME_MPR_SSL_COMPRESSION) {
SSL_CTX_clear_options(context, SSL_OP_NO_COMPRESSION);
} else {
SSL_CTX_set_options(context, SSL_OP_NO_COMPRESSION);
}
#else
/*
CRIME attack targets compression
*/
SSL_CTX_clear_options(context, SSL_OP_NO_COMPRESSION);
#endif
#endif
#if defined(SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)
/*
Force a new session on renegotiation. Default to true.
*/
#if defined(ME_MPR_SSL_RENEGOTIATE)
if (ME_MPR_SSL_RENEGOTIATE) {
SSL_CTX_clear_options(context, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
} else {
SSL_CTX_set_options(context, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
}
#else
SSL_CTX_set_options(context, SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION);
#endif
#endif
#if defined(SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
/*
Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol vulnerability affecting CBC ciphers.
Defaults to true.
*/
#if defined(ME_MPR_SSL_EMPTY_FRAGMENTS)
if (ME_MPR_SSL_EMPTY_FRAGMENTS) {
/* SSL_OP_ALL disables empty fragments. Only needed for ancient browsers like IE-6 on SSL-3.0/TLS-1.0 */
SSL_CTX_clear_options(context, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
} else {
SSL_CTX_set_options(context, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
}
#else
SSL_CTX_set_options(context, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS);
#endif
#endif
#if defined(ME_MPR_SSL_CACHE)
/*
Set the number of sessions supported. Default in OpenSSL is 20K.
*/
SSL_CTX_sess_set_cache_size(context, ME_MPR_SSL_CACHE);
#else
SSL_CTX_sess_set_cache_size(context, 1024);
#endif
cfg->context = context;
return cfg;
}
