| blob | ab5fb0db4e3097e30854ede16c25c3c8726d4e3a |
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
17 /* _ _
18 * _ __ ___ ___ __| | ___ ___| | mod_ssl
19 * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
20 * | | | | | | (_) | (_| | \__ \__ \ |
21 * |_| |_| |_|\___/ \__,_|___|___/___/_|
22 * |_____|
23 * ssl_engine_kernel.c
24 * The SSL engine kernel
25 */
26 /* ``It took me fifteen years to discover
27 I had no talent for programming, but
28 I couldn't give it up because by that
29 time I was too famous.''
30 -- Unknown */
34 #ifndef OPENSSL_NO_TLSEXT
36 #endif
42 /* Perform an upgrade-to-TLS for the given request, per RFC 2817. */
44 {
48 apr_status_t rv;
62 }
66 "failed to send 101 interim response for connection "
69 }
76 /* Perform initial SSL handshake. */
85 }
88 }
90 /*
91 * Post Read Request Handler
92 */
94 {
98 #ifndef OPENSSL_NO_TLSEXT
100 #endif
103 /* Perform TLS upgrade here if "SSLEngine optional" is configured,
104 * SSL is not already set up for this connection, and the client
105 * has sent a suitable Upgrade header. */
111 }
112 }
117 }
127 }
132 thisport));
135 "Reason: You're speaking plain HTTP "
137 "Instead use the HTTPS scheme to access "
139 "<blockquote>Hint: "
145 /* Now that we have caught this error, forget it. we are done
146 * with using SSL on this request.
147 */
152 }
154 /*
155 * Get the SSL connection structure and perform the
156 * delayed interlinking from SSL back to request_rec
157 */
161 }
162 #ifndef OPENSSL_NO_TLSEXT
165 /* Use the SNI extension as the hostname if no Host: header was sent */
168 }
169 #endif
172 /*
173 * Log information about incoming HTTPS requests
174 */
184 }
186 /* SetEnvIf ssl-*-shutdown flags can only be per-server,
187 * so they won't change across keepalive requests
188 */
191 }
194 }
196 /*
197 * Move SetEnvIf information from request_rec to conn_rec/BUFF
198 * to allow the close connection handler to use them.
199 */
202 {
214 /* being case-sensitive here.
215 * and not checking for the -shutdown since these are the only
216 * SetEnvIf "flags" we support
217 */
222 }
225 }
227 }
229 }
230 }
231 }
233 /*
234 * Access Handler
235 */
237 {
251 X509_STORE_CTX cert_store_ctx;
258 }
260 /*
261 * Support for SSLRequireSSL directive
262 */
265 /* This vhost was configured for optional SSL, just tell the
266 * client that we need to upgrade.
267 */
272 }
278 /* remember forbidden access for strict require option */
282 }
284 /*
285 * Check to see whether SSL is in use; if it's not, then no
286 * further access control checks are relevant. (the test for
287 * sc->enabled is probably strictly unnecessary)
288 */
291 }
293 /*
294 * Support for per-directory reconfigured SSL connection parameters.
295 *
296 * This is implemented by forcing an SSL renegotiation with the
297 * reconfigured parameter suite. But Apache's internal API processing
298 * makes our life very hard here, because when internal sub-requests occur
299 * we nevertheless should avoid multiple unnecessary SSL handshakes (they
300 * require extra network I/O and especially time to perform).
301 *
302 * But the optimization for filtering out the unnecessary handshakes isn't
303 * obvious and trivial. Especially because while Apache is in its
304 * sub-request processing the client could force additional handshakes,
305 * too. And these take place perhaps without our notice. So the only
306 * possibility is to explicitly _ask_ OpenSSL whether the renegotiation
307 * has to be performed or not. It has to performed when some parameters
308 * which were previously known (by us) are not those we've now
309 * reconfigured (as known by OpenSSL) or (in optimized way) at least when
310 * the reconfigured parameter suite is stronger (more restrictions) than
311 * the currently active one.
312 */
314 /*
315 * Override of SSLCipherSuite
316 *
317 * We provide two options here:
318 *
319 * o The paranoid and default approach where we force a renegotiation when
320 * the cipher suite changed in _any_ way (which is straight-forward but
321 * often forces renegotiations too often and is perhaps not what the
322 * user actually wanted).
323 *
324 * o The optimized and still secure way where we force a renegotiation
325 * only if the currently active cipher is no longer contained in the
326 * reconfigured/new cipher suite. Any other changes are not important
327 * because it's the servers choice to select a cipher from the ones the
328 * client supports. So as long as the current cipher is still in the new
329 * cipher suite we're happy. Because we can assume we would have
330 * selected it again even when other (better) ciphers exists now in the
331 * new cipher suite. This approach is fine because the user explicitly
332 * has to enable this via ``SSLOptions +OptRenegotiate''. So we do no
333 * implicit optimizations.
334 */
336 /* remember old state */
340 }
346 }
347 }
349 /* configure new state */
352 "Unable to reconfigure (per-directory) "
358 }
361 }
363 /* determine whether a renegotiation has to be forced */
367 /* optimized way */
370 {
372 }
375 {
377 }
378 }
380 /* paranoid way */
383 {
385 }
389 n++)
390 {
395 }
396 }
400 n++)
401 {
406 }
407 }
408 }
409 }
411 /* cleanup */
414 }
416 /* tracing */
420 }
421 }
423 /*
424 * override of SSLVerifyDepth
425 *
426 * The depth checks are handled by us manually inside the verify callback
427 * function and not by OpenSSL internally (and our function is aware of
428 * both the per-server and per-directory contexts). So we cannot ask
429 * OpenSSL about the currently verify depth. Instead we remember it in our
430 * ap_ctx attached to the SSL* of OpenSSL. We've to force the
431 * renegotiation if the reconfigured/new verify depth is less than the
432 * currently active/remembered verify depth (because this means more
433 * restriction on the certificate chain).
434 */
437 /* apply per-vhost setting, if per-directory config is not set */
439 }
441 /* XXX: doesnt look like sslconn->verify_depth is actually used */
444 }
446 /* determine whether a renegotiation has to be forced */
450 "Reduced client verification depth will force "
452 }
453 }
455 /*
456 * override of SSLVerifyClient
457 *
458 * We force a renegotiation if the reconfigured/new verify type is
459 * stronger than the currently active verify type.
460 *
461 * The order is: none << optional_no_ca << optional << require
462 *
463 * Additionally the following optimization is possible here: When the
464 * currently active verify type is "none" but a client certificate is
465 * already known/present, it's enough to manually force a client
466 * verification but at least skip the I/O-intensive renegotation
467 * handshake.
468 */
471 /* apply per-vhost setting, if per-directory config is not set */
473 }
475 /* remember old state */
477 /* configure new state */
482 }
486 {
488 }
493 /* determine whether we've to force a renegotiation */
503 {
505 /* optimization */
510 {
513 }
516 "Changed client verification type will force "
519 }
520 }
521 }
523 /*
524 * override SSLCACertificateFile & SSLCACertificatePath
525 * This is only enabled if the SSL_set_cert_store() function
526 * is available in the ssl library. the 1.x based mod_ssl
527 * used SSL_CTX_set_cert_store which is not thread safe.
528 */
530 #ifdef HAVE_SSL_SET_CERT_STORE
531 /*
532 * check if per-dir and per-server config field are not the same.
533 * if f is defined in per-dir and not defined in per-server
534 * or f is defined in both but not the equal ...
535 */
536 #define MODSSL_CFG_NE(f) \
537 (dc->f && (!sc->f || (sc->f && strNE(dc->f, sc->f))))
539 #define MODSSL_CFG_CA(f) \
540 (dc->f ? dc->f : sc->f)
544 {
553 "Unable to reconfigure verify locations "
560 }
562 /* SSL_free will free cert_store */
567 {
569 "Unable to determine list of available "
573 }
579 "Changed client verification locations will force "
581 }
584 /* If a renegotiation is now required for this location, and the
585 * request includes a message body (and the client has not
586 * requested a "100 Continue" response), then the client will be
587 * streaming the request body over the wire already. In that
588 * case, it is not possible to stop and perform a new SSL
589 * handshake immediately; once the SSL library moves to the
590 * "accept" state, it will reject the SSL packets which the client
591 * is sending for the request body.
592 *
593 * To allow authentication to complete in this auth hook, the
594 * solution used here is to fill a (bounded) buffer with the
595 * request body, and then to reinject that request body later.
596 */
603 apr_size_t rsize;
608 /* Fill the I/O buffer with the request body if possible. */
610 }
612 /* If the reneg buffer size is set to zero, just fail. */
614 }
618 "could not buffer message body to allow "
621 }
622 }
624 /*
625 * now do the renegotiation if anything was actually reconfigured
626 */
628 /*
629 * Now we force the SSL renegotation by sending the Hello Request
630 * message to the client. Here we have to do a workaround: Actually
631 * OpenSSL returns immediately after sending the Hello Request (the
632 * intent AFAIK is because the SSL/TLS protocol says it's not a must
633 * that the client replies to a Hello Request). But because we insist
634 * on a reply (anything else is an error for us) we have to go to the
635 * ACCEPT state manually. Using SSL_set_accept_state() doesn't work
636 * here because it resets too much of the connection. So we set the
637 * state explicitly and continue the handshake manually.
638 */
645 /* perform just a manual re-verification of the peer */
647 "Performing quick renegotiation: "
655 /* client cert is in the session cache, but there is
656 * no chain, since ssl3_get_client_certificate()
657 * sk_X509_shift-ed the peer cert out of the chain.
658 * we put it back here for the purpose of quick_renegotiation.
659 */
662 }
669 }
673 {
678 }
682 }
689 }
699 }
705 /* we created this ourselves, so free it */
707 }
708 }
712 /* do a full renegotiation */
714 "Performing full renegotiation: "
730 }
735 /* XXX: Should replace SSL_set_state with SSL_renegotiate(ssl);
736 * However, this causes failures in perl-framework currently,
737 * perhaps pre-test if we have already negotiated?
738 */
744 "Re-negotiation handshake failed: "
749 }
750 }
752 /*
753 * Remember the peer certificate's DN
754 */
758 }
761 }
763 /*
764 * Finally check for acceptable renegotiation results
765 */
771 "Re-negotiation handshake failed: "
775 }
780 "Re-negotiation handshake failed: "
784 }
787 }
788 }
790 /*
791 * Also check that SSLCipherSuite has been enforced as expected.
792 */
797 "SSL cipher suite not renegotiated: "
802 }
803 }
804 }
806 /* If we're trying to have the user name set from a client
807 * certificate then we need to set it here. This should be safe as
808 * the user name probably isn't important from an auth checking point
809 * of view as the certificate supplied acts in that capacity.
810 * However, if FakeAuth is being used then this isn't the case so
811 * we need to postpone setting the username until later.
812 */
818 else
821 }
823 /*
824 * Check SSLRequire boolean expressions
825 */
835 "Failed to execute "
843 /* remember forbidden access for strict require option */
847 }
851 "Access to %s denied for %s "
863 /* remember forbidden access for strict require option */
867 }
868 }
870 /*
871 * Else access is granted from our point of view (except vendor
872 * handlers override). But we have to return DECLINED here instead
873 * of OK, because mod_auth and other modules still might want to
874 * deny access.
875 */
878 }
880 /*
881 * Authentication Handler:
882 * Fake a Basic authentication from the X509 client certificate.
883 *
884 * This must be run fairly early on to prevent a real authentication from
885 * occuring, in particular it must be run before anything else that
886 * authenticates a user. This means that the Module statement for this
887 * module should be LAST in the Configuration file.
888 */
890 {
897 /*
898 * Additionally forbid access (again)
899 * when strict require option is used.
900 */
903 {
905 }
907 /*
908 * We decline when we are in a subrequest. The Authorization header
909 * would already be present if it was added in the main request.
910 */
913 }
915 /*
916 * Make sure the user is not able to fake the client certificate
917 * based authentication by just entering an X.509 Subject DN
918 * ("/XX=YYY/XX=YYY/..") as the username and "password" as the
919 * password.
920 */
924 auth_line++;
925 }
935 }
936 }
937 }
939 /*
940 * We decline operation in various situations...
941 * - SSLOptions +FakeBasicAuth not configured
942 * - r->user already authenticated
943 * - ssl not enabled
944 * - client did not present a certificate
945 */
949 {
951 }
958 }
962 /*
963 * Fake a password - which one would be immaterial, as, it seems, an empty
964 * password in the users file would match ALL incoming passwords, if only
965 * we were using the standard crypt library routine. Unfortunately, OpenSSL
966 * "fixes" a "bug" in crypt and thus prevents blank passwords from
967 * working. (IMHO what they really fix is a bug in the users of the code
968 * - failing to program correctly for shadow passwords). We need,
969 * therefore, to provide a password. This password can be matched by
970 * adding the string "xxj31ZMTZzkVA" as the password in the user file.
971 * This is just the crypted variant of the word "password" ;-)
972 */
977 NULL);
982 auth_line);
985 }
987 /* authorization phase */
989 {
992 /*
993 * Additionally forbid access (again)
994 * when strict require option is used.
995 */
998 {
1000 }
1003 }
1005 /*
1006 * Fixup Handler
1007 */
1033 NULL
1034 };
1037 {
1043 #ifndef OPENSSL_NO_TLSEXT
1045 #endif
1050 /* If "SSLEngine optional" is configured, this is not an SSL
1051 * connection, and this isn't a subrequest, send an Upgrade
1052 * response header. */
1057 }
1059 /*
1060 * Check to see if SSL is on
1061 */
1062 if (!(((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) && sslconn && (ssl = sslconn->ssl))) {
1064 }
1066 /*
1067 * Annotate the SSI/CGI environment with standard SSL information
1068 */
1069 /* the always present HTTPS (=HTTP over SSL) flag! */
1072 #ifndef OPENSSL_NO_TLSEXT
1073 /* add content of SNI TLS extension (if supplied with ClientHello) */
1076 }
1077 #endif
1079 /* standard SSL environment variables */
1088 }
1089 }
1090 }
1092 /*
1093 * On-demand bloat up the SSI/CGI environment with certificate data
1094 */
1113 }
1114 }
1115 }
1116 }
1119 }
1121 /* _________________________________________________________________
1122 **
1123 ** OpenSSL Callback Functions
1124 ** _________________________________________________________________
1125 */
1127 /*
1128 * Handle out temporary RSA private keys on demand
1129 *
1130 * The background of this as the TLSv1 standard explains it:
1131 *
1132 * | D.1. Temporary RSA keys
1133 * |
1134 * | US Export restrictions limit RSA keys used for encryption to 512
1135 * | bits, but do not place any limit on lengths of RSA keys used for
1136 * | signing operations. Certificates often need to be larger than 512
1137 * | bits, since 512-bit RSA keys are not secure enough for high-value
1138 * | transactions or for applications requiring long-term security. Some
1139 * | certificates are also designated signing-only, in which case they
1140 * | cannot be used for key exchange.
1141 * |
1142 * | When the public key in the certificate cannot be used for encryption,
1143 * | the server signs a temporary RSA key, which is then exchanged. In
1144 * | exportable applications, the temporary RSA key should be the maximum
1145 * | allowable length (i.e., 512 bits). Because 512-bit RSA keys are
1146 * | relatively insecure, they should be changed often. For typical
1147 * | electronic commerce applications, it is suggested that keys be
1148 * | changed daily or every 500 transactions, and more often if possible.
1149 * | Note that while it is acceptable to use the same temporary key for
1150 * | multiple transactions, it must be signed each time it is used.
1151 * |
1152 * | RSA key generation is a time-consuming process. In many cases, a
1153 * | low-priority process can be assigned the task of key generation.
1154 * | Whenever a new key is completed, the existing temporary key can be
1155 * | replaced with the new one.
1156 *
1157 * XXX: base on comment above, if thread support is enabled,
1158 * we should spawn a low-priority thread to generate new keys
1159 * on the fly.
1160 *
1161 * So we generated 512 and 1024 bit temporary keys on startup
1162 * which we now just hand out on demand....
1163 */
1166 {
1174 /* doesn't matter if export flag is on,
1175 * we won't be asked for keylen > 512 in that case.
1176 * if we are asked for a keylen > 1024, it is too expensive
1177 * to generate on the fly.
1178 * XXX: any reason not to generate 2048 bit keys at startup?
1179 */
1189 }
1192 }
1194 /*
1195 * Hand out the already generated DH parameters...
1196 */
1198 {
1214 }
1217 }
1219 /*
1220 * This OpenSSL callback function is called when OpenSSL
1221 * does client authentication and verifies the certificate chain.
1222 */
1224 {
1225 /* Get Apache context back through OpenSSL context */
1237 /* Get verify ingredients */
1242 /*
1243 * Log verification information
1244 */
1248 errdepth);
1250 /*
1251 * Check for optionally acceptable non-verifiable issuer situation
1252 */
1255 }
1258 }
1261 /*
1262 * SSLProxyVerify is either not configured or set to "none".
1263 * (this callback doesn't happen in the server context if SSLVerify
1264 * is not configured or set to "none")
1265 */
1267 }
1271 {
1273 "Certificate Verification: Verifiable Issuer is "
1274 "configured as optional, therefore we're accepting "
1279 }
1281 /*
1282 * Perform OCSP/CRL-based revocation checks
1283 */
1287 }
1289 #ifdef HAVE_OCSP
1290 /* If there was an optional verification error, it's not
1291 * possible to perform OCSP validation since the issuer may be
1292 * missing/untrusted. Fail in that case. */
1298 "cannot perform OCSP validation for cert "
1299 "if issuer has not been verified "
1302 }
1308 }
1309 }
1310 #endif
1311 }
1313 /*
1314 * If we already know it's not ok, log the real reason
1315 */
1324 }
1327 }
1329 /*
1330 * Finally check the depth of the certificate verification
1331 */
1334 }
1337 }
1341 "Certificate Verification: Certificate Chain too long "
1342 "(chain has %d certificates, but maximum allowed are "
1350 }
1352 /*
1353 * And finally signal OpenSSL the (perhaps changed) state
1354 */
1356 }
1359 {
1364 X509_OBJECT obj;
1371 /*
1372 * Unless a revocation store for CRLs was created we
1373 * cannot do any CRL-based verification, of course.
1374 */
1377 }
1379 /*
1380 * Determine certificate ingredients in advance
1381 */
1386 /*
1387 * OpenSSL provides the general mechanism to deal with CRLs but does not
1388 * use them automatically when verifying certificates, so we do it
1389 * explicitly here. We will check the CRL for the currently checked
1390 * certificate, if there is such a CRL in the store.
1391 *
1392 * We come through this procedure for each certificate in the certificate
1393 * chain, starting with the root-CA's certificate. At each step we've to
1394 * both verify the signature on the CRL (to make sure it's a valid CRL)
1395 * and it's revocation list (to make sure the current certificate isn't
1396 * revoked). But because to check the signature on the CRL we need the
1397 * public key of the issuing CA certificate (which was already processed
1398 * one round before), we've a little problem. But we can both solve it and
1399 * at the same time optimize the processing by using the following
1400 * verification scheme (idea and code snippets borrowed from the GLOBUS
1401 * project):
1402 *
1403 * 1. We'll check the signature of a CRL in each step when we find a CRL
1404 * through the _subject_ name of the current certificate. This CRL
1405 * itself will be needed the first time in the next round, of course.
1406 * But we do the signature processing one round before this where the
1407 * public key of the CA is available.
1408 *
1409 * 2. We'll check the revocation list of a CRL in each step when
1410 * we find a CRL through the _issuer_ name of the current certificate.
1411 * This CRLs signature was then already verified one round before.
1412 *
1413 * This verification scheme allows a CA to revoke its own certificate as
1414 * well, of course.
1415 */
1417 /*
1418 * Try to retrieve a CRL corresponding to the _subject_ of
1419 * the current certificate in order to verify it's integrity.
1420 */
1427 /*
1428 * Log information about CRL
1429 * (A little bit complicated because of ASN.1 and BIOs...)
1430 */
1450 }
1452 /*
1453 * Verify the signature on this CRL
1454 */
1457 #ifdef OPENSSL_VERSION_NUMBER
1458 /* Only refcounted in OpenSSL */
1461 #endif
1469 }
1471 /*
1472 * Check date of CRL to make sure it's not expired
1473 */
1481 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
1485 }
1489 "Found CRL is expired - "
1496 }
1499 }
1501 /*
1502 * Try to retrieve a CRL corresponding to the _issuer_ of
1503 * the current certificate in order to check for revocation.
1504 */
1511 /*
1512 * Check if the current certificate is revoked by this CRL
1513 */
1528 "Certificate with serial %ld (0x%lX) "
1532 }
1538 }
1539 }
1542 }
1545 }
1547 #define SSLPROXY_CERT_CB_LOG_FMT \
1548 "Proxy client certificate callback: (%s) "
1553 {
1561 }
1569 }
1571 /*
1572 * caller will decrement the cert and key reference
1573 * so we need to increment here to prevent them from
1574 * being freed.
1575 */
1576 #define modssl_set_cert_info(info, cert, pkey) \
1577 *cert = info->x509; \
1578 X509_reference_inc(*cert); \
1579 *pkey = info->x_pkey->dec_pkey; \
1580 EVP_PKEY_reference_inc(*pkey)
1583 {
1599 SSLPROXY_CERT_CB_LOG_FMT
1600 "downstream server wanted client certificate "
1603 }
1608 /*
1609 * downstream server didn't send us a list of acceptable CA certs,
1610 * so we send the first client cert in the list.
1611 */
1619 }
1634 }
1635 }
1636 }
1639 SSLPROXY_CERT_CB_LOG_FMT
1643 }
1652 {
1658 }
1663 }
1666 "Inter-Process Session Cache: "
1671 }
1673 /*
1674 * This callback function is executed by OpenSSL whenever a new SSL_SESSION is
1675 * added to the internal OpenSSL session cache. We use this hook to spread the
1676 * SSL_SESSION also to the inter-process disk-cache to make share it with our
1677 * other Apache pre-forked server processes.
1678 */
1680 {
1681 /* Get Apache context back through OpenSSL context */
1686 BOOL rc;
1690 /*
1691 * Set the timeout also for the internal OpenSSL cache, because this way
1692 * our inter-process cache is consulted only when it's really necessary.
1693 */
1696 /*
1697 * Store the SSL_SESSION in the inter-process cache with the
1698 * same expire time, so it expires automatically there, too.
1699 */
1711 /*
1712 * return 0 which means to OpenSSL that the session is still
1713 * valid and was not freed by us with SSL_SESSION_free().
1714 */
1716 }
1718 /*
1719 * This callback function is executed by OpenSSL whenever a
1720 * SSL_SESSION is looked up in the internal OpenSSL cache and it
1721 * was not found. We use this to lookup the SSL_SESSION in the
1722 * inter-process disk-cache where it was perhaps stored by one
1723 * of our other Apache pre-forked server processes.
1724 */
1728 {
1729 /* Get Apache context back through OpenSSL context */
1734 /*
1735 * Try to retrieve the SSL_SESSION from the inter-process cache
1736 */
1743 /*
1744 * Return NULL or the retrieved SSL_SESSION. But indicate (by
1745 * setting do_copy to 0) that the reference count on the
1746 * SSL_SESSION should not be incremented by the SSL library,
1747 * because we will no longer hold a reference to it ourself.
1748 */
1752 }
1754 /*
1755 * This callback function is executed by OpenSSL whenever a
1756 * SSL_SESSION is removed from the the internal OpenSSL cache.
1757 * We use this to remove the SSL_SESSION in the inter-process
1758 * disk-cache, too.
1759 */
1762 {
1768 /*
1769 * Get Apache context back through OpenSSL context
1770 */
1773 }
1777 /*
1778 * Remove the SSL_SESSION from the inter-process cache
1779 */
1783 /* TODO: Do we need a temp pool here, or are we always shutting down? */
1790 }
1792 /*
1793 * This callback function is executed while OpenSSL processes the
1794 * SSL handshake and does SSL record layer stuff. We use it to
1795 * trace OpenSSL's processing in out SSL logfile.
1796 */
1798 {
1803 /*
1804 * find corresponding server
1805 */
1808 }
1813 }
1815 /*
1816 * create the various trace messages
1817 */
1822 }
1826 }
1831 }
1836 }
1841 }
1849 }
1855 }
1860 }
1861 }
1862 }
1864 /*
1865 * Because SSL renegotations can happen at any time (not only after
1866 * SSL_accept()), the best way to log the current connection details is
1867 * right after a finished handshake.
1868 */
1871 "Connection: Client IP: %s, Protocol: %s, "
1878 }
1879 }
1881 #ifndef OPENSSL_NO_TLSEXT
1882 /*
1883 * This callback function is executed when OpenSSL encounters an extended
1884 * client hello with a server name indication extension ("SNI", cf. RFC 4366).
1885 */
1887 {
1898 servername);
1900 }
1903 "No matching SSL virtual host for servername "
1905 servername);
1907 }
1908 }
1909 }
1912 }
1914 /*
1915 * Find a (name-based) SSL virtual host where either the ServerName
1916 * or one of the ServerAliases matches the supplied name (to be used
1917 * with ap_vhost_iterate_given_conn())
1918 */
1920 {
1927 /* check ServerName */
1930 }
1932 /*
1933 * if not matched yet, check ServerAlias entries
1934 * (adapted from vhost.c:matches_aliases())
1935 */
1946 }
1947 }
1948 }
1949 }
1951 /* if still no match, check ServerAlias entries with wildcards */
1962 }
1963 }
1964 }
1965 }
1967 /* set SSL_CTX (if matched) */
1971 /*
1972 * SSL_set_SSL_CTX() only deals with the server cert,
1973 * so we need to duplicate a few additional settings
1974 * from the ctx by hand
1975 */
1979 /*
1980 * Only initialize the verification settings from the ctx
1981 * if they are not yet set, or if we're called when a new
1982 * SSL connection is set up (num_renegotiations == 0).
1983 * Otherwise, we would possibly reset a per-directory
1984 * configuration which was put into effect by ssl_hook_Access.
1985 */
1988 }
1990 /*
1991 * We also need to make sure that the correct mctx
1992 * (accessed through the c->base_server->module_config vector)
1993 * is assigned to the connection - the CRL callback e.g.
1994 * makes use of it for retrieving its store (mctx->crl).
1995 * Since logging in callbacks uses c->base_server in many
1996 * cases, it also ensures that these messages are routed
1997 * to the proper log.
1998 */
2001 /*
2002 * There is one special filter callback, which is set
2003 * very early depending on the base_server's log level.
2004 * If this is not the first vhost we're now selecting
2005 * (and the first vhost doesn't use APLOG_DEBUG), then
2006 * we need to set that callback here.
2007 */
2011 }
2014 }
2017 }
2018 #endif