|
|
295152 |
diff --git a/docs/manual/mod/mod_ssl.html.en b/docs/manual/mod/mod_ssl.html.en
|
|
|
295152 |
index b543150..ab72d4f 100644
|
|
|
295152 |
--- a/docs/manual/mod/mod_ssl.html.en
|
|
|
295152 |
+++ b/docs/manual/mod/mod_ssl.html.en
|
|
|
295152 |
@@ -1524,6 +1524,32 @@ The available (case-insensitive) protocols are:
|
|
|
295152 |
|
|
|
295152 |
|
|
|
295152 |
|
|
|
295152 |
+
|
|
|
295152 |
+SSLProtocol for name-based virtual hosts
|
|
|
295152 |
+
|
|
|
295152 |
+Before OpenSSL 1.1.1, even though the Server Name Indication (SNI) allowed to
|
|
|
295152 |
+determine the targeted virtual host early in the TLS handshake, it was not
|
|
|
295152 |
+possible to switch the TLS protocol version of the connection at this point,
|
|
|
295152 |
+and thus the SSLProtocol negotiated was always based off
|
|
|
295152 |
+the one of the base virtual host (first virtual host declared on the
|
|
|
295152 |
+listening IP:port of the connection).
|
|
|
295152 |
+
|
|
|
295152 |
+
|
|
|
295152 |
+Beginning with Apache HTTP server version 2.4.42, when built/linked against
|
|
|
295152 |
+OpenSSL 1.1.1 or later, and when the SNI is provided by the client in the TLS
|
|
|
295152 |
+handshake, the SSLProtocol of each (name-based) virtual
|
|
|
295152 |
+host can and will be honored.
|
|
|
295152 |
+
|
|
|
295152 |
+
|
|
|
295152 |
+For compatibility with previous versions, if no
|
|
|
295152 |
+SSLProtocol is configured in a name-based virtual host,
|
|
|
295152 |
+the one from the base virtual host still applies, unless
|
|
|
295152 |
+SSLProtocol is configured globally in which case the
|
|
|
295152 |
+global value applies (this latter exception is more sensible than compatible,
|
|
|
295152 |
+though).
|
|
|
295152 |
+
|
|
|
295152 |
+
|
|
|
295152 |
+
|
|
|
295152 |
|
|
|
295152 |
|
|
|
295152 |
|
|
|
295152 |
diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
|
|
|
295152 |
index 0c4bf1f..ca5f702 100644
|
|
|
295152 |
--- a/modules/ssl/ssl_engine_config.c
|
|
|
295152 |
+++ b/modules/ssl/ssl_engine_config.c
|
|
|
295152 |
@@ -269,6 +269,7 @@ static void modssl_ctx_cfg_merge(apr_pool_t *p,
|
|
|
295152 |
mrg->protocol_set = 1;
|
|
|
295152 |
}
|
|
|
295152 |
else {
|
|
|
295152 |
+ mrg->protocol_set = base->protocol_set;
|
|
|
295152 |
mrg->protocol = base->protocol;
|
|
|
295152 |
}
|
|
|
295152 |
|
|
|
295152 |
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
|
|
|
295152 |
index 31062bc..70d151e 100644
|
|
|
295152 |
--- a/modules/ssl/ssl_engine_init.c
|
|
|
295152 |
+++ b/modules/ssl/ssl_engine_init.c
|
|
|
295152 |
@@ -520,7 +520,9 @@ static apr_status_t ssl_init_ctx_tls_extensions(server_rec *s,
|
|
|
295152 |
"Configuring TLS extension handling");
|
|
|
295152 |
|
|
|
295152 |
/*
|
|
|
295152 |
- * Server name indication (SNI)
|
|
|
295152 |
+ * The Server Name Indication (SNI) provided by the ClientHello can be
|
|
|
295152 |
+ * used to select the right (name-based-)vhost and its SSL configuration
|
|
|
295152 |
+ * before the handshake takes place.
|
|
|
295152 |
*/
|
|
|
295152 |
if (!SSL_CTX_set_tlsext_servername_callback(mctx->ssl_ctx,
|
|
|
295152 |
ssl_callback_ServerNameIndication) ||
|
|
|
295152 |
@@ -532,6 +534,16 @@ static apr_status_t ssl_init_ctx_tls_extensions(server_rec *s,
|
|
|
295152 |
return ssl_die(s);
|
|
|
295152 |
}
|
|
|
295152 |
|
|
|
295152 |
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
|
295152 |
+ /*
|
|
|
295152 |
+ * The ClientHello callback also allows to retrieve the SNI, but since it
|
|
|
295152 |
+ * runs at the earliest possible connection stage we can even set the TLS
|
|
|
295152 |
+ * protocol version(s) according to the selected (name-based-)vhost, which
|
|
|
295152 |
+ * is not possible at the SNI callback stage (due to OpenSSL internals).
|
|
|
295152 |
+ */
|
|
|
295152 |
+ SSL_CTX_set_client_hello_cb(mctx->ssl_ctx, ssl_callback_ClientHello, NULL);
|
|
|
295152 |
+#endif
|
|
|
295152 |
+
|
|
|
295152 |
#ifdef HAVE_OCSP_STAPLING
|
|
|
295152 |
/*
|
|
|
295152 |
* OCSP Stapling support, status_request extension
|
|
|
295152 |
@@ -708,7 +720,7 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
|
|
|
295152 |
#else /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
|
|
|
295152 |
/* We first determine the maximum protocol version we should provide */
|
|
|
295152 |
#if SSL_HAVE_PROTOCOL_TLSV1_3
|
|
|
295152 |
- if (SSL_HAVE_PROTOCOL_TLSV1_3 && (protocol & SSL_PROTOCOL_TLSV1_3)) {
|
|
|
295152 |
+ if (protocol & SSL_PROTOCOL_TLSV1_3) {
|
|
|
295152 |
prot = TLS1_3_VERSION;
|
|
|
295152 |
} else
|
|
|
295152 |
#endif
|
|
|
295152 |
diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
|
|
|
295152 |
index 8b44674..7313a55 100644
|
|
|
295152 |
--- a/modules/ssl/ssl_engine_kernel.c
|
|
|
295152 |
+++ b/modules/ssl/ssl_engine_kernel.c
|
|
|
295152 |
@@ -2357,28 +2357,31 @@ static apr_status_t set_challenge_creds(conn_rec *c, const char *servername,
|
|
|
295152 |
* This function sets the virtual host from an extended
|
|
|
295152 |
* client hello with a server name indication extension ("SNI", cf. RFC 6066).
|
|
|
295152 |
*/
|
|
|
295152 |
-static apr_status_t init_vhost(conn_rec *c, SSL *ssl)
|
|
|
295152 |
+static apr_status_t init_vhost(conn_rec *c, SSL *ssl, const char *servername)
|
|
|
295152 |
{
|
|
|
295152 |
- const char *servername;
|
|
|
295152 |
X509 *cert;
|
|
|
295152 |
EVP_PKEY *key;
|
|
|
295152 |
|
|
|
295152 |
if (c) {
|
|
|
295152 |
SSLConnRec *sslcon = myConnConfig(c);
|
|
|
295152 |
-
|
|
|
295152 |
- if (sslcon->server != c->base_server) {
|
|
|
295152 |
- /* already found the vhost */
|
|
|
295152 |
- return APR_SUCCESS;
|
|
|
295152 |
+
|
|
|
295152 |
+ if (sslcon->vhost_found) {
|
|
|
295152 |
+ /* already found the vhost? */
|
|
|
295152 |
+ return sslcon->vhost_found > 0 ? APR_SUCCESS : APR_NOTFOUND;
|
|
|
295152 |
}
|
|
|
295152 |
+ sslcon->vhost_found = -1;
|
|
|
295152 |
|
|
|
295152 |
- servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
|
|
|
295152 |
+ if (!servername) {
|
|
|
295152 |
+ servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
|
|
|
295152 |
+ }
|
|
|
295152 |
if (servername) {
|
|
|
295152 |
if (ap_vhost_iterate_given_conn(c, ssl_find_vhost,
|
|
|
295152 |
(void *)servername)) {
|
|
|
295152 |
ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02043)
|
|
|
295152 |
"SSL virtual host for servername %s found",
|
|
|
295152 |
servername);
|
|
|
295152 |
-
|
|
|
295152 |
+
|
|
|
295152 |
+ sslcon->vhost_found = +1;
|
|
|
295152 |
return APR_SUCCESS;
|
|
|
295152 |
}
|
|
|
295152 |
else if (ssl_is_challenge(c, servername, &cert, &key)) {
|
|
|
295152 |
@@ -2428,11 +2431,72 @@ static apr_status_t init_vhost(conn_rec *c, SSL *ssl)
|
|
|
295152 |
int ssl_callback_ServerNameIndication(SSL *ssl, int *al, modssl_ctx_t *mctx)
|
|
|
295152 |
{
|
|
|
295152 |
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
|
|
|
295152 |
- apr_status_t status = init_vhost(c, ssl);
|
|
|
295152 |
+ apr_status_t status = init_vhost(c, ssl, NULL);
|
|
|
295152 |
|
|
|
295152 |
return (status == APR_SUCCESS)? SSL_TLSEXT_ERR_OK : SSL_TLSEXT_ERR_NOACK;
|
|
|
295152 |
}
|
|
|
295152 |
|
|
|
295152 |
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
|
295152 |
+/*
|
|
|
295152 |
+ * This callback function is called when the ClientHello is received.
|
|
|
295152 |
+ */
|
|
|
295152 |
+int ssl_callback_ClientHello(SSL *ssl, int *al, void *arg)
|
|
|
295152 |
+{
|
|
|
295152 |
+ char *servername = NULL;
|
|
|
295152 |
+ conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
|
|
|
295152 |
+ const unsigned char *pos;
|
|
|
295152 |
+ size_t len, remaining;
|
|
|
295152 |
+ (void)arg;
|
|
|
295152 |
+
|
|
|
295152 |
+ /* We can't use SSL_get_servername() at this earliest OpenSSL connection
|
|
|
295152 |
+ * stage, and there is no SSL_client_hello_get0_servername() provided as
|
|
|
295152 |
+ * of OpenSSL 1.1.1. So the code below, that extracts the SNI from the
|
|
|
295152 |
+ * ClientHello's TLS extensions, is taken from some test code in OpenSSL,
|
|
|
295152 |
+ * i.e. client_hello_select_server_ctx() in "test/handshake_helper.c".
|
|
|
295152 |
+ */
|
|
|
295152 |
+
|
|
|
295152 |
+ /*
|
|
|
295152 |
+ * The server_name extension was given too much extensibility when it
|
|
|
295152 |
+ * was written, so parsing the normal case is a bit complex.
|
|
|
295152 |
+ */
|
|
|
295152 |
+ if (!SSL_client_hello_get0_ext(ssl, TLSEXT_TYPE_server_name, &pos,
|
|
|
295152 |
+ &remaining)
|
|
|
295152 |
+ || remaining <= 2)
|
|
|
295152 |
+ goto give_up;
|
|
|
295152 |
+
|
|
|
295152 |
+ /* Extract the length of the supplied list of names. */
|
|
|
295152 |
+ len = (*(pos++) << 8);
|
|
|
295152 |
+ len += *(pos++);
|
|
|
295152 |
+ if (len + 2 != remaining)
|
|
|
295152 |
+ goto give_up;
|
|
|
295152 |
+ remaining = len;
|
|
|
295152 |
+
|
|
|
295152 |
+ /*
|
|
|
295152 |
+ * The list in practice only has a single element, so we only consider
|
|
|
295152 |
+ * the first one.
|
|
|
295152 |
+ */
|
|
|
295152 |
+ if (remaining <= 3 || *pos++ != TLSEXT_NAMETYPE_host_name)
|
|
|
295152 |
+ goto give_up;
|
|
|
295152 |
+ remaining--;
|
|
|
295152 |
+
|
|
|
295152 |
+ /* Now we can finally pull out the byte array with the actual hostname. */
|
|
|
295152 |
+ len = (*(pos++) << 8);
|
|
|
295152 |
+ len += *(pos++);
|
|
|
295152 |
+ if (len + 2 != remaining)
|
|
|
295152 |
+ goto give_up;
|
|
|
295152 |
+
|
|
|
295152 |
+ /* Use the SNI to switch to the relevant vhost, should it differ from
|
|
|
295152 |
+ * c->base_server.
|
|
|
295152 |
+ */
|
|
|
295152 |
+ servername = apr_pstrmemdup(c->pool, (const char *)pos, len);
|
|
|
295152 |
+
|
|
|
295152 |
+give_up:
|
|
|
295152 |
+ init_vhost(c, ssl, servername);
|
|
|
295152 |
+ return SSL_CLIENT_HELLO_SUCCESS;
|
|
|
295152 |
+}
|
|
|
295152 |
+#endif /* OPENSSL_VERSION_NUMBER < 0x10101000L */
|
|
|
295152 |
+
|
|
|
295152 |
+
|
|
|
295152 |
/*
|
|
|
295152 |
* Find a (name-based) SSL virtual host where either the ServerName
|
|
|
295152 |
* or one of the ServerAliases matches the supplied name (to be used
|
|
|
295152 |
@@ -2452,12 +2516,25 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s)
|
|
|
295152 |
if (found && (ssl = sslcon->ssl) &&
|
|
|
295152 |
(sc = mySrvConfig(s))) {
|
|
|
295152 |
SSL_CTX *ctx = SSL_set_SSL_CTX(ssl, sc->server->ssl_ctx);
|
|
|
295152 |
+
|
|
|
295152 |
/*
|
|
|
295152 |
* SSL_set_SSL_CTX() only deals with the server cert,
|
|
|
295152 |
* so we need to duplicate a few additional settings
|
|
|
295152 |
* from the ctx by hand
|
|
|
295152 |
*/
|
|
|
295152 |
SSL_set_options(ssl, SSL_CTX_get_options(ctx));
|
|
|
295152 |
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L \
|
|
|
295152 |
+ && (!defined(LIBRESSL_VERSION_NUMBER) \
|
|
|
295152 |
+ || LIBRESSL_VERSION_NUMBER >= 0x20800000L)
|
|
|
295152 |
+ /*
|
|
|
295152 |
+ * Don't switch the protocol if none is configured for this vhost,
|
|
|
295152 |
+ * the default in this case is still the base server's SSLProtocol.
|
|
|
295152 |
+ */
|
|
|
295152 |
+ if (myCtxConfig(sslcon, sc)->protocol_set) {
|
|
|
295152 |
+ SSL_set_min_proto_version(ssl, SSL_CTX_get_min_proto_version(ctx));
|
|
|
295152 |
+ SSL_set_max_proto_version(ssl, SSL_CTX_get_max_proto_version(ctx));
|
|
|
295152 |
+ }
|
|
|
295152 |
+#endif
|
|
|
295152 |
if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
|
|
|
295152 |
(SSL_num_renegotiations(ssl) == 0)) {
|
|
|
295152 |
/*
|
|
|
295152 |
@@ -2654,7 +2731,7 @@ int ssl_callback_alpn_select(SSL *ssl,
|
|
|
295152 |
* they callback the SNI. We need to make sure that we know which vhost
|
|
|
295152 |
* we are dealing with so we respect the correct protocols.
|
|
|
295152 |
*/
|
|
|
295152 |
- init_vhost(c, ssl);
|
|
|
295152 |
+ init_vhost(c, ssl, NULL);
|
|
|
295152 |
|
|
|
295152 |
proposed = ap_select_protocol(c, NULL, sslconn->server, client_protos);
|
|
|
295152 |
if (!proposed) {
|
|
|
295152 |
diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h
|
|
|
295152 |
index 8055200..f8a1db7 100644
|
|
|
295152 |
--- a/modules/ssl/ssl_private.h
|
|
|
295152 |
+++ b/modules/ssl/ssl_private.h
|
|
|
295152 |
@@ -563,6 +563,7 @@ typedef struct {
|
|
|
295152 |
|
|
|
295152 |
const char *cipher_suite; /* cipher suite used in last reneg */
|
|
|
295152 |
int service_unavailable; /* thouugh we negotiate SSL, no requests will be served */
|
|
|
295152 |
+ int vhost_found; /* whether we found vhost from SNI already */
|
|
|
295152 |
} SSLConnRec;
|
|
|
295152 |
|
|
|
295152 |
/* BIG FAT WARNING: SSLModConfigRec has unusual memory lifetime: it is
|
|
|
295152 |
@@ -946,6 +947,9 @@ void ssl_callback_Info(const SSL *, int, int);
|
|
|
295152 |
#ifdef HAVE_TLSEXT
|
|
|
295152 |
int ssl_callback_ServerNameIndication(SSL *, int *, modssl_ctx_t *);
|
|
|
295152 |
#endif
|
|
|
295152 |
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
|
|
|
295152 |
+int ssl_callback_ClientHello(SSL *, int *, void *);
|
|
|
295152 |
+#endif
|
|
|
295152 |
#ifdef HAVE_TLS_SESSION_TICKETS
|
|
|
295152 |
int ssl_callback_SessionTicket(SSL *, unsigned char *, unsigned char *,
|
|
|
295152 |
EVP_CIPHER_CTX *, HMAC_CTX *, int);
|