2012-06-05 18:26:04 +02:00
|
|
|
/*
|
2014-03-30 12:09:21 +02:00
|
|
|
* nghttp2 - HTTP/2 C Library
|
2012-06-05 18:26:04 +02:00
|
|
|
*
|
|
|
|
* Copyright (c) 2012 Tatsuhiro Tsujikawa
|
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining
|
|
|
|
* a copy of this software and associated documentation files (the
|
|
|
|
* "Software"), to deal in the Software without restriction, including
|
|
|
|
* without limitation the rights to use, copy, modify, merge, publish,
|
|
|
|
* distribute, sublicense, and/or sell copies of the Software, and to
|
|
|
|
* permit persons to whom the Software is furnished to do so, subject to
|
|
|
|
* the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be
|
|
|
|
* included in all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
|
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
|
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
|
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
|
|
* LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
|
|
* OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
|
|
* WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
*/
|
|
|
|
#include "shrpx_ssl.h"
|
|
|
|
|
2015-05-13 15:30:35 +02:00
|
|
|
#ifdef HAVE_SYS_SOCKET_H
|
2012-06-05 18:26:04 +02:00
|
|
|
#include <sys/socket.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#endif // HAVE_SYS_SOCKET_H
|
|
|
|
#ifdef HAVE_NETDB_H
|
2012-06-05 18:26:04 +02:00
|
|
|
#include <netdb.h>
|
2015-05-13 15:30:35 +02:00
|
|
|
#endif // HAVE_NETDB_H
|
2012-06-07 15:39:57 +02:00
|
|
|
#include <netinet/tcp.h>
|
2012-06-08 15:41:24 +02:00
|
|
|
#include <pthread.h>
|
2015-03-30 16:20:40 +02:00
|
|
|
#include <sys/types.h>
|
2012-06-08 15:41:24 +02:00
|
|
|
|
2012-11-22 13:46:15 +01:00
|
|
|
#include <vector>
|
|
|
|
#include <string>
|
|
|
|
|
2012-06-08 15:41:24 +02:00
|
|
|
#include <openssl/crypto.h>
|
2012-11-22 13:46:15 +01:00
|
|
|
#include <openssl/x509.h>
|
|
|
|
#include <openssl/x509v3.h>
|
2015-01-07 16:01:09 +01:00
|
|
|
#include <openssl/rand.h>
|
2015-12-11 15:14:52 +01:00
|
|
|
#include <openssl/dh.h>
|
2012-06-05 18:26:04 +02:00
|
|
|
|
2013-07-12 17:19:03 +02:00
|
|
|
#include <nghttp2/nghttp2.h>
|
2012-11-18 13:23:13 +01:00
|
|
|
|
2014-04-26 12:36:35 +02:00
|
|
|
#ifdef HAVE_SPDYLAY
|
|
|
|
#include <spdylay/spdylay.h>
|
|
|
|
#endif // HAVE_SPDYLAY
|
|
|
|
|
2012-06-05 18:26:04 +02:00
|
|
|
#include "shrpx_log.h"
|
|
|
|
#include "shrpx_client_handler.h"
|
|
|
|
#include "shrpx_config.h"
|
2014-06-26 15:55:22 +02:00
|
|
|
#include "shrpx_worker.h"
|
2014-10-13 14:09:00 +02:00
|
|
|
#include "shrpx_downstream_connection_pool.h"
|
2015-07-12 15:16:20 +02:00
|
|
|
#include "shrpx_http2_session.h"
|
2015-07-25 15:22:17 +02:00
|
|
|
#include "shrpx_memcached_request.h"
|
|
|
|
#include "shrpx_memcached_dispatcher.h"
|
2012-11-22 13:46:15 +01:00
|
|
|
#include "util.h"
|
2014-06-28 08:28:19 +02:00
|
|
|
#include "ssl.h"
|
2015-02-02 14:47:12 +01:00
|
|
|
#include "template.h"
|
2012-11-22 13:46:15 +01:00
|
|
|
|
2013-07-12 17:19:03 +02:00
|
|
|
using namespace nghttp2;
|
2012-06-05 18:26:04 +02:00
|
|
|
|
|
|
|
namespace shrpx {
|
|
|
|
|
|
|
|
namespace ssl {
|
|
|
|
|
|
|
|
namespace {
|
|
|
|
int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len,
|
2014-11-27 15:39:04 +01:00
|
|
|
void *arg) {
|
2016-01-18 06:21:09 +01:00
|
|
|
auto &prefs = get_config()->tls.alpn_prefs;
|
2014-06-10 16:15:29 +02:00
|
|
|
*data = prefs.data();
|
|
|
|
*len = prefs.size();
|
2012-06-05 18:26:04 +02:00
|
|
|
return SSL_TLSEXT_ERR_OK;
|
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
namespace {
|
2014-11-27 15:39:04 +01:00
|
|
|
int verify_callback(int preverify_ok, X509_STORE_CTX *ctx) {
|
|
|
|
if (!preverify_ok) {
|
2013-11-01 17:10:18 +01:00
|
|
|
int err = X509_STORE_CTX_get_error(ctx);
|
|
|
|
int depth = X509_STORE_CTX_get_error_depth(ctx);
|
|
|
|
LOG(ERROR) << "client certificate verify error:num=" << err << ":"
|
2014-11-27 15:39:04 +01:00
|
|
|
<< X509_verify_cert_error_string(err) << ":depth=" << depth;
|
2013-11-01 17:10:18 +01:00
|
|
|
}
|
|
|
|
return preverify_ok;
|
2012-06-05 18:26:04 +02:00
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
2015-09-24 16:57:24 +02:00
|
|
|
// This function is meant be called from master process, hence the
|
|
|
|
// call exit(3).
|
2015-07-20 14:37:23 +02:00
|
|
|
std::vector<unsigned char>
|
2015-07-20 15:37:26 +02:00
|
|
|
set_alpn_prefs(const std::vector<std::string> &protos) {
|
2014-11-14 15:14:39 +01:00
|
|
|
size_t len = 0;
|
2014-06-10 16:15:29 +02:00
|
|
|
|
2015-07-20 15:37:26 +02:00
|
|
|
for (const auto &proto : protos) {
|
|
|
|
if (proto.size() > 255) {
|
|
|
|
LOG(FATAL) << "Too long ALPN identifier: " << proto.size();
|
2015-09-24 16:57:24 +02:00
|
|
|
exit(EXIT_FAILURE);
|
2014-06-10 16:15:29 +02:00
|
|
|
}
|
|
|
|
|
2015-07-20 15:37:26 +02:00
|
|
|
len += 1 + proto.size();
|
2012-07-15 14:39:19 +02:00
|
|
|
}
|
2014-11-14 15:14:39 +01:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (len > (1 << 16) - 1) {
|
|
|
|
LOG(FATAL) << "Too long ALPN identifier list: " << len;
|
2015-09-24 16:57:24 +02:00
|
|
|
exit(EXIT_FAILURE);
|
2014-11-14 15:19:16 +01:00
|
|
|
}
|
|
|
|
|
2014-11-14 15:14:39 +01:00
|
|
|
auto out = std::vector<unsigned char>(len);
|
|
|
|
auto ptr = out.data();
|
|
|
|
|
2015-07-20 15:37:26 +02:00
|
|
|
for (const auto &proto : protos) {
|
|
|
|
*ptr++ = proto.size();
|
|
|
|
memcpy(ptr, proto.c_str(), proto.size());
|
|
|
|
ptr += proto.size();
|
2014-11-14 15:14:39 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return out;
|
2012-07-15 14:39:19 +02:00
|
|
|
}
|
|
|
|
|
2012-12-07 15:42:58 +01:00
|
|
|
namespace {
|
2014-11-27 15:39:04 +01:00
|
|
|
int ssl_pem_passwd_cb(char *buf, int size, int rwflag, void *user_data) {
|
|
|
|
auto config = static_cast<Config *>(user_data);
|
2016-01-18 06:21:09 +01:00
|
|
|
int len = (int)strlen(config->tls.private_key_passwd.get());
|
2012-12-03 07:33:04 +01:00
|
|
|
if (size < len + 1) {
|
|
|
|
LOG(ERROR) << "ssl_pem_passwd_cb: buf is too small " << size;
|
|
|
|
return 0;
|
|
|
|
}
|
2012-12-07 15:42:58 +01:00
|
|
|
// Copy string including last '\0'.
|
2016-01-18 06:21:09 +01:00
|
|
|
memcpy(buf, config->tls.private_key_passwd.get(), len + 1);
|
2012-12-03 07:33:04 +01:00
|
|
|
return len;
|
|
|
|
}
|
2012-12-07 15:42:58 +01:00
|
|
|
} // namespace
|
2012-12-03 07:33:04 +01:00
|
|
|
|
2013-02-06 15:27:05 +01:00
|
|
|
namespace {
|
2014-11-27 15:39:04 +01:00
|
|
|
int servername_callback(SSL *ssl, int *al, void *arg) {
|
2015-08-12 17:12:08 +02:00
|
|
|
auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
|
|
|
|
auto handler = static_cast<ClientHandler *>(conn->data);
|
2015-02-11 11:18:41 +01:00
|
|
|
auto worker = handler->get_worker();
|
|
|
|
auto cert_tree = worker->get_cert_lookup_tree();
|
2015-01-12 16:18:27 +01:00
|
|
|
if (cert_tree) {
|
2013-02-06 15:27:05 +01:00
|
|
|
const char *hostname = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (hostname) {
|
2015-02-02 14:47:12 +01:00
|
|
|
auto ssl_ctx = cert_tree->lookup(hostname, strlen(hostname));
|
2014-11-27 15:39:04 +01:00
|
|
|
if (ssl_ctx) {
|
2013-02-06 15:27:05 +01:00
|
|
|
SSL_set_SSL_CTX(ssl, ssl_ctx);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2015-03-30 16:20:40 +02:00
|
|
|
return SSL_TLSEXT_ERR_OK;
|
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
2015-09-29 16:31:50 +02:00
|
|
|
#ifndef OPENSSL_IS_BORINGSSL
|
2015-06-12 14:27:12 +02:00
|
|
|
namespace {
|
|
|
|
std::shared_ptr<std::vector<uint8_t>>
|
|
|
|
get_ocsp_data(TLSContextData *tls_ctx_data) {
|
|
|
|
std::lock_guard<std::mutex> g(tls_ctx_data->mu);
|
|
|
|
return tls_ctx_data->ocsp_data;
|
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
2015-03-30 16:20:40 +02:00
|
|
|
namespace {
|
|
|
|
int ocsp_resp_cb(SSL *ssl, void *arg) {
|
|
|
|
auto ssl_ctx = SSL_get_SSL_CTX(ssl);
|
|
|
|
auto tls_ctx_data =
|
|
|
|
static_cast<TLSContextData *>(SSL_CTX_get_app_data(ssl_ctx));
|
|
|
|
|
2015-06-12 14:27:12 +02:00
|
|
|
auto data = get_ocsp_data(tls_ctx_data);
|
2015-03-30 16:20:40 +02:00
|
|
|
|
2015-06-12 14:27:12 +02:00
|
|
|
if (!data) {
|
|
|
|
return SSL_TLSEXT_ERR_OK;
|
|
|
|
}
|
2015-03-30 16:20:40 +02:00
|
|
|
|
2015-06-12 14:27:12 +02:00
|
|
|
auto buf =
|
|
|
|
static_cast<uint8_t *>(CRYPTO_malloc(data->size(), __FILE__, __LINE__));
|
2014-04-27 16:17:19 +02:00
|
|
|
|
2015-06-12 14:27:12 +02:00
|
|
|
if (!buf) {
|
|
|
|
return SSL_TLSEXT_ERR_OK;
|
2015-03-30 16:20:40 +02:00
|
|
|
}
|
2015-06-12 14:27:12 +02:00
|
|
|
|
|
|
|
std::copy(std::begin(*data), std::end(*data), buf);
|
|
|
|
|
|
|
|
SSL_set_tlsext_status_ocsp_resp(ssl, buf, data->size());
|
|
|
|
|
2014-04-27 16:17:19 +02:00
|
|
|
return SSL_TLSEXT_ERR_OK;
|
2013-02-06 15:27:05 +01:00
|
|
|
}
|
|
|
|
} // namespace
|
2015-09-29 16:31:50 +02:00
|
|
|
#endif // OPENSSL_IS_BORINGSSL
|
2013-02-06 15:27:05 +01:00
|
|
|
|
2015-07-27 14:16:57 +02:00
|
|
|
constexpr char MEMCACHED_SESSION_CACHE_KEY_PREFIX[] =
|
|
|
|
"nghttpx:tls-session-cache:";
|
2015-07-25 15:22:17 +02:00
|
|
|
|
|
|
|
namespace {
|
|
|
|
int tls_session_new_cb(SSL *ssl, SSL_SESSION *session) {
|
2015-08-12 17:12:08 +02:00
|
|
|
auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
|
|
|
|
auto handler = static_cast<ClientHandler *>(conn->data);
|
2015-07-25 15:22:17 +02:00
|
|
|
auto worker = handler->get_worker();
|
|
|
|
auto dispatcher = worker->get_session_cache_memcached_dispatcher();
|
|
|
|
|
|
|
|
const unsigned char *id;
|
|
|
|
unsigned int idlen;
|
|
|
|
|
|
|
|
id = SSL_SESSION_get_id(session, &idlen);
|
|
|
|
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
LOG(INFO) << "Memached: cache session, id=" << util::format_hex(id, idlen);
|
|
|
|
}
|
|
|
|
|
|
|
|
auto req = make_unique<MemcachedRequest>();
|
|
|
|
req->op = MEMCACHED_OP_ADD;
|
2015-07-27 14:16:57 +02:00
|
|
|
req->key = MEMCACHED_SESSION_CACHE_KEY_PREFIX;
|
2015-07-25 15:22:17 +02:00
|
|
|
req->key += util::format_hex(id, idlen);
|
|
|
|
|
|
|
|
auto sessionlen = i2d_SSL_SESSION(session, nullptr);
|
|
|
|
req->value.resize(sessionlen);
|
|
|
|
auto buf = &req->value[0];
|
|
|
|
i2d_SSL_SESSION(session, &buf);
|
|
|
|
req->expiry = 12_h;
|
|
|
|
req->cb = [](MemcachedRequest *req, MemcachedResult res) {
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
LOG(INFO) << "Memcached: session cache done. key=" << req->key
|
|
|
|
<< ", status_code=" << res.status_code << ", value="
|
|
|
|
<< std::string(std::begin(res.value), std::end(res.value));
|
|
|
|
}
|
|
|
|
if (res.status_code != 0) {
|
|
|
|
LOG(WARN) << "Memcached: failed to cache session key=" << req->key
|
|
|
|
<< ", status_code=" << res.status_code << ", value="
|
|
|
|
<< std::string(std::begin(res.value), std::end(res.value));
|
|
|
|
}
|
|
|
|
};
|
|
|
|
assert(!req->canceled);
|
|
|
|
|
|
|
|
dispatcher->add_request(std::move(req));
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
namespace {
|
|
|
|
SSL_SESSION *tls_session_get_cb(SSL *ssl, unsigned char *id, int idlen,
|
|
|
|
int *copy) {
|
2015-08-12 17:12:08 +02:00
|
|
|
auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
|
|
|
|
auto handler = static_cast<ClientHandler *>(conn->data);
|
2015-07-25 15:22:17 +02:00
|
|
|
auto worker = handler->get_worker();
|
|
|
|
auto dispatcher = worker->get_session_cache_memcached_dispatcher();
|
|
|
|
|
|
|
|
if (conn->tls.cached_session) {
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
LOG(INFO) << "Memcached: found cached session, id="
|
|
|
|
<< util::format_hex(id, idlen);
|
|
|
|
}
|
|
|
|
|
|
|
|
// This is required, without this, memory leak occurs.
|
|
|
|
*copy = 0;
|
|
|
|
|
|
|
|
auto session = conn->tls.cached_session;
|
|
|
|
conn->tls.cached_session = nullptr;
|
|
|
|
return session;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
LOG(INFO) << "Memcached: get cached session, id="
|
|
|
|
<< util::format_hex(id, idlen);
|
|
|
|
}
|
|
|
|
|
|
|
|
auto req = make_unique<MemcachedRequest>();
|
|
|
|
req->op = MEMCACHED_OP_GET;
|
2015-07-27 14:16:57 +02:00
|
|
|
req->key = MEMCACHED_SESSION_CACHE_KEY_PREFIX;
|
2015-07-25 15:22:17 +02:00
|
|
|
req->key += util::format_hex(id, idlen);
|
|
|
|
req->cb = [conn](MemcachedRequest *, MemcachedResult res) {
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
LOG(INFO) << "Memcached: returned status code " << res.status_code;
|
|
|
|
}
|
|
|
|
|
|
|
|
// We might stop reading, so start it again
|
|
|
|
conn->rlimit.startw();
|
|
|
|
ev_timer_again(conn->loop, &conn->rt);
|
|
|
|
|
|
|
|
conn->wlimit.startw();
|
|
|
|
ev_timer_again(conn->loop, &conn->wt);
|
|
|
|
|
|
|
|
conn->tls.cached_session_lookup_req = nullptr;
|
|
|
|
if (res.status_code != 0) {
|
|
|
|
conn->tls.handshake_state = TLS_CONN_CANCEL_SESSION_CACHE;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
const uint8_t *p = res.value.data();
|
|
|
|
|
|
|
|
auto session = d2i_SSL_SESSION(nullptr, &p, res.value.size());
|
|
|
|
if (!session) {
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
LOG(INFO) << "cannot materialize session";
|
|
|
|
}
|
|
|
|
conn->tls.handshake_state = TLS_CONN_CANCEL_SESSION_CACHE;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
conn->tls.cached_session = session;
|
|
|
|
conn->tls.handshake_state = TLS_CONN_GOT_SESSION_CACHE;
|
|
|
|
};
|
|
|
|
|
|
|
|
conn->tls.handshake_state = TLS_CONN_WAIT_FOR_SESSION_CACHE;
|
|
|
|
conn->tls.cached_session_lookup_req = req.get();
|
|
|
|
|
|
|
|
dispatcher->add_request(std::move(req));
|
|
|
|
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
2015-01-07 16:01:09 +01:00
|
|
|
namespace {
|
|
|
|
int ticket_key_cb(SSL *ssl, unsigned char *key_name, unsigned char *iv,
|
|
|
|
EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc) {
|
2015-08-12 17:12:08 +02:00
|
|
|
auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
|
|
|
|
auto handler = static_cast<ClientHandler *>(conn->data);
|
2015-02-11 11:18:41 +01:00
|
|
|
auto worker = handler->get_worker();
|
2015-07-23 16:13:29 +02:00
|
|
|
auto ticket_keys = worker->get_ticket_keys();
|
2015-01-07 17:57:59 +01:00
|
|
|
|
2015-01-07 16:01:09 +01:00
|
|
|
if (!ticket_keys) {
|
2015-01-08 12:46:35 +01:00
|
|
|
// No ticket keys available.
|
|
|
|
return -1;
|
2015-01-07 16:01:09 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
auto &keys = ticket_keys->keys;
|
|
|
|
assert(!keys.empty());
|
|
|
|
|
|
|
|
if (enc) {
|
|
|
|
if (RAND_bytes(iv, EVP_MAX_IV_LENGTH) == 0) {
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
CLOG(INFO, handler) << "session ticket key: RAND_bytes failed";
|
|
|
|
}
|
2015-01-08 12:46:35 +01:00
|
|
|
return -1;
|
2015-01-07 16:01:09 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
auto &key = keys[0];
|
|
|
|
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
CLOG(INFO, handler) << "encrypt session ticket key: "
|
2015-07-17 18:49:20 +02:00
|
|
|
<< util::format_hex(key.data.name);
|
2015-01-07 16:01:09 +01:00
|
|
|
}
|
|
|
|
|
2015-07-26 19:12:07 +02:00
|
|
|
std::copy(std::begin(key.data.name), std::end(key.data.name), key_name);
|
2015-01-07 16:01:09 +01:00
|
|
|
|
2016-01-18 06:21:09 +01:00
|
|
|
EVP_EncryptInit_ex(ctx, get_config()->tls.ticket.cipher, nullptr,
|
2015-07-26 19:12:07 +02:00
|
|
|
key.data.enc_key.data(), iv);
|
|
|
|
HMAC_Init_ex(hctx, key.data.hmac_key.data(), key.hmac_keylen, key.hmac,
|
|
|
|
nullptr);
|
2015-01-07 16:01:09 +01:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
size_t i;
|
|
|
|
for (i = 0; i < keys.size(); ++i) {
|
2015-07-27 14:13:02 +02:00
|
|
|
auto &key = keys[i];
|
2015-07-26 19:12:07 +02:00
|
|
|
if (std::equal(std::begin(key.data.name), std::end(key.data.name),
|
|
|
|
key_name)) {
|
2015-01-07 16:01:09 +01:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (i == keys.size()) {
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
CLOG(INFO, handler) << "session ticket key "
|
|
|
|
<< util::format_hex(key_name, 16) << " not found";
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (LOG_ENABLED(INFO)) {
|
|
|
|
CLOG(INFO, handler) << "decrypt session ticket key: "
|
|
|
|
<< util::format_hex(key_name, 16);
|
|
|
|
}
|
|
|
|
|
|
|
|
auto &key = keys[i];
|
2015-07-26 19:12:07 +02:00
|
|
|
HMAC_Init_ex(hctx, key.data.hmac_key.data(), key.hmac_keylen, key.hmac,
|
|
|
|
nullptr);
|
|
|
|
EVP_DecryptInit_ex(ctx, key.cipher, nullptr, key.data.enc_key.data(), iv);
|
2015-01-07 16:01:09 +01:00
|
|
|
|
|
|
|
return i == 0 ? 1 : 2;
|
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
2014-01-18 11:53:52 +01:00
|
|
|
namespace {
|
2014-11-27 15:39:04 +01:00
|
|
|
void info_callback(const SSL *ssl, int where, int ret) {
|
2014-01-18 11:53:52 +01:00
|
|
|
// To mitigate possible DOS attack using lots of renegotiations, we
|
|
|
|
// disable renegotiation. Since OpenSSL does not provide an easy way
|
|
|
|
// to disable it, we check that renegotiation is started in this
|
|
|
|
// callback.
|
2014-11-27 15:39:04 +01:00
|
|
|
if (where & SSL_CB_HANDSHAKE_START) {
|
2015-02-04 13:15:58 +01:00
|
|
|
auto conn = static_cast<Connection *>(SSL_get_app_data(ssl));
|
|
|
|
if (conn && conn->tls.initial_handshake_done) {
|
|
|
|
auto handler = static_cast<ClientHandler *>(conn->data);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (LOG_ENABLED(INFO)) {
|
2014-01-18 11:53:52 +01:00
|
|
|
CLOG(INFO, handler) << "TLS renegotiation started";
|
|
|
|
}
|
2015-02-04 13:15:58 +01:00
|
|
|
handler->start_immediate_shutdown();
|
2014-01-18 11:53:52 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
2014-01-01 15:54:28 +01:00
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
|
|
namespace {
|
2014-11-27 15:39:04 +01:00
|
|
|
int alpn_select_proto_cb(SSL *ssl, const unsigned char **out,
|
|
|
|
unsigned char *outlen, const unsigned char *in,
|
|
|
|
unsigned int inlen, void *arg) {
|
2014-05-21 14:16:44 +02:00
|
|
|
// We assume that get_config()->npn_list contains ALPN protocol
|
|
|
|
// identifier sorted by preference order. So we just break when we
|
|
|
|
// found the first overlap.
|
2016-01-18 06:21:09 +01:00
|
|
|
for (const auto &target_proto_id : get_config()->tls.npn_list) {
|
2014-11-27 15:39:04 +01:00
|
|
|
for (auto p = in, end = in + inlen; p < end;) {
|
2014-05-21 14:16:44 +02:00
|
|
|
auto proto_id = p + 1;
|
|
|
|
auto proto_len = *p;
|
2014-04-26 15:37:48 +02:00
|
|
|
|
2015-07-20 15:37:26 +02:00
|
|
|
if (proto_id + proto_len <= end &&
|
|
|
|
util::streq(target_proto_id.c_str(), target_proto_id.size(), proto_id,
|
|
|
|
proto_len)) {
|
2014-04-26 12:36:35 +02:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
*out = reinterpret_cast<const unsigned char *>(proto_id);
|
2014-05-21 14:16:44 +02:00
|
|
|
*outlen = proto_len;
|
2014-04-26 12:36:35 +02:00
|
|
|
|
2014-05-21 14:16:44 +02:00
|
|
|
return SSL_TLSEXT_ERR_OK;
|
|
|
|
}
|
2014-04-26 12:36:35 +02:00
|
|
|
|
2014-05-21 14:16:44 +02:00
|
|
|
p += 1 + proto_len;
|
|
|
|
}
|
2014-04-26 12:36:35 +02:00
|
|
|
}
|
|
|
|
|
2014-05-21 14:16:44 +02:00
|
|
|
return SSL_TLSEXT_ERR_NOACK;
|
2014-01-01 15:54:28 +01:00
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
|
|
|
2014-01-02 03:49:38 +01:00
|
|
|
namespace {
|
2015-05-29 15:31:02 +02:00
|
|
|
constexpr const char *tls_names[] = {"TLSv1.2", "TLSv1.1", "TLSv1.0"};
|
|
|
|
constexpr size_t tls_namelen = array_size(tls_names);
|
|
|
|
constexpr long int tls_masks[] = {SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_1,
|
|
|
|
SSL_OP_NO_TLSv1};
|
2014-06-08 15:52:27 +02:00
|
|
|
} // namespace
|
|
|
|
|
2015-07-20 15:37:26 +02:00
|
|
|
long int create_tls_proto_mask(const std::vector<std::string> &tls_proto_list) {
|
2014-01-02 03:49:38 +01:00
|
|
|
long int res = 0;
|
2014-06-08 15:52:27 +02:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
for (size_t i = 0; i < tls_namelen; ++i) {
|
2014-01-02 03:49:38 +01:00
|
|
|
size_t j;
|
2014-11-27 15:39:04 +01:00
|
|
|
for (j = 0; j < tls_proto_list.size(); ++j) {
|
2015-07-20 15:37:26 +02:00
|
|
|
if (util::strieq(tls_names[i], tls_proto_list[j])) {
|
2014-01-02 03:49:38 +01:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2014-11-27 15:39:04 +01:00
|
|
|
if (j == tls_proto_list.size()) {
|
2014-06-08 15:52:27 +02:00
|
|
|
res |= tls_masks[i];
|
2014-01-02 03:49:38 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
2015-09-23 12:45:53 +02:00
|
|
|
SSL_CTX *create_ssl_context(const char *private_key_file, const char *cert_file
|
|
|
|
#ifdef HAVE_NEVERBLEED
|
|
|
|
,
|
|
|
|
neverbleed_t *nb
|
|
|
|
#endif // HAVE_NEVERBLEED
|
|
|
|
) {
|
2015-01-12 14:47:30 +01:00
|
|
|
auto ssl_ctx = SSL_CTX_new(SSLv23_server_method());
|
2014-11-27 15:39:04 +01:00
|
|
|
if (!ssl_ctx) {
|
2013-09-23 11:49:39 +02:00
|
|
|
LOG(FATAL) << ERR_error_string(ERR_get_error(), nullptr);
|
2012-06-05 18:26:04 +02:00
|
|
|
DIE();
|
|
|
|
}
|
2014-01-02 03:49:38 +01:00
|
|
|
|
2015-07-25 15:22:17 +02:00
|
|
|
constexpr auto ssl_opts =
|
|
|
|
(SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) | SSL_OP_NO_SSLv2 |
|
|
|
|
SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION |
|
|
|
|
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_SINGLE_ECDH_USE |
|
|
|
|
SSL_OP_SINGLE_DH_USE | SSL_OP_CIPHER_SERVER_PREFERENCE;
|
2015-06-22 16:26:45 +02:00
|
|
|
|
2016-01-18 06:21:09 +01:00
|
|
|
auto &tlsconf = get_config()->tls;
|
|
|
|
|
|
|
|
SSL_CTX_set_options(ssl_ctx, ssl_opts | tlsconf.tls_proto_mask);
|
2012-06-07 15:39:57 +02:00
|
|
|
|
2012-07-14 16:24:03 +02:00
|
|
|
const unsigned char sid_ctx[] = "shrpx";
|
2014-11-27 15:39:04 +01:00
|
|
|
SSL_CTX_set_session_id_context(ssl_ctx, sid_ctx, sizeof(sid_ctx) - 1);
|
2012-07-14 16:24:03 +02:00
|
|
|
SSL_CTX_set_session_cache_mode(ssl_ctx, SSL_SESS_CACHE_SERVER);
|
2015-07-25 15:22:17 +02:00
|
|
|
|
2016-02-14 12:59:10 +01:00
|
|
|
if (!tlsconf.session_cache.memcached.host.empty()) {
|
2015-07-25 15:22:17 +02:00
|
|
|
SSL_CTX_sess_set_new_cb(ssl_ctx, tls_session_new_cb);
|
|
|
|
SSL_CTX_sess_set_get_cb(ssl_ctx, tls_session_get_cb);
|
|
|
|
}
|
|
|
|
|
2016-01-18 06:21:09 +01:00
|
|
|
SSL_CTX_set_timeout(ssl_ctx, tlsconf.session_timeout.count());
|
2012-07-14 16:24:03 +02:00
|
|
|
|
2014-01-13 15:01:22 +01:00
|
|
|
const char *ciphers;
|
2016-01-18 06:21:09 +01:00
|
|
|
if (tlsconf.ciphers) {
|
|
|
|
ciphers = tlsconf.ciphers.get();
|
2014-01-13 15:01:22 +01:00
|
|
|
} else {
|
2014-06-28 08:28:19 +02:00
|
|
|
ciphers = nghttp2::ssl::DEFAULT_CIPHER_LIST;
|
2014-01-13 15:01:22 +01:00
|
|
|
}
|
2014-06-10 15:47:22 +02:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (SSL_CTX_set_cipher_list(ssl_ctx, ciphers) == 0) {
|
|
|
|
LOG(FATAL) << "SSL_CTX_set_cipher_list " << ciphers
|
|
|
|
<< " failed: " << ERR_error_string(ERR_get_error(), nullptr);
|
2014-01-13 15:01:22 +01:00
|
|
|
DIE();
|
2012-08-20 14:50:03 +02:00
|
|
|
}
|
|
|
|
|
2013-09-07 16:37:17 +02:00
|
|
|
#ifndef OPENSSL_NO_EC
|
2014-01-01 15:26:00 +01:00
|
|
|
|
2016-01-21 11:50:38 +01:00
|
|
|
// Disabled SSL_CTX_set_ecdh_auto, because computational cost of
|
|
|
|
// chosen curve is much higher than P-256.
|
2014-06-06 16:15:36 +02:00
|
|
|
|
2016-01-21 11:50:38 +01:00
|
|
|
// #if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
|
|
// SSL_CTX_set_ecdh_auto(ssl_ctx, 1);
|
|
|
|
// #else // OPENSSL_VERSION_NUBMER < 0x10002000L
|
2013-08-30 15:07:42 +02:00
|
|
|
// Use P-256, which is sufficiently secure at the time of this
|
|
|
|
// writing.
|
|
|
|
auto ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (ecdh == nullptr) {
|
2013-08-30 15:07:42 +02:00
|
|
|
LOG(FATAL) << "EC_KEY_new_by_curv_name failed: "
|
|
|
|
<< ERR_error_string(ERR_get_error(), nullptr);
|
|
|
|
DIE();
|
|
|
|
}
|
|
|
|
SSL_CTX_set_tmp_ecdh(ssl_ctx, ecdh);
|
|
|
|
EC_KEY_free(ecdh);
|
2016-01-21 11:50:38 +01:00
|
|
|
// #endif // OPENSSL_VERSION_NUBMER < 0x10002000L
|
2014-01-01 15:26:00 +01:00
|
|
|
|
2014-05-14 16:22:23 +02:00
|
|
|
#endif // OPENSSL_NO_EC
|
2013-08-30 15:07:42 +02:00
|
|
|
|
2016-01-18 06:21:09 +01:00
|
|
|
if (tlsconf.dh_param_file) {
|
2013-08-30 15:07:42 +02:00
|
|
|
// Read DH parameters from file
|
2016-01-18 06:21:09 +01:00
|
|
|
auto bio = BIO_new_file(tlsconf.dh_param_file.get(), "r");
|
2014-11-27 15:39:04 +01:00
|
|
|
if (bio == nullptr) {
|
2013-08-30 15:07:42 +02:00
|
|
|
LOG(FATAL) << "BIO_new_file() failed: "
|
|
|
|
<< ERR_error_string(ERR_get_error(), nullptr);
|
|
|
|
DIE();
|
|
|
|
}
|
|
|
|
auto dh = PEM_read_bio_DHparams(bio, nullptr, nullptr, nullptr);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (dh == nullptr) {
|
2013-08-30 15:07:42 +02:00
|
|
|
LOG(FATAL) << "PEM_read_bio_DHparams() failed: "
|
|
|
|
<< ERR_error_string(ERR_get_error(), nullptr);
|
|
|
|
DIE();
|
|
|
|
}
|
|
|
|
SSL_CTX_set_tmp_dh(ssl_ctx, dh);
|
|
|
|
DH_free(dh);
|
|
|
|
BIO_free(bio);
|
|
|
|
}
|
|
|
|
|
2012-06-05 18:26:04 +02:00
|
|
|
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
|
|
|
|
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
|
2016-01-18 06:21:09 +01:00
|
|
|
if (tlsconf.private_key_passwd) {
|
2012-12-03 07:33:04 +01:00
|
|
|
SSL_CTX_set_default_passwd_cb(ssl_ctx, ssl_pem_passwd_cb);
|
|
|
|
SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, (void *)get_config());
|
|
|
|
}
|
2015-09-23 12:45:53 +02:00
|
|
|
|
|
|
|
#ifndef HAVE_NEVERBLEED
|
2014-11-27 15:39:04 +01:00
|
|
|
if (SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key_file,
|
|
|
|
SSL_FILETYPE_PEM) != 1) {
|
2012-11-14 13:14:11 +01:00
|
|
|
LOG(FATAL) << "SSL_CTX_use_PrivateKey_file failed: "
|
2013-09-23 11:49:39 +02:00
|
|
|
<< ERR_error_string(ERR_get_error(), nullptr);
|
2015-09-23 12:45:53 +02:00
|
|
|
}
|
|
|
|
#else // HAVE_NEVERBLEED
|
|
|
|
std::array<char, NEVERBLEED_ERRBUF_SIZE> errbuf;
|
|
|
|
if (neverbleed_load_private_key_file(nb, ssl_ctx, private_key_file,
|
|
|
|
errbuf.data()) != 1) {
|
|
|
|
LOG(FATAL) << "neverbleed_load_private_key_file failed: " << errbuf.data();
|
2012-06-05 18:26:04 +02:00
|
|
|
DIE();
|
|
|
|
}
|
2015-09-23 12:45:53 +02:00
|
|
|
#endif // HAVE_NEVERBLEED
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (SSL_CTX_use_certificate_chain_file(ssl_ctx, cert_file) != 1) {
|
2012-11-14 13:14:11 +01:00
|
|
|
LOG(FATAL) << "SSL_CTX_use_certificate_file failed: "
|
2013-09-23 11:49:39 +02:00
|
|
|
<< ERR_error_string(ERR_get_error(), nullptr);
|
2012-06-05 18:26:04 +02:00
|
|
|
DIE();
|
|
|
|
}
|
2014-11-27 15:39:04 +01:00
|
|
|
if (SSL_CTX_check_private_key(ssl_ctx) != 1) {
|
2012-11-14 13:14:11 +01:00
|
|
|
LOG(FATAL) << "SSL_CTX_check_private_key failed: "
|
2013-09-23 11:49:39 +02:00
|
|
|
<< ERR_error_string(ERR_get_error(), nullptr);
|
2012-06-05 18:26:04 +02:00
|
|
|
DIE();
|
|
|
|
}
|
2016-01-18 06:21:09 +01:00
|
|
|
if (tlsconf.client_verify.enabled) {
|
2016-02-14 13:09:15 +01:00
|
|
|
if (!tlsconf.client_verify.cacert.empty()) {
|
2014-11-27 15:39:04 +01:00
|
|
|
if (SSL_CTX_load_verify_locations(
|
2016-02-14 13:09:15 +01:00
|
|
|
ssl_ctx, tlsconf.client_verify.cacert.c_str(), nullptr) != 1) {
|
2014-06-08 14:02:40 +02:00
|
|
|
|
2013-11-01 17:10:18 +01:00
|
|
|
LOG(FATAL) << "Could not load trusted ca certificates from "
|
2016-02-14 13:09:15 +01:00
|
|
|
<< tlsconf.client_verify.cacert << ": "
|
2013-11-01 17:10:18 +01:00
|
|
|
<< ERR_error_string(ERR_get_error(), nullptr);
|
|
|
|
DIE();
|
|
|
|
}
|
2014-01-08 16:07:51 +01:00
|
|
|
// It is heard that SSL_CTX_load_verify_locations() may leave
|
|
|
|
// error even though it returns success. See
|
|
|
|
// http://forum.nginx.org/read.php?29,242540
|
|
|
|
ERR_clear_error();
|
2016-02-14 13:09:15 +01:00
|
|
|
auto list = SSL_load_client_CA_file(tlsconf.client_verify.cacert.c_str());
|
2014-11-27 15:39:04 +01:00
|
|
|
if (!list) {
|
2014-01-08 16:07:51 +01:00
|
|
|
LOG(FATAL) << "Could not load ca certificates from "
|
2016-02-14 13:09:15 +01:00
|
|
|
<< tlsconf.client_verify.cacert << ": "
|
2014-01-08 16:07:51 +01:00
|
|
|
<< ERR_error_string(ERR_get_error(), nullptr);
|
|
|
|
DIE();
|
|
|
|
}
|
|
|
|
SSL_CTX_set_client_CA_list(ssl_ctx, list);
|
2013-11-01 17:10:18 +01:00
|
|
|
}
|
2014-11-27 15:39:04 +01:00
|
|
|
SSL_CTX_set_verify(ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE |
|
|
|
|
SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
|
2012-06-05 18:26:04 +02:00
|
|
|
verify_callback);
|
|
|
|
}
|
2013-02-06 15:27:05 +01:00
|
|
|
SSL_CTX_set_tlsext_servername_callback(ssl_ctx, servername_callback);
|
2015-01-07 16:01:09 +01:00
|
|
|
SSL_CTX_set_tlsext_ticket_key_cb(ssl_ctx, ticket_key_cb);
|
2015-09-29 16:31:50 +02:00
|
|
|
#ifndef OPENSSL_IS_BORINGSSL
|
2015-03-30 16:20:40 +02:00
|
|
|
SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb);
|
2015-09-29 16:31:50 +02:00
|
|
|
#endif // OPENSSL_IS_BORINGSSL
|
2014-01-18 11:53:52 +01:00
|
|
|
SSL_CTX_set_info_callback(ssl_ctx, info_callback);
|
2013-02-06 15:27:05 +01:00
|
|
|
|
2014-01-01 15:54:28 +01:00
|
|
|
// NPN advertisement
|
2014-06-10 16:15:29 +02:00
|
|
|
SSL_CTX_set_next_protos_advertised_cb(ssl_ctx, next_proto_cb, nullptr);
|
2014-01-01 15:54:28 +01:00
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
|
|
|
// ALPN selection callback
|
|
|
|
SSL_CTX_set_alpn_select_cb(ssl_ctx, alpn_select_proto_cb, nullptr);
|
|
|
|
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
2015-03-30 16:20:40 +02:00
|
|
|
|
|
|
|
auto tls_ctx_data = new TLSContextData();
|
|
|
|
tls_ctx_data->cert_file = cert_file;
|
|
|
|
|
|
|
|
SSL_CTX_set_app_data(ssl_ctx, tls_ctx_data);
|
|
|
|
|
2012-06-05 18:26:04 +02:00
|
|
|
return ssl_ctx;
|
|
|
|
}
|
|
|
|
|
2012-11-18 13:23:13 +01:00
|
|
|
namespace {
|
2016-02-06 11:50:21 +01:00
|
|
|
int select_h2_next_proto_cb(SSL *ssl, unsigned char **out,
|
|
|
|
unsigned char *outlen, const unsigned char *in,
|
|
|
|
unsigned int inlen, void *arg) {
|
2014-12-15 14:51:34 +01:00
|
|
|
if (!util::select_h2(const_cast<const unsigned char **>(out), outlen, in,
|
|
|
|
inlen)) {
|
|
|
|
return SSL_TLSEXT_ERR_NOACK;
|
2012-11-18 13:23:13 +01:00
|
|
|
}
|
2014-12-15 14:51:34 +01:00
|
|
|
|
2012-11-18 13:23:13 +01:00
|
|
|
return SSL_TLSEXT_ERR_OK;
|
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
2016-02-06 11:50:21 +01:00
|
|
|
namespace {
|
|
|
|
int select_h1_next_proto_cb(SSL *ssl, unsigned char **out,
|
|
|
|
unsigned char *outlen, const unsigned char *in,
|
|
|
|
unsigned int inlen, void *arg) {
|
|
|
|
auto end = in + inlen;
|
|
|
|
for (; in < end;) {
|
2016-02-07 08:52:40 +01:00
|
|
|
if (util::streq_l(NGHTTP2_H1_1_ALPN, in, in[0] + 1)) {
|
|
|
|
*out = const_cast<unsigned char *>(in) + 1;
|
|
|
|
*outlen = in[0];
|
2016-02-06 11:50:21 +01:00
|
|
|
return SSL_TLSEXT_ERR_OK;
|
|
|
|
}
|
2016-02-07 08:52:40 +01:00
|
|
|
in += in[0] + 1;
|
2016-02-06 11:50:21 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return SSL_TLSEXT_ERR_NOACK;
|
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
2015-09-26 14:28:16 +02:00
|
|
|
SSL_CTX *create_ssl_client_context(
|
|
|
|
#ifdef HAVE_NEVERBLEED
|
2016-02-11 10:34:31 +01:00
|
|
|
neverbleed_t *nb,
|
2015-09-26 14:28:16 +02:00
|
|
|
#endif // HAVE_NEVERBLEED
|
2016-02-12 16:20:38 +01:00
|
|
|
const StringRef &cacert, const StringRef &cert_file,
|
|
|
|
const StringRef &private_key_file, const StringRef &alpn,
|
2016-02-11 10:34:31 +01:00
|
|
|
int (*next_proto_select_cb)(SSL *s, unsigned char **out,
|
|
|
|
unsigned char *outlen, const unsigned char *in,
|
|
|
|
unsigned int inlen, void *arg)) {
|
2015-01-12 14:47:30 +01:00
|
|
|
auto ssl_ctx = SSL_CTX_new(SSLv23_client_method());
|
2014-11-27 15:39:04 +01:00
|
|
|
if (!ssl_ctx) {
|
2013-09-23 11:49:39 +02:00
|
|
|
LOG(FATAL) << ERR_error_string(ERR_get_error(), nullptr);
|
2012-11-18 13:23:13 +01:00
|
|
|
DIE();
|
|
|
|
}
|
2015-06-22 16:26:45 +02:00
|
|
|
|
2015-07-25 15:22:17 +02:00
|
|
|
constexpr auto ssl_opts = (SSL_OP_ALL & ~SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) |
|
|
|
|
SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
|
|
|
|
SSL_OP_NO_COMPRESSION |
|
|
|
|
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION;
|
2015-06-22 16:26:45 +02:00
|
|
|
|
2016-01-18 06:21:09 +01:00
|
|
|
auto &tlsconf = get_config()->tls;
|
|
|
|
|
|
|
|
SSL_CTX_set_options(ssl_ctx, ssl_opts | tlsconf.tls_proto_mask);
|
2012-11-18 13:23:13 +01:00
|
|
|
|
2014-01-13 15:01:22 +01:00
|
|
|
const char *ciphers;
|
2016-01-18 06:21:09 +01:00
|
|
|
if (tlsconf.ciphers) {
|
|
|
|
ciphers = tlsconf.ciphers.get();
|
2014-01-13 15:01:22 +01:00
|
|
|
} else {
|
2015-08-23 16:03:29 +02:00
|
|
|
ciphers = nghttp2::ssl::DEFAULT_CIPHER_LIST;
|
2014-01-13 15:01:22 +01:00
|
|
|
}
|
2014-11-27 15:39:04 +01:00
|
|
|
if (SSL_CTX_set_cipher_list(ssl_ctx, ciphers) == 0) {
|
|
|
|
LOG(FATAL) << "SSL_CTX_set_cipher_list " << ciphers
|
|
|
|
<< " failed: " << ERR_error_string(ERR_get_error(), nullptr);
|
2014-01-13 15:01:22 +01:00
|
|
|
DIE();
|
2012-11-18 13:23:13 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_AUTO_RETRY);
|
|
|
|
SSL_CTX_set_mode(ssl_ctx, SSL_MODE_RELEASE_BUFFERS);
|
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (SSL_CTX_set_default_verify_paths(ssl_ctx) != 1) {
|
2014-11-08 02:51:56 +01:00
|
|
|
LOG(WARN) << "Could not load system trusted ca certificates: "
|
|
|
|
<< ERR_error_string(ERR_get_error(), nullptr);
|
2012-11-22 13:46:15 +01:00
|
|
|
}
|
|
|
|
|
2016-02-12 16:20:38 +01:00
|
|
|
if (!cacert.empty()) {
|
|
|
|
if (SSL_CTX_load_verify_locations(ssl_ctx, cacert.c_str(), nullptr) != 1) {
|
2014-06-08 14:02:40 +02:00
|
|
|
|
2016-02-11 10:34:31 +01:00
|
|
|
LOG(FATAL) << "Could not load trusted ca certificates from " << cacert
|
|
|
|
<< ": " << ERR_error_string(ERR_get_error(), nullptr);
|
|
|
|
DIE();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-02-12 16:20:38 +01:00
|
|
|
if (!cert_file.empty()) {
|
|
|
|
if (SSL_CTX_use_certificate_chain_file(ssl_ctx, cert_file.c_str()) != 1) {
|
2016-02-11 10:34:31 +01:00
|
|
|
|
|
|
|
LOG(FATAL) << "Could not load client certificate from " << cert_file
|
|
|
|
<< ": " << ERR_error_string(ERR_get_error(), nullptr);
|
2013-11-02 14:58:02 +01:00
|
|
|
DIE();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-02-12 16:20:38 +01:00
|
|
|
if (!private_key_file.empty()) {
|
2015-09-26 14:28:16 +02:00
|
|
|
#ifndef HAVE_NEVERBLEED
|
2016-02-12 16:20:38 +01:00
|
|
|
if (SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key_file.c_str(),
|
2014-11-27 15:39:04 +01:00
|
|
|
SSL_FILETYPE_PEM) != 1) {
|
2013-11-02 14:58:02 +01:00
|
|
|
LOG(FATAL) << "Could not load client private key from "
|
2016-02-11 10:34:31 +01:00
|
|
|
<< private_key_file << ": "
|
2013-11-02 14:58:02 +01:00
|
|
|
<< ERR_error_string(ERR_get_error(), nullptr);
|
|
|
|
DIE();
|
|
|
|
}
|
2015-09-26 14:28:16 +02:00
|
|
|
#else // HAVE_NEVERBLEED
|
|
|
|
std::array<char, NEVERBLEED_ERRBUF_SIZE> errbuf;
|
2016-02-12 16:20:38 +01:00
|
|
|
if (neverbleed_load_private_key_file(nb, ssl_ctx, private_key_file.c_str(),
|
2016-01-18 06:21:09 +01:00
|
|
|
errbuf.data()) != 1) {
|
2016-02-11 10:34:31 +01:00
|
|
|
LOG(FATAL) << "neverbleed_load_private_key_file: could not load client "
|
|
|
|
"private key from " << private_key_file << ": "
|
2015-09-26 14:28:16 +02:00
|
|
|
<< errbuf.data();
|
|
|
|
DIE();
|
|
|
|
}
|
|
|
|
#endif // HAVE_NEVERBLEED
|
2013-11-02 14:58:02 +01:00
|
|
|
}
|
2016-02-07 08:52:40 +01:00
|
|
|
|
2016-02-11 10:34:31 +01:00
|
|
|
// NPN selection callback
|
|
|
|
SSL_CTX_set_next_proto_select_cb(ssl_ctx, next_proto_select_cb, nullptr);
|
2016-02-06 11:50:21 +01:00
|
|
|
|
|
|
|
#if OPENSSL_VERSION_NUMBER >= 0x10002000L
|
2016-02-11 10:34:31 +01:00
|
|
|
// ALPN advertisement
|
|
|
|
SSL_CTX_set_alpn_protos(ssl_ctx, alpn.byte(), alpn.size());
|
2016-02-06 11:50:21 +01:00
|
|
|
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
|
2014-01-01 15:54:28 +01:00
|
|
|
|
2012-11-18 13:23:13 +01:00
|
|
|
return ssl_ctx;
|
|
|
|
}
|
|
|
|
|
2015-07-25 15:22:17 +02:00
|
|
|
SSL *create_ssl(SSL_CTX *ssl_ctx) {
|
|
|
|
auto ssl = SSL_new(ssl_ctx);
|
|
|
|
if (!ssl) {
|
|
|
|
LOG(ERROR) << "SSL_new() failed: " << ERR_error_string(ERR_get_error(),
|
|
|
|
nullptr);
|
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ssl;
|
|
|
|
}
|
|
|
|
|
2015-02-11 11:18:41 +01:00
|
|
|
ClientHandler *accept_connection(Worker *worker, int fd, sockaddr *addr,
|
2016-02-07 09:51:53 +01:00
|
|
|
int addrlen, const UpstreamAddr *faddr) {
|
2012-06-05 18:26:04 +02:00
|
|
|
char host[NI_MAXHOST];
|
2014-11-19 17:53:30 +01:00
|
|
|
char service[NI_MAXSERV];
|
2012-06-05 18:26:04 +02:00
|
|
|
int rv;
|
2012-11-19 13:40:59 +01:00
|
|
|
|
2016-01-19 15:26:04 +01:00
|
|
|
if (addr->sa_family == AF_UNIX) {
|
|
|
|
std::copy_n("localhost", sizeof("localhost"), host);
|
|
|
|
service[0] = '\0';
|
|
|
|
} else {
|
|
|
|
rv = getnameinfo(addr, addrlen, host, sizeof(host), service,
|
|
|
|
sizeof(service), NI_NUMERICHOST | NI_NUMERICSERV);
|
|
|
|
if (rv != 0) {
|
|
|
|
LOG(ERROR) << "getnameinfo() failed: " << gai_strerror(rv);
|
|
|
|
|
|
|
|
return nullptr;
|
|
|
|
}
|
2014-06-12 16:39:58 +02:00
|
|
|
|
2015-09-23 12:22:34 +02:00
|
|
|
rv = util::make_socket_nodelay(fd);
|
|
|
|
if (rv == -1) {
|
|
|
|
LOG(WARN) << "Setting option TCP_NODELAY failed: errno=" << errno;
|
|
|
|
}
|
2014-06-26 15:55:22 +02:00
|
|
|
}
|
|
|
|
SSL *ssl = nullptr;
|
2015-02-11 11:18:41 +01:00
|
|
|
auto ssl_ctx = worker->get_sv_ssl_ctx();
|
2014-11-27 15:39:04 +01:00
|
|
|
if (ssl_ctx) {
|
2015-08-09 11:33:49 +02:00
|
|
|
ssl = create_ssl(ssl_ctx);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (!ssl) {
|
2014-06-26 15:55:22 +02:00
|
|
|
return nullptr;
|
2012-11-18 13:23:13 +01:00
|
|
|
}
|
2015-08-09 11:33:49 +02:00
|
|
|
// Disable TLS session ticket if we don't have working ticket
|
|
|
|
// keys.
|
|
|
|
if (!worker->get_ticket_keys()) {
|
|
|
|
SSL_set_options(ssl, SSL_OP_NO_TICKET);
|
|
|
|
}
|
2012-06-05 18:26:04 +02:00
|
|
|
}
|
2014-06-26 15:55:22 +02:00
|
|
|
|
2016-02-01 15:29:17 +01:00
|
|
|
return new ClientHandler(worker, fd, ssl, host, service, addr->sa_family,
|
|
|
|
faddr);
|
2012-06-05 18:26:04 +02:00
|
|
|
}
|
|
|
|
|
2016-01-16 15:54:21 +01:00
|
|
|
bool tls_hostname_match(const char *pattern, size_t plen, const char *hostname,
|
|
|
|
size_t hlen) {
|
|
|
|
auto pend = pattern + plen;
|
|
|
|
auto ptWildcard = std::find(pattern, pend, '*');
|
|
|
|
if (ptWildcard == pend) {
|
|
|
|
return util::strieq(pattern, plen, hostname, hlen);
|
2012-11-22 13:46:15 +01:00
|
|
|
}
|
2016-01-16 15:54:21 +01:00
|
|
|
|
|
|
|
auto ptLeftLabelEnd = std::find(pattern, pend, '.');
|
|
|
|
auto wildcardEnabled = true;
|
2012-11-22 13:46:15 +01:00
|
|
|
// Do case-insensitive match. At least 2 dots are required to enable
|
|
|
|
// wildcard match. Also wildcard must be in the left-most label.
|
|
|
|
// Don't attempt to match a presented identifier where the wildcard
|
|
|
|
// character is embedded within an A-label.
|
2016-01-16 15:54:21 +01:00
|
|
|
if (ptLeftLabelEnd == pend ||
|
|
|
|
std::find(ptLeftLabelEnd + 1, pend, '.') == pend ||
|
|
|
|
ptLeftLabelEnd < ptWildcard ||
|
|
|
|
util::istarts_with(pattern, plen, "xn--")) {
|
2012-11-22 13:46:15 +01:00
|
|
|
wildcardEnabled = false;
|
|
|
|
}
|
2016-01-16 15:54:21 +01:00
|
|
|
|
2014-11-27 15:39:04 +01:00
|
|
|
if (!wildcardEnabled) {
|
2016-01-16 15:54:21 +01:00
|
|
|
return util::strieq(pattern, plen, hostname, hlen);
|
2012-11-22 13:46:15 +01:00
|
|
|
}
|
2016-01-16 15:54:21 +01:00
|
|
|
|
|
|
|
auto hend = hostname + hlen;
|
|
|
|
auto hnLeftLabelEnd = std::find(hostname, hend, '.');
|
|
|
|
if (hnLeftLabelEnd == hend ||
|
|
|
|
!util::strieq(ptLeftLabelEnd, pend, hnLeftLabelEnd, hend)) {
|
2012-11-22 13:46:15 +01:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
// Perform wildcard match. Here '*' must match at least one
|
|
|
|
// character.
|
2014-11-27 15:39:04 +01:00
|
|
|
if (hnLeftLabelEnd - hostname < ptLeftLabelEnd - pattern) {
|
2012-11-22 13:46:15 +01:00
|
|
|
return false;
|
|
|
|
}
|
2015-11-27 16:31:42 +01:00
|
|
|
return util::istarts_with(hostname, hnLeftLabelEnd, pattern, ptWildcard) &&
|
2015-11-27 16:36:43 +01:00
|
|
|
util::iends_with(hostname, hnLeftLabelEnd, ptWildcard + 1,
|
|
|
|
ptLeftLabelEnd);
|
2012-11-22 13:46:15 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
namespace {
|
2016-01-16 15:54:21 +01:00
|
|
|
ssize_t get_common_name(unsigned char **out_ptr, X509 *cert) {
|
|
|
|
auto subjectname = X509_get_subject_name(cert);
|
|
|
|
if (!subjectname) {
|
|
|
|
LOG(WARN) << "Could not get X509 name object from the certificate.";
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
int lastpos = -1;
|
|
|
|
for (;;) {
|
|
|
|
lastpos = X509_NAME_get_index_by_NID(subjectname, NID_commonName, lastpos);
|
|
|
|
if (lastpos == -1) {
|
2012-11-22 13:46:15 +01:00
|
|
|
break;
|
|
|
|
}
|
2016-01-16 15:54:21 +01:00
|
|
|
auto entry = X509_NAME_get_entry(subjectname, lastpos);
|
|
|
|
|
|
|
|
auto outlen = ASN1_STRING_to_UTF8(out_ptr, X509_NAME_ENTRY_get_data(entry));
|
|
|
|
if (outlen < 0) {
|
|
|
|
continue;
|
2012-11-22 13:46:15 +01:00
|
|
|
}
|
2016-01-16 15:54:21 +01:00
|
|
|
if (std::find(*out_ptr, *out_ptr + outlen, '\0') != *out_ptr + outlen) {
|
|
|
|
// Embedded NULL is not permitted.
|
|
|
|
continue;
|
2012-11-22 13:46:15 +01:00
|
|
|
}
|
2016-01-16 15:54:21 +01:00
|
|
|
return outlen;
|
|
|
|
}
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
|
|
|
namespace {
|
|
|
|
int verify_numeric_hostname(X509 *cert, const char *hostname, size_t hlen,
|
|
|
|
const Address *addr) {
|
|
|
|
const void *saddr;
|
|
|
|
switch (addr->su.storage.ss_family) {
|
|
|
|
case AF_INET:
|
|
|
|
saddr = &addr->su.in.sin_addr;
|
|
|
|
break;
|
|
|
|
case AF_INET6:
|
|
|
|
saddr = &addr->su.in6.sin6_addr;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
auto altnames = static_cast<GENERAL_NAMES *>(
|
|
|
|
X509_get_ext_d2i(cert, NID_subject_alt_name, nullptr, nullptr));
|
|
|
|
if (altnames) {
|
|
|
|
auto altnames_deleter = defer(GENERAL_NAMES_free, altnames);
|
2016-01-17 10:27:25 +01:00
|
|
|
size_t n = sk_GENERAL_NAME_num(altnames);
|
2016-01-16 15:54:21 +01:00
|
|
|
for (size_t i = 0; i < n; ++i) {
|
|
|
|
auto altname = sk_GENERAL_NAME_value(altnames, i);
|
|
|
|
if (altname->type != GEN_IPADD) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
auto ip_addr = altname->d.iPAddress->data;
|
|
|
|
if (!ip_addr) {
|
|
|
|
continue;
|
|
|
|
}
|
2016-01-17 10:27:25 +01:00
|
|
|
size_t ip_addrlen = altname->d.iPAddress->length;
|
2016-01-16 15:54:21 +01:00
|
|
|
|
|
|
|
if (addr->len == ip_addrlen && memcmp(saddr, ip_addr, ip_addrlen) == 0) {
|
2012-11-22 13:46:15 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2016-01-16 15:54:21 +01:00
|
|
|
|
|
|
|
unsigned char *cn;
|
|
|
|
auto cnlen = get_common_name(&cn, cert);
|
|
|
|
if (cnlen == -1) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// cn is not NULL terminated
|
|
|
|
auto rv = util::streq(hostname, hlen, cn, cnlen);
|
|
|
|
OPENSSL_free(cn);
|
|
|
|
|
|
|
|
if (rv) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-11-22 13:46:15 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
2016-01-16 15:54:21 +01:00
|
|
|
namespace {
|
|
|
|
int verify_hostname(X509 *cert, const char *hostname, size_t hlen,
|
|
|
|
const Address *addr) {
|
|
|
|
if (util::numeric_host(hostname)) {
|
|
|
|
return verify_numeric_hostname(cert, hostname, hlen, addr);
|
|
|
|
}
|
|
|
|
|
|
|
|
auto altnames = static_cast<GENERAL_NAMES *>(
|
2014-11-27 15:39:04 +01:00
|
|
|
X509_get_ext_d2i(cert, NID_subject_alt_name, nullptr, nullptr));
|
|
|
|
if (altnames) {
|
2015-02-06 15:27:15 +01:00
|
|
|
auto altnames_deleter = defer(GENERAL_NAMES_free, altnames);
|
2016-01-17 10:27:25 +01:00
|
|
|
size_t n = sk_GENERAL_NAME_num(altnames);
|
2014-11-27 15:39:04 +01:00
|
|
|
for (size_t i = 0; i < n; ++i) {
|
2016-01-16 15:54:21 +01:00
|
|
|
auto altname = sk_GENERAL_NAME_value(altnames, i);
|
|
|
|
if (altname->type != GEN_DNS) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
auto name = reinterpret_cast<char *>(ASN1_STRING_data(altname->d.ia5));
|
|
|
|
if (!name) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
auto len = ASN1_STRING_length(altname->d.ia5);
|
|
|
|
if (std::find(name, name + len, '\0') != name + len) {
|
|
|
|
// Embedded NULL is not permitted.
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tls_hostname_match(name, len, hostname, hlen)) {
|
|
|
|
return 0;
|
2012-11-22 13:46:15 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2016-01-16 15:54:21 +01:00
|
|
|
|
|
|
|
unsigned char *cn;
|
|
|
|
auto cnlen = get_common_name(&cn, cert);
|
|
|
|
if (cnlen == -1) {
|
|
|
|
return -1;
|
2012-11-22 13:46:15 +01:00
|
|
|
}
|
2016-01-16 15:54:21 +01:00
|
|
|
|
|
|
|
auto rv = util::strieq(hostname, hlen, cn, cnlen);
|
|
|
|
OPENSSL_free(cn);
|
|
|
|
|
|
|
|
if (rv) {
|
|
|
|
return 0;
|
2012-11-22 13:46:15 +01:00
|
|
|
}
|
2016-01-16 15:54:21 +01:00
|
|
|
|
|
|
|
return -1;
|
2013-02-06 15:27:05 +01:00
|
|
|
}
|
2016-01-16 15:54:21 +01:00
|
|
|
} // namespace
|
2013-02-06 15:27:05 +01:00
|
|
|
|
2016-02-11 14:56:45 +01:00
|
|
|
int check_cert(SSL *ssl, const Address *addr, const StringRef &host) {
|
2013-09-23 11:40:17 +02:00
|
|
|
auto cert = SSL_get_peer_certificate(ssl);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (!cert) {
|
2013-02-06 15:27:05 +01:00
|
|
|
LOG(ERROR) << "No certificate found";
|
|
|
|
return -1;
|
|
|
|
}
|
2015-02-06 15:27:15 +01:00
|
|
|
auto cert_deleter = defer(X509_free, cert);
|
2016-01-16 15:54:21 +01:00
|
|
|
auto verify_res = SSL_get_verify_result(ssl);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (verify_res != X509_V_OK) {
|
2013-02-06 15:27:05 +01:00
|
|
|
LOG(ERROR) << "Certificate verification failed: "
|
|
|
|
<< X509_verify_cert_error_string(verify_res);
|
|
|
|
return -1;
|
|
|
|
}
|
2016-01-18 06:21:09 +01:00
|
|
|
|
2016-02-11 14:56:45 +01:00
|
|
|
if (verify_hostname(cert, host.c_str(), host.size(), addr) != 0) {
|
2012-11-22 13:46:15 +01:00
|
|
|
LOG(ERROR) << "Certificate verification failed: hostname does not match";
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2016-02-11 14:56:45 +01:00
|
|
|
int check_cert(SSL *ssl, const DownstreamAddr *addr) {
|
|
|
|
auto &backend_sni_name = get_config()->tls.backend_sni_name;
|
|
|
|
|
|
|
|
auto hostname = !backend_sni_name.empty() ? StringRef(backend_sni_name)
|
|
|
|
: StringRef(addr->host);
|
|
|
|
return check_cert(ssl, &addr->addr, hostname);
|
|
|
|
}
|
|
|
|
|
2015-02-02 14:47:12 +01:00
|
|
|
CertLookupTree::CertLookupTree() {
|
|
|
|
root_.ssl_ctx = nullptr;
|
|
|
|
root_.str = nullptr;
|
|
|
|
root_.first = root_.last = 0;
|
2013-02-06 15:27:05 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
namespace {
|
2013-02-13 16:28:55 +01:00
|
|
|
// The |offset| is the index in the hostname we are examining. We are
|
|
|
|
// going to scan from |offset| in backwards.
|
2015-02-02 14:47:12 +01:00
|
|
|
void cert_lookup_tree_add_cert(CertNode *node, SSL_CTX *ssl_ctx, char *hostname,
|
|
|
|
size_t len, int offset) {
|
2013-02-06 15:27:05 +01:00
|
|
|
int i, next_len = node->next.size();
|
2013-02-13 16:28:55 +01:00
|
|
|
char c = hostname[offset];
|
2013-09-23 11:40:17 +02:00
|
|
|
CertNode *cn = nullptr;
|
2014-11-27 15:39:04 +01:00
|
|
|
for (i = 0; i < next_len; ++i) {
|
2015-02-02 14:47:12 +01:00
|
|
|
cn = node->next[i].get();
|
2014-11-27 15:39:04 +01:00
|
|
|
if (cn->str[cn->first] == c) {
|
2013-02-06 15:27:05 +01:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2014-11-27 15:39:04 +01:00
|
|
|
if (i == next_len) {
|
|
|
|
if (c == '*') {
|
2013-02-13 16:28:55 +01:00
|
|
|
// We assume hostname as wildcard hostname when first '*' is
|
|
|
|
// encountered. Note that as per RFC 6125 (6.4.3), there are
|
|
|
|
// some restrictions for wildcard hostname. We just ignore
|
|
|
|
// these rules here but do the proper check when we do the
|
|
|
|
// match.
|
2016-01-16 15:54:21 +01:00
|
|
|
node->wildcard_certs.push_back({ssl_ctx, hostname, len});
|
2015-02-02 14:47:12 +01:00
|
|
|
return;
|
2013-02-13 16:28:55 +01:00
|
|
|
}
|
2015-02-02 14:47:12 +01:00
|
|
|
|
2013-02-06 15:27:05 +01:00
|
|
|
int j;
|
2015-02-02 14:47:12 +01:00
|
|
|
auto new_node = make_unique<CertNode>();
|
|
|
|
new_node->str = hostname;
|
|
|
|
new_node->first = offset;
|
|
|
|
// If wildcard is found, set the region before it because we
|
|
|
|
// don't include it in [first, last).
|
|
|
|
for (j = offset; j >= 0 && hostname[j] != '*'; --j)
|
2014-11-27 15:39:04 +01:00
|
|
|
;
|
2015-02-02 14:47:12 +01:00
|
|
|
new_node->last = j;
|
|
|
|
if (j == -1) {
|
|
|
|
new_node->ssl_ctx = ssl_ctx;
|
2013-02-13 16:28:55 +01:00
|
|
|
} else {
|
2015-02-02 14:47:12 +01:00
|
|
|
new_node->ssl_ctx = nullptr;
|
2016-01-16 15:54:21 +01:00
|
|
|
new_node->wildcard_certs.push_back({ssl_ctx, hostname, len});
|
2015-02-02 14:47:12 +01:00
|
|
|
}
|
|
|
|
node->next.push_back(std::move(new_node));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
int j;
|
|
|
|
for (i = cn->first, j = offset;
|
|
|
|
i > cn->last && j >= 0 && cn->str[i] == hostname[j]; --i, --j)
|
|
|
|
;
|
|
|
|
if (i == cn->last) {
|
|
|
|
if (j == -1) {
|
|
|
|
// If the same hostname already exists, we don't overwrite
|
|
|
|
// exiting ssl_ctx
|
|
|
|
if (!cn->ssl_ctx) {
|
2013-02-13 16:28:55 +01:00
|
|
|
cn->ssl_ctx = ssl_ctx;
|
|
|
|
}
|
2015-02-02 14:47:12 +01:00
|
|
|
return;
|
2013-02-06 15:27:05 +01:00
|
|
|
}
|
2015-02-02 14:47:12 +01:00
|
|
|
|
|
|
|
// The existing hostname is a suffix of this hostname. Continue
|
|
|
|
// matching at potion j.
|
|
|
|
cert_lookup_tree_add_cert(cn, ssl_ctx, hostname, len, j);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
|
|
|
auto new_node = make_unique<CertNode>();
|
|
|
|
new_node->ssl_ctx = cn->ssl_ctx;
|
|
|
|
new_node->str = cn->str;
|
|
|
|
new_node->first = i;
|
|
|
|
new_node->last = cn->last;
|
|
|
|
new_node->wildcard_certs.swap(cn->wildcard_certs);
|
|
|
|
new_node->next.swap(cn->next);
|
|
|
|
|
|
|
|
cn->next.push_back(std::move(new_node));
|
|
|
|
}
|
|
|
|
|
|
|
|
cn->last = i;
|
|
|
|
if (j == -1) {
|
|
|
|
// This hostname is a suffix of the existing hostname.
|
|
|
|
cn->ssl_ctx = ssl_ctx;
|
|
|
|
return;
|
2013-02-06 15:27:05 +01:00
|
|
|
}
|
2015-02-02 14:47:12 +01:00
|
|
|
|
|
|
|
// This hostname and existing one share suffix.
|
|
|
|
cn->ssl_ctx = nullptr;
|
|
|
|
cert_lookup_tree_add_cert(cn, ssl_ctx, hostname, len, j);
|
2013-02-06 15:27:05 +01:00
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
2015-02-02 14:47:12 +01:00
|
|
|
void CertLookupTree::add_cert(SSL_CTX *ssl_ctx, const char *hostname,
|
|
|
|
size_t len) {
|
2014-11-27 15:39:04 +01:00
|
|
|
if (len == 0) {
|
2013-02-06 15:27:05 +01:00
|
|
|
return;
|
|
|
|
}
|
2013-02-13 16:28:55 +01:00
|
|
|
// Copy hostname including terminal NULL
|
2015-02-02 14:47:12 +01:00
|
|
|
hosts_.push_back(make_unique<char[]>(len + 1));
|
|
|
|
const auto &host_copy = hosts_.back();
|
2014-11-27 15:39:04 +01:00
|
|
|
for (size_t i = 0; i < len; ++i) {
|
2013-02-13 16:28:55 +01:00
|
|
|
host_copy[i] = util::lowcase(hostname[i]);
|
|
|
|
}
|
|
|
|
host_copy[len] = '\0';
|
2015-02-02 14:47:12 +01:00
|
|
|
cert_lookup_tree_add_cert(&root_, ssl_ctx, host_copy.get(), len, len - 1);
|
2013-02-06 15:27:05 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
namespace {
|
2015-02-02 14:47:12 +01:00
|
|
|
SSL_CTX *cert_lookup_tree_lookup(CertNode *node, const char *hostname,
|
|
|
|
size_t len, int offset) {
|
2013-02-13 16:28:55 +01:00
|
|
|
int i, j;
|
2014-11-27 15:39:04 +01:00
|
|
|
for (i = node->first, j = offset;
|
|
|
|
i > node->last && j >= 0 && node->str[i] == util::lowcase(hostname[j]);
|
|
|
|
--i, --j)
|
|
|
|
;
|
|
|
|
if (i != node->last) {
|
2013-09-23 11:40:17 +02:00
|
|
|
return nullptr;
|
|
|
|
}
|
2014-11-27 15:39:04 +01:00
|
|
|
if (j == -1) {
|
|
|
|
if (node->ssl_ctx) {
|
2013-09-23 11:40:17 +02:00
|
|
|
// exact match
|
|
|
|
return node->ssl_ctx;
|
|
|
|
}
|
2015-02-02 14:47:12 +01:00
|
|
|
|
|
|
|
// Do not perform wildcard-match because '*' must match at least
|
|
|
|
// one character.
|
|
|
|
return nullptr;
|
2013-09-23 11:40:17 +02:00
|
|
|
}
|
2016-01-16 15:54:21 +01:00
|
|
|
|
2015-02-02 14:47:12 +01:00
|
|
|
for (const auto &wildcert : node->wildcard_certs) {
|
2016-01-16 15:54:21 +01:00
|
|
|
if (tls_hostname_match(wildcert.hostname, wildcert.hostnamelen, hostname,
|
|
|
|
len)) {
|
|
|
|
return wildcert.ssl_ctx;
|
2013-09-23 11:40:17 +02:00
|
|
|
}
|
|
|
|
}
|
2015-02-02 14:47:12 +01:00
|
|
|
auto c = util::lowcase(hostname[j]);
|
|
|
|
for (const auto &next_node : node->next) {
|
2014-11-27 15:39:04 +01:00
|
|
|
if (next_node->str[next_node->first] == c) {
|
2015-02-02 14:47:12 +01:00
|
|
|
return cert_lookup_tree_lookup(next_node.get(), hostname, len, j);
|
2013-02-06 15:27:05 +01:00
|
|
|
}
|
|
|
|
}
|
2013-09-23 11:40:17 +02:00
|
|
|
return nullptr;
|
2013-02-06 15:27:05 +01:00
|
|
|
}
|
|
|
|
} // namespace
|
|
|
|
|
2015-02-02 14:47:12 +01:00
|
|
|
SSL_CTX *CertLookupTree::lookup(const char *hostname, size_t len) {
|
|
|
|
return cert_lookup_tree_lookup(&root_, hostname, len, len - 1);
|
2013-02-06 15:27:05 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
int cert_lookup_tree_add_cert_from_file(CertLookupTree *lt, SSL_CTX *ssl_ctx,
|
2014-11-27 15:39:04 +01:00
|
|
|
const char *certfile) {
|
2013-09-23 11:40:17 +02:00
|
|
|
auto bio = BIO_new(BIO_s_file());
|
2014-11-27 15:39:04 +01:00
|
|
|
if (!bio) {
|
2013-02-06 15:27:05 +01:00
|
|
|
LOG(ERROR) << "BIO_new failed";
|
|
|
|
return -1;
|
|
|
|
}
|
2015-02-06 15:27:15 +01:00
|
|
|
auto bio_deleter = defer(BIO_vfree, bio);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (!BIO_read_filename(bio, certfile)) {
|
2013-02-06 15:27:05 +01:00
|
|
|
LOG(ERROR) << "Could not read certificate file '" << certfile << "'";
|
|
|
|
return -1;
|
|
|
|
}
|
2013-09-23 11:40:17 +02:00
|
|
|
auto cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
|
2014-11-27 15:39:04 +01:00
|
|
|
if (!cert) {
|
|
|
|
LOG(ERROR) << "Could not read X509 structure from file '" << certfile
|
|
|
|
<< "'";
|
2013-02-06 15:27:05 +01:00
|
|
|
return -1;
|
|
|
|
}
|
2015-02-06 15:27:15 +01:00
|
|
|
auto cert_deleter = defer(X509_free, cert);
|
2016-01-16 15:54:21 +01:00
|
|
|
|
|
|
|
auto altnames = static_cast<GENERAL_NAMES *>(
|
|
|
|
X509_get_ext_d2i(cert, NID_subject_alt_name, nullptr, nullptr));
|
|
|
|
if (altnames) {
|
|
|
|
auto altnames_deleter = defer(GENERAL_NAMES_free, altnames);
|
2016-01-17 10:27:25 +01:00
|
|
|
size_t n = sk_GENERAL_NAME_num(altnames);
|
2016-01-16 15:54:21 +01:00
|
|
|
for (size_t i = 0; i < n; ++i) {
|
|
|
|
auto altname = sk_GENERAL_NAME_value(altnames, i);
|
|
|
|
if (altname->type != GEN_DNS) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
auto name = reinterpret_cast<char *>(ASN1_STRING_data(altname->d.ia5));
|
|
|
|
if (!name) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
auto len = ASN1_STRING_length(altname->d.ia5);
|
|
|
|
if (std::find(name, name + len, '\0') != name + len) {
|
|
|
|
// Embedded NULL is not permitted.
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
lt->add_cert(ssl_ctx, name, len);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
unsigned char *cn;
|
|
|
|
auto cnlen = get_common_name(&cn, cert);
|
|
|
|
if (cnlen == -1) {
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
lt->add_cert(ssl_ctx, reinterpret_cast<char *>(cn), cnlen);
|
|
|
|
|
|
|
|
OPENSSL_free(cn);
|
|
|
|
|
2013-02-06 15:27:05 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2015-07-20 15:37:26 +02:00
|
|
|
bool in_proto_list(const std::vector<std::string> &protos,
|
2014-11-27 15:39:04 +01:00
|
|
|
const unsigned char *needle, size_t len) {
|
2015-07-20 14:37:23 +02:00
|
|
|
for (auto &proto : protos) {
|
2015-07-20 15:37:26 +02:00
|
|
|
if (util::streq(proto.c_str(), proto.size(), needle, len)) {
|
2014-01-01 16:53:07 +01:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2015-03-30 16:20:40 +02:00
|
|
|
SSL_CTX *setup_server_ssl_context(std::vector<SSL_CTX *> &all_ssl_ctx,
|
2015-09-23 12:45:53 +02:00
|
|
|
CertLookupTree *cert_tree
|
|
|
|
#ifdef HAVE_NEVERBLEED
|
|
|
|
,
|
|
|
|
neverbleed_t *nb
|
|
|
|
#endif // HAVE_NEVERBLEED
|
|
|
|
) {
|
2016-01-19 08:56:12 +01:00
|
|
|
if (get_config()->conn.upstream.no_tls) {
|
2015-01-12 16:18:27 +01:00
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
|
2016-01-18 06:21:09 +01:00
|
|
|
auto &tlsconf = get_config()->tls;
|
|
|
|
|
|
|
|
auto ssl_ctx = ssl::create_ssl_context(tlsconf.private_key_file.get(),
|
|
|
|
tlsconf.cert_file.get()
|
2015-09-23 12:45:53 +02:00
|
|
|
#ifdef HAVE_NEVERBLEED
|
2015-11-12 16:53:29 +01:00
|
|
|
,
|
2015-09-23 12:45:53 +02:00
|
|
|
nb
|
|
|
|
#endif // HAVE_NEVERBLEED
|
|
|
|
);
|
2015-01-12 16:18:27 +01:00
|
|
|
|
2015-03-30 16:20:40 +02:00
|
|
|
all_ssl_ctx.push_back(ssl_ctx);
|
|
|
|
|
2016-01-18 06:21:09 +01:00
|
|
|
if (tlsconf.subcerts.empty()) {
|
2015-01-25 07:36:14 +01:00
|
|
|
return ssl_ctx;
|
|
|
|
}
|
|
|
|
|
2015-02-11 11:18:41 +01:00
|
|
|
if (!cert_tree) {
|
|
|
|
LOG(WARN) << "We have multiple additional certificates (--subcert), but "
|
|
|
|
"cert_tree is not given. SNI may not work.";
|
|
|
|
return ssl_ctx;
|
|
|
|
}
|
2015-01-12 16:18:27 +01:00
|
|
|
|
2016-01-18 06:21:09 +01:00
|
|
|
for (auto &keycert : tlsconf.subcerts) {
|
2015-01-12 16:18:27 +01:00
|
|
|
auto ssl_ctx =
|
2015-09-23 12:45:53 +02:00
|
|
|
ssl::create_ssl_context(keycert.first.c_str(), keycert.second.c_str()
|
|
|
|
#ifdef HAVE_NEVERBLEED
|
2015-11-12 16:53:29 +01:00
|
|
|
,
|
2015-09-23 12:45:53 +02:00
|
|
|
nb
|
|
|
|
#endif // HAVE_NEVERBLEED
|
|
|
|
);
|
2015-03-30 16:20:40 +02:00
|
|
|
all_ssl_ctx.push_back(ssl_ctx);
|
2015-01-12 16:18:27 +01:00
|
|
|
if (ssl::cert_lookup_tree_add_cert_from_file(
|
|
|
|
cert_tree, ssl_ctx, keycert.second.c_str()) == -1) {
|
|
|
|
LOG(FATAL) << "Failed to add sub certificate.";
|
|
|
|
DIE();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-01-18 06:21:09 +01:00
|
|
|
if (ssl::cert_lookup_tree_add_cert_from_file(cert_tree, ssl_ctx,
|
|
|
|
tlsconf.cert_file.get()) == -1) {
|
2015-01-25 07:36:14 +01:00
|
|
|
LOG(FATAL) << "Failed to add default certificate.";
|
|
|
|
DIE();
|
2015-01-12 16:18:27 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return ssl_ctx;
|
|
|
|
}
|
|
|
|
|
2016-02-06 11:50:21 +01:00
|
|
|
bool downstream_tls_enabled() { return !get_config()->conn.downstream.no_tls; }
|
2015-09-26 14:28:16 +02:00
|
|
|
|
2016-02-11 10:34:31 +01:00
|
|
|
SSL_CTX *setup_downstream_client_ssl_context(
|
2015-09-26 14:28:16 +02:00
|
|
|
#ifdef HAVE_NEVERBLEED
|
|
|
|
neverbleed_t *nb
|
|
|
|
#endif // HAVE_NEVERBLEED
|
|
|
|
) {
|
|
|
|
if (!downstream_tls_enabled()) {
|
|
|
|
return nullptr;
|
2015-01-12 16:18:27 +01:00
|
|
|
}
|
|
|
|
|
2016-02-11 10:34:31 +01:00
|
|
|
auto &tlsconf = get_config()->tls;
|
|
|
|
auto &downstreamconf = get_config()->conn.downstream;
|
|
|
|
|
|
|
|
std::vector<unsigned char> h2alpn;
|
|
|
|
StringRef alpn;
|
|
|
|
int (*next_proto_select_cb)(SSL *s, unsigned char **out,
|
|
|
|
unsigned char *outlen, const unsigned char *in,
|
|
|
|
unsigned int inlen, void *arg);
|
|
|
|
|
|
|
|
if (downstreamconf.proto == PROTO_HTTP2) {
|
|
|
|
h2alpn = util::get_default_alpn();
|
|
|
|
alpn = StringRef(h2alpn.data(), h2alpn.size());
|
|
|
|
next_proto_select_cb = select_h2_next_proto_cb;
|
|
|
|
} else {
|
|
|
|
alpn = StringRef::from_lit(NGHTTP2_H1_1_ALPN);
|
|
|
|
next_proto_select_cb = select_h1_next_proto_cb;
|
|
|
|
}
|
|
|
|
|
2015-09-26 14:28:16 +02:00
|
|
|
return ssl::create_ssl_client_context(
|
|
|
|
#ifdef HAVE_NEVERBLEED
|
2016-02-11 10:34:31 +01:00
|
|
|
nb,
|
2015-09-26 14:28:16 +02:00
|
|
|
#endif // HAVE_NEVERBLEED
|
2016-02-14 13:06:16 +01:00
|
|
|
StringRef{tlsconf.cacert},
|
2016-02-12 16:20:38 +01:00
|
|
|
StringRef::from_maybe_nullptr(tlsconf.client.cert_file.get()),
|
|
|
|
StringRef::from_maybe_nullptr(tlsconf.client.private_key_file.get()),
|
|
|
|
alpn, next_proto_select_cb);
|
2015-01-12 16:18:27 +01:00
|
|
|
}
|
|
|
|
|
2015-02-11 11:18:41 +01:00
|
|
|
CertLookupTree *create_cert_lookup_tree() {
|
2016-01-19 08:56:12 +01:00
|
|
|
if (get_config()->conn.upstream.no_tls ||
|
|
|
|
get_config()->tls.subcerts.empty()) {
|
2015-02-11 11:18:41 +01:00
|
|
|
return nullptr;
|
|
|
|
}
|
|
|
|
return new ssl::CertLookupTree();
|
|
|
|
}
|
|
|
|
|
2012-06-05 18:26:04 +02:00
|
|
|
} // namespace ssl
|
|
|
|
|
|
|
|
} // namespace shrpx
|