blob: 6edc14950d829aaa6aa9263d938b618c22174be0 [file] [log] [blame]
Emeric Brun46591952012-05-18 15:47:34 +02001/*
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02002 * SSL/TLS transport layer over SOCK_STREAM sockets
Emeric Brun46591952012-05-18 15:47:34 +02003 *
4 * Copyright (C) 2012 EXCELIANCE, Emeric Brun <ebrun@exceliance.fr>
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
Willy Tarreau69845df2012-09-10 09:43:09 +020011 * Acknowledgement:
12 * We'd like to specially thank the Stud project authors for a very clean
13 * and well documented code which helped us understand how the OpenSSL API
14 * ought to be used in non-blocking mode. This is one difficult part which
15 * is not easy to get from the OpenSSL doc, and reading the Stud code made
16 * it much more obvious than the examples in the OpenSSL package. Keep up
17 * the good works, guys !
18 *
19 * Stud is an extremely efficient and scalable SSL/TLS proxy which combines
20 * particularly well with haproxy. For more info about this project, visit :
21 * https://github.com/bumptech/stud
22 *
Emeric Brun46591952012-05-18 15:47:34 +020023 */
24
25#define _GNU_SOURCE
Emeric Brunfc0421f2012-09-07 17:30:07 +020026#include <ctype.h>
27#include <dirent.h>
Emeric Brun46591952012-05-18 15:47:34 +020028#include <errno.h>
29#include <fcntl.h>
30#include <stdio.h>
31#include <stdlib.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020032#include <string.h>
33#include <unistd.h>
Emeric Brun46591952012-05-18 15:47:34 +020034
35#include <sys/socket.h>
36#include <sys/stat.h>
37#include <sys/types.h>
38
39#include <netinet/tcp.h>
40
41#include <openssl/ssl.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020042#include <openssl/x509.h>
43#include <openssl/x509v3.h>
44#include <openssl/x509.h>
45#include <openssl/err.h>
Thierry Fournier383085f2013-01-24 14:15:43 +010046#include <openssl/rand.h>
Lukas Tribuse4e30f72014-12-09 16:32:51 +010047#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +020048#include <openssl/ocsp.h>
49#endif
Emeric Brun46591952012-05-18 15:47:34 +020050
51#include <common/buffer.h>
52#include <common/compat.h>
53#include <common/config.h>
54#include <common/debug.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020055#include <common/errors.h>
Emeric Brun46591952012-05-18 15:47:34 +020056#include <common/standard.h>
57#include <common/ticks.h>
58#include <common/time.h>
Emeric Brun2c86cbf2014-10-30 15:56:50 +010059#include <common/cfgparse.h>
Emeric Brun46591952012-05-18 15:47:34 +020060
Emeric Brunfc0421f2012-09-07 17:30:07 +020061#include <ebsttree.h>
62
63#include <types/global.h>
64#include <types/ssl_sock.h>
65
Willy Tarreau7875d092012-09-10 08:20:03 +020066#include <proto/acl.h>
67#include <proto/arg.h>
Emeric Brun46591952012-05-18 15:47:34 +020068#include <proto/connection.h>
69#include <proto/fd.h>
70#include <proto/freq_ctr.h>
71#include <proto/frontend.h>
Willy Tarreau79eeafa2012-09-14 07:53:05 +020072#include <proto/listener.h>
Thierry FOURNIERed66c292013-11-28 11:05:19 +010073#include <proto/pattern.h>
Willy Tarreau92faadf2012-10-10 23:04:25 +020074#include <proto/server.h>
Emeric Brun46591952012-05-18 15:47:34 +020075#include <proto/log.h>
Emeric Brun94324a42012-10-11 14:00:19 +020076#include <proto/proxy.h>
Emeric Brunfc0421f2012-09-07 17:30:07 +020077#include <proto/shctx.h>
Emeric Brun46591952012-05-18 15:47:34 +020078#include <proto/ssl_sock.h>
79#include <proto/task.h>
80
Willy Tarreau518cedd2014-02-17 15:43:01 +010081/* Warning, these are bits, not integers! */
Emeric Brune64aef12012-09-21 13:15:06 +020082#define SSL_SOCK_ST_FL_VERIFY_DONE 0x00000001
Emeric Brund8b2bb52014-01-28 15:43:53 +010083#define SSL_SOCK_ST_FL_16K_WBFSIZE 0x00000002
Willy Tarreau518cedd2014-02-17 15:43:01 +010084#define SSL_SOCK_SEND_UNLIMITED 0x00000004
Emeric Brun29f037d2014-04-25 19:05:36 +020085#define SSL_SOCK_RECV_HEARTBEAT 0x00000008
86
Emeric Brunf282a812012-09-21 15:27:54 +020087/* bits 0xFFFF0000 are reserved to store verify errors */
88
89/* Verify errors macros */
90#define SSL_SOCK_CA_ERROR_TO_ST(e) (((e > 63) ? 63 : e) << (16))
91#define SSL_SOCK_CAEDEPTH_TO_ST(d) (((d > 15) ? 15 : d) << (6+16))
92#define SSL_SOCK_CRTERROR_TO_ST(e) (((e > 63) ? 63 : e) << (4+6+16))
93
94#define SSL_SOCK_ST_TO_CA_ERROR(s) ((s >> (16)) & 63)
95#define SSL_SOCK_ST_TO_CAEDEPTH(s) ((s >> (6+16)) & 15)
96#define SSL_SOCK_ST_TO_CRTERROR(s) ((s >> (4+6+16)) & 63)
Emeric Brune64aef12012-09-21 13:15:06 +020097
Emeric Brun850efd52014-01-29 12:24:34 +010098/* server and bind verify method, it uses a global value as default */
99enum {
100 SSL_SOCK_VERIFY_DEFAULT = 0,
101 SSL_SOCK_VERIFY_REQUIRED = 1,
102 SSL_SOCK_VERIFY_OPTIONAL = 2,
103 SSL_SOCK_VERIFY_NONE = 3,
104};
105
Willy Tarreau71b734c2014-01-28 15:19:44 +0100106int sslconns = 0;
107int totalsslconns = 0;
Emeric Brune1f38db2012-09-03 20:36:47 +0200108
Remi Gacogne8de54152014-07-15 11:36:40 +0200109#ifndef OPENSSL_NO_DH
110static DH *local_dh_1024 = NULL;
111static DH *local_dh_2048 = NULL;
112static DH *local_dh_4096 = NULL;
113static DH *local_dh_8192 = NULL;
114#endif /* OPENSSL_NO_DH */
115
Lukas Tribuse4e30f72014-12-09 16:32:51 +0100116#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +0200117struct certificate_ocsp {
118 struct ebmb_node key;
119 unsigned char key_data[OCSP_MAX_CERTID_ASN1_LENGTH];
120 struct chunk response;
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200121 long expire;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200122};
123
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200124/*
125 * This function returns the number of seconds elapsed
126 * since the Epoch, 1970-01-01 00:00:00 +0000 (UTC) and the
127 * date presented un ASN1_GENERALIZEDTIME.
128 *
129 * In parsing error case, it returns -1.
130 */
131static long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
132{
133 long epoch;
134 char *p, *end;
135 const unsigned short month_offset[12] = {
136 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
137 };
138 int year, month;
139
140 if (!d || (d->type != V_ASN1_GENERALIZEDTIME)) return -1;
141
142 p = (char *)d->data;
143 end = p + d->length;
144
145 if (end - p < 4) return -1;
146 year = 1000 * (p[0] - '0') + 100 * (p[1] - '0') + 10 * (p[2] - '0') + p[3] - '0';
147 p += 4;
148 if (end - p < 2) return -1;
149 month = 10 * (p[0] - '0') + p[1] - '0';
150 if (month < 1 || month > 12) return -1;
151 /* Compute the number of seconds since 1 jan 1970 and the beginning of current month
152 We consider leap years and the current month (<marsh or not) */
153 epoch = ( ((year - 1970) * 365)
154 + ((year - (month < 3)) / 4 - (year - (month < 3)) / 100 + (year - (month < 3)) / 400)
155 - ((1970 - 1) / 4 - (1970 - 1) / 100 + (1970 - 1) / 400)
156 + month_offset[month-1]
157 ) * 24 * 60 * 60;
158 p += 2;
159 if (end - p < 2) return -1;
160 /* Add the number of seconds of completed days of current month */
161 epoch += (10 * (p[0] - '0') + p[1] - '0' - 1) * 24 * 60 * 60;
162 p += 2;
163 if (end - p < 2) return -1;
164 /* Add the completed hours of the current day */
165 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60 * 60;
166 p += 2;
167 if (end - p < 2) return -1;
168 /* Add the completed minutes of the current hour */
169 epoch += (10 * (p[0] - '0') + p[1] - '0') * 60;
170 p += 2;
171 if (p == end) return -1;
172 /* Test if there is available seconds */
173 if (p[0] < '0' || p[0] > '9')
174 goto nosec;
175 if (end - p < 2) return -1;
176 /* Add the seconds of the current minute */
177 epoch += 10 * (p[0] - '0') + p[1] - '0';
178 p += 2;
179 if (p == end) return -1;
180 /* Ignore seconds float part if present */
181 if (p[0] == '.') {
182 do {
183 if (++p == end) return -1;
184 } while (p[0] >= '0' && p[0] <= '9');
185 }
186
187nosec:
188 if (p[0] == 'Z') {
189 if (end - p != 1) return -1;
190 return epoch;
191 }
192 else if (p[0] == '+') {
193 if (end - p != 5) return -1;
194 /* Apply timezone offset */
195 return epoch - ((10 * (p[1] - '0') + p[2] - '0') * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
196 }
197 else if (p[0] == '-') {
198 if (end - p != 5) return -1;
199 /* Apply timezone offset */
200 return epoch + ((10 * (p[1] - '0') + p[2] - '0') * 60 + (10 * (p[3] - '0') + p[4] - '0')) * 60;
201 }
202
203 return -1;
204}
205
Emeric Brun1d3865b2014-06-20 15:37:32 +0200206static struct eb_root cert_ocsp_tree = EB_ROOT_UNIQUE;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200207
208/* This function starts to check if the OCSP response (in DER format) contained
209 * in chunk 'ocsp_response' is valid (else exits on error).
210 * If 'cid' is not NULL, it will be compared to the OCSP certificate ID
211 * contained in the OCSP Response and exits on error if no match.
212 * If it's a valid OCSP Response:
213 * If 'ocsp' is not NULL, the chunk is copied in the OCSP response's container
214 * pointed by 'ocsp'.
215 * If 'ocsp' is NULL, the function looks up into the OCSP response's
216 * containers tree (using as index the ASN1 form of the OCSP Certificate ID extracted
217 * from the response) and exits on error if not found. Finally, If an OCSP response is
218 * already present in the container, it will be overwritten.
219 *
220 * Note: OCSP response containing more than one OCSP Single response is not
221 * considered valid.
222 *
223 * Returns 0 on success, 1 in error case.
224 */
225static int ssl_sock_load_ocsp_response(struct chunk *ocsp_response, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
226{
227 OCSP_RESPONSE *resp;
228 OCSP_BASICRESP *bs = NULL;
229 OCSP_SINGLERESP *sr;
230 unsigned char *p = (unsigned char *)ocsp_response->str;
231 int rc , count_sr;
Emeric Brun13a6b482014-06-20 15:44:34 +0200232 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd = NULL;
Emeric Brun4147b2e2014-06-16 18:36:30 +0200233 int reason;
234 int ret = 1;
235
236 resp = d2i_OCSP_RESPONSE(NULL, (const unsigned char **)&p, ocsp_response->len);
237 if (!resp) {
238 memprintf(err, "Unable to parse OCSP response");
239 goto out;
240 }
241
242 rc = OCSP_response_status(resp);
243 if (rc != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
244 memprintf(err, "OCSP response status not successful");
245 goto out;
246 }
247
248 bs = OCSP_response_get1_basic(resp);
249 if (!bs) {
250 memprintf(err, "Failed to get basic response from OCSP Response");
251 goto out;
252 }
253
254 count_sr = OCSP_resp_count(bs);
255 if (count_sr > 1) {
256 memprintf(err, "OCSP response ignored because contains multiple single responses (%d)", count_sr);
257 goto out;
258 }
259
260 sr = OCSP_resp_get0(bs, 0);
261 if (!sr) {
262 memprintf(err, "Failed to get OCSP single response");
263 goto out;
264 }
265
266 rc = OCSP_single_get0_status(sr, &reason, &revtime, &thisupd, &nextupd);
267 if (rc != V_OCSP_CERTSTATUS_GOOD) {
268 memprintf(err, "OCSP single response: certificate status not good");
269 goto out;
270 }
271
Emeric Brun13a6b482014-06-20 15:44:34 +0200272 if (!nextupd) {
273 memprintf(err, "OCSP single response: missing nextupdate");
274 goto out;
275 }
276
Emeric Brunc8b27b62014-06-19 14:16:17 +0200277 rc = OCSP_check_validity(thisupd, nextupd, OCSP_MAX_RESPONSE_TIME_SKEW, -1);
Emeric Brun4147b2e2014-06-16 18:36:30 +0200278 if (!rc) {
279 memprintf(err, "OCSP single response: no longer valid.");
280 goto out;
281 }
282
283 if (cid) {
284 if (OCSP_id_cmp(sr->certId, cid)) {
285 memprintf(err, "OCSP single response: Certificate ID does not match certificate and issuer");
286 goto out;
287 }
288 }
289
290 if (!ocsp) {
291 unsigned char key[OCSP_MAX_CERTID_ASN1_LENGTH];
292 unsigned char *p;
293
294 rc = i2d_OCSP_CERTID(sr->certId, NULL);
295 if (!rc) {
296 memprintf(err, "OCSP single response: Unable to encode Certificate ID");
297 goto out;
298 }
299
300 if (rc > OCSP_MAX_CERTID_ASN1_LENGTH) {
301 memprintf(err, "OCSP single response: Certificate ID too long");
302 goto out;
303 }
304
305 p = key;
306 memset(key, 0, OCSP_MAX_CERTID_ASN1_LENGTH);
307 i2d_OCSP_CERTID(sr->certId, &p);
308 ocsp = (struct certificate_ocsp *)ebmb_lookup(&cert_ocsp_tree, key, OCSP_MAX_CERTID_ASN1_LENGTH);
309 if (!ocsp) {
310 memprintf(err, "OCSP single response: Certificate ID does not match any certificate or issuer");
311 goto out;
312 }
313 }
314
315 /* According to comments on "chunk_dup", the
316 previous chunk buffer will be freed */
317 if (!chunk_dup(&ocsp->response, ocsp_response)) {
318 memprintf(err, "OCSP response: Memory allocation error");
319 goto out;
320 }
321
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200322 ocsp->expire = asn1_generalizedtime_to_epoch(nextupd) - OCSP_MAX_RESPONSE_TIME_SKEW;
323
Emeric Brun4147b2e2014-06-16 18:36:30 +0200324 ret = 0;
325out:
326 if (bs)
327 OCSP_BASICRESP_free(bs);
328
329 if (resp)
330 OCSP_RESPONSE_free(resp);
331
332 return ret;
333}
334/*
335 * External function use to update the OCSP response in the OCSP response's
336 * containers tree. The chunk 'ocsp_response' must contain the OCSP response
337 * to update in DER format.
338 *
339 * Returns 0 on success, 1 in error case.
340 */
341int ssl_sock_update_ocsp_response(struct chunk *ocsp_response, char **err)
342{
343 return ssl_sock_load_ocsp_response(ocsp_response, NULL, NULL, err);
344}
345
346/*
347 * This function load the OCSP Resonse in DER format contained in file at
348 * path 'ocsp_path' and call 'ssl_sock_load_ocsp_response'
349 *
350 * Returns 0 on success, 1 in error case.
351 */
352static int ssl_sock_load_ocsp_response_from_file(const char *ocsp_path, struct certificate_ocsp *ocsp, OCSP_CERTID *cid, char **err)
353{
354 int fd = -1;
355 int r = 0;
356 int ret = 1;
357
358 fd = open(ocsp_path, O_RDONLY);
359 if (fd == -1) {
360 memprintf(err, "Error opening OCSP response file");
361 goto end;
362 }
363
364 trash.len = 0;
365 while (trash.len < trash.size) {
366 r = read(fd, trash.str + trash.len, trash.size - trash.len);
367 if (r < 0) {
368 if (errno == EINTR)
369 continue;
370
371 memprintf(err, "Error reading OCSP response from file");
372 goto end;
373 }
374 else if (r == 0) {
375 break;
376 }
377 trash.len += r;
378 }
379
380 close(fd);
381 fd = -1;
382
383 ret = ssl_sock_load_ocsp_response(&trash, ocsp, cid, err);
384end:
385 if (fd != -1)
386 close(fd);
387
388 return ret;
389}
390
391/*
392 * Callback used to set OCSP status extension content in server hello.
393 */
394int ssl_sock_ocsp_stapling_cbk(SSL *ssl, void *arg)
395{
396 struct certificate_ocsp *ocsp = (struct certificate_ocsp *)arg;
397 char* ssl_buf;
398
399 if (!ocsp ||
400 !ocsp->response.str ||
Emeric Brun4f3c87a2014-06-20 15:46:13 +0200401 !ocsp->response.len ||
402 (ocsp->expire < now.tv_sec))
Emeric Brun4147b2e2014-06-16 18:36:30 +0200403 return SSL_TLSEXT_ERR_NOACK;
404
405 ssl_buf = OPENSSL_malloc(ocsp->response.len);
406 if (!ssl_buf)
407 return SSL_TLSEXT_ERR_NOACK;
408
409 memcpy(ssl_buf, ocsp->response.str, ocsp->response.len);
410 SSL_set_tlsext_status_ocsp_resp(ssl, ssl_buf, ocsp->response.len);
411
412 return SSL_TLSEXT_ERR_OK;
413}
414
415/*
416 * This function enables the handling of OCSP status extension on 'ctx' if a
417 * file name 'cert_path' suffixed using ".ocsp" is present.
418 * To enable OCSP status extension, the issuer's certificate is mandatory.
419 * It should be present in the certificate's extra chain builded from file
420 * 'cert_path'. If not found, the issuer certificate is loaded from a file
421 * named 'cert_path' suffixed using '.issuer'.
422 *
423 * In addition, ".ocsp" file content is loaded as a DER format of an OCSP
424 * response. If file is empty or content is not a valid OCSP response,
425 * OCSP status extension is enabled but OCSP response is ignored (a warning
426 * is displayed).
427 *
428 * Returns 1 if no ".ocsp" file found, 0 if OCSP status extension is
429 * succesfully enabled, or -1 in other error case.
430 */
431static int ssl_sock_load_ocsp(SSL_CTX *ctx, const char *cert_path)
432{
433
434 BIO *in = NULL;
435 X509 *x, *xi = NULL, *issuer = NULL;
436 STACK_OF(X509) *chain = NULL;
437 OCSP_CERTID *cid = NULL;
438 SSL *ssl;
439 char ocsp_path[MAXPATHLEN+1];
440 int i, ret = -1;
441 struct stat st;
442 struct certificate_ocsp *ocsp = NULL, *iocsp;
443 char *warn = NULL;
444 unsigned char *p;
445
446 snprintf(ocsp_path, MAXPATHLEN+1, "%s.ocsp", cert_path);
447
448 if (stat(ocsp_path, &st))
449 return 1;
450
451 ssl = SSL_new(ctx);
452 if (!ssl)
453 goto out;
454
455 x = SSL_get_certificate(ssl);
456 if (!x)
457 goto out;
458
459 /* Try to lookup for issuer in certificate extra chain */
460#ifdef SSL_CTRL_GET_EXTRA_CHAIN_CERTS
461 SSL_CTX_get_extra_chain_certs(ctx, &chain);
462#else
463 chain = ctx->extra_certs;
464#endif
465 for (i = 0; i < sk_X509_num(chain); i++) {
466 issuer = sk_X509_value(chain, i);
467 if (X509_check_issued(issuer, x) == X509_V_OK)
468 break;
469 else
470 issuer = NULL;
471 }
472
473 /* If not found try to load issuer from a suffixed file */
474 if (!issuer) {
475 char issuer_path[MAXPATHLEN+1];
476
477 in = BIO_new(BIO_s_file());
478 if (!in)
479 goto out;
480
481 snprintf(issuer_path, MAXPATHLEN+1, "%s.issuer", cert_path);
482 if (BIO_read_filename(in, issuer_path) <= 0)
483 goto out;
484
485 xi = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
486 if (!xi)
487 goto out;
488
489 if (X509_check_issued(xi, x) != X509_V_OK)
490 goto out;
491
492 issuer = xi;
493 }
494
495 cid = OCSP_cert_to_id(0, x, issuer);
496 if (!cid)
497 goto out;
498
499 i = i2d_OCSP_CERTID(cid, NULL);
500 if (!i || (i > OCSP_MAX_CERTID_ASN1_LENGTH))
501 goto out;
502
503 ocsp = calloc(1, sizeof(struct certificate_ocsp));
504 if (!ocsp)
505 goto out;
506
507 p = ocsp->key_data;
508 i2d_OCSP_CERTID(cid, &p);
509
510 iocsp = (struct certificate_ocsp *)ebmb_insert(&cert_ocsp_tree, &ocsp->key, OCSP_MAX_CERTID_ASN1_LENGTH);
511 if (iocsp == ocsp)
512 ocsp = NULL;
513
514 SSL_CTX_set_tlsext_status_cb(ctx, ssl_sock_ocsp_stapling_cbk);
515 SSL_CTX_set_tlsext_status_arg(ctx, iocsp);
516
517 ret = 0;
518
519 warn = NULL;
520 if (ssl_sock_load_ocsp_response_from_file(ocsp_path, iocsp, cid, &warn)) {
521 memprintf(&warn, "Loading '%s': %s. Content will be ignored", ocsp_path, warn ? warn : "failure");
522 Warning("%s.\n", warn);
523 }
524
525out:
526 if (ssl)
527 SSL_free(ssl);
528
529 if (in)
530 BIO_free(in);
531
532 if (xi)
533 X509_free(xi);
534
535 if (cid)
536 OCSP_CERTID_free(cid);
537
538 if (ocsp)
539 free(ocsp);
540
541 if (warn)
542 free(warn);
543
544
545 return ret;
546}
547
548#endif
549
Emeric Brune1f38db2012-09-03 20:36:47 +0200550void ssl_sock_infocbk(const SSL *ssl, int where, int ret)
551{
552 struct connection *conn = (struct connection *)SSL_get_app_data(ssl);
553 (void)ret; /* shut gcc stupid warning */
Emeric Brund8b2bb52014-01-28 15:43:53 +0100554 BIO *write_bio;
Emeric Brune1f38db2012-09-03 20:36:47 +0200555
556 if (where & SSL_CB_HANDSHAKE_START) {
557 /* Disable renegotiation (CVE-2009-3555) */
Willy Tarreau20879a02012-12-03 16:32:10 +0100558 if (conn->flags & CO_FL_CONNECTED) {
Emeric Brune1f38db2012-09-03 20:36:47 +0200559 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +0100560 conn->err_code = CO_ER_SSL_RENEG;
561 }
Emeric Brune1f38db2012-09-03 20:36:47 +0200562 }
Emeric Brund8b2bb52014-01-28 15:43:53 +0100563
564 if ((where & SSL_CB_ACCEPT_LOOP) == SSL_CB_ACCEPT_LOOP) {
565 if (!(conn->xprt_st & SSL_SOCK_ST_FL_16K_WBFSIZE)) {
566 /* Long certificate chains optimz
567 If write and read bios are differents, we
568 consider that the buffering was activated,
569 so we rise the output buffer size from 4k
570 to 16k */
571 write_bio = SSL_get_wbio(ssl);
572 if (write_bio != SSL_get_rbio(ssl)) {
573 BIO_set_write_buffer_size(write_bio, 16384);
574 conn->xprt_st |= SSL_SOCK_ST_FL_16K_WBFSIZE;
575 }
576 }
577 }
Emeric Brunfc0421f2012-09-07 17:30:07 +0200578}
579
Emeric Brune64aef12012-09-21 13:15:06 +0200580/* Callback is called for each certificate of the chain during a verify
581 ok is set to 1 if preverify detect no error on current certificate.
582 Returns 0 to break the handshake, 1 otherwise. */
Evan Broderbe554312013-06-27 00:05:25 -0700583int ssl_sock_bind_verifycbk(int ok, X509_STORE_CTX *x_store)
Emeric Brune64aef12012-09-21 13:15:06 +0200584{
585 SSL *ssl;
586 struct connection *conn;
Emeric Brun81c00f02012-09-21 14:31:21 +0200587 int err, depth;
Emeric Brune64aef12012-09-21 13:15:06 +0200588
589 ssl = X509_STORE_CTX_get_ex_data(x_store, SSL_get_ex_data_X509_STORE_CTX_idx());
590 conn = (struct connection *)SSL_get_app_data(ssl);
591
Willy Tarreauf7bc57c2012-10-03 00:19:48 +0200592 conn->xprt_st |= SSL_SOCK_ST_FL_VERIFY_DONE;
Emeric Brune64aef12012-09-21 13:15:06 +0200593
Emeric Brun81c00f02012-09-21 14:31:21 +0200594 if (ok) /* no errors */
595 return ok;
596
597 depth = X509_STORE_CTX_get_error_depth(x_store);
598 err = X509_STORE_CTX_get_error(x_store);
599
600 /* check if CA error needs to be ignored */
601 if (depth > 0) {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +0200602 if (!SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st)) {
603 conn->xprt_st |= SSL_SOCK_CA_ERROR_TO_ST(err);
604 conn->xprt_st |= SSL_SOCK_CAEDEPTH_TO_ST(depth);
Emeric Brunf282a812012-09-21 15:27:54 +0200605 }
606
Emeric Brun1eb20ef2012-12-03 13:24:29 +0100607 if (objt_listener(conn->target)->bind_conf->ca_ignerr & (1ULL << err)) {
608 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +0200609 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +0100610 }
Emeric Brun81c00f02012-09-21 14:31:21 +0200611
Willy Tarreau20879a02012-12-03 16:32:10 +0100612 conn->err_code = CO_ER_SSL_CA_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +0200613 return 0;
614 }
615
Willy Tarreauf7bc57c2012-10-03 00:19:48 +0200616 if (!SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st))
617 conn->xprt_st |= SSL_SOCK_CRTERROR_TO_ST(err);
Emeric Brunf282a812012-09-21 15:27:54 +0200618
Emeric Brun81c00f02012-09-21 14:31:21 +0200619 /* check if certificate error needs to be ignored */
Emeric Brun1eb20ef2012-12-03 13:24:29 +0100620 if (objt_listener(conn->target)->bind_conf->crt_ignerr & (1ULL << err)) {
621 ERR_clear_error();
Emeric Brun81c00f02012-09-21 14:31:21 +0200622 return 1;
Emeric Brun1eb20ef2012-12-03 13:24:29 +0100623 }
Emeric Brun81c00f02012-09-21 14:31:21 +0200624
Willy Tarreau20879a02012-12-03 16:32:10 +0100625 conn->err_code = CO_ER_SSL_CRT_FAIL;
Emeric Brun81c00f02012-09-21 14:31:21 +0200626 return 0;
Emeric Brune64aef12012-09-21 13:15:06 +0200627}
628
Emeric Brun29f037d2014-04-25 19:05:36 +0200629/* Callback is called for ssl protocol analyse */
630void ssl_sock_msgcbk(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
631{
Emeric Brun29f037d2014-04-25 19:05:36 +0200632#ifdef TLS1_RT_HEARTBEAT
633 /* test heartbeat received (write_p is set to 0
634 for a received record) */
Willy Tarreauf51c6982014-04-25 20:02:39 +0200635 if ((content_type == TLS1_RT_HEARTBEAT) && (write_p == 0)) {
Willy Tarreau84815002014-04-25 21:40:27 +0200636 struct connection *conn = (struct connection *)SSL_get_app_data(ssl);
Willy Tarreauf51c6982014-04-25 20:02:39 +0200637 const unsigned char *p = buf;
638 unsigned int payload;
639
Emeric Brun29f037d2014-04-25 19:05:36 +0200640 conn->xprt_st |= SSL_SOCK_RECV_HEARTBEAT;
Willy Tarreauf51c6982014-04-25 20:02:39 +0200641
642 /* Check if this is a CVE-2014-0160 exploitation attempt. */
643 if (*p != TLS1_HB_REQUEST)
644 return;
645
Willy Tarreauaeed6722014-04-25 23:59:58 +0200646 if (len < 1 + 2 + 16) /* 1 type + 2 size + 0 payload + 16 padding */
Willy Tarreauf51c6982014-04-25 20:02:39 +0200647 goto kill_it;
648
649 payload = (p[1] * 256) + p[2];
Willy Tarreau3b2fdb62014-04-25 23:44:22 +0200650 if (3 + payload + 16 <= len)
Willy Tarreauf51c6982014-04-25 20:02:39 +0200651 return; /* OK no problem */
Willy Tarreauaeed6722014-04-25 23:59:58 +0200652 kill_it:
Willy Tarreau3b2fdb62014-04-25 23:44:22 +0200653 /* We have a clear heartbleed attack (CVE-2014-0160), the
654 * advertised payload is larger than the advertised packet
655 * length, so we have garbage in the buffer between the
656 * payload and the end of the buffer (p+len). We can't know
657 * if the SSL stack is patched, and we don't know if we can
658 * safely wipe out the area between p+3+len and payload.
659 * So instead, we prevent the response from being sent by
660 * setting the max_send_fragment to 0 and we report an SSL
661 * error, which will kill this connection. It will be reported
662 * above as SSL_ERROR_SSL while an other handshake failure with
Willy Tarreauf51c6982014-04-25 20:02:39 +0200663 * a heartbeat message will be reported as SSL_ERROR_SYSCALL.
664 */
Willy Tarreau3b2fdb62014-04-25 23:44:22 +0200665 ssl->max_send_fragment = 0;
Willy Tarreauf51c6982014-04-25 20:02:39 +0200666 SSLerr(SSL_F_TLS1_HEARTBEAT, SSL_R_SSL_HANDSHAKE_FAILURE);
667 return;
668 }
Emeric Brun29f037d2014-04-25 19:05:36 +0200669#endif
670}
671
Willy Tarreau6c9a3d52012-10-18 18:57:14 +0200672#ifdef OPENSSL_NPN_NEGOTIATED
673/* This callback is used so that the server advertises the list of
674 * negociable protocols for NPN.
675 */
676static int ssl_sock_advertise_npn_protos(SSL *s, const unsigned char **data,
677 unsigned int *len, void *arg)
678{
679 struct bind_conf *conf = arg;
680
681 *data = (const unsigned char *)conf->npn_str;
682 *len = conf->npn_len;
683 return SSL_TLSEXT_ERR_OK;
684}
685#endif
686
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +0100687#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +0200688/* This callback is used so that the server advertises the list of
689 * negociable protocols for ALPN.
690 */
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +0100691static int ssl_sock_advertise_alpn_protos(SSL *s, const unsigned char **out,
692 unsigned char *outlen,
693 const unsigned char *server,
694 unsigned int server_len, void *arg)
Willy Tarreauab861d32013-04-02 02:30:41 +0200695{
696 struct bind_conf *conf = arg;
697
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +0100698 if (SSL_select_next_proto((unsigned char**) out, outlen, (const unsigned char *)conf->alpn_str,
699 conf->alpn_len, server, server_len) != OPENSSL_NPN_NEGOTIATED) {
700 return SSL_TLSEXT_ERR_NOACK;
701 }
Willy Tarreauab861d32013-04-02 02:30:41 +0200702 return SSL_TLSEXT_ERR_OK;
703}
704#endif
705
Emeric Brunfc0421f2012-09-07 17:30:07 +0200706#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
707/* Sets the SSL ctx of <ssl> to match the advertised server name. Returns a
708 * warning when no match is found, which implies the default (first) cert
709 * will keep being used.
710 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +0200711static int ssl_sock_switchctx_cbk(SSL *ssl, int *al, struct bind_conf *s)
Emeric Brunfc0421f2012-09-07 17:30:07 +0200712{
713 const char *servername;
714 const char *wildp = NULL;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +0200715 struct ebmb_node *node, *n;
Emeric Brunfc0421f2012-09-07 17:30:07 +0200716 int i;
717 (void)al; /* shut gcc stupid warning */
718
719 servername = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
Emmanuel Hocdet65623372013-01-24 17:17:15 +0100720 if (!servername) {
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +0200721 return (s->strict_sni ?
722 SSL_TLSEXT_ERR_ALERT_FATAL :
Emmanuel Hocdet79274e22013-05-31 12:47:44 +0200723 SSL_TLSEXT_ERR_NOACK);
Emmanuel Hocdet65623372013-01-24 17:17:15 +0100724 }
Emeric Brunfc0421f2012-09-07 17:30:07 +0200725
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100726 for (i = 0; i < trash.size; i++) {
Emeric Brunfc0421f2012-09-07 17:30:07 +0200727 if (!servername[i])
728 break;
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100729 trash.str[i] = tolower(servername[i]);
730 if (!wildp && (trash.str[i] == '.'))
731 wildp = &trash.str[i];
Emeric Brunfc0421f2012-09-07 17:30:07 +0200732 }
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100733 trash.str[i] = 0;
Emeric Brunfc0421f2012-09-07 17:30:07 +0200734
735 /* lookup in full qualified names */
Willy Tarreau19d14ef2012-10-29 16:51:55 +0100736 node = ebst_lookup(&s->sni_ctx, trash.str);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +0200737
738 /* lookup a not neg filter */
739 for (n = node; n; n = ebmb_next_dup(n)) {
740 if (!container_of(n, struct sni_ctx, name)->neg) {
741 node = n;
742 break;
Emmanuel Hocdet65623372013-01-24 17:17:15 +0100743 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +0200744 }
745 if (!node && wildp) {
746 /* lookup in wildcards names */
Emeric Brunfc0421f2012-09-07 17:30:07 +0200747 node = ebst_lookup(&s->sni_w_ctx, wildp);
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +0200748 }
749 if (!node || container_of(node, struct sni_ctx, name)->neg) {
750 return (s->strict_sni ?
751 SSL_TLSEXT_ERR_ALERT_FATAL :
752 SSL_TLSEXT_ERR_ALERT_WARNING);
Emeric Brunfc0421f2012-09-07 17:30:07 +0200753 }
754
755 /* switch ctx */
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +0200756 SSL_set_SSL_CTX(ssl, container_of(node, struct sni_ctx, name)->ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +0200757 return SSL_TLSEXT_ERR_OK;
758}
759#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
760
Emeric Bruna4bcd9a2012-09-20 16:19:02 +0200761#ifndef OPENSSL_NO_DH
Remi Gacognef46cd6e2014-06-12 14:58:40 +0200762
763static DH * ssl_get_dh_1024(void)
764{
Lukas Tribus4c0d45a2014-08-18 00:56:32 +0200765#if (OPENSSL_VERSION_NUMBER < 0x0090801fL || defined OPENSSL_IS_BORINGSSL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +0200766 static const unsigned char rfc_2409_prime_1024[] = {
767 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
768 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
769 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
770 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
771 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
772 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
773 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
774 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
775 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
776 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,
777 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
778 };
779#endif
780 DH *dh = DH_new();
781 if (dh) {
Lukas Tribus4c0d45a2014-08-18 00:56:32 +0200782#if (OPENSSL_VERSION_NUMBER >= 0x0090801fL && !defined OPENSSL_IS_BORINGSSL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +0200783 dh->p = get_rfc2409_prime_1024(NULL);
784#else
785 dh->p = BN_bin2bn(rfc_2409_prime_1024, sizeof rfc_2409_prime_1024, NULL);
786#endif
787 /* See RFC 2409, Section 6 "Oakley Groups"
788 for the reason why 2 is used as generator.
789 */
790 BN_dec2bn(&dh->g, "2");
791 if (!dh->p || !dh->g) {
792 DH_free(dh);
793 dh = NULL;
794 }
795 }
796 return dh;
797}
798
799static DH *ssl_get_dh_2048(void)
800{
Lukas Tribus4c0d45a2014-08-18 00:56:32 +0200801#if (OPENSSL_VERSION_NUMBER < 0x0090801fL || defined OPENSSL_IS_BORINGSSL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +0200802 static const unsigned char rfc_3526_prime_2048[] = {
803 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
804 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
805 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
806 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
807 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
808 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
809 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
810 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
811 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
812 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
813 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
814 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
815 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
816 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
817 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
818 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
819 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
820 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
821 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
822 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
823 0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,
824 0xFF,0xFF,0xFF,0xFF,
825 };
826#endif
827 DH *dh = DH_new();
828 if (dh) {
Lukas Tribus4c0d45a2014-08-18 00:56:32 +0200829#if (OPENSSL_VERSION_NUMBER >= 0x0090801fL && !defined OPENSSL_IS_BORINGSSL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +0200830 dh->p = get_rfc3526_prime_2048(NULL);
831#else
832 dh->p = BN_bin2bn(rfc_3526_prime_2048, sizeof rfc_3526_prime_2048, NULL);
833#endif
834 /* See RFC 3526, Section 3 "2048-bit MODP Group"
835 for the reason why 2 is used as generator.
836 */
837 BN_dec2bn(&dh->g, "2");
838 if (!dh->p || !dh->g) {
839 DH_free(dh);
840 dh = NULL;
841 }
842 }
843 return dh;
844}
845
846static DH *ssl_get_dh_4096(void)
847{
Lukas Tribus4c0d45a2014-08-18 00:56:32 +0200848#if (OPENSSL_VERSION_NUMBER < 0x0090801fL || defined OPENSSL_IS_BORINGSSL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +0200849 static const unsigned char rfc_3526_prime_4096[] = {
850 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
851 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
852 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
853 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
854 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
855 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
856 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
857 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
858 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
859 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
860 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
861 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
862 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
863 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
864 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
865 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
866 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
867 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
868 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
869 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
870 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
871 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
872 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
873 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
874 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
875 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
876 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
877 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
878 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
879 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
880 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
881 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
882 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
883 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
884 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
885 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
886 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
887 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
888 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
889 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
890 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
891 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,
892 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
893 };
894#endif
895 DH *dh = DH_new();
896 if (dh) {
Lukas Tribus4c0d45a2014-08-18 00:56:32 +0200897#if (OPENSSL_VERSION_NUMBER >= 0x0090801fL && !defined OPENSSL_IS_BORINGSSL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +0200898 dh->p = get_rfc3526_prime_4096(NULL);
899#else
900 dh->p = BN_bin2bn(rfc_3526_prime_4096, sizeof rfc_3526_prime_4096, NULL);
901#endif
902 /* See RFC 3526, Section 5 "4096-bit MODP Group"
903 for the reason why 2 is used as generator.
904 */
905 BN_dec2bn(&dh->g, "2");
906 if (!dh->p || !dh->g) {
907 DH_free(dh);
908 dh = NULL;
909 }
910 }
911 return dh;
912}
913
914static DH *ssl_get_dh_8192(void)
915{
Lukas Tribus4c0d45a2014-08-18 00:56:32 +0200916#if (OPENSSL_VERSION_NUMBER < 0x0090801fL || defined OPENSSL_IS_BORINGSSL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +0200917 static const unsigned char rfc_3526_prime_8192[] = {
918 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
919 0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
920 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
921 0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
922 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
923 0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
924 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
925 0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
926 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
927 0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
928 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
929 0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
930 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
931 0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
932 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
933 0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
934 0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
935 0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
936 0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
937 0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
938 0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
939 0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
940 0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
941 0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
942 0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
943 0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
944 0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
945 0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
946 0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
947 0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
948 0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
949 0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
950 0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
951 0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
952 0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
953 0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
954 0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
955 0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
956 0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
957 0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
958 0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
959 0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
960 0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
961 0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
962 0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
963 0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
964 0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
965 0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
966 0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
967 0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
968 0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
969 0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
970 0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
971 0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
972 0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
973 0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
974 0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
975 0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
976 0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
977 0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
978 0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
979 0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
980 0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
981 0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
982 0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,
983 0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,
984 0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93,
985 0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
986 0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,
987 0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,
988 0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8,
989 0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
990 0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,
991 0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,
992 0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8,
993 0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
994 0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,
995 0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,
996 0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3,
997 0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
998 0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,
999 0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,
1000 0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2,
1001 0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
1002 0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,
1003 0xFF,0xFF,0xFF,0xFF,
1004 };
1005#endif
1006 DH *dh = DH_new();
1007 if (dh) {
Lukas Tribus4c0d45a2014-08-18 00:56:32 +02001008#if (OPENSSL_VERSION_NUMBER >= 0x0090801fL && !defined OPENSSL_IS_BORINGSSL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001009 dh->p = get_rfc3526_prime_8192(NULL);
1010#else
1011 dh->p = BN_bin2bn(rfc_3526_prime_8192, sizeof rfc_3526_prime_8192, NULL);
1012#endif
1013 /* See RFC 3526, Section 7 "8192-bit MODP Group"
1014 for the reason why 2 is used as generator.
1015 */
1016 BN_dec2bn(&dh->g, "2");
1017 if (!dh->p || !dh->g) {
1018 DH_free(dh);
1019 dh = NULL;
1020 }
1021 }
1022 return dh;
1023}
1024
1025/* Returns Diffie-Hellman parameters matching the private key length
1026 but not exceeding global.tune.ssl_default_dh_param */
1027static DH *ssl_get_tmp_dh(SSL *ssl, int export, int keylen)
1028{
1029 DH *dh = NULL;
1030 EVP_PKEY *pkey = SSL_get_privatekey(ssl);
1031 int type = pkey ? EVP_PKEY_type(pkey->type) : EVP_PKEY_NONE;
1032
1033 /* The keylen supplied by OpenSSL can only be 512 or 1024.
1034 See ssl3_send_server_key_exchange() in ssl/s3_srvr.c
1035 */
1036 if (type == EVP_PKEY_RSA || type == EVP_PKEY_DSA) {
1037 keylen = EVP_PKEY_bits(pkey);
1038 }
1039
1040 if (keylen > global.tune.ssl_default_dh_param) {
1041 keylen = global.tune.ssl_default_dh_param;
1042 }
1043
1044 if (keylen >= 8192) {
Remi Gacogne8de54152014-07-15 11:36:40 +02001045 dh = local_dh_8192;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001046 }
1047 else if (keylen >= 4096) {
Remi Gacogne8de54152014-07-15 11:36:40 +02001048 dh = local_dh_4096;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001049 }
1050 else if (keylen >= 2048) {
Remi Gacogne8de54152014-07-15 11:36:40 +02001051 dh = local_dh_2048;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001052 }
1053 else {
Remi Gacogne8de54152014-07-15 11:36:40 +02001054 dh = local_dh_1024;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001055 }
1056
1057 return dh;
1058}
1059
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02001060/* Loads Diffie-Hellman parameter from a file. Returns 1 if loaded, else -1
1061 if an error occured, and 0 if parameter not found. */
Willy Tarreau6e774b42014-04-25 21:35:23 +02001062int ssl_sock_load_dh_params(SSL_CTX *ctx, const char *file)
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02001063{
1064 int ret = -1;
1065 BIO *in;
1066 DH *dh = NULL;
1067
1068 in = BIO_new(BIO_s_file());
1069 if (in == NULL)
1070 goto end;
1071
1072 if (BIO_read_filename(in, file) <= 0)
1073 goto end;
1074
1075 dh = PEM_read_bio_DHparams(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001076 if (dh) {
1077 ret = 1;
1078 SSL_CTX_set_tmp_dh(ctx, dh);
1079 /* Setting ssl default dh param to the size of the static DH params
1080 found in the file. This way we know that there is no use
1081 complaining later about ssl-default-dh-param not being set. */
1082 global.tune.ssl_default_dh_param = DH_size(dh) * 8;
1083 }
1084 else {
Emeric Brun41fdb3c2013-04-26 11:05:44 +02001085 /* Clear openssl global errors stack */
1086 ERR_clear_error();
1087
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001088 if (global.tune.ssl_default_dh_param <= 1024) {
1089 /* we are limited to DH parameter of 1024 bits anyway */
Remi Gacogne8de54152014-07-15 11:36:40 +02001090 local_dh_1024 = ssl_get_dh_1024();
1091 if (local_dh_1024 == NULL)
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001092 goto end;
Willy Tarreau6e774b42014-04-25 21:35:23 +02001093
Remi Gacogne8de54152014-07-15 11:36:40 +02001094 SSL_CTX_set_tmp_dh(ctx, local_dh_1024);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001095 }
1096 else {
1097 SSL_CTX_set_tmp_dh_callback(ctx, ssl_get_tmp_dh);
1098 }
Willy Tarreau6e774b42014-04-25 21:35:23 +02001099
Emeric Brun41fdb3c2013-04-26 11:05:44 +02001100 ret = 0; /* DH params not found */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02001101 }
Emeric Brun644cde02012-12-14 11:21:13 +01001102
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02001103end:
1104 if (dh)
1105 DH_free(dh);
1106
1107 if (in)
Emeric Brun41fdb3c2013-04-26 11:05:44 +02001108 BIO_free(in);
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02001109
1110 return ret;
1111}
1112#endif
1113
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02001114static int ssl_sock_add_cert_sni(SSL_CTX *ctx, struct bind_conf *s, char *name, int order)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001115{
1116 struct sni_ctx *sc;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02001117 int wild = 0, neg = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001118
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02001119 if (*name == '!') {
1120 neg = 1;
1121 name++;
1122 }
1123 if (*name == '*') {
1124 wild = 1;
1125 name++;
1126 }
1127 /* !* filter is a nop */
1128 if (neg && wild)
1129 return order;
1130 if (*name) {
1131 int j, len;
1132 len = strlen(name);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001133 sc = malloc(sizeof(struct sni_ctx) + len + 1);
1134 for (j = 0; j < len; j++)
1135 sc->name.key[j] = tolower(name[j]);
1136 sc->name.key[len] = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001137 sc->ctx = ctx;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02001138 sc->order = order++;
1139 sc->neg = neg;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001140 if (wild)
1141 ebst_insert(&s->sni_w_ctx, &sc->name);
1142 else
1143 ebst_insert(&s->sni_ctx, &sc->name);
1144 }
1145 return order;
1146}
1147
Emeric Brunfc0421f2012-09-07 17:30:07 +02001148/* Loads a certificate key and CA chain from a file. Returns 0 on error, -1 if
1149 * an early error happens and the caller must call SSL_CTX_free() by itelf.
1150 */
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02001151static int ssl_sock_load_cert_chain_file(SSL_CTX *ctx, const char *file, struct bind_conf *s, char **sni_filter, int fcount)
Emeric Brunfc0421f2012-09-07 17:30:07 +02001152{
1153 BIO *in;
1154 X509 *x = NULL, *ca;
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02001155 int i, err;
Emeric Brunfc0421f2012-09-07 17:30:07 +02001156 int ret = -1;
1157 int order = 0;
1158 X509_NAME *xname;
1159 char *str;
Emeric Brunfc0421f2012-09-07 17:30:07 +02001160#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
1161 STACK_OF(GENERAL_NAME) *names;
1162#endif
1163
1164 in = BIO_new(BIO_s_file());
1165 if (in == NULL)
1166 goto end;
1167
1168 if (BIO_read_filename(in, file) <= 0)
1169 goto end;
1170
1171 x = PEM_read_bio_X509_AUX(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata);
1172 if (x == NULL)
1173 goto end;
1174
Emeric Brun50bcecc2013-04-22 13:05:23 +02001175 if (fcount) {
1176 while (fcount--)
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02001177 order = ssl_sock_add_cert_sni(ctx, s, sni_filter[fcount], order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001178 }
1179 else {
Emeric Brunfc0421f2012-09-07 17:30:07 +02001180#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001181 names = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
1182 if (names) {
1183 for (i = 0; i < sk_GENERAL_NAME_num(names); i++) {
1184 GENERAL_NAME *name = sk_GENERAL_NAME_value(names, i);
1185 if (name->type == GEN_DNS) {
1186 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02001187 order = ssl_sock_add_cert_sni(ctx, s, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001188 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001189 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001190 }
1191 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001192 sk_GENERAL_NAME_pop_free(names, GENERAL_NAME_free);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001193 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001194#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001195 xname = X509_get_subject_name(x);
1196 i = -1;
1197 while ((i = X509_NAME_get_index_by_NID(xname, NID_commonName, i)) != -1) {
1198 X509_NAME_ENTRY *entry = X509_NAME_get_entry(xname, i);
1199 if (ASN1_STRING_to_UTF8((unsigned char **)&str, entry->value) >= 0) {
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02001200 order = ssl_sock_add_cert_sni(ctx, s, str, order);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001201 OPENSSL_free(str);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001202 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001203 }
1204 }
1205
1206 ret = 0; /* the caller must not free the SSL_CTX argument anymore */
1207 if (!SSL_CTX_use_certificate(ctx, x))
1208 goto end;
1209
1210 if (ctx->extra_certs != NULL) {
1211 sk_X509_pop_free(ctx->extra_certs, X509_free);
1212 ctx->extra_certs = NULL;
1213 }
1214
1215 while ((ca = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback, ctx->default_passwd_callback_userdata))) {
1216 if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) {
1217 X509_free(ca);
1218 goto end;
1219 }
1220 }
1221
1222 err = ERR_get_error();
1223 if (!err || (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) {
1224 /* we successfully reached the last cert in the file */
1225 ret = 1;
1226 }
1227 ERR_clear_error();
1228
1229end:
1230 if (x)
1231 X509_free(x);
1232
1233 if (in)
1234 BIO_free(in);
1235
1236 return ret;
1237}
1238
Emeric Brun50bcecc2013-04-22 13:05:23 +02001239static int ssl_sock_load_cert_file(const char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **sni_filter, int fcount, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02001240{
1241 int ret;
1242 SSL_CTX *ctx;
1243
1244 ctx = SSL_CTX_new(SSLv23_server_method());
1245 if (!ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02001246 memprintf(err, "%sunable to allocate SSL context for cert '%s'.\n",
1247 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001248 return 1;
1249 }
1250
1251 if (SSL_CTX_use_PrivateKey_file(ctx, path, SSL_FILETYPE_PEM) <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02001252 memprintf(err, "%sunable to load SSL private key from PEM file '%s'.\n",
1253 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001254 SSL_CTX_free(ctx);
1255 return 1;
1256 }
1257
Emeric Brun50bcecc2013-04-22 13:05:23 +02001258 ret = ssl_sock_load_cert_chain_file(ctx, path, bind_conf, sni_filter, fcount);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001259 if (ret <= 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02001260 memprintf(err, "%sunable to load SSL certificate from PEM file '%s'.\n",
1261 err && *err ? *err : "", path);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001262 if (ret < 0) /* serious error, must do that ourselves */
1263 SSL_CTX_free(ctx);
1264 return 1;
1265 }
Emeric Brun61694ab2012-10-26 13:35:33 +02001266
1267 if (SSL_CTX_check_private_key(ctx) <= 0) {
1268 memprintf(err, "%sinconsistencies between private key and certificate loaded from PEM file '%s'.\n",
1269 err && *err ? *err : "", path);
1270 return 1;
1271 }
1272
Emeric Brunfc0421f2012-09-07 17:30:07 +02001273 /* we must not free the SSL_CTX anymore below, since it's already in
1274 * the tree, so it will be discovered and cleaned in time.
1275 */
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02001276#ifndef OPENSSL_NO_DH
1277 ret = ssl_sock_load_dh_params(ctx, path);
1278 if (ret < 0) {
1279 if (err)
1280 memprintf(err, "%sunable to load DH parameters from file '%s'.\n",
1281 *err ? *err : "", path);
1282 return 1;
1283 }
1284#endif
1285
Lukas Tribuse4e30f72014-12-09 16:32:51 +01001286#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
Emeric Brun4147b2e2014-06-16 18:36:30 +02001287 ret = ssl_sock_load_ocsp(ctx, path);
1288 if (ret < 0) {
1289 if (err)
1290 memprintf(err, "%s '%s.ocsp' is present and activates OCSP but it is impossible to compute the OCSP certificate ID (maybe the issuer could not be found)'.\n",
1291 *err ? *err : "", path);
1292 return 1;
1293 }
1294#endif
1295
Emeric Brunfc0421f2012-09-07 17:30:07 +02001296#ifndef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001297 if (bind_conf->default_ctx) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02001298 memprintf(err, "%sthis version of openssl cannot load multiple SSL certificates.\n",
1299 err && *err ? *err : "");
Emeric Brunfc0421f2012-09-07 17:30:07 +02001300 return 1;
1301 }
1302#endif
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001303 if (!bind_conf->default_ctx)
1304 bind_conf->default_ctx = ctx;
Emeric Brunfc0421f2012-09-07 17:30:07 +02001305
1306 return 0;
1307}
1308
Willy Tarreau79eeafa2012-09-14 07:53:05 +02001309int ssl_sock_load_cert(char *path, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
Emeric Brunfc0421f2012-09-07 17:30:07 +02001310{
1311 struct dirent *de;
1312 DIR *dir;
1313 struct stat buf;
Willy Tarreauee2663b2012-12-06 11:36:59 +01001314 char *end;
1315 char fp[MAXPATHLEN+1];
Emeric Brunfc0421f2012-09-07 17:30:07 +02001316 int cfgerr = 0;
1317
1318 if (!(dir = opendir(path)))
Emeric Brun50bcecc2013-04-22 13:05:23 +02001319 return ssl_sock_load_cert_file(path, bind_conf, curproxy, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001320
1321 /* strip trailing slashes, including first one */
1322 for (end = path + strlen(path) - 1; end >= path && *end == '/'; end--)
1323 *end = 0;
1324
Emeric Brunfc0421f2012-09-07 17:30:07 +02001325 while ((de = readdir(dir))) {
Emeric Brun2aab7222014-06-18 18:15:09 +02001326 end = strrchr(de->d_name, '.');
1327 if (end && (!strcmp(end, ".issuer") || !strcmp(end, ".ocsp")))
1328 continue;
1329
Willy Tarreauee2663b2012-12-06 11:36:59 +01001330 snprintf(fp, sizeof(fp), "%s/%s", path, de->d_name);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001331 if (stat(fp, &buf) != 0) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02001332 memprintf(err, "%sunable to stat SSL certificate from file '%s' : %s.\n",
1333 err && *err ? *err : "", fp, strerror(errno));
Emeric Brunfc0421f2012-09-07 17:30:07 +02001334 cfgerr++;
1335 continue;
1336 }
1337 if (!S_ISREG(buf.st_mode))
1338 continue;
Emeric Brun50bcecc2013-04-22 13:05:23 +02001339 cfgerr += ssl_sock_load_cert_file(fp, bind_conf, curproxy, NULL, 0, err);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001340 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001341 closedir(dir);
1342 return cfgerr;
1343}
1344
Thierry Fournier383085f2013-01-24 14:15:43 +01001345/* Make sure openssl opens /dev/urandom before the chroot. The work is only
1346 * done once. Zero is returned if the operation fails. No error is returned
1347 * if the random is said as not implemented, because we expect that openssl
1348 * will use another method once needed.
1349 */
1350static int ssl_initialize_random()
1351{
1352 unsigned char random;
1353 static int random_initialized = 0;
1354
1355 if (!random_initialized && RAND_bytes(&random, 1) != 0)
1356 random_initialized = 1;
1357
1358 return random_initialized;
1359}
1360
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001361int ssl_sock_load_cert_list_file(char *file, struct bind_conf *bind_conf, struct proxy *curproxy, char **err)
1362{
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02001363 char thisline[LINESIZE];
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001364 FILE *f;
1365 int linenum = 0;
1366 int cfgerr = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001367
Willy Tarreauad1731d2013-04-02 17:35:58 +02001368 if ((f = fopen(file, "r")) == NULL) {
1369 memprintf(err, "cannot open file '%s' : %s", file, strerror(errno));
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001370 return 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02001371 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001372
1373 while (fgets(thisline, sizeof(thisline), f) != NULL) {
1374 int arg;
Emeric Brun50bcecc2013-04-22 13:05:23 +02001375 int newarg;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001376 char *end;
1377 char *args[MAX_LINE_ARGS + 1];
1378 char *line = thisline;
1379
1380 linenum++;
1381 end = line + strlen(line);
1382 if (end-line == sizeof(thisline)-1 && *(end-1) != '\n') {
1383 /* Check if we reached the limit and the last char is not \n.
1384 * Watch out for the last line without the terminating '\n'!
1385 */
Willy Tarreauad1731d2013-04-02 17:35:58 +02001386 memprintf(err, "line %d too long in file '%s', limit is %d characters",
1387 linenum, file, (int)sizeof(thisline)-1);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001388 cfgerr = 1;
Willy Tarreauad1731d2013-04-02 17:35:58 +02001389 break;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001390 }
1391
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001392 arg = 0;
Emeric Brun50bcecc2013-04-22 13:05:23 +02001393 newarg = 1;
1394 while (*line) {
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001395 if (*line == '#' || *line == '\n' || *line == '\r') {
1396 /* end of string, end of loop */
1397 *line = 0;
1398 break;
1399 }
1400 else if (isspace(*line)) {
Emeric Brun50bcecc2013-04-22 13:05:23 +02001401 newarg = 1;
1402 *line = 0;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001403 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02001404 else if (newarg) {
1405 if (arg == MAX_LINE_ARGS) {
1406 memprintf(err, "too many args on line %d in file '%s'.",
1407 linenum, file);
1408 cfgerr = 1;
1409 break;
1410 }
1411 newarg = 0;
1412 args[arg++] = line;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001413 }
Emeric Brun50bcecc2013-04-22 13:05:23 +02001414 line++;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001415 }
Emmanuel Hocdet7c41a1b2013-05-07 20:20:06 +02001416 if (cfgerr)
1417 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02001418
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001419 /* empty line */
Emeric Brun50bcecc2013-04-22 13:05:23 +02001420 if (!arg)
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001421 continue;
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001422
Emeric Brun50bcecc2013-04-22 13:05:23 +02001423 cfgerr = ssl_sock_load_cert_file(args[0], bind_conf, curproxy, &args[1], arg-1, err);
Willy Tarreauad1731d2013-04-02 17:35:58 +02001424 if (cfgerr) {
1425 memprintf(err, "error processing line %d in file '%s' : %s", linenum, file, *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001426 break;
Willy Tarreauad1731d2013-04-02 17:35:58 +02001427 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001428 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01001429 fclose(f);
1430 return cfgerr;
1431}
1432
Emeric Brunfc0421f2012-09-07 17:30:07 +02001433#ifndef SSL_OP_CIPHER_SERVER_PREFERENCE /* needs OpenSSL >= 0.9.7 */
1434#define SSL_OP_CIPHER_SERVER_PREFERENCE 0
1435#endif
1436
1437#ifndef SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION /* needs OpenSSL >= 0.9.7 */
1438#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0
Willy Tarreau7d588ee2012-11-26 18:47:31 +01001439#define SSL_renegotiate_pending(arg) 0
Emeric Brunfc0421f2012-09-07 17:30:07 +02001440#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02001441#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 0.9.8 */
1442#define SSL_OP_SINGLE_ECDH_USE 0
1443#endif
Emeric Brun2d0c4822012-10-02 13:45:20 +02001444#ifndef SSL_OP_NO_TICKET /* needs OpenSSL >= 0.9.8 */
1445#define SSL_OP_NO_TICKET 0
1446#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02001447#ifndef SSL_OP_NO_COMPRESSION /* needs OpenSSL >= 0.9.9 */
1448#define SSL_OP_NO_COMPRESSION 0
1449#endif
Emeric Brunc0ff4922012-09-28 19:37:02 +02001450#ifndef SSL_OP_NO_TLSv1_1 /* needs OpenSSL >= 1.0.1 */
1451#define SSL_OP_NO_TLSv1_1 0
1452#endif
1453#ifndef SSL_OP_NO_TLSv1_2 /* needs OpenSSL >= 1.0.1 */
1454#define SSL_OP_NO_TLSv1_2 0
1455#endif
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02001456#ifndef SSL_OP_SINGLE_DH_USE /* needs OpenSSL >= 0.9.6 */
1457#define SSL_OP_SINGLE_DH_USE 0
1458#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02001459#ifndef SSL_OP_SINGLE_ECDH_USE /* needs OpenSSL >= 1.0.0 */
1460#define SSL_OP_SINGLE_ECDH_USE 0
1461#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02001462#ifndef SSL_MODE_RELEASE_BUFFERS /* needs OpenSSL >= 1.0.0 */
1463#define SSL_MODE_RELEASE_BUFFERS 0
1464#endif
Willy Tarreau396a1862014-11-13 14:06:52 +01001465#ifndef SSL_MODE_SMALL_BUFFERS /* needs small_records.patch */
1466#define SSL_MODE_SMALL_BUFFERS 0
1467#endif
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001468
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001469int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy *curproxy)
Emeric Brunfc0421f2012-09-07 17:30:07 +02001470{
1471 int cfgerr = 0;
Emeric Brun850efd52014-01-29 12:24:34 +01001472 int verify = SSL_VERIFY_NONE;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02001473 long ssloptions =
Emeric Brunfc0421f2012-09-07 17:30:07 +02001474 SSL_OP_ALL | /* all known workarounds for bugs */
1475 SSL_OP_NO_SSLv2 |
1476 SSL_OP_NO_COMPRESSION |
Emeric Bruna4bcd9a2012-09-20 16:19:02 +02001477 SSL_OP_SINGLE_DH_USE |
Emeric Brun2b58d042012-09-20 17:10:03 +02001478 SSL_OP_SINGLE_ECDH_USE |
Emeric Brun3c4bc6e2012-10-04 18:44:19 +02001479 SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION |
1480 SSL_OP_CIPHER_SERVER_PREFERENCE;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02001481 long sslmode =
Emeric Brunfc0421f2012-09-07 17:30:07 +02001482 SSL_MODE_ENABLE_PARTIAL_WRITE |
1483 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01001484 SSL_MODE_RELEASE_BUFFERS |
1485 SSL_MODE_SMALL_BUFFERS;
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001486 STACK_OF(SSL_CIPHER) * ciphers = NULL;
Willy Tarreaua616ba62014-10-26 06:49:19 +01001487 SSL_CIPHER * cipher = NULL;
Remi Gacognec1eab8c2014-06-12 18:20:11 +02001488 char cipher_description[128];
1489 /* The description of ciphers using an Ephemeral Diffie Hellman key exchange
1490 contains " Kx=DH " or " Kx=DH(". Beware of " Kx=DH/",
1491 which is not ephemeral DH. */
1492 const char dhe_description[] = " Kx=DH ";
1493 const char dhe_export_description[] = " Kx=DH(";
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001494 int idx = 0;
1495 int dhe_found = 0;
Remi Gacogne23d5d372014-10-10 17:04:26 +02001496 SSL *ssl = NULL;
Emeric Brunfc0421f2012-09-07 17:30:07 +02001497
Thierry Fournier383085f2013-01-24 14:15:43 +01001498 /* Make sure openssl opens /dev/urandom before the chroot */
1499 if (!ssl_initialize_random()) {
1500 Alert("OpenSSL random data generator initialization failed.\n");
1501 cfgerr++;
1502 }
1503
Emeric Brun89675492012-10-05 13:48:26 +02001504 if (bind_conf->ssl_options & BC_SSL_O_NO_SSLV3)
Emeric Brunfc0421f2012-09-07 17:30:07 +02001505 ssloptions |= SSL_OP_NO_SSLv3;
Emeric Brun89675492012-10-05 13:48:26 +02001506 if (bind_conf->ssl_options & BC_SSL_O_NO_TLSV10)
Emeric Brunfc0421f2012-09-07 17:30:07 +02001507 ssloptions |= SSL_OP_NO_TLSv1;
Emeric Brun89675492012-10-05 13:48:26 +02001508 if (bind_conf->ssl_options & BC_SSL_O_NO_TLSV11)
Emeric Brunc0ff4922012-09-28 19:37:02 +02001509 ssloptions |= SSL_OP_NO_TLSv1_1;
Emeric Brun89675492012-10-05 13:48:26 +02001510 if (bind_conf->ssl_options & BC_SSL_O_NO_TLSV12)
Emeric Brunc0ff4922012-09-28 19:37:02 +02001511 ssloptions |= SSL_OP_NO_TLSv1_2;
Emeric Brun89675492012-10-05 13:48:26 +02001512 if (bind_conf->ssl_options & BC_SSL_O_NO_TLS_TICKETS)
Emeric Brun2d0c4822012-10-02 13:45:20 +02001513 ssloptions |= SSL_OP_NO_TICKET;
Emeric Brun2cb7ae52012-10-05 14:14:21 +02001514 if (bind_conf->ssl_options & BC_SSL_O_USE_SSLV3)
1515 SSL_CTX_set_ssl_version(ctx, SSLv3_server_method());
1516 if (bind_conf->ssl_options & BC_SSL_O_USE_TLSV10)
1517 SSL_CTX_set_ssl_version(ctx, TLSv1_server_method());
1518#if SSL_OP_NO_TLSv1_1
1519 if (bind_conf->ssl_options & BC_SSL_O_USE_TLSV11)
1520 SSL_CTX_set_ssl_version(ctx, TLSv1_1_server_method());
1521#endif
1522#if SSL_OP_NO_TLSv1_2
1523 if (bind_conf->ssl_options & BC_SSL_O_USE_TLSV12)
1524 SSL_CTX_set_ssl_version(ctx, TLSv1_2_server_method());
1525#endif
Emeric Brunfc0421f2012-09-07 17:30:07 +02001526
1527 SSL_CTX_set_options(ctx, ssloptions);
1528 SSL_CTX_set_mode(ctx, sslmode);
Emeric Brun850efd52014-01-29 12:24:34 +01001529 switch (bind_conf->verify) {
1530 case SSL_SOCK_VERIFY_NONE:
1531 verify = SSL_VERIFY_NONE;
1532 break;
1533 case SSL_SOCK_VERIFY_OPTIONAL:
1534 verify = SSL_VERIFY_PEER;
1535 break;
1536 case SSL_SOCK_VERIFY_REQUIRED:
1537 verify = SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
1538 break;
1539 }
1540 SSL_CTX_set_verify(ctx, verify, ssl_sock_bind_verifycbk);
1541 if (verify & SSL_VERIFY_PEER) {
Emeric Brunfb510ea2012-10-05 12:00:26 +02001542 if (bind_conf->ca_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02001543 /* load CAfile to verify */
Emeric Brunfb510ea2012-10-05 12:00:26 +02001544 if (!SSL_CTX_load_verify_locations(ctx, bind_conf->ca_file, NULL)) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02001545 Alert("Proxy '%s': unable to load CA file '%s' for bind '%s' at [%s:%d].\n",
Emeric Brunfb510ea2012-10-05 12:00:26 +02001546 curproxy->id, bind_conf->ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02001547 cfgerr++;
1548 }
1549 /* set CA names fo client cert request, function returns void */
Emeric Brunfb510ea2012-10-05 12:00:26 +02001550 SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(bind_conf->ca_file));
Emeric Brund94b3fe2012-09-20 18:23:56 +02001551 }
Emeric Brun850efd52014-01-29 12:24:34 +01001552 else {
1553 Alert("Proxy '%s': verify is enabled but no CA file specified for bind '%s' at [%s:%d].\n",
1554 curproxy->id, bind_conf->arg, bind_conf->file, bind_conf->line);
1555 cfgerr++;
1556 }
Emeric Brun051cdab2012-10-02 19:25:50 +02001557#ifdef X509_V_FLAG_CRL_CHECK
Emeric Brunfb510ea2012-10-05 12:00:26 +02001558 if (bind_conf->crl_file) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02001559 X509_STORE *store = SSL_CTX_get_cert_store(ctx);
1560
Emeric Brunfb510ea2012-10-05 12:00:26 +02001561 if (!store || !X509_STORE_load_locations(store, bind_conf->crl_file, NULL)) {
Emeric Brund94b3fe2012-09-20 18:23:56 +02001562 Alert("Proxy '%s': unable to configure CRL file '%s' for bind '%s' at [%s:%d].\n",
Emeric Brunfb510ea2012-10-05 12:00:26 +02001563 curproxy->id, bind_conf->ca_file, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brund94b3fe2012-09-20 18:23:56 +02001564 cfgerr++;
1565 }
Emeric Brun561e5742012-10-02 15:20:55 +02001566 else {
1567 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
1568 }
Emeric Brund94b3fe2012-09-20 18:23:56 +02001569 }
Emeric Brun051cdab2012-10-02 19:25:50 +02001570#endif
Emeric Brun644cde02012-12-14 11:21:13 +01001571 ERR_clear_error();
Emeric Brund94b3fe2012-09-20 18:23:56 +02001572 }
Emeric Brunfc0421f2012-09-07 17:30:07 +02001573
Emeric Brun4f65bff2012-11-16 15:11:00 +01001574 if (global.tune.ssllifetime)
1575 SSL_CTX_set_timeout(ctx, global.tune.ssllifetime);
1576
Emeric Brunfc0421f2012-09-07 17:30:07 +02001577 shared_context_set_cache(ctx);
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001578 if (bind_conf->ciphers &&
1579 !SSL_CTX_set_cipher_list(ctx, bind_conf->ciphers)) {
Emeric Brunfc0421f2012-09-07 17:30:07 +02001580 Alert("Proxy '%s': unable to set SSL cipher list to '%s' for bind '%s' at [%s:%d].\n",
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001581 curproxy->id, bind_conf->ciphers, bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001582 cfgerr++;
1583 }
1584
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001585 /* If tune.ssl.default-dh-param has not been set and
1586 no static DH params were in the certificate file. */
1587 if (global.tune.ssl_default_dh_param == 0) {
Lukas Tribus90132722014-08-18 00:56:33 +02001588
Remi Gacogne23d5d372014-10-10 17:04:26 +02001589 ssl = SSL_new(ctx);
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001590
Remi Gacogne23d5d372014-10-10 17:04:26 +02001591 if (ssl) {
1592 ciphers = SSL_get_ciphers(ssl);
1593
1594 if (ciphers) {
1595 for (idx = 0; idx < sk_SSL_CIPHER_num(ciphers); idx++) {
1596 cipher = sk_SSL_CIPHER_value(ciphers, idx);
1597 if (SSL_CIPHER_description(cipher, cipher_description, sizeof (cipher_description)) == cipher_description) {
1598 if (strstr(cipher_description, dhe_description) != NULL ||
1599 strstr(cipher_description, dhe_export_description) != NULL) {
1600 dhe_found = 1;
1601 break;
1602 }
Remi Gacognec1eab8c2014-06-12 18:20:11 +02001603 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001604 }
1605 }
Remi Gacogne23d5d372014-10-10 17:04:26 +02001606 SSL_free(ssl);
1607 ssl = NULL;
Lukas Tribus90132722014-08-18 00:56:33 +02001608 }
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001609
Lukas Tribus90132722014-08-18 00:56:33 +02001610 if (dhe_found) {
1611 Warning("Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.\n");
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001612 }
1613
1614 global.tune.ssl_default_dh_param = 1024;
1615 }
Remi Gacogne8de54152014-07-15 11:36:40 +02001616
1617#ifndef OPENSSL_NO_DH
1618 if (global.tune.ssl_default_dh_param >= 1024) {
1619 if (local_dh_1024 == NULL) {
1620 local_dh_1024 = ssl_get_dh_1024();
1621 }
1622 if (global.tune.ssl_default_dh_param >= 2048) {
1623 if (local_dh_2048 == NULL) {
1624 local_dh_2048 = ssl_get_dh_2048();
1625 }
1626 if (global.tune.ssl_default_dh_param >= 4096) {
1627 if (local_dh_4096 == NULL) {
1628 local_dh_4096 = ssl_get_dh_4096();
1629 }
1630 if (global.tune.ssl_default_dh_param >= 8192 &&
1631 local_dh_8192 == NULL) {
1632 local_dh_8192 = ssl_get_dh_8192();
1633 }
1634 }
1635 }
1636 }
1637#endif /* OPENSSL_NO_DH */
Remi Gacognef46cd6e2014-06-12 14:58:40 +02001638
Emeric Brunfc0421f2012-09-07 17:30:07 +02001639 SSL_CTX_set_info_callback(ctx, ssl_sock_infocbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02001640#if OPENSSL_VERSION_NUMBER >= 0x00907000L
Emeric Brun29f037d2014-04-25 19:05:36 +02001641 SSL_CTX_set_msg_callback(ctx, ssl_sock_msgcbk);
Willy Tarreau5cbe4ef2014-05-08 22:45:11 +02001642#endif
Emeric Brun29f037d2014-04-25 19:05:36 +02001643
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001644#ifdef OPENSSL_NPN_NEGOTIATED
1645 if (bind_conf->npn_str)
1646 SSL_CTX_set_next_protos_advertised_cb(ctx, ssl_sock_advertise_npn_protos, bind_conf);
1647#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001648#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02001649 if (bind_conf->alpn_str)
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01001650 SSL_CTX_set_alpn_select_cb(ctx, ssl_sock_advertise_alpn_protos, bind_conf);
Willy Tarreauab861d32013-04-02 02:30:41 +02001651#endif
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02001652
Emeric Brunfc0421f2012-09-07 17:30:07 +02001653#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
1654 SSL_CTX_set_tlsext_servername_callback(ctx, ssl_sock_switchctx_cbk);
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001655 SSL_CTX_set_tlsext_servername_arg(ctx, bind_conf);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001656#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02001657#if defined(SSL_CTX_set_tmp_ecdh) && !defined(OPENSSL_NO_ECDH)
Emeric Brun6924ef82013-03-06 14:08:53 +01001658 {
Emeric Brun2b58d042012-09-20 17:10:03 +02001659 int i;
1660 EC_KEY *ecdh;
1661
Emeric Brun6924ef82013-03-06 14:08:53 +01001662 i = OBJ_sn2nid(bind_conf->ecdhe ? bind_conf->ecdhe : ECDHE_DEFAULT_CURVE);
Emeric Brun2b58d042012-09-20 17:10:03 +02001663 if (!i || ((ecdh = EC_KEY_new_by_curve_name(i)) == NULL)) {
1664 Alert("Proxy '%s': unable to set elliptic named curve to '%s' for bind '%s' at [%s:%d].\n",
Emeric Brun6924ef82013-03-06 14:08:53 +01001665 curproxy->id, bind_conf->ecdhe ? bind_conf->ecdhe : ECDHE_DEFAULT_CURVE,
1666 bind_conf->arg, bind_conf->file, bind_conf->line);
Emeric Brun2b58d042012-09-20 17:10:03 +02001667 cfgerr++;
1668 }
1669 else {
1670 SSL_CTX_set_tmp_ecdh(ctx, ecdh);
1671 EC_KEY_free(ecdh);
1672 }
1673 }
1674#endif
1675
Emeric Brunfc0421f2012-09-07 17:30:07 +02001676 return cfgerr;
1677}
1678
Evan Broderbe554312013-06-27 00:05:25 -07001679static int ssl_sock_srv_hostcheck(const char *pattern, const char *hostname)
1680{
1681 const char *pattern_wildcard, *pattern_left_label_end, *hostname_left_label_end;
1682 size_t prefixlen, suffixlen;
1683
1684 /* Trivial case */
1685 if (strcmp(pattern, hostname) == 0)
1686 return 1;
1687
Evan Broderbe554312013-06-27 00:05:25 -07001688 /* The rest of this logic is based on RFC 6125, section 6.4.3
1689 * (http://tools.ietf.org/html/rfc6125#section-6.4.3) */
1690
Emeric Bruna848dae2013-10-08 11:27:28 +02001691 pattern_wildcard = NULL;
1692 pattern_left_label_end = pattern;
1693 while (*pattern_left_label_end != '.') {
1694 switch (*pattern_left_label_end) {
1695 case 0:
1696 /* End of label not found */
1697 return 0;
1698 case '*':
1699 /* If there is more than one wildcards */
1700 if (pattern_wildcard)
1701 return 0;
1702 pattern_wildcard = pattern_left_label_end;
1703 break;
1704 }
1705 pattern_left_label_end++;
1706 }
1707
1708 /* If it's not trivial and there is no wildcard, it can't
1709 * match */
1710 if (!pattern_wildcard)
Evan Broderbe554312013-06-27 00:05:25 -07001711 return 0;
1712
1713 /* Make sure all labels match except the leftmost */
1714 hostname_left_label_end = strchr(hostname, '.');
1715 if (!hostname_left_label_end
1716 || strcmp(pattern_left_label_end, hostname_left_label_end) != 0)
1717 return 0;
1718
1719 /* Make sure the leftmost label of the hostname is long enough
1720 * that the wildcard can match */
Emeric Brun369da852013-10-08 11:39:35 +02001721 if (hostname_left_label_end - hostname < (pattern_left_label_end - pattern) - 1)
Evan Broderbe554312013-06-27 00:05:25 -07001722 return 0;
1723
1724 /* Finally compare the string on either side of the
1725 * wildcard */
1726 prefixlen = pattern_wildcard - pattern;
1727 suffixlen = pattern_left_label_end - (pattern_wildcard + 1);
Emeric Bruna848dae2013-10-08 11:27:28 +02001728 if ((prefixlen && (memcmp(pattern, hostname, prefixlen) != 0))
1729 || (suffixlen && (memcmp(pattern_wildcard + 1, hostname_left_label_end - suffixlen, suffixlen) != 0)))
Evan Broderbe554312013-06-27 00:05:25 -07001730 return 0;
1731
1732 return 1;
1733}
1734
1735static int ssl_sock_srv_verifycbk(int ok, X509_STORE_CTX *ctx)
1736{
1737 SSL *ssl;
1738 struct connection *conn;
1739 char *servername;
1740
1741 int depth;
1742 X509 *cert;
1743 STACK_OF(GENERAL_NAME) *alt_names;
1744 int i;
1745 X509_NAME *cert_subject;
1746 char *str;
1747
1748 if (ok == 0)
1749 return ok;
1750
1751 ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
1752 conn = (struct connection *)SSL_get_app_data(ssl);
1753
1754 servername = objt_server(conn->target)->ssl_ctx.verify_host;
1755
1756 /* We only need to verify the CN on the actual server cert,
1757 * not the indirect CAs */
1758 depth = X509_STORE_CTX_get_error_depth(ctx);
1759 if (depth != 0)
1760 return ok;
1761
1762 /* At this point, the cert is *not* OK unless we can find a
1763 * hostname match */
1764 ok = 0;
1765
1766 cert = X509_STORE_CTX_get_current_cert(ctx);
1767 /* It seems like this might happen if verify peer isn't set */
1768 if (!cert)
1769 return ok;
1770
1771 alt_names = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL);
1772 if (alt_names) {
1773 for (i = 0; !ok && i < sk_GENERAL_NAME_num(alt_names); i++) {
1774 GENERAL_NAME *name = sk_GENERAL_NAME_value(alt_names, i);
1775 if (name->type == GEN_DNS) {
Emeric Bruna33410c2013-09-17 15:47:48 +02001776#if OPENSSL_VERSION_NUMBER < 0x00907000L
1777 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.ia5) >= 0) {
1778#else
Evan Broderbe554312013-06-27 00:05:25 -07001779 if (ASN1_STRING_to_UTF8((unsigned char **)&str, name->d.dNSName) >= 0) {
Emeric Bruna33410c2013-09-17 15:47:48 +02001780#endif
Evan Broderbe554312013-06-27 00:05:25 -07001781 ok = ssl_sock_srv_hostcheck(str, servername);
1782 OPENSSL_free(str);
1783 }
1784 }
1785 }
Emeric Brun4ad50a42013-09-17 15:19:54 +02001786 sk_GENERAL_NAME_pop_free(alt_names, GENERAL_NAME_free);
Evan Broderbe554312013-06-27 00:05:25 -07001787 }
1788
1789 cert_subject = X509_get_subject_name(cert);
1790 i = -1;
1791 while (!ok && (i = X509_NAME_get_index_by_NID(cert_subject, NID_commonName, i)) != -1) {
1792 X509_NAME_ENTRY *entry = X509_NAME_get_entry(cert_subject, i);
1793 if (ASN1_STRING_to_UTF8((unsigned char **)&str, entry->value) >= 0) {
1794 ok = ssl_sock_srv_hostcheck(str, servername);
1795 OPENSSL_free(str);
1796 }
1797 }
1798
1799 return ok;
1800}
1801
Emeric Brun94324a42012-10-11 14:00:19 +02001802/* prepare ssl context from servers options. Returns an error count */
1803int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *curproxy)
1804{
1805 int cfgerr = 0;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02001806 long options =
Emeric Brun94324a42012-10-11 14:00:19 +02001807 SSL_OP_ALL | /* all known workarounds for bugs */
1808 SSL_OP_NO_SSLv2 |
1809 SSL_OP_NO_COMPRESSION;
Remi Gacogneaf5c3da2014-05-19 10:29:58 +02001810 long mode =
Emeric Brun94324a42012-10-11 14:00:19 +02001811 SSL_MODE_ENABLE_PARTIAL_WRITE |
1812 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER |
Willy Tarreau396a1862014-11-13 14:06:52 +01001813 SSL_MODE_RELEASE_BUFFERS |
1814 SSL_MODE_SMALL_BUFFERS;
Emeric Brun850efd52014-01-29 12:24:34 +01001815 int verify = SSL_VERIFY_NONE;
Emeric Brun94324a42012-10-11 14:00:19 +02001816
Thierry Fournier383085f2013-01-24 14:15:43 +01001817 /* Make sure openssl opens /dev/urandom before the chroot */
1818 if (!ssl_initialize_random()) {
1819 Alert("OpenSSL random data generator initialization failed.\n");
1820 cfgerr++;
1821 }
1822
Emeric Brun94324a42012-10-11 14:00:19 +02001823 /* Initiate SSL context for current server */
1824 srv->ssl_ctx.reused_sess = NULL;
1825 if (srv->use_ssl)
1826 srv->xprt = &ssl_sock;
1827 if (srv->check.use_ssl)
Cyril Bonté9ce13112014-11-15 22:41:27 +01001828 srv->check.xprt = &ssl_sock;
Emeric Brun94324a42012-10-11 14:00:19 +02001829
1830 srv->ssl_ctx.ctx = SSL_CTX_new(SSLv23_client_method());
1831 if (!srv->ssl_ctx.ctx) {
1832 Alert("config : %s '%s', server '%s': unable to allocate ssl context.\n",
1833 proxy_type_str(curproxy), curproxy->id,
1834 srv->id);
1835 cfgerr++;
1836 return cfgerr;
1837 }
Emeric Bruna7aa3092012-10-26 12:58:00 +02001838 if (srv->ssl_ctx.client_crt) {
1839 if (SSL_CTX_use_PrivateKey_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt, SSL_FILETYPE_PEM) <= 0) {
1840 Alert("config : %s '%s', server '%s': unable to load SSL private key from PEM file '%s'.\n",
1841 proxy_type_str(curproxy), curproxy->id,
1842 srv->id, srv->ssl_ctx.client_crt);
1843 cfgerr++;
1844 }
1845 else if (SSL_CTX_use_certificate_chain_file(srv->ssl_ctx.ctx, srv->ssl_ctx.client_crt) <= 0) {
1846 Alert("config : %s '%s', server '%s': unable to load ssl certificate from PEM file '%s'.\n",
1847 proxy_type_str(curproxy), curproxy->id,
1848 srv->id, srv->ssl_ctx.client_crt);
1849 cfgerr++;
1850 }
1851 else if (SSL_CTX_check_private_key(srv->ssl_ctx.ctx) <= 0) {
1852 Alert("config : %s '%s', server '%s': inconsistencies between private key and certificate loaded from PEM file '%s'.\n",
1853 proxy_type_str(curproxy), curproxy->id,
1854 srv->id, srv->ssl_ctx.client_crt);
1855 cfgerr++;
1856 }
1857 }
Emeric Brun94324a42012-10-11 14:00:19 +02001858
1859 if (srv->ssl_ctx.options & SRV_SSL_O_NO_SSLV3)
1860 options |= SSL_OP_NO_SSLv3;
1861 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLSV10)
1862 options |= SSL_OP_NO_TLSv1;
1863 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLSV11)
1864 options |= SSL_OP_NO_TLSv1_1;
1865 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLSV12)
1866 options |= SSL_OP_NO_TLSv1_2;
Emeric Brunf9c5c472012-10-11 15:28:34 +02001867 if (srv->ssl_ctx.options & SRV_SSL_O_NO_TLS_TICKETS)
1868 options |= SSL_OP_NO_TICKET;
Emeric Brun94324a42012-10-11 14:00:19 +02001869 if (srv->ssl_ctx.options & SRV_SSL_O_USE_SSLV3)
1870 SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, SSLv3_client_method());
1871 if (srv->ssl_ctx.options & SRV_SSL_O_USE_TLSV10)
1872 SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, TLSv1_client_method());
1873#if SSL_OP_NO_TLSv1_1
1874 if (srv->ssl_ctx.options & SRV_SSL_O_USE_TLSV11)
1875 SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, TLSv1_1_client_method());
1876#endif
1877#if SSL_OP_NO_TLSv1_2
1878 if (srv->ssl_ctx.options & SRV_SSL_O_USE_TLSV12)
1879 SSL_CTX_set_ssl_version(srv->ssl_ctx.ctx, TLSv1_2_client_method());
1880#endif
1881
1882 SSL_CTX_set_options(srv->ssl_ctx.ctx, options);
1883 SSL_CTX_set_mode(srv->ssl_ctx.ctx, mode);
Emeric Brun850efd52014-01-29 12:24:34 +01001884
1885 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
1886 verify = SSL_VERIFY_PEER;
1887
1888 switch (srv->ssl_ctx.verify) {
1889 case SSL_SOCK_VERIFY_NONE:
1890 verify = SSL_VERIFY_NONE;
1891 break;
1892 case SSL_SOCK_VERIFY_REQUIRED:
1893 verify = SSL_VERIFY_PEER;
1894 break;
1895 }
Evan Broderbe554312013-06-27 00:05:25 -07001896 SSL_CTX_set_verify(srv->ssl_ctx.ctx,
Emeric Brun850efd52014-01-29 12:24:34 +01001897 verify,
Evan Broderbe554312013-06-27 00:05:25 -07001898 srv->ssl_ctx.verify_host ? ssl_sock_srv_verifycbk : NULL);
Emeric Brun850efd52014-01-29 12:24:34 +01001899 if (verify & SSL_VERIFY_PEER) {
Emeric Brunef42d922012-10-11 16:11:36 +02001900 if (srv->ssl_ctx.ca_file) {
1901 /* load CAfile to verify */
1902 if (!SSL_CTX_load_verify_locations(srv->ssl_ctx.ctx, srv->ssl_ctx.ca_file, NULL)) {
Willy Tarreau07ba08b2014-02-16 19:22:08 +01001903 Alert("Proxy '%s', server '%s' [%s:%d] unable to load CA file '%s'.\n",
Emeric Brunef42d922012-10-11 16:11:36 +02001904 curproxy->id, srv->id,
1905 srv->conf.file, srv->conf.line, srv->ssl_ctx.ca_file);
1906 cfgerr++;
1907 }
1908 }
Emeric Brun850efd52014-01-29 12:24:34 +01001909 else {
1910 if (global.ssl_server_verify == SSL_SERVER_VERIFY_REQUIRED)
Willy Tarreau07ba08b2014-02-16 19:22:08 +01001911 Alert("Proxy '%s', server '%s' [%s:%d] verify is enabled by default but no CA file specified. If you're running on a LAN where you're certain to trust the server's certificate, please set an explicit 'verify none' statement on the 'server' line, or use 'ssl-server-verify none' in the global section to disable server-side verifications by default.\n",
Emeric Brun850efd52014-01-29 12:24:34 +01001912 curproxy->id, srv->id,
1913 srv->conf.file, srv->conf.line);
1914 else
Willy Tarreau07ba08b2014-02-16 19:22:08 +01001915 Alert("Proxy '%s', server '%s' [%s:%d] verify is enabled but no CA file specified.\n",
Emeric Brun850efd52014-01-29 12:24:34 +01001916 curproxy->id, srv->id,
1917 srv->conf.file, srv->conf.line);
1918 cfgerr++;
1919 }
Emeric Brunef42d922012-10-11 16:11:36 +02001920#ifdef X509_V_FLAG_CRL_CHECK
1921 if (srv->ssl_ctx.crl_file) {
1922 X509_STORE *store = SSL_CTX_get_cert_store(srv->ssl_ctx.ctx);
1923
1924 if (!store || !X509_STORE_load_locations(store, srv->ssl_ctx.crl_file, NULL)) {
Willy Tarreau07ba08b2014-02-16 19:22:08 +01001925 Alert("Proxy '%s', server '%s' [%s:%d] unable to configure CRL file '%s'.\n",
Emeric Brunef42d922012-10-11 16:11:36 +02001926 curproxy->id, srv->id,
1927 srv->conf.file, srv->conf.line, srv->ssl_ctx.crl_file);
1928 cfgerr++;
1929 }
1930 else {
1931 X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
1932 }
1933 }
1934#endif
1935 }
1936
Emeric Brun4f65bff2012-11-16 15:11:00 +01001937 if (global.tune.ssllifetime)
1938 SSL_CTX_set_timeout(srv->ssl_ctx.ctx, global.tune.ssllifetime);
1939
Emeric Brun94324a42012-10-11 14:00:19 +02001940 SSL_CTX_set_session_cache_mode(srv->ssl_ctx.ctx, SSL_SESS_CACHE_OFF);
1941 if (srv->ssl_ctx.ciphers &&
1942 !SSL_CTX_set_cipher_list(srv->ssl_ctx.ctx, srv->ssl_ctx.ciphers)) {
1943 Alert("Proxy '%s', server '%s' [%s:%d] : unable to set SSL cipher list to '%s'.\n",
1944 curproxy->id, srv->id,
1945 srv->conf.file, srv->conf.line, srv->ssl_ctx.ciphers);
1946 cfgerr++;
1947 }
1948
1949 return cfgerr;
1950}
1951
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001952/* Walks down the two trees in bind_conf and prepares all certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02001953 * be NULL, in which case nothing is done. Returns the number of errors
1954 * encountered.
1955 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001956int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf, struct proxy *px)
Emeric Brunfc0421f2012-09-07 17:30:07 +02001957{
1958 struct ebmb_node *node;
1959 struct sni_ctx *sni;
1960 int err = 0;
1961
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001962 if (!bind_conf || !bind_conf->is_ssl)
Emeric Brunfc0421f2012-09-07 17:30:07 +02001963 return 0;
1964
Emeric Brun0bed9942014-10-30 19:25:24 +01001965 if (bind_conf->default_ctx)
1966 err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ctx, px);
1967
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001968 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001969 while (node) {
1970 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01001971 if (!sni->order && sni->ctx != bind_conf->default_ctx)
1972 /* only initialize the CTX on its first occurrence and
1973 if it is not the default_ctx */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001974 err += ssl_sock_prepare_ctx(bind_conf, sni->ctx, px);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001975 node = ebmb_next(node);
1976 }
1977
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001978 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001979 while (node) {
1980 sni = ebmb_entry(node, struct sni_ctx, name);
Emeric Brun0bed9942014-10-30 19:25:24 +01001981 if (!sni->order && sni->ctx != bind_conf->default_ctx)
1982 /* only initialize the CTX on its first occurrence and
1983 if it is not the default_ctx */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001984 err += ssl_sock_prepare_ctx(bind_conf, sni->ctx, px);
Emeric Brunfc0421f2012-09-07 17:30:07 +02001985 node = ebmb_next(node);
1986 }
1987 return err;
1988}
1989
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001990/* Walks down the two trees in bind_conf and frees all the certs. The pointer may
Emeric Brunfc0421f2012-09-07 17:30:07 +02001991 * be NULL, in which case nothing is done. The default_ctx is nullified too.
1992 */
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001993void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
Emeric Brunfc0421f2012-09-07 17:30:07 +02001994{
1995 struct ebmb_node *node, *back;
1996 struct sni_ctx *sni;
1997
Willy Tarreau2a65ff02012-09-13 17:54:29 +02001998 if (!bind_conf || !bind_conf->is_ssl)
Emeric Brunfc0421f2012-09-07 17:30:07 +02001999 return;
2000
Willy Tarreau2a65ff02012-09-13 17:54:29 +02002001 node = ebmb_first(&bind_conf->sni_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002002 while (node) {
2003 sni = ebmb_entry(node, struct sni_ctx, name);
2004 back = ebmb_next(node);
2005 ebmb_delete(node);
2006 if (!sni->order) /* only free the CTX on its first occurrence */
2007 SSL_CTX_free(sni->ctx);
2008 free(sni);
2009 node = back;
2010 }
2011
Willy Tarreau2a65ff02012-09-13 17:54:29 +02002012 node = ebmb_first(&bind_conf->sni_w_ctx);
Emeric Brunfc0421f2012-09-07 17:30:07 +02002013 while (node) {
2014 sni = ebmb_entry(node, struct sni_ctx, name);
2015 back = ebmb_next(node);
2016 ebmb_delete(node);
2017 if (!sni->order) /* only free the CTX on its first occurrence */
2018 SSL_CTX_free(sni->ctx);
2019 free(sni);
2020 node = back;
2021 }
2022
Willy Tarreau2a65ff02012-09-13 17:54:29 +02002023 bind_conf->default_ctx = NULL;
Emeric Brune1f38db2012-09-03 20:36:47 +02002024}
2025
Emeric Brun46591952012-05-18 15:47:34 +02002026/*
2027 * This function is called if SSL * context is not yet allocated. The function
2028 * is designed to be called before any other data-layer operation and sets the
2029 * handshake flag on the connection. It is safe to call it multiple times.
2030 * It returns 0 on success and -1 in error case.
2031 */
2032static int ssl_sock_init(struct connection *conn)
2033{
2034 /* already initialized */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02002035 if (conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02002036 return 0;
2037
Willy Tarreau3c728722014-01-23 13:50:42 +01002038 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02002039 return 0;
2040
Willy Tarreau20879a02012-12-03 16:32:10 +01002041 if (global.maxsslconn && sslconns >= global.maxsslconn) {
2042 conn->err_code = CO_ER_SSL_TOO_MANY;
Willy Tarreau403edff2012-09-06 11:58:37 +02002043 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01002044 }
Willy Tarreau403edff2012-09-06 11:58:37 +02002045
Emeric Brun46591952012-05-18 15:47:34 +02002046 /* If it is in client mode initiate SSL session
2047 in connect state otherwise accept state */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01002048 if (objt_server(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01002049 int may_retry = 1;
2050
2051 retry_connect:
Emeric Brun46591952012-05-18 15:47:34 +02002052 /* Alloc a new SSL session ctx */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01002053 conn->xprt_ctx = SSL_new(objt_server(conn->target)->ssl_ctx.ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01002054 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01002055 if (may_retry--) {
2056 pool_gc2();
2057 goto retry_connect;
2058 }
Willy Tarreau20879a02012-12-03 16:32:10 +01002059 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02002060 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01002061 }
Emeric Brun46591952012-05-18 15:47:34 +02002062
Emeric Brun46591952012-05-18 15:47:34 +02002063 /* set fd on SSL session context */
Emeric Brun55476152014-11-12 17:35:37 +01002064 if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) {
2065 SSL_free(conn->xprt_ctx);
2066 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01002067 if (may_retry--) {
2068 pool_gc2();
2069 goto retry_connect;
2070 }
Emeric Brun55476152014-11-12 17:35:37 +01002071 conn->err_code = CO_ER_SSL_NO_MEM;
2072 return -1;
2073 }
Emeric Brun46591952012-05-18 15:47:34 +02002074
Evan Broderbe554312013-06-27 00:05:25 -07002075 /* set connection pointer */
Emeric Brun55476152014-11-12 17:35:37 +01002076 if (!SSL_set_app_data(conn->xprt_ctx, conn)) {
2077 SSL_free(conn->xprt_ctx);
2078 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01002079 if (may_retry--) {
2080 pool_gc2();
2081 goto retry_connect;
2082 }
Emeric Brun55476152014-11-12 17:35:37 +01002083 conn->err_code = CO_ER_SSL_NO_MEM;
2084 return -1;
2085 }
2086
2087 SSL_set_connect_state(conn->xprt_ctx);
2088 if (objt_server(conn->target)->ssl_ctx.reused_sess) {
2089 if(!SSL_set_session(conn->xprt_ctx, objt_server(conn->target)->ssl_ctx.reused_sess)) {
2090 SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess);
2091 objt_server(conn->target)->ssl_ctx.reused_sess = NULL;
2092 }
2093 }
Evan Broderbe554312013-06-27 00:05:25 -07002094
Emeric Brun46591952012-05-18 15:47:34 +02002095 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02002096 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02002097
2098 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01002099 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02002100 return 0;
2101 }
Willy Tarreau3fdb3662012-11-12 00:42:33 +01002102 else if (objt_listener(conn->target)) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01002103 int may_retry = 1;
2104
2105 retry_accept:
Emeric Brun46591952012-05-18 15:47:34 +02002106 /* Alloc a new SSL session ctx */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01002107 conn->xprt_ctx = SSL_new(objt_listener(conn->target)->bind_conf->default_ctx);
Willy Tarreau20879a02012-12-03 16:32:10 +01002108 if (!conn->xprt_ctx) {
Willy Tarreaufba03cd2014-11-13 13:48:58 +01002109 if (may_retry--) {
2110 pool_gc2();
2111 goto retry_accept;
2112 }
Willy Tarreau20879a02012-12-03 16:32:10 +01002113 conn->err_code = CO_ER_SSL_NO_MEM;
Emeric Brun46591952012-05-18 15:47:34 +02002114 return -1;
Willy Tarreau20879a02012-12-03 16:32:10 +01002115 }
Emeric Brun46591952012-05-18 15:47:34 +02002116
Emeric Brun46591952012-05-18 15:47:34 +02002117 /* set fd on SSL session context */
Emeric Brun55476152014-11-12 17:35:37 +01002118 if (!SSL_set_fd(conn->xprt_ctx, conn->t.sock.fd)) {
2119 SSL_free(conn->xprt_ctx);
2120 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01002121 if (may_retry--) {
2122 pool_gc2();
2123 goto retry_accept;
2124 }
Emeric Brun55476152014-11-12 17:35:37 +01002125 conn->err_code = CO_ER_SSL_NO_MEM;
2126 return -1;
2127 }
Emeric Brun46591952012-05-18 15:47:34 +02002128
Emeric Brune1f38db2012-09-03 20:36:47 +02002129 /* set connection pointer */
Emeric Brun55476152014-11-12 17:35:37 +01002130 if (!SSL_set_app_data(conn->xprt_ctx, conn)) {
2131 SSL_free(conn->xprt_ctx);
2132 conn->xprt_ctx = NULL;
Willy Tarreaufba03cd2014-11-13 13:48:58 +01002133 if (may_retry--) {
2134 pool_gc2();
2135 goto retry_accept;
2136 }
Emeric Brun55476152014-11-12 17:35:37 +01002137 conn->err_code = CO_ER_SSL_NO_MEM;
2138 return -1;
2139 }
2140
2141 SSL_set_accept_state(conn->xprt_ctx);
Emeric Brune1f38db2012-09-03 20:36:47 +02002142
Emeric Brun46591952012-05-18 15:47:34 +02002143 /* leave init state and start handshake */
Willy Tarreau05737472012-09-04 08:03:39 +02002144 conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
Willy Tarreau403edff2012-09-06 11:58:37 +02002145
2146 sslconns++;
Willy Tarreau71b734c2014-01-28 15:19:44 +01002147 totalsslconns++;
Emeric Brun46591952012-05-18 15:47:34 +02002148 return 0;
2149 }
2150 /* don't know how to handle such a target */
Willy Tarreau20879a02012-12-03 16:32:10 +01002151 conn->err_code = CO_ER_SSL_NO_TARGET;
Emeric Brun46591952012-05-18 15:47:34 +02002152 return -1;
2153}
2154
2155
2156/* This is the callback which is used when an SSL handshake is pending. It
2157 * updates the FD status if it wants some polling before being called again.
2158 * It returns 0 if it fails in a fatal way or needs to poll to go further,
2159 * otherwise it returns non-zero and removes itself from the connection's
2160 * flags (the bit is provided in <flag> by the caller).
2161 */
2162int ssl_sock_handshake(struct connection *conn, unsigned int flag)
2163{
2164 int ret;
2165
Willy Tarreau3c728722014-01-23 13:50:42 +01002166 if (!conn_ctrl_ready(conn))
Willy Tarreauf79c8172013-10-21 16:30:56 +02002167 return 0;
2168
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02002169 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02002170 goto out_error;
2171
Emeric Brun674b7432012-11-08 19:21:55 +01002172 /* If we use SSL_do_handshake to process a reneg initiated by
2173 * the remote peer, it sometimes returns SSL_ERROR_SSL.
2174 * Usually SSL_write and SSL_read are used and process implicitly
2175 * the reneg handshake.
2176 * Here we use SSL_peek as a workaround for reneg.
2177 */
2178 if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(conn->xprt_ctx)) {
2179 char c;
2180
2181 ret = SSL_peek(conn->xprt_ctx, &c, 1);
2182 if (ret <= 0) {
2183 /* handshake may have not been completed, let's find why */
2184 ret = SSL_get_error(conn->xprt_ctx, ret);
2185 if (ret == SSL_ERROR_WANT_WRITE) {
2186 /* SSL handshake needs to write, L4 connection may not be ready */
2187 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01002188 __conn_sock_want_send(conn);
2189 fd_cant_send(conn->t.sock.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01002190 return 0;
2191 }
2192 else if (ret == SSL_ERROR_WANT_READ) {
2193 /* handshake may have been completed but we have
2194 * no more data to read.
2195 */
2196 if (!SSL_renegotiate_pending(conn->xprt_ctx)) {
2197 ret = 1;
2198 goto reneg_ok;
2199 }
2200 /* SSL handshake needs to read, L4 connection is ready */
2201 if (conn->flags & CO_FL_WAIT_L4_CONN)
2202 conn->flags &= ~CO_FL_WAIT_L4_CONN;
2203 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01002204 __conn_sock_want_recv(conn);
2205 fd_cant_recv(conn->t.sock.fd);
Emeric Brun674b7432012-11-08 19:21:55 +01002206 return 0;
2207 }
2208 else if (ret == SSL_ERROR_SYSCALL) {
2209 /* if errno is null, then connection was successfully established */
2210 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
2211 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01002212 if (!conn->err_code) {
Emeric Brun29f037d2014-04-25 19:05:36 +02002213 if (!((SSL *)conn->xprt_ctx)->packet_length) {
2214 if (!errno) {
2215 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
2216 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
2217 else
2218 conn->err_code = CO_ER_SSL_EMPTY;
2219 }
2220 else {
2221 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
2222 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
2223 else
2224 conn->err_code = CO_ER_SSL_ABORT;
2225 }
2226 }
2227 else {
2228 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
2229 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01002230 else
Emeric Brun29f037d2014-04-25 19:05:36 +02002231 conn->err_code = CO_ER_SSL_HANDSHAKE;
2232 }
Willy Tarreau20879a02012-12-03 16:32:10 +01002233 }
Emeric Brun674b7432012-11-08 19:21:55 +01002234 goto out_error;
2235 }
2236 else {
2237 /* Fail on all other handshake errors */
2238 /* Note: OpenSSL may leave unread bytes in the socket's
2239 * buffer, causing an RST to be emitted upon close() on
2240 * TCP sockets. We first try to drain possibly pending
2241 * data to avoid this as much as possible.
2242 */
Willy Tarreau46be2e52014-01-20 12:10:52 +01002243 conn_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01002244 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02002245 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
2246 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun674b7432012-11-08 19:21:55 +01002247 goto out_error;
2248 }
2249 }
2250 /* read some data: consider handshake completed */
2251 goto reneg_ok;
2252 }
2253
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02002254 ret = SSL_do_handshake(conn->xprt_ctx);
Emeric Brun46591952012-05-18 15:47:34 +02002255 if (ret != 1) {
2256 /* handshake did not complete, let's find why */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02002257 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02002258
2259 if (ret == SSL_ERROR_WANT_WRITE) {
2260 /* SSL handshake needs to write, L4 connection may not be ready */
2261 __conn_sock_stop_recv(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01002262 __conn_sock_want_send(conn);
2263 fd_cant_send(conn->t.sock.fd);
Emeric Brun46591952012-05-18 15:47:34 +02002264 return 0;
2265 }
2266 else if (ret == SSL_ERROR_WANT_READ) {
2267 /* SSL handshake needs to read, L4 connection is ready */
2268 if (conn->flags & CO_FL_WAIT_L4_CONN)
2269 conn->flags &= ~CO_FL_WAIT_L4_CONN;
2270 __conn_sock_stop_send(conn);
Willy Tarreaue1f50c42014-01-22 20:02:06 +01002271 __conn_sock_want_recv(conn);
2272 fd_cant_recv(conn->t.sock.fd);
Emeric Brun46591952012-05-18 15:47:34 +02002273 return 0;
2274 }
Willy Tarreau89230192012-09-28 20:22:13 +02002275 else if (ret == SSL_ERROR_SYSCALL) {
2276 /* if errno is null, then connection was successfully established */
2277 if (!errno && conn->flags & CO_FL_WAIT_L4_CONN)
2278 conn->flags &= ~CO_FL_WAIT_L4_CONN;
Willy Tarreau20879a02012-12-03 16:32:10 +01002279
Emeric Brun29f037d2014-04-25 19:05:36 +02002280 if (!((SSL *)conn->xprt_ctx)->packet_length) {
2281 if (!errno) {
2282 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
2283 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
2284 else
2285 conn->err_code = CO_ER_SSL_EMPTY;
2286 }
2287 else {
2288 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
2289 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
2290 else
2291 conn->err_code = CO_ER_SSL_ABORT;
2292 }
2293 }
2294 else {
2295 if (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT)
2296 conn->err_code = CO_ER_SSL_HANDSHAKE_HB;
Willy Tarreau20879a02012-12-03 16:32:10 +01002297 else
Emeric Brun29f037d2014-04-25 19:05:36 +02002298 conn->err_code = CO_ER_SSL_HANDSHAKE;
2299 }
Willy Tarreau89230192012-09-28 20:22:13 +02002300 goto out_error;
2301 }
Emeric Brun46591952012-05-18 15:47:34 +02002302 else {
2303 /* Fail on all other handshake errors */
Willy Tarreau566dc552012-10-19 20:52:18 +02002304 /* Note: OpenSSL may leave unread bytes in the socket's
2305 * buffer, causing an RST to be emitted upon close() on
2306 * TCP sockets. We first try to drain possibly pending
2307 * data to avoid this as much as possible.
2308 */
Willy Tarreau46be2e52014-01-20 12:10:52 +01002309 conn_drain(conn);
Willy Tarreau20879a02012-12-03 16:32:10 +01002310 if (!conn->err_code)
Willy Tarreauf51c6982014-04-25 20:02:39 +02002311 conn->err_code = (conn->xprt_st & SSL_SOCK_RECV_HEARTBEAT) ?
2312 CO_ER_SSL_KILLED_HB : CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02002313 goto out_error;
2314 }
2315 }
2316
Emeric Brun674b7432012-11-08 19:21:55 +01002317reneg_ok:
2318
Emeric Brun46591952012-05-18 15:47:34 +02002319 /* Handshake succeeded */
Willy Tarreau0c9c2722014-05-28 12:28:58 +02002320 if (!SSL_session_reused(conn->xprt_ctx)) {
2321 if (objt_server(conn->target)) {
2322 update_freq_ctr(&global.ssl_be_keys_per_sec, 1);
2323 if (global.ssl_be_keys_per_sec.curr_ctr > global.ssl_be_keys_max)
2324 global.ssl_be_keys_max = global.ssl_be_keys_per_sec.curr_ctr;
2325
Emeric Brun46591952012-05-18 15:47:34 +02002326 /* check if session was reused, if not store current session on server for reuse */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01002327 if (objt_server(conn->target)->ssl_ctx.reused_sess)
2328 SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess);
Emeric Brun46591952012-05-18 15:47:34 +02002329
Willy Tarreau3fdb3662012-11-12 00:42:33 +01002330 objt_server(conn->target)->ssl_ctx.reused_sess = SSL_get1_session(conn->xprt_ctx);
Emeric Brun46591952012-05-18 15:47:34 +02002331 }
Willy Tarreau0c9c2722014-05-28 12:28:58 +02002332 else {
2333 update_freq_ctr(&global.ssl_fe_keys_per_sec, 1);
2334 if (global.ssl_fe_keys_per_sec.curr_ctr > global.ssl_fe_keys_max)
2335 global.ssl_fe_keys_max = global.ssl_fe_keys_per_sec.curr_ctr;
2336 }
Emeric Brun46591952012-05-18 15:47:34 +02002337 }
2338
2339 /* The connection is now established at both layers, it's time to leave */
2340 conn->flags &= ~(flag | CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN);
2341 return 1;
2342
2343 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01002344 /* Clear openssl global errors stack */
2345 ERR_clear_error();
2346
Emeric Brun9fa89732012-10-04 17:09:56 +02002347 /* free resumed session if exists */
Willy Tarreau3fdb3662012-11-12 00:42:33 +01002348 if (objt_server(conn->target) && objt_server(conn->target)->ssl_ctx.reused_sess) {
2349 SSL_SESSION_free(objt_server(conn->target)->ssl_ctx.reused_sess);
2350 objt_server(conn->target)->ssl_ctx.reused_sess = NULL;
Emeric Brun9fa89732012-10-04 17:09:56 +02002351 }
2352
Emeric Brun46591952012-05-18 15:47:34 +02002353 /* Fail on all other handshake errors */
2354 conn->flags |= CO_FL_ERROR;
Willy Tarreau20879a02012-12-03 16:32:10 +01002355 if (!conn->err_code)
2356 conn->err_code = CO_ER_SSL_HANDSHAKE;
Emeric Brun46591952012-05-18 15:47:34 +02002357 return 0;
2358}
2359
2360/* Receive up to <count> bytes from connection <conn>'s socket and store them
Willy Tarreauabf08d92014-01-14 11:31:27 +01002361 * into buffer <buf>. Only one call to recv() is performed, unless the
Emeric Brun46591952012-05-18 15:47:34 +02002362 * buffer wraps, in which case a second call may be performed. The connection's
2363 * flags are updated with whatever special event is detected (error, read0,
2364 * empty). The caller is responsible for taking care of those events and
2365 * avoiding the call if inappropriate. The function does not call the
2366 * connection's polling update function, so the caller is responsible for this.
2367 */
2368static int ssl_sock_to_buf(struct connection *conn, struct buffer *buf, int count)
2369{
2370 int ret, done = 0;
Willy Tarreauabf08d92014-01-14 11:31:27 +01002371 int try;
Emeric Brun46591952012-05-18 15:47:34 +02002372
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02002373 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02002374 goto out_error;
2375
2376 if (conn->flags & CO_FL_HANDSHAKE)
2377 /* a handshake was requested */
2378 return 0;
2379
Willy Tarreauabf08d92014-01-14 11:31:27 +01002380 /* let's realign the buffer to optimize I/O */
2381 if (buffer_empty(buf))
Emeric Brun46591952012-05-18 15:47:34 +02002382 buf->p = buf->data;
Emeric Brun46591952012-05-18 15:47:34 +02002383
2384 /* read the largest possible block. For this, we perform only one call
2385 * to recv() unless the buffer wraps and we exactly fill the first hunk,
2386 * in which case we accept to do it once again. A new attempt is made on
2387 * EINTR too.
2388 */
Willy Tarreau00b0fb92014-01-17 11:09:40 +01002389 while (count > 0) {
Willy Tarreauabf08d92014-01-14 11:31:27 +01002390 /* first check if we have some room after p+i */
2391 try = buf->data + buf->size - (buf->p + buf->i);
2392 /* otherwise continue between data and p-o */
2393 if (try <= 0) {
2394 try = buf->p - (buf->data + buf->o);
2395 if (try <= 0)
2396 break;
2397 }
2398 if (try > count)
2399 try = count;
2400
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02002401 ret = SSL_read(conn->xprt_ctx, bi_end(buf), try);
Emeric Brune1f38db2012-09-03 20:36:47 +02002402 if (conn->flags & CO_FL_ERROR) {
2403 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01002404 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02002405 }
Emeric Brun46591952012-05-18 15:47:34 +02002406 if (ret > 0) {
2407 buf->i += ret;
2408 done += ret;
2409 if (ret < try)
2410 break;
2411 count -= ret;
Emeric Brun46591952012-05-18 15:47:34 +02002412 }
2413 else if (ret == 0) {
Emeric Brun644cde02012-12-14 11:21:13 +01002414 ret = SSL_get_error(conn->xprt_ctx, ret);
2415 if (ret != SSL_ERROR_ZERO_RETURN) {
Emeric Brun1c646862012-12-14 12:33:41 +01002416 /* error on protocol or underlying transport */
2417 if ((ret != SSL_ERROR_SYSCALL)
2418 || (errno && (errno != EAGAIN)))
2419 conn->flags |= CO_FL_ERROR;
2420
Emeric Brun644cde02012-12-14 11:21:13 +01002421 /* Clear openssl global errors stack */
2422 ERR_clear_error();
2423 }
Emeric Brun46591952012-05-18 15:47:34 +02002424 goto read0;
2425 }
2426 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02002427 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02002428 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01002429 /* handshake is running, and it needs to enable write */
Emeric Brun46591952012-05-18 15:47:34 +02002430 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01002431 __conn_sock_want_send(conn);
Emeric Brun46591952012-05-18 15:47:34 +02002432 break;
2433 }
2434 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun282a76a2012-11-08 18:02:56 +01002435 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
2436 /* handshake is running, and it may need to re-enable read */
2437 conn->flags |= CO_FL_SSL_WAIT_HS;
2438 __conn_sock_want_recv(conn);
2439 break;
2440 }
Emeric Brun46591952012-05-18 15:47:34 +02002441 /* we need to poll for retry a read later */
Willy Tarreaue1f50c42014-01-22 20:02:06 +01002442 fd_cant_recv(conn->t.sock.fd);
Emeric Brun46591952012-05-18 15:47:34 +02002443 break;
2444 }
2445 /* otherwise it's a real error */
2446 goto out_error;
2447 }
2448 }
2449 return done;
2450
2451 read0:
2452 conn_sock_read0(conn);
2453 return done;
2454 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01002455 /* Clear openssl global errors stack */
2456 ERR_clear_error();
2457
Emeric Brun46591952012-05-18 15:47:34 +02002458 conn->flags |= CO_FL_ERROR;
2459 return done;
2460}
2461
2462
2463/* Send all pending bytes from buffer <buf> to connection <conn>'s socket.
Willy Tarreau1049b1f2014-02-02 01:51:17 +01002464 * <flags> may contain some CO_SFL_* flags to hint the system about other
2465 * pending data for example, but this flag is ignored at the moment.
Emeric Brun46591952012-05-18 15:47:34 +02002466 * Only one call to send() is performed, unless the buffer wraps, in which case
2467 * a second call may be performed. The connection's flags are updated with
2468 * whatever special event is detected (error, empty). The caller is responsible
2469 * for taking care of those events and avoiding the call if inappropriate. The
2470 * function does not call the connection's polling update function, so the caller
2471 * is responsible for this.
2472 */
2473static int ssl_sock_from_buf(struct connection *conn, struct buffer *buf, int flags)
2474{
2475 int ret, try, done;
2476
2477 done = 0;
2478
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02002479 if (!conn->xprt_ctx)
Emeric Brun46591952012-05-18 15:47:34 +02002480 goto out_error;
2481
2482 if (conn->flags & CO_FL_HANDSHAKE)
2483 /* a handshake was requested */
2484 return 0;
2485
2486 /* send the largest possible block. For this we perform only one call
2487 * to send() unless the buffer wraps and we exactly fill the first hunk,
2488 * in which case we accept to do it once again.
2489 */
2490 while (buf->o) {
Kevin Hestercad82342013-05-30 15:12:41 -07002491 try = bo_contig_data(buf);
Willy Tarreaubfd59462013-02-21 07:46:09 +01002492
Willy Tarreau7bed9452014-02-02 02:00:24 +01002493 if (!(flags & CO_SFL_STREAMER) &&
Willy Tarreau518cedd2014-02-17 15:43:01 +01002494 !(conn->xprt_st & SSL_SOCK_SEND_UNLIMITED) &&
2495 global.tune.ssl_max_record && try > global.tune.ssl_max_record) {
Willy Tarreaubfd59462013-02-21 07:46:09 +01002496 try = global.tune.ssl_max_record;
Willy Tarreau518cedd2014-02-17 15:43:01 +01002497 }
2498 else {
2499 /* we need to keep the information about the fact that
2500 * we're not limiting the upcoming send(), because if it
2501 * fails, we'll have to retry with at least as many data.
2502 */
2503 conn->xprt_st |= SSL_SOCK_SEND_UNLIMITED;
2504 }
Willy Tarreaubfd59462013-02-21 07:46:09 +01002505
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02002506 ret = SSL_write(conn->xprt_ctx, bo_ptr(buf), try);
Willy Tarreau518cedd2014-02-17 15:43:01 +01002507
Emeric Brune1f38db2012-09-03 20:36:47 +02002508 if (conn->flags & CO_FL_ERROR) {
2509 /* CO_FL_ERROR may be set by ssl_sock_infocbk */
Emeric Brun644cde02012-12-14 11:21:13 +01002510 goto out_error;
Emeric Brune1f38db2012-09-03 20:36:47 +02002511 }
Emeric Brun46591952012-05-18 15:47:34 +02002512 if (ret > 0) {
Willy Tarreau518cedd2014-02-17 15:43:01 +01002513 conn->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED;
2514
Emeric Brun46591952012-05-18 15:47:34 +02002515 buf->o -= ret;
2516 done += ret;
2517
Willy Tarreau5fb38032012-12-16 19:39:09 +01002518 if (likely(buffer_empty(buf)))
Emeric Brun46591952012-05-18 15:47:34 +02002519 /* optimize data alignment in the buffer */
2520 buf->p = buf->data;
2521
2522 /* if the system buffer is full, don't insist */
2523 if (ret < try)
2524 break;
2525 }
2526 else {
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02002527 ret = SSL_get_error(conn->xprt_ctx, ret);
Emeric Brun46591952012-05-18 15:47:34 +02002528 if (ret == SSL_ERROR_WANT_WRITE) {
Emeric Brun282a76a2012-11-08 18:02:56 +01002529 if (SSL_renegotiate_pending(conn->xprt_ctx)) {
2530 /* handshake is running, and it may need to re-enable write */
2531 conn->flags |= CO_FL_SSL_WAIT_HS;
2532 __conn_sock_want_send(conn);
2533 break;
2534 }
Emeric Brun46591952012-05-18 15:47:34 +02002535 /* we need to poll to retry a write later */
Willy Tarreaue1f50c42014-01-22 20:02:06 +01002536 fd_cant_send(conn->t.sock.fd);
Emeric Brun46591952012-05-18 15:47:34 +02002537 break;
2538 }
2539 else if (ret == SSL_ERROR_WANT_READ) {
Emeric Brun8af8dd12012-11-08 17:56:20 +01002540 /* handshake is running, and it needs to enable read */
Emeric Brun46591952012-05-18 15:47:34 +02002541 conn->flags |= CO_FL_SSL_WAIT_HS;
Emeric Brun8af8dd12012-11-08 17:56:20 +01002542 __conn_sock_want_recv(conn);
Emeric Brun46591952012-05-18 15:47:34 +02002543 break;
2544 }
2545 goto out_error;
2546 }
2547 }
2548 return done;
2549
2550 out_error:
Emeric Brun644cde02012-12-14 11:21:13 +01002551 /* Clear openssl global errors stack */
2552 ERR_clear_error();
2553
Emeric Brun46591952012-05-18 15:47:34 +02002554 conn->flags |= CO_FL_ERROR;
2555 return done;
2556}
2557
Emeric Brun46591952012-05-18 15:47:34 +02002558static void ssl_sock_close(struct connection *conn) {
2559
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02002560 if (conn->xprt_ctx) {
2561 SSL_free(conn->xprt_ctx);
2562 conn->xprt_ctx = NULL;
Willy Tarreau403edff2012-09-06 11:58:37 +02002563 sslconns--;
Emeric Brun46591952012-05-18 15:47:34 +02002564 }
Emeric Brun46591952012-05-18 15:47:34 +02002565}
2566
2567/* This function tries to perform a clean shutdown on an SSL connection, and in
2568 * any case, flags the connection as reusable if no handshake was in progress.
2569 */
2570static void ssl_sock_shutw(struct connection *conn, int clean)
2571{
2572 if (conn->flags & CO_FL_HANDSHAKE)
2573 return;
2574 /* no handshake was in progress, try a clean ssl shutdown */
Emeric Brun644cde02012-12-14 11:21:13 +01002575 if (clean && (SSL_shutdown(conn->xprt_ctx) <= 0)) {
2576 /* Clear openssl global errors stack */
2577 ERR_clear_error();
2578 }
Emeric Brun46591952012-05-18 15:47:34 +02002579
2580 /* force flag on ssl to keep session in cache regardless shutdown result */
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02002581 SSL_set_shutdown(conn->xprt_ctx, SSL_SENT_SHUTDOWN);
Emeric Brun46591952012-05-18 15:47:34 +02002582}
2583
Willy Tarreauffc3fcd2012-10-12 20:17:54 +02002584/* used for logging, may be changed for a sample fetch later */
2585const char *ssl_sock_get_cipher_name(struct connection *conn)
2586{
2587 if (!conn->xprt && !conn->xprt_ctx)
2588 return NULL;
2589 return SSL_get_cipher_name(conn->xprt_ctx);
2590}
2591
2592/* used for logging, may be changed for a sample fetch later */
2593const char *ssl_sock_get_proto_version(struct connection *conn)
2594{
2595 if (!conn->xprt && !conn->xprt_ctx)
2596 return NULL;
2597 return SSL_get_version(conn->xprt_ctx);
2598}
2599
Willy Tarreau8d598402012-10-22 17:58:39 +02002600/* Extract a serial from a cert, and copy it to a chunk.
2601 * Returns 1 if serial is found and copied, 0 if no serial found and
2602 * -1 if output is not large enough.
2603 */
2604static int
2605ssl_sock_get_serial(X509 *crt, struct chunk *out)
2606{
2607 ASN1_INTEGER *serial;
2608
2609 serial = X509_get_serialNumber(crt);
2610 if (!serial)
2611 return 0;
2612
2613 if (out->size < serial->length)
2614 return -1;
2615
2616 memcpy(out->str, serial->data, serial->length);
2617 out->len = serial->length;
2618 return 1;
2619}
2620
Emeric Brun43e79582014-10-29 19:03:26 +01002621/* Extract a cert to der, and copy it to a chunk.
2622 * Returns 1 if cert is found and copied, 0 on der convertion failure and
2623 * -1 if output is not large enough.
2624 */
2625static int
2626ssl_sock_crt2der(X509 *crt, struct chunk *out)
2627{
2628 int len;
2629 unsigned char *p = (unsigned char *)out->str;;
2630
2631 len =i2d_X509(crt, NULL);
2632 if (len <= 0)
2633 return 1;
2634
2635 if (out->size < len)
2636 return -1;
2637
2638 i2d_X509(crt,&p);
2639 out->len = len;
2640 return 1;
2641}
2642
Emeric Brunce5ad802012-10-22 14:11:22 +02002643
2644/* Copy Date in ASN1_UTCTIME format in struct chunk out.
2645 * Returns 1 if serial is found and copied, 0 if no valid time found
2646 * and -1 if output is not large enough.
2647 */
2648static int
2649ssl_sock_get_time(ASN1_TIME *tm, struct chunk *out)
2650{
2651 if (tm->type == V_ASN1_GENERALIZEDTIME) {
2652 ASN1_GENERALIZEDTIME *gentm = (ASN1_GENERALIZEDTIME *)tm;
2653
2654 if (gentm->length < 12)
2655 return 0;
2656 if (gentm->data[0] != 0x32 || gentm->data[1] != 0x30)
2657 return 0;
2658 if (out->size < gentm->length-2)
2659 return -1;
2660
2661 memcpy(out->str, gentm->data+2, gentm->length-2);
2662 out->len = gentm->length-2;
2663 return 1;
2664 }
2665 else if (tm->type == V_ASN1_UTCTIME) {
2666 ASN1_UTCTIME *utctm = (ASN1_UTCTIME *)tm;
2667
2668 if (utctm->length < 10)
2669 return 0;
2670 if (utctm->data[0] >= 0x35)
2671 return 0;
2672 if (out->size < utctm->length)
2673 return -1;
2674
2675 memcpy(out->str, utctm->data, utctm->length);
2676 out->len = utctm->length;
2677 return 1;
2678 }
2679
2680 return 0;
2681}
2682
Emeric Brun87855892012-10-17 17:39:35 +02002683/* Extract an entry from a X509_NAME and copy its value to an output chunk.
2684 * Returns 1 if entry found, 0 if entry not found, or -1 if output not large enough.
2685 */
2686static int
2687ssl_sock_get_dn_entry(X509_NAME *a, const struct chunk *entry, int pos, struct chunk *out)
2688{
2689 X509_NAME_ENTRY *ne;
2690 int i, j, n;
2691 int cur = 0;
2692 const char *s;
2693 char tmp[128];
2694
2695 out->len = 0;
2696 for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
2697 if (pos < 0)
2698 j = (sk_X509_NAME_ENTRY_num(a->entries)-1) - i;
2699 else
2700 j = i;
2701
2702 ne = sk_X509_NAME_ENTRY_value(a->entries, j);
2703 n = OBJ_obj2nid(ne->object);
2704 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
2705 i2t_ASN1_OBJECT(tmp, sizeof(tmp), ne->object);
2706 s = tmp;
2707 }
2708
2709 if (chunk_strcasecmp(entry, s) != 0)
2710 continue;
2711
2712 if (pos < 0)
2713 cur--;
2714 else
2715 cur++;
2716
2717 if (cur != pos)
2718 continue;
2719
2720 if (ne->value->length > out->size)
2721 return -1;
2722
2723 memcpy(out->str, ne->value->data, ne->value->length);
2724 out->len = ne->value->length;
2725 return 1;
2726 }
2727
2728 return 0;
2729
2730}
2731
2732/* Extract and format full DN from a X509_NAME and copy result into a chunk
2733 * Returns 1 if dn entries exits, 0 if no dn entry found or -1 if output is not large enough.
2734 */
2735static int
2736ssl_sock_get_dn_oneline(X509_NAME *a, struct chunk *out)
2737{
2738 X509_NAME_ENTRY *ne;
2739 int i, n, ln;
2740 int l = 0;
2741 const char *s;
2742 char *p;
2743 char tmp[128];
2744
2745 out->len = 0;
2746 p = out->str;
2747 for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
2748 ne = sk_X509_NAME_ENTRY_value(a->entries, i);
2749 n = OBJ_obj2nid(ne->object);
2750 if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
2751 i2t_ASN1_OBJECT(tmp, sizeof(tmp), ne->object);
2752 s = tmp;
2753 }
2754 ln = strlen(s);
2755
2756 l += 1 + ln + 1 + ne->value->length;
2757 if (l > out->size)
2758 return -1;
2759 out->len = l;
2760
2761 *(p++)='/';
2762 memcpy(p, s, ln);
2763 p += ln;
2764 *(p++)='=';
2765 memcpy(p, ne->value->data, ne->value->length);
2766 p += ne->value->length;
2767 }
2768
2769 if (!out->len)
2770 return 0;
2771
2772 return 1;
2773}
2774
David Safb76832014-05-08 23:42:08 -04002775char *ssl_sock_get_version(struct connection *conn)
2776{
2777 if (!ssl_sock_is_ssl(conn))
2778 return NULL;
2779
2780 return (char *)SSL_get_version(conn->xprt_ctx);
2781}
2782
Emeric Brun0abf8362014-06-24 18:26:41 +02002783/* Extract peer certificate's common name into the chunk dest
2784 * Returns
2785 * the len of the extracted common name
2786 * or 0 if no CN found in DN
2787 * or -1 on error case (i.e. no peer certificate)
2788 */
2789int ssl_sock_get_remote_common_name(struct connection *conn, struct chunk *dest)
David Safb76832014-05-08 23:42:08 -04002790{
2791 X509 *crt = NULL;
2792 X509_NAME *name;
David Safb76832014-05-08 23:42:08 -04002793 const char find_cn[] = "CN";
2794 const struct chunk find_cn_chunk = {
2795 .str = (char *)&find_cn,
2796 .len = sizeof(find_cn)-1
2797 };
Emeric Brun0abf8362014-06-24 18:26:41 +02002798 int result = -1;
David Safb76832014-05-08 23:42:08 -04002799
2800 if (!ssl_sock_is_ssl(conn))
Emeric Brun0abf8362014-06-24 18:26:41 +02002801 goto out;
David Safb76832014-05-08 23:42:08 -04002802
2803 /* SSL_get_peer_certificate, it increase X509 * ref count */
2804 crt = SSL_get_peer_certificate(conn->xprt_ctx);
2805 if (!crt)
2806 goto out;
2807
2808 name = X509_get_subject_name(crt);
2809 if (!name)
2810 goto out;
David Safb76832014-05-08 23:42:08 -04002811
Emeric Brun0abf8362014-06-24 18:26:41 +02002812 result = ssl_sock_get_dn_entry(name, &find_cn_chunk, 1, dest);
2813out:
David Safb76832014-05-08 23:42:08 -04002814 if (crt)
2815 X509_free(crt);
2816
2817 return result;
2818}
2819
Dave McCowan328fb582014-07-30 10:39:13 -04002820/* returns 1 if client passed a certificate for this session, 0 if not */
2821int ssl_sock_get_cert_used_sess(struct connection *conn)
2822{
2823 X509 *crt = NULL;
2824
2825 if (!ssl_sock_is_ssl(conn))
2826 return 0;
2827
2828 /* SSL_get_peer_certificate, it increase X509 * ref count */
2829 crt = SSL_get_peer_certificate(conn->xprt_ctx);
2830 if (!crt)
2831 return 0;
2832
2833 X509_free(crt);
2834 return 1;
2835}
2836
2837/* returns 1 if client passed a certificate for this connection, 0 if not */
2838int ssl_sock_get_cert_used_conn(struct connection *conn)
David Safb76832014-05-08 23:42:08 -04002839{
2840 if (!ssl_sock_is_ssl(conn))
2841 return 0;
2842
2843 return SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
2844}
2845
2846/* returns result from SSL verify */
2847unsigned int ssl_sock_get_verify_result(struct connection *conn)
2848{
2849 if (!ssl_sock_is_ssl(conn))
2850 return (unsigned int)X509_V_ERR_APPLICATION_VERIFICATION;
2851
2852 return (unsigned int)SSL_get_verify_result(conn->xprt_ctx);
2853}
2854
Willy Tarreau7875d092012-09-10 08:20:03 +02002855/***** Below are some sample fetching functions for ACL/patterns *****/
2856
Emeric Brune64aef12012-09-21 13:15:06 +02002857/* boolean, returns true if client cert was present */
2858static int
Emeric Brun2525b6b2012-10-18 15:59:43 +02002859smp_fetch_ssl_fc_has_crt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02002860 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brune64aef12012-09-21 13:15:06 +02002861{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02002862 struct connection *conn;
2863
2864 if (!l4)
2865 return 0;
2866
2867 conn = objt_conn(l4->si[0].end);
2868 if (!conn || conn->xprt != &ssl_sock)
Emeric Brune64aef12012-09-21 13:15:06 +02002869 return 0;
2870
Willy Tarreaub363a1f2013-10-01 10:45:07 +02002871 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brune64aef12012-09-21 13:15:06 +02002872 smp->flags |= SMP_F_MAY_CHANGE;
2873 return 0;
2874 }
2875
2876 smp->flags = 0;
2877 smp->type = SMP_T_BOOL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02002878 smp->data.uint = SSL_SOCK_ST_FL_VERIFY_DONE & conn->xprt_st ? 1 : 0;
Emeric Brune64aef12012-09-21 13:15:06 +02002879
2880 return 1;
2881}
2882
Emeric Brun43e79582014-10-29 19:03:26 +01002883/* binary, returns a certificate in a binary chunk (der/raw).
2884 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
2885 * should be use.
2886 */
2887static int
2888smp_fetch_ssl_x_der(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
2889 const struct arg *args, struct sample *smp, const char *kw)
2890{
2891 int cert_peer = (kw[4] == 'c') ? 1 : 0;
2892 X509 *crt = NULL;
2893 int ret = 0;
2894 struct chunk *smp_trash;
2895 struct connection *conn;
2896
2897 if (!l4)
2898 return 0;
2899
2900 conn = objt_conn(l4->si[0].end);
2901 if (!conn || conn->xprt != &ssl_sock)
2902 return 0;
2903
2904 if (!(conn->flags & CO_FL_CONNECTED)) {
2905 smp->flags |= SMP_F_MAY_CHANGE;
2906 return 0;
2907 }
2908
2909 if (cert_peer)
2910 crt = SSL_get_peer_certificate(conn->xprt_ctx);
2911 else
2912 crt = SSL_get_certificate(conn->xprt_ctx);
2913
2914 if (!crt)
2915 goto out;
2916
2917 smp_trash = get_trash_chunk();
2918 if (ssl_sock_crt2der(crt, smp_trash) <= 0)
2919 goto out;
2920
2921 smp->data.str = *smp_trash;
2922 smp->type = SMP_T_BIN;
2923 ret = 1;
2924out:
2925 /* SSL_get_peer_certificate, it increase X509 * ref count */
2926 if (cert_peer && crt)
2927 X509_free(crt);
2928 return ret;
2929}
2930
Emeric Brunba841a12014-04-30 17:05:08 +02002931/* binary, returns serial of certificate in a binary chunk.
2932 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
2933 * should be use.
2934 */
Willy Tarreau8d598402012-10-22 17:58:39 +02002935static int
Emeric Brunba841a12014-04-30 17:05:08 +02002936smp_fetch_ssl_x_serial(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02002937 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau8d598402012-10-22 17:58:39 +02002938{
Emeric Brunba841a12014-04-30 17:05:08 +02002939 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02002940 X509 *crt = NULL;
2941 int ret = 0;
2942 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02002943 struct connection *conn;
2944
2945 if (!l4)
2946 return 0;
Willy Tarreau8d598402012-10-22 17:58:39 +02002947
Willy Tarreaub363a1f2013-10-01 10:45:07 +02002948 conn = objt_conn(l4->si[0].end);
2949 if (!conn || conn->xprt != &ssl_sock)
Willy Tarreau8d598402012-10-22 17:58:39 +02002950 return 0;
2951
Willy Tarreaub363a1f2013-10-01 10:45:07 +02002952 if (!(conn->flags & CO_FL_CONNECTED)) {
Willy Tarreau8d598402012-10-22 17:58:39 +02002953 smp->flags |= SMP_F_MAY_CHANGE;
2954 return 0;
2955 }
2956
Emeric Brunba841a12014-04-30 17:05:08 +02002957 if (cert_peer)
2958 crt = SSL_get_peer_certificate(conn->xprt_ctx);
2959 else
2960 crt = SSL_get_certificate(conn->xprt_ctx);
2961
Willy Tarreau8d598402012-10-22 17:58:39 +02002962 if (!crt)
2963 goto out;
2964
Willy Tarreau47ca5452012-12-23 20:22:19 +01002965 smp_trash = get_trash_chunk();
Willy Tarreau8d598402012-10-22 17:58:39 +02002966 if (ssl_sock_get_serial(crt, smp_trash) <= 0)
2967 goto out;
2968
2969 smp->data.str = *smp_trash;
2970 smp->type = SMP_T_BIN;
2971 ret = 1;
2972out:
Emeric Brunba841a12014-04-30 17:05:08 +02002973 /* SSL_get_peer_certificate, it increase X509 * ref count */
2974 if (cert_peer && crt)
Willy Tarreau8d598402012-10-22 17:58:39 +02002975 X509_free(crt);
2976 return ret;
2977}
Emeric Brune64aef12012-09-21 13:15:06 +02002978
Emeric Brunba841a12014-04-30 17:05:08 +02002979/* binary, returns the client certificate's SHA-1 fingerprint (SHA-1 hash of DER-encoded certificate) in a binary chunk.
2980 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
2981 * should be use.
2982 */
James Votha051b4a2013-05-14 20:37:59 +02002983static int
Emeric Brunba841a12014-04-30 17:05:08 +02002984smp_fetch_ssl_x_sha1(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02002985 const struct arg *args, struct sample *smp, const char *kw)
James Votha051b4a2013-05-14 20:37:59 +02002986{
Emeric Brunba841a12014-04-30 17:05:08 +02002987 int cert_peer = (kw[4] == 'c') ? 1 : 0;
James Votha051b4a2013-05-14 20:37:59 +02002988 X509 *crt = NULL;
2989 const EVP_MD *digest;
2990 int ret = 0;
2991 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02002992 struct connection *conn;
James Votha051b4a2013-05-14 20:37:59 +02002993
Willy Tarreaub363a1f2013-10-01 10:45:07 +02002994 if (!l4)
James Votha051b4a2013-05-14 20:37:59 +02002995 return 0;
2996
Willy Tarreaub363a1f2013-10-01 10:45:07 +02002997 conn = objt_conn(l4->si[0].end);
2998 if (!conn || conn->xprt != &ssl_sock)
2999 return 0;
3000
3001 if (!(conn->flags & CO_FL_CONNECTED)) {
James Votha051b4a2013-05-14 20:37:59 +02003002 smp->flags |= SMP_F_MAY_CHANGE;
3003 return 0;
3004 }
3005
Emeric Brunba841a12014-04-30 17:05:08 +02003006 if (cert_peer)
3007 crt = SSL_get_peer_certificate(conn->xprt_ctx);
3008 else
3009 crt = SSL_get_certificate(conn->xprt_ctx);
James Votha051b4a2013-05-14 20:37:59 +02003010 if (!crt)
3011 goto out;
3012
3013 smp_trash = get_trash_chunk();
3014 digest = EVP_sha1();
3015 X509_digest(crt, digest, (unsigned char *)smp_trash->str, (unsigned int *)&smp_trash->len);
3016
3017 smp->data.str = *smp_trash;
3018 smp->type = SMP_T_BIN;
3019 ret = 1;
3020out:
Emeric Brunba841a12014-04-30 17:05:08 +02003021 /* SSL_get_peer_certificate, it increase X509 * ref count */
3022 if (cert_peer && crt)
James Votha051b4a2013-05-14 20:37:59 +02003023 X509_free(crt);
3024 return ret;
3025}
3026
Emeric Brunba841a12014-04-30 17:05:08 +02003027/* string, returns certificate's notafter date in ASN1_UTCTIME format.
3028 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
3029 * should be use.
3030 */
Emeric Brunce5ad802012-10-22 14:11:22 +02003031static int
Emeric Brunba841a12014-04-30 17:05:08 +02003032smp_fetch_ssl_x_notafter(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003033 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brunce5ad802012-10-22 14:11:22 +02003034{
Emeric Brunba841a12014-04-30 17:05:08 +02003035 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02003036 X509 *crt = NULL;
3037 int ret = 0;
3038 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003039 struct connection *conn;
Emeric Brunce5ad802012-10-22 14:11:22 +02003040
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003041 if (!l4)
Emeric Brunce5ad802012-10-22 14:11:22 +02003042 return 0;
3043
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003044 conn = objt_conn(l4->si[0].end);
3045 if (!conn || conn->xprt != &ssl_sock)
3046 return 0;
3047
3048 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02003049 smp->flags |= SMP_F_MAY_CHANGE;
3050 return 0;
3051 }
3052
Emeric Brunba841a12014-04-30 17:05:08 +02003053 if (cert_peer)
3054 crt = SSL_get_peer_certificate(conn->xprt_ctx);
3055 else
3056 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02003057 if (!crt)
3058 goto out;
3059
Willy Tarreau47ca5452012-12-23 20:22:19 +01003060 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02003061 if (ssl_sock_get_time(X509_get_notAfter(crt), smp_trash) <= 0)
3062 goto out;
3063
3064 smp->data.str = *smp_trash;
3065 smp->type = SMP_T_STR;
3066 ret = 1;
3067out:
Emeric Brunba841a12014-04-30 17:05:08 +02003068 /* SSL_get_peer_certificate, it increase X509 * ref count */
3069 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02003070 X509_free(crt);
3071 return ret;
3072}
3073
Emeric Brunba841a12014-04-30 17:05:08 +02003074/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's issuer
3075 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
3076 * should be use.
3077 */
Emeric Brun87855892012-10-17 17:39:35 +02003078static int
Emeric Brunba841a12014-04-30 17:05:08 +02003079smp_fetch_ssl_x_i_dn(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003080 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brun87855892012-10-17 17:39:35 +02003081{
Emeric Brunba841a12014-04-30 17:05:08 +02003082 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02003083 X509 *crt = NULL;
3084 X509_NAME *name;
3085 int ret = 0;
3086 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003087 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02003088
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003089 if (!l4)
Emeric Brun87855892012-10-17 17:39:35 +02003090 return 0;
3091
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003092 conn = objt_conn(l4->si[0].end);
3093 if (!conn || conn->xprt != &ssl_sock)
3094 return 0;
3095
3096 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02003097 smp->flags |= SMP_F_MAY_CHANGE;
3098 return 0;
3099 }
3100
Emeric Brunba841a12014-04-30 17:05:08 +02003101 if (cert_peer)
3102 crt = SSL_get_peer_certificate(conn->xprt_ctx);
3103 else
3104 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02003105 if (!crt)
3106 goto out;
3107
3108 name = X509_get_issuer_name(crt);
3109 if (!name)
3110 goto out;
3111
Willy Tarreau47ca5452012-12-23 20:22:19 +01003112 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02003113 if (args && args[0].type == ARGT_STR) {
3114 int pos = 1;
3115
3116 if (args[1].type == ARGT_SINT)
3117 pos = args[1].data.sint;
3118 else if (args[1].type == ARGT_UINT)
3119 pos =(int)args[1].data.uint;
3120
3121 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
3122 goto out;
3123 }
3124 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
3125 goto out;
3126
3127 smp->type = SMP_T_STR;
3128 smp->data.str = *smp_trash;
3129 ret = 1;
3130out:
Emeric Brunba841a12014-04-30 17:05:08 +02003131 /* SSL_get_peer_certificate, it increase X509 * ref count */
3132 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02003133 X509_free(crt);
3134 return ret;
3135}
3136
Emeric Brunba841a12014-04-30 17:05:08 +02003137/* string, returns notbefore date in ASN1_UTCTIME format.
3138 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
3139 * should be use.
3140 */
Emeric Brunce5ad802012-10-22 14:11:22 +02003141static int
Emeric Brunba841a12014-04-30 17:05:08 +02003142smp_fetch_ssl_x_notbefore(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003143 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brunce5ad802012-10-22 14:11:22 +02003144{
Emeric Brunba841a12014-04-30 17:05:08 +02003145 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02003146 X509 *crt = NULL;
3147 int ret = 0;
3148 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003149 struct connection *conn;
3150
3151 if (!l4)
3152 return 0;
Emeric Brunce5ad802012-10-22 14:11:22 +02003153
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003154 conn = objt_conn(l4->si[0].end);
3155 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunce5ad802012-10-22 14:11:22 +02003156 return 0;
3157
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003158 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunce5ad802012-10-22 14:11:22 +02003159 smp->flags |= SMP_F_MAY_CHANGE;
3160 return 0;
3161 }
3162
Emeric Brunba841a12014-04-30 17:05:08 +02003163 if (cert_peer)
3164 crt = SSL_get_peer_certificate(conn->xprt_ctx);
3165 else
3166 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brunce5ad802012-10-22 14:11:22 +02003167 if (!crt)
3168 goto out;
3169
Willy Tarreau47ca5452012-12-23 20:22:19 +01003170 smp_trash = get_trash_chunk();
Emeric Brunce5ad802012-10-22 14:11:22 +02003171 if (ssl_sock_get_time(X509_get_notBefore(crt), smp_trash) <= 0)
3172 goto out;
3173
3174 smp->data.str = *smp_trash;
3175 smp->type = SMP_T_STR;
3176 ret = 1;
3177out:
Emeric Brunba841a12014-04-30 17:05:08 +02003178 /* SSL_get_peer_certificate, it increase X509 * ref count */
3179 if (cert_peer && crt)
Emeric Brunce5ad802012-10-22 14:11:22 +02003180 X509_free(crt);
3181 return ret;
3182}
3183
Emeric Brunba841a12014-04-30 17:05:08 +02003184/* string, returns a string of a formatted full dn \C=..\O=..\OU=.. \CN=.. of certificate's subject
3185 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
3186 * should be use.
3187 */
Emeric Brun87855892012-10-17 17:39:35 +02003188static int
Emeric Brunba841a12014-04-30 17:05:08 +02003189smp_fetch_ssl_x_s_dn(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003190 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brun87855892012-10-17 17:39:35 +02003191{
Emeric Brunba841a12014-04-30 17:05:08 +02003192 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun87855892012-10-17 17:39:35 +02003193 X509 *crt = NULL;
3194 X509_NAME *name;
3195 int ret = 0;
3196 struct chunk *smp_trash;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003197 struct connection *conn;
Emeric Brun87855892012-10-17 17:39:35 +02003198
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003199 if (!l4)
Emeric Brun87855892012-10-17 17:39:35 +02003200 return 0;
3201
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003202 conn = objt_conn(l4->si[0].end);
3203 if (!conn || conn->xprt != &ssl_sock)
3204 return 0;
3205
3206 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun87855892012-10-17 17:39:35 +02003207 smp->flags |= SMP_F_MAY_CHANGE;
3208 return 0;
3209 }
3210
Emeric Brunba841a12014-04-30 17:05:08 +02003211 if (cert_peer)
3212 crt = SSL_get_peer_certificate(conn->xprt_ctx);
3213 else
3214 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun87855892012-10-17 17:39:35 +02003215 if (!crt)
3216 goto out;
3217
3218 name = X509_get_subject_name(crt);
3219 if (!name)
3220 goto out;
3221
Willy Tarreau47ca5452012-12-23 20:22:19 +01003222 smp_trash = get_trash_chunk();
Emeric Brun87855892012-10-17 17:39:35 +02003223 if (args && args[0].type == ARGT_STR) {
3224 int pos = 1;
3225
3226 if (args[1].type == ARGT_SINT)
3227 pos = args[1].data.sint;
3228 else if (args[1].type == ARGT_UINT)
3229 pos =(int)args[1].data.uint;
3230
3231 if (ssl_sock_get_dn_entry(name, &args[0].data.str, pos, smp_trash) <= 0)
3232 goto out;
3233 }
3234 else if (ssl_sock_get_dn_oneline(name, smp_trash) <= 0)
3235 goto out;
3236
3237 smp->type = SMP_T_STR;
3238 smp->data.str = *smp_trash;
3239 ret = 1;
3240out:
Emeric Brunba841a12014-04-30 17:05:08 +02003241 /* SSL_get_peer_certificate, it increase X509 * ref count */
3242 if (cert_peer && crt)
Emeric Brun87855892012-10-17 17:39:35 +02003243 X509_free(crt);
3244 return ret;
3245}
Emeric Brun9143d372012-12-20 15:44:16 +01003246
3247/* integer, returns true if current session use a client certificate */
3248static int
3249smp_fetch_ssl_c_used(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003250 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brun9143d372012-12-20 15:44:16 +01003251{
3252 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003253 struct connection *conn;
Emeric Brun9143d372012-12-20 15:44:16 +01003254
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003255 if (!l4)
Emeric Brun9143d372012-12-20 15:44:16 +01003256 return 0;
3257
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003258 conn = objt_conn(l4->si[0].end);
3259 if (!conn || conn->xprt != &ssl_sock)
3260 return 0;
3261
3262 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun9143d372012-12-20 15:44:16 +01003263 smp->flags |= SMP_F_MAY_CHANGE;
3264 return 0;
3265 }
3266
3267 /* SSL_get_peer_certificate returns a ptr on allocated X509 struct */
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003268 crt = SSL_get_peer_certificate(conn->xprt_ctx);
Emeric Brun9143d372012-12-20 15:44:16 +01003269 if (crt) {
3270 X509_free(crt);
3271 }
3272
3273 smp->type = SMP_T_BOOL;
3274 smp->data.uint = (crt != NULL);
3275 return 1;
3276}
3277
Emeric Brunba841a12014-04-30 17:05:08 +02003278/* integer, returns the certificate version
3279 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
3280 * should be use.
3281 */
Emeric Bruna7359fd2012-10-17 15:03:11 +02003282static int
Emeric Brunba841a12014-04-30 17:05:08 +02003283smp_fetch_ssl_x_version(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003284 const struct arg *args, struct sample *smp, const char *kw)
Emeric Bruna7359fd2012-10-17 15:03:11 +02003285{
Emeric Brunba841a12014-04-30 17:05:08 +02003286 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02003287 X509 *crt;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003288 struct connection *conn;
3289
3290 if (!l4)
3291 return 0;
Emeric Bruna7359fd2012-10-17 15:03:11 +02003292
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003293 conn = objt_conn(l4->si[0].end);
3294 if (!conn || conn->xprt != &ssl_sock)
Emeric Bruna7359fd2012-10-17 15:03:11 +02003295 return 0;
3296
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003297 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Bruna7359fd2012-10-17 15:03:11 +02003298 smp->flags |= SMP_F_MAY_CHANGE;
3299 return 0;
3300 }
3301
Emeric Brunba841a12014-04-30 17:05:08 +02003302 if (cert_peer)
3303 crt = SSL_get_peer_certificate(conn->xprt_ctx);
3304 else
3305 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Bruna7359fd2012-10-17 15:03:11 +02003306 if (!crt)
3307 return 0;
3308
3309 smp->data.uint = (unsigned int)(1 + X509_get_version(crt));
Emeric Brunba841a12014-04-30 17:05:08 +02003310 /* SSL_get_peer_certificate increase X509 * ref count */
3311 if (cert_peer)
3312 X509_free(crt);
Emeric Bruna7359fd2012-10-17 15:03:11 +02003313 smp->type = SMP_T_UINT;
3314
3315 return 1;
3316}
3317
Emeric Brunba841a12014-04-30 17:05:08 +02003318/* string, returns the certificate's signature algorithm.
3319 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
3320 * should be use.
3321 */
Emeric Brun7f56e742012-10-19 18:15:40 +02003322static int
Emeric Brunba841a12014-04-30 17:05:08 +02003323smp_fetch_ssl_x_sig_alg(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003324 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brun7f56e742012-10-19 18:15:40 +02003325{
Emeric Brunba841a12014-04-30 17:05:08 +02003326 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun7f56e742012-10-19 18:15:40 +02003327 X509 *crt;
3328 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003329 struct connection *conn;
Emeric Brun7f56e742012-10-19 18:15:40 +02003330
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003331 if (!l4)
Emeric Brun7f56e742012-10-19 18:15:40 +02003332 return 0;
3333
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003334 conn = objt_conn(l4->si[0].end);
3335 if (!conn || conn->xprt != &ssl_sock)
3336 return 0;
3337
3338 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun7f56e742012-10-19 18:15:40 +02003339 smp->flags |= SMP_F_MAY_CHANGE;
3340 return 0;
3341 }
3342
Emeric Brunba841a12014-04-30 17:05:08 +02003343 if (cert_peer)
3344 crt = SSL_get_peer_certificate(conn->xprt_ctx);
3345 else
3346 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun7f56e742012-10-19 18:15:40 +02003347 if (!crt)
3348 return 0;
3349
3350 nid = OBJ_obj2nid((ASN1_OBJECT *)(crt->cert_info->signature->algorithm));
3351
3352 smp->data.str.str = (char *)OBJ_nid2sn(nid);
Emeric Brun9bf3ba22013-10-07 14:31:44 +02003353 if (!smp->data.str.str) {
Emeric Brunba841a12014-04-30 17:05:08 +02003354 /* SSL_get_peer_certificate increase X509 * ref count */
3355 if (cert_peer)
3356 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02003357 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02003358 }
Emeric Brun7f56e742012-10-19 18:15:40 +02003359
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01003360 smp->type = SMP_T_STR;
3361 smp->flags |= SMP_F_CONST;
Emeric Brun7f56e742012-10-19 18:15:40 +02003362 smp->data.str.len = strlen(smp->data.str.str);
Emeric Brunba841a12014-04-30 17:05:08 +02003363 /* SSL_get_peer_certificate increase X509 * ref count */
3364 if (cert_peer)
3365 X509_free(crt);
Emeric Brun7f56e742012-10-19 18:15:40 +02003366
3367 return 1;
3368}
3369
Emeric Brunba841a12014-04-30 17:05:08 +02003370/* string, returns the certificate's key algorithm.
3371 * The 5th keyword char is used to know if SSL_get_certificate or SSL_get_peer_certificate
3372 * should be use.
3373 */
Emeric Brun521a0112012-10-22 12:22:55 +02003374static int
Emeric Brunba841a12014-04-30 17:05:08 +02003375smp_fetch_ssl_x_key_alg(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003376 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brun521a0112012-10-22 12:22:55 +02003377{
Emeric Brunba841a12014-04-30 17:05:08 +02003378 int cert_peer = (kw[4] == 'c') ? 1 : 0;
Emeric Brun521a0112012-10-22 12:22:55 +02003379 X509 *crt;
3380 int nid;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003381 struct connection *conn;
Emeric Brun521a0112012-10-22 12:22:55 +02003382
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003383 if (!l4)
Emeric Brun521a0112012-10-22 12:22:55 +02003384 return 0;
3385
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003386 conn = objt_conn(l4->si[0].end);
3387 if (!conn || conn->xprt != &ssl_sock)
3388 return 0;
3389
3390 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brun521a0112012-10-22 12:22:55 +02003391 smp->flags |= SMP_F_MAY_CHANGE;
3392 return 0;
3393 }
3394
Emeric Brunba841a12014-04-30 17:05:08 +02003395 if (cert_peer)
3396 crt = SSL_get_peer_certificate(conn->xprt_ctx);
3397 else
3398 crt = SSL_get_certificate(conn->xprt_ctx);
Emeric Brun521a0112012-10-22 12:22:55 +02003399 if (!crt)
3400 return 0;
3401
3402 nid = OBJ_obj2nid((ASN1_OBJECT *)(crt->cert_info->key->algor->algorithm));
3403
3404 smp->data.str.str = (char *)OBJ_nid2sn(nid);
Emeric Brun9bf3ba22013-10-07 14:31:44 +02003405 if (!smp->data.str.str) {
Emeric Brunba841a12014-04-30 17:05:08 +02003406 /* SSL_get_peer_certificate increase X509 * ref count */
3407 if (cert_peer)
3408 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02003409 return 0;
Emeric Brun9bf3ba22013-10-07 14:31:44 +02003410 }
Emeric Brun521a0112012-10-22 12:22:55 +02003411
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01003412 smp->type = SMP_T_STR;
3413 smp->flags |= SMP_F_CONST;
Emeric Brun521a0112012-10-22 12:22:55 +02003414 smp->data.str.len = strlen(smp->data.str.str);
Emeric Brunba841a12014-04-30 17:05:08 +02003415 if (cert_peer)
3416 X509_free(crt);
Emeric Brun521a0112012-10-22 12:22:55 +02003417
3418 return 1;
3419}
3420
Emeric Brun645ae792014-04-30 14:21:06 +02003421/* boolean, returns true if front conn. transport layer is SSL.
3422 * This function is also usable on backend conn if the fetch keyword 5th
3423 * char is 'b'.
3424 */
Willy Tarreau7875d092012-09-10 08:20:03 +02003425static int
Emeric Brun2525b6b2012-10-18 15:59:43 +02003426smp_fetch_ssl_fc(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003427 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau7875d092012-09-10 08:20:03 +02003428{
Emeric Brun645ae792014-04-30 14:21:06 +02003429 int back_conn = (kw[4] == 'b') ? 1 : 0;
3430 struct connection *conn = objt_conn(l4->si[back_conn].end);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003431
Willy Tarreau7875d092012-09-10 08:20:03 +02003432 smp->type = SMP_T_BOOL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003433 smp->data.uint = (conn && conn->xprt == &ssl_sock);
Willy Tarreau7875d092012-09-10 08:20:03 +02003434 return 1;
3435}
3436
Emeric Brun2525b6b2012-10-18 15:59:43 +02003437/* boolean, returns true if client present a SNI */
Willy Tarreau7875d092012-09-10 08:20:03 +02003438static int
Emeric Brun2525b6b2012-10-18 15:59:43 +02003439smp_fetch_ssl_fc_has_sni(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003440 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau7875d092012-09-10 08:20:03 +02003441{
3442#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003443 struct connection *conn = objt_conn(l4->si[0].end);
3444
Willy Tarreau7875d092012-09-10 08:20:03 +02003445 smp->type = SMP_T_BOOL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003446 smp->data.uint = (conn && conn->xprt == &ssl_sock) &&
3447 conn->xprt_ctx &&
3448 SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name) != NULL;
Willy Tarreau7875d092012-09-10 08:20:03 +02003449 return 1;
3450#else
3451 return 0;
3452#endif
3453}
3454
Emeric Brun645ae792014-04-30 14:21:06 +02003455/* string, returns the used cipher if front conn. transport layer is SSL.
3456 * This function is also usable on backend conn if the fetch keyword 5th
3457 * char is 'b'.
3458 */
Emeric Brun589fcad2012-10-16 14:13:26 +02003459static int
3460smp_fetch_ssl_fc_cipher(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003461 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brun589fcad2012-10-16 14:13:26 +02003462{
Emeric Brun645ae792014-04-30 14:21:06 +02003463 int back_conn = (kw[4] == 'b') ? 1 : 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003464 struct connection *conn;
3465
Emeric Brun589fcad2012-10-16 14:13:26 +02003466 smp->flags = 0;
3467
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003468 if (!l4)
3469 return 0;
3470
Emeric Brun645ae792014-04-30 14:21:06 +02003471 conn = objt_conn(l4->si[back_conn].end);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003472 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02003473 return 0;
3474
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003475 smp->data.str.str = (char *)SSL_get_cipher_name(conn->xprt_ctx);
Emeric Brun589fcad2012-10-16 14:13:26 +02003476 if (!smp->data.str.str)
3477 return 0;
3478
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01003479 smp->type = SMP_T_STR;
3480 smp->flags |= SMP_F_CONST;
Emeric Brun589fcad2012-10-16 14:13:26 +02003481 smp->data.str.len = strlen(smp->data.str.str);
3482
3483 return 1;
3484}
3485
Emeric Brun645ae792014-04-30 14:21:06 +02003486/* integer, returns the algoritm's keysize if front conn. transport layer
3487 * is SSL.
3488 * This function is also usable on backend conn if the fetch keyword 5th
3489 * char is 'b'.
3490 */
Emeric Brun589fcad2012-10-16 14:13:26 +02003491static int
3492smp_fetch_ssl_fc_alg_keysize(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003493 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brun589fcad2012-10-16 14:13:26 +02003494{
Emeric Brun645ae792014-04-30 14:21:06 +02003495 int back_conn = (kw[4] == 'b') ? 1 : 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003496 struct connection *conn;
3497
Emeric Brun589fcad2012-10-16 14:13:26 +02003498 smp->flags = 0;
3499
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003500 if (!l4)
Emeric Brun589fcad2012-10-16 14:13:26 +02003501 return 0;
3502
Emeric Brun645ae792014-04-30 14:21:06 +02003503 conn = objt_conn(l4->si[back_conn].end);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003504 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Emeric Brun589fcad2012-10-16 14:13:26 +02003505 return 0;
3506
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003507 if (!SSL_get_cipher_bits(conn->xprt_ctx, (int *)&smp->data.uint))
3508 return 0;
3509
Emeric Brun589fcad2012-10-16 14:13:26 +02003510 smp->type = SMP_T_UINT;
3511
3512 return 1;
3513}
3514
Emeric Brun645ae792014-04-30 14:21:06 +02003515/* integer, returns the used keysize if front conn. transport layer is SSL.
3516 * This function is also usable on backend conn if the fetch keyword 5th
3517 * char is 'b'.
3518 */
Emeric Brun589fcad2012-10-16 14:13:26 +02003519static int
3520smp_fetch_ssl_fc_use_keysize(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003521 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brun589fcad2012-10-16 14:13:26 +02003522{
Emeric Brun645ae792014-04-30 14:21:06 +02003523 int back_conn = (kw[4] == 'b') ? 1 : 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003524 struct connection *conn;
3525
Emeric Brun589fcad2012-10-16 14:13:26 +02003526 smp->flags = 0;
3527
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003528 if (!l4)
Emeric Brun589fcad2012-10-16 14:13:26 +02003529 return 0;
3530
Emeric Brun645ae792014-04-30 14:21:06 +02003531 conn = objt_conn(l4->si[back_conn].end);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003532 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
3533 return 0;
3534
3535 smp->data.uint = (unsigned int)SSL_get_cipher_bits(conn->xprt_ctx, NULL);
Emeric Brun589fcad2012-10-16 14:13:26 +02003536 if (!smp->data.uint)
3537 return 0;
3538
3539 smp->type = SMP_T_UINT;
3540
3541 return 1;
3542}
3543
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02003544#ifdef OPENSSL_NPN_NEGOTIATED
Willy Tarreau7875d092012-09-10 08:20:03 +02003545static int
Emeric Brun2525b6b2012-10-18 15:59:43 +02003546smp_fetch_ssl_fc_npn(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003547 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreaua33c6542012-10-15 13:19:06 +02003548{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003549 struct connection *conn;
3550
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01003551 smp->flags = SMP_F_CONST;
3552 smp->type = SMP_T_STR;
Willy Tarreaua33c6542012-10-15 13:19:06 +02003553
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003554 if (!l4)
Willy Tarreaua33c6542012-10-15 13:19:06 +02003555 return 0;
3556
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003557 conn = objt_conn(l4->si[0].end);
3558 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
3559 return 0;
3560
Willy Tarreaua33c6542012-10-15 13:19:06 +02003561 smp->data.str.str = NULL;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003562 SSL_get0_next_proto_negotiated(conn->xprt_ctx,
Willy Tarreaua33c6542012-10-15 13:19:06 +02003563 (const unsigned char **)&smp->data.str.str, (unsigned *)&smp->data.str.len);
3564
3565 if (!smp->data.str.str)
3566 return 0;
3567
3568 return 1;
Willy Tarreaua33c6542012-10-15 13:19:06 +02003569}
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02003570#endif
Willy Tarreaua33c6542012-10-15 13:19:06 +02003571
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01003572#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02003573static int
3574smp_fetch_ssl_fc_alpn(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003575 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreauab861d32013-04-02 02:30:41 +02003576{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003577 struct connection *conn;
3578
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01003579 smp->flags = SMP_F_CONST;
3580 smp->type = SMP_T_STR;
Willy Tarreauab861d32013-04-02 02:30:41 +02003581
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003582 if (!l4)
3583 return 0;
3584
3585 conn = objt_conn(l4->si[0].end);
3586 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
Willy Tarreauab861d32013-04-02 02:30:41 +02003587 return 0;
3588
3589 smp->data.str.str = NULL;
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01003590 SSL_get0_alpn_selected(conn->xprt_ctx,
Willy Tarreauab861d32013-04-02 02:30:41 +02003591 (const unsigned char **)&smp->data.str.str, (unsigned *)&smp->data.str.len);
3592
3593 if (!smp->data.str.str)
3594 return 0;
3595
3596 return 1;
3597}
3598#endif
3599
Emeric Brun645ae792014-04-30 14:21:06 +02003600/* string, returns the used protocol if front conn. transport layer is SSL.
3601 * This function is also usable on backend conn if the fetch keyword 5th
3602 * char is 'b'.
3603 */
Willy Tarreaua33c6542012-10-15 13:19:06 +02003604static int
Emeric Brun589fcad2012-10-16 14:13:26 +02003605smp_fetch_ssl_fc_protocol(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003606 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brun589fcad2012-10-16 14:13:26 +02003607{
Emeric Brun645ae792014-04-30 14:21:06 +02003608 int back_conn = (kw[4] == 'b') ? 1 : 0;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003609 struct connection *conn;
3610
Emeric Brun589fcad2012-10-16 14:13:26 +02003611 smp->flags = 0;
3612
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003613 if (!l4)
Emeric Brun589fcad2012-10-16 14:13:26 +02003614 return 0;
3615
Emeric Brun645ae792014-04-30 14:21:06 +02003616 conn = objt_conn(l4->si[back_conn].end);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003617 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
3618 return 0;
3619
3620 smp->data.str.str = (char *)SSL_get_version(conn->xprt_ctx);
Emeric Brun589fcad2012-10-16 14:13:26 +02003621 if (!smp->data.str.str)
3622 return 0;
3623
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01003624 smp->type = SMP_T_STR;
3625 smp->flags = SMP_F_CONST;
Emeric Brun589fcad2012-10-16 14:13:26 +02003626 smp->data.str.len = strlen(smp->data.str.str);
3627
3628 return 1;
3629}
3630
Emeric Brun645ae792014-04-30 14:21:06 +02003631/* binary, returns the SSL session id if front conn. transport layer is SSL.
3632 * This function is also usable on backend conn if the fetch keyword 5th
3633 * char is 'b'.
3634 */
Emeric Brun589fcad2012-10-16 14:13:26 +02003635static int
Emeric Brunfe68f682012-10-16 14:59:28 +02003636smp_fetch_ssl_fc_session_id(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003637 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brunfe68f682012-10-16 14:59:28 +02003638{
3639#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02003640 int back_conn = (kw[4] == 'b') ? 1 : 0;
Emeric Brunfe68f682012-10-16 14:59:28 +02003641 SSL_SESSION *sess;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003642 struct connection *conn;
Emeric Brunfe68f682012-10-16 14:59:28 +02003643
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01003644 smp->flags = SMP_F_CONST;
3645 smp->type = SMP_T_BIN;
Emeric Brunfe68f682012-10-16 14:59:28 +02003646
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003647 if (!l4)
Emeric Brunfe68f682012-10-16 14:59:28 +02003648 return 0;
3649
Emeric Brun645ae792014-04-30 14:21:06 +02003650 conn = objt_conn(l4->si[back_conn].end);
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003651 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
3652 return 0;
3653
3654 sess = SSL_get_session(conn->xprt_ctx);
Emeric Brunfe68f682012-10-16 14:59:28 +02003655 if (!sess)
3656 return 0;
3657
3658 smp->data.str.str = (char *)SSL_SESSION_get_id(sess, (unsigned int *)&smp->data.str.len);
3659 if (!smp->data.str.str || !&smp->data.str.len)
3660 return 0;
3661
3662 return 1;
3663#else
3664 return 0;
3665#endif
3666}
3667
3668static int
Emeric Brun2525b6b2012-10-18 15:59:43 +02003669smp_fetch_ssl_fc_sni(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003670 const struct arg *args, struct sample *smp, const char *kw)
Willy Tarreau7875d092012-09-10 08:20:03 +02003671{
3672#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003673 struct connection *conn;
3674
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01003675 smp->flags = SMP_F_CONST;
3676 smp->type = SMP_T_STR;
Willy Tarreau7875d092012-09-10 08:20:03 +02003677
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003678 if (!l4)
Willy Tarreau7875d092012-09-10 08:20:03 +02003679 return 0;
3680
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003681 conn = objt_conn(l4->si[0].end);
3682 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
3683 return 0;
3684
3685 smp->data.str.str = (char *)SSL_get_servername(conn->xprt_ctx, TLSEXT_NAMETYPE_host_name);
Willy Tarreau3e394c92012-09-14 23:56:58 +02003686 if (!smp->data.str.str)
3687 return 0;
3688
Willy Tarreau7875d092012-09-10 08:20:03 +02003689 smp->data.str.len = strlen(smp->data.str.str);
3690 return 1;
3691#else
3692 return 0;
3693#endif
3694}
3695
David Sc1ad52e2014-04-08 18:48:47 -04003696static int
3697smp_fetch_ssl_fc_unique_id(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
3698 const struct arg *args, struct sample *smp, const char *kw)
3699{
3700#if OPENSSL_VERSION_NUMBER > 0x0090800fL
Emeric Brun645ae792014-04-30 14:21:06 +02003701 int back_conn = (kw[4] == 'b') ? 1 : 0;
David Sc1ad52e2014-04-08 18:48:47 -04003702 struct connection *conn;
3703 int finished_len;
David Sc1ad52e2014-04-08 18:48:47 -04003704 struct chunk *finished_trash;
David Sc1ad52e2014-04-08 18:48:47 -04003705
3706 smp->flags = 0;
3707
3708 if (!l4)
3709 return 0;
3710
Emeric Brun645ae792014-04-30 14:21:06 +02003711 conn = objt_conn(l4->si[back_conn].end);
David Sc1ad52e2014-04-08 18:48:47 -04003712 if (!conn || !conn->xprt_ctx || conn->xprt != &ssl_sock)
3713 return 0;
3714
3715 if (!(conn->flags & CO_FL_CONNECTED)) {
3716 smp->flags |= SMP_F_MAY_CHANGE;
3717 return 0;
3718 }
3719
3720 finished_trash = get_trash_chunk();
3721 if (!SSL_session_reused(conn->xprt_ctx))
3722 finished_len = SSL_get_peer_finished(conn->xprt_ctx, finished_trash->str, finished_trash->size);
3723 else
3724 finished_len = SSL_get_finished(conn->xprt_ctx, finished_trash->str, finished_trash->size);
3725
3726 if (!finished_len)
3727 return 0;
3728
Emeric Brunb73a9b02014-04-30 18:49:19 +02003729 finished_trash->len = finished_len;
3730 smp->data.str = *finished_trash;
3731 smp->type = SMP_T_BIN;
David Sc1ad52e2014-04-08 18:48:47 -04003732
3733 return 1;
3734#else
3735 return 0;
3736#endif
3737}
3738
Emeric Brun2525b6b2012-10-18 15:59:43 +02003739/* integer, returns the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02003740static int
Emeric Brun2525b6b2012-10-18 15:59:43 +02003741smp_fetch_ssl_c_ca_err(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003742 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brunf282a812012-09-21 15:27:54 +02003743{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003744 struct connection *conn;
3745
3746 if (!l4)
Emeric Brunf282a812012-09-21 15:27:54 +02003747 return 0;
3748
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003749 conn = objt_conn(l4->si[0].end);
3750 if (!conn || conn->xprt != &ssl_sock)
3751 return 0;
3752
3753 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02003754 smp->flags = SMP_F_MAY_CHANGE;
3755 return 0;
3756 }
3757
3758 smp->type = SMP_T_UINT;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003759 smp->data.uint = (unsigned int)SSL_SOCK_ST_TO_CA_ERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02003760 smp->flags = 0;
3761
3762 return 1;
3763}
3764
Emeric Brun2525b6b2012-10-18 15:59:43 +02003765/* integer, returns the depth of the first verify error in CA chain of client certificate chain. */
Emeric Brunf282a812012-09-21 15:27:54 +02003766static int
Emeric Brun2525b6b2012-10-18 15:59:43 +02003767smp_fetch_ssl_c_ca_err_depth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003768 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brunf282a812012-09-21 15:27:54 +02003769{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003770 struct connection *conn;
3771
3772 if (!l4)
3773 return 0;
3774
3775 conn = objt_conn(l4->si[0].end);
3776 if (!conn || conn->xprt != &ssl_sock)
Emeric Brunf282a812012-09-21 15:27:54 +02003777 return 0;
3778
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003779 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02003780 smp->flags = SMP_F_MAY_CHANGE;
3781 return 0;
3782 }
3783
3784 smp->type = SMP_T_UINT;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003785 smp->data.uint = (unsigned int)SSL_SOCK_ST_TO_CAEDEPTH(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02003786 smp->flags = 0;
3787
3788 return 1;
3789}
3790
Emeric Brun2525b6b2012-10-18 15:59:43 +02003791/* integer, returns the first verify error on client certificate */
Emeric Brunf282a812012-09-21 15:27:54 +02003792static int
Emeric Brun2525b6b2012-10-18 15:59:43 +02003793smp_fetch_ssl_c_err(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003794 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brunf282a812012-09-21 15:27:54 +02003795{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003796 struct connection *conn;
3797
3798 if (!l4)
Emeric Brunf282a812012-09-21 15:27:54 +02003799 return 0;
3800
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003801 conn = objt_conn(l4->si[0].end);
3802 if (!conn || conn->xprt != &ssl_sock)
3803 return 0;
3804
3805 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunf282a812012-09-21 15:27:54 +02003806 smp->flags = SMP_F_MAY_CHANGE;
3807 return 0;
3808 }
3809
3810 smp->type = SMP_T_UINT;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003811 smp->data.uint = (unsigned int)SSL_SOCK_ST_TO_CRTERROR(conn->xprt_st);
Emeric Brunf282a812012-09-21 15:27:54 +02003812 smp->flags = 0;
3813
3814 return 1;
3815}
3816
Emeric Brun2525b6b2012-10-18 15:59:43 +02003817/* integer, returns the verify result on client cert */
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02003818static int
Emeric Brun2525b6b2012-10-18 15:59:43 +02003819smp_fetch_ssl_c_verify(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
Willy Tarreauef38c392013-07-22 16:29:32 +02003820 const struct arg *args, struct sample *smp, const char *kw)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02003821{
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003822 struct connection *conn;
3823
3824 if (!l4)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02003825 return 0;
3826
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003827 conn = objt_conn(l4->si[0].end);
3828 if (!conn || conn->xprt != &ssl_sock)
3829 return 0;
3830
3831 if (!(conn->flags & CO_FL_CONNECTED)) {
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02003832 smp->flags = SMP_F_MAY_CHANGE;
3833 return 0;
3834 }
3835
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003836 if (!conn->xprt_ctx)
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02003837 return 0;
3838
3839 smp->type = SMP_T_UINT;
Willy Tarreaub363a1f2013-10-01 10:45:07 +02003840 smp->data.uint = (unsigned int)SSL_get_verify_result(conn->xprt_ctx);
Emeric Brunbaf8ffb2012-09-21 15:27:20 +02003841 smp->flags = 0;
3842
3843 return 1;
3844}
3845
Emeric Brunfb510ea2012-10-05 12:00:26 +02003846/* parse the "ca-file" bind keyword */
3847static int bind_parse_ca_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02003848{
3849 if (!*args[cur_arg + 1]) {
3850 if (err)
3851 memprintf(err, "'%s' : missing CAfile path", args[cur_arg]);
3852 return ERR_ALERT | ERR_FATAL;
3853 }
3854
Emeric Brunef42d922012-10-11 16:11:36 +02003855 if ((*args[cur_arg + 1] != '/') && global.ca_base)
3856 memprintf(&conf->ca_file, "%s/%s", global.ca_base, args[cur_arg + 1]);
3857 else
3858 memprintf(&conf->ca_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02003859
Emeric Brund94b3fe2012-09-20 18:23:56 +02003860 return 0;
3861}
3862
Willy Tarreau79eeafa2012-09-14 07:53:05 +02003863/* parse the "ciphers" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02003864static int bind_parse_ciphers(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02003865{
3866 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003867 memprintf(err, "'%s' : missing cipher suite", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02003868 return ERR_ALERT | ERR_FATAL;
3869 }
3870
Emeric Brun76d88952012-10-05 15:47:31 +02003871 free(conf->ciphers);
Willy Tarreau4348fad2012-09-20 16:48:07 +02003872 conf->ciphers = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02003873 return 0;
3874}
3875
3876/* parse the "crt" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02003877static int bind_parse_crt(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02003878{
Willy Tarreau38011032013-08-13 16:59:39 +02003879 char path[MAXPATHLEN];
Willy Tarreaub75d6922014-04-14 18:05:41 +02003880
Willy Tarreau79eeafa2012-09-14 07:53:05 +02003881 if (!*args[cur_arg + 1]) {
Willy Tarreaueb6cead2012-09-20 19:43:14 +02003882 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02003883 return ERR_ALERT | ERR_FATAL;
3884 }
3885
Emeric Brunc8e8d122012-10-02 18:42:10 +02003886 if ((*args[cur_arg + 1] != '/' ) && global.crt_base) {
Willy Tarreau38011032013-08-13 16:59:39 +02003887 if ((strlen(global.crt_base) + 1 + strlen(args[cur_arg + 1]) + 1) > MAXPATHLEN) {
Emeric Brunc8e8d122012-10-02 18:42:10 +02003888 memprintf(err, "'%s' : path too long", args[cur_arg]);
3889 return ERR_ALERT | ERR_FATAL;
3890 }
Willy Tarreaub75d6922014-04-14 18:05:41 +02003891 snprintf(path, sizeof(path), "%s/%s", global.crt_base, args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02003892 if (ssl_sock_load_cert(path, conf, px, err) > 0)
3893 return ERR_ALERT | ERR_FATAL;
3894
3895 return 0;
3896 }
3897
Willy Tarreau4348fad2012-09-20 16:48:07 +02003898 if (ssl_sock_load_cert(args[cur_arg + 1], conf, px, err) > 0)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02003899 return ERR_ALERT | ERR_FATAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02003900
3901 return 0;
3902}
3903
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003904/* parse the "crt-list" bind keyword */
3905static int bind_parse_crt_list(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
3906{
3907 if (!*args[cur_arg + 1]) {
3908 memprintf(err, "'%s' : missing certificate location", args[cur_arg]);
3909 return ERR_ALERT | ERR_FATAL;
3910 }
3911
Willy Tarreauad1731d2013-04-02 17:35:58 +02003912 if (ssl_sock_load_cert_list_file(args[cur_arg + 1], conf, px, err) > 0) {
3913 memprintf(err, "'%s' : %s", args[cur_arg], *err);
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003914 return ERR_ALERT | ERR_FATAL;
Willy Tarreauad1731d2013-04-02 17:35:58 +02003915 }
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01003916
3917 return 0;
3918}
3919
Emeric Brunfb510ea2012-10-05 12:00:26 +02003920/* parse the "crl-file" bind keyword */
3921static int bind_parse_crl_file(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brund94b3fe2012-09-20 18:23:56 +02003922{
Emeric Brun051cdab2012-10-02 19:25:50 +02003923#ifndef X509_V_FLAG_CRL_CHECK
3924 if (err)
3925 memprintf(err, "'%s' : library does not support CRL verify", args[cur_arg]);
3926 return ERR_ALERT | ERR_FATAL;
3927#else
Emeric Brund94b3fe2012-09-20 18:23:56 +02003928 if (!*args[cur_arg + 1]) {
3929 if (err)
3930 memprintf(err, "'%s' : missing CRLfile path", args[cur_arg]);
3931 return ERR_ALERT | ERR_FATAL;
3932 }
Emeric Brun2b58d042012-09-20 17:10:03 +02003933
Emeric Brunef42d922012-10-11 16:11:36 +02003934 if ((*args[cur_arg + 1] != '/') && global.ca_base)
3935 memprintf(&conf->crl_file, "%s/%s", global.ca_base, args[cur_arg + 1]);
3936 else
3937 memprintf(&conf->crl_file, "%s", args[cur_arg + 1]);
Emeric Brunc8e8d122012-10-02 18:42:10 +02003938
Emeric Brun2b58d042012-09-20 17:10:03 +02003939 return 0;
Emeric Brun051cdab2012-10-02 19:25:50 +02003940#endif
Emeric Brun2b58d042012-09-20 17:10:03 +02003941}
3942
3943/* parse the "ecdhe" bind keyword keywords */
3944static int bind_parse_ecdhe(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
3945{
3946#if OPENSSL_VERSION_NUMBER < 0x0090800fL
3947 if (err)
3948 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (too old)", args[cur_arg]);
3949 return ERR_ALERT | ERR_FATAL;
3950#elif defined(OPENSSL_NO_ECDH)
3951 if (err)
3952 memprintf(err, "'%s' : library does not support elliptic curve Diffie-Hellman (disabled via OPENSSL_NO_ECDH)", args[cur_arg]);
3953 return ERR_ALERT | ERR_FATAL;
3954#else
3955 if (!*args[cur_arg + 1]) {
3956 if (err)
3957 memprintf(err, "'%s' : missing named curve", args[cur_arg]);
3958 return ERR_ALERT | ERR_FATAL;
3959 }
3960
3961 conf->ecdhe = strdup(args[cur_arg + 1]);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02003962
3963 return 0;
Emeric Brun2b58d042012-09-20 17:10:03 +02003964#endif
Willy Tarreau79eeafa2012-09-14 07:53:05 +02003965}
3966
Emeric Brun81c00f02012-09-21 14:31:21 +02003967/* parse the "crt_ignerr" and "ca_ignerr" bind keywords */
3968static int bind_parse_ignore_err(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
3969{
3970 int code;
3971 char *p = args[cur_arg + 1];
3972 unsigned long long *ignerr = &conf->crt_ignerr;
3973
3974 if (!*p) {
3975 if (err)
3976 memprintf(err, "'%s' : missing error IDs list", args[cur_arg]);
3977 return ERR_ALERT | ERR_FATAL;
3978 }
3979
3980 if (strcmp(args[cur_arg], "ca-ignore-err") == 0)
3981 ignerr = &conf->ca_ignerr;
3982
3983 if (strcmp(p, "all") == 0) {
3984 *ignerr = ~0ULL;
3985 return 0;
3986 }
3987
3988 while (p) {
3989 code = atoi(p);
3990 if ((code <= 0) || (code > 63)) {
3991 if (err)
3992 memprintf(err, "'%s' : ID '%d' out of range (1..63) in error IDs list '%s'",
3993 args[cur_arg], code, args[cur_arg + 1]);
3994 return ERR_ALERT | ERR_FATAL;
3995 }
3996 *ignerr |= 1ULL << code;
3997 p = strchr(p, ',');
3998 if (p)
3999 p++;
4000 }
4001
Emeric Brun2cb7ae52012-10-05 14:14:21 +02004002 return 0;
4003}
4004
4005/* parse the "force-sslv3" bind keyword */
4006static int bind_parse_force_sslv3(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
4007{
4008 conf->ssl_options |= BC_SSL_O_USE_SSLV3;
4009 return 0;
4010}
4011
4012/* parse the "force-tlsv10" bind keyword */
4013static int bind_parse_force_tlsv10(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
4014{
4015 conf->ssl_options |= BC_SSL_O_USE_TLSV10;
Emeric Brun2d0c4822012-10-02 13:45:20 +02004016 return 0;
4017}
4018
Emeric Brun2cb7ae52012-10-05 14:14:21 +02004019/* parse the "force-tlsv11" bind keyword */
4020static int bind_parse_force_tlsv11(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
4021{
4022#if SSL_OP_NO_TLSv1_1
4023 conf->ssl_options |= BC_SSL_O_USE_TLSV11;
4024 return 0;
4025#else
4026 if (err)
4027 memprintf(err, "'%s' : library does not support protocol TLSv1.1", args[cur_arg]);
4028 return ERR_ALERT | ERR_FATAL;
4029#endif
4030}
4031
4032/* parse the "force-tlsv12" bind keyword */
4033static int bind_parse_force_tlsv12(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
4034{
4035#if SSL_OP_NO_TLSv1_2
4036 conf->ssl_options |= BC_SSL_O_USE_TLSV12;
4037 return 0;
4038#else
4039 if (err)
4040 memprintf(err, "'%s' : library does not support protocol TLSv1.2", args[cur_arg]);
4041 return ERR_ALERT | ERR_FATAL;
4042#endif
4043}
4044
4045
Emeric Brun2d0c4822012-10-02 13:45:20 +02004046/* parse the "no-tls-tickets" bind keyword */
4047static int bind_parse_no_tls_tickets(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
4048{
Emeric Brun89675492012-10-05 13:48:26 +02004049 conf->ssl_options |= BC_SSL_O_NO_TLS_TICKETS;
Emeric Brun81c00f02012-09-21 14:31:21 +02004050 return 0;
4051}
4052
Emeric Brun2d0c4822012-10-02 13:45:20 +02004053
Emeric Brun9b3009b2012-10-05 11:55:06 +02004054/* parse the "no-sslv3" bind keyword */
4055static int bind_parse_no_sslv3(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02004056{
Emeric Brun89675492012-10-05 13:48:26 +02004057 conf->ssl_options |= BC_SSL_O_NO_SSLV3;
Willy Tarreau79eeafa2012-09-14 07:53:05 +02004058 return 0;
4059}
4060
Emeric Brun9b3009b2012-10-05 11:55:06 +02004061/* parse the "no-tlsv10" bind keyword */
4062static int bind_parse_no_tlsv10(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brunc0ff4922012-09-28 19:37:02 +02004063{
Emeric Brun89675492012-10-05 13:48:26 +02004064 conf->ssl_options |= BC_SSL_O_NO_TLSV10;
Emeric Brunc0ff4922012-09-28 19:37:02 +02004065 return 0;
4066}
4067
Emeric Brun9b3009b2012-10-05 11:55:06 +02004068/* parse the "no-tlsv11" bind keyword */
4069static int bind_parse_no_tlsv11(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Emeric Brunc0ff4922012-09-28 19:37:02 +02004070{
Emeric Brun89675492012-10-05 13:48:26 +02004071 conf->ssl_options |= BC_SSL_O_NO_TLSV11;
Emeric Brunc0ff4922012-09-28 19:37:02 +02004072 return 0;
4073}
4074
Emeric Brun9b3009b2012-10-05 11:55:06 +02004075/* parse the "no-tlsv12" bind keyword */
4076static int bind_parse_no_tlsv12(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02004077{
Emeric Brun89675492012-10-05 13:48:26 +02004078 conf->ssl_options |= BC_SSL_O_NO_TLSV12;
Willy Tarreau79eeafa2012-09-14 07:53:05 +02004079 return 0;
4080}
4081
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004082/* parse the "npn" bind keyword */
4083static int bind_parse_npn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
4084{
4085#ifdef OPENSSL_NPN_NEGOTIATED
4086 char *p1, *p2;
4087
4088 if (!*args[cur_arg + 1]) {
4089 memprintf(err, "'%s' : missing the comma-delimited NPN protocol suite", args[cur_arg]);
4090 return ERR_ALERT | ERR_FATAL;
4091 }
4092
4093 free(conf->npn_str);
4094
4095 /* the NPN string is built as a suite of (<len> <name>)* */
4096 conf->npn_len = strlen(args[cur_arg + 1]) + 1;
4097 conf->npn_str = calloc(1, conf->npn_len);
4098 memcpy(conf->npn_str + 1, args[cur_arg + 1], conf->npn_len);
4099
4100 /* replace commas with the name length */
4101 p1 = conf->npn_str;
4102 p2 = p1 + 1;
4103 while (1) {
4104 p2 = memchr(p1 + 1, ',', conf->npn_str + conf->npn_len - (p1 + 1));
4105 if (!p2)
4106 p2 = p1 + 1 + strlen(p1 + 1);
4107
4108 if (p2 - (p1 + 1) > 255) {
4109 *p2 = '\0';
4110 memprintf(err, "'%s' : NPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
4111 return ERR_ALERT | ERR_FATAL;
4112 }
4113
4114 *p1 = p2 - (p1 + 1);
4115 p1 = p2;
4116
4117 if (!*p2)
4118 break;
4119
4120 *(p2++) = '\0';
4121 }
4122 return 0;
4123#else
4124 if (err)
4125 memprintf(err, "'%s' : library does not support TLS NPN extension", args[cur_arg]);
4126 return ERR_ALERT | ERR_FATAL;
4127#endif
4128}
4129
Willy Tarreauab861d32013-04-02 02:30:41 +02004130/* parse the "alpn" bind keyword */
4131static int bind_parse_alpn(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
4132{
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004133#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Willy Tarreauab861d32013-04-02 02:30:41 +02004134 char *p1, *p2;
4135
4136 if (!*args[cur_arg + 1]) {
4137 memprintf(err, "'%s' : missing the comma-delimited ALPN protocol suite", args[cur_arg]);
4138 return ERR_ALERT | ERR_FATAL;
4139 }
4140
4141 free(conf->alpn_str);
4142
4143 /* the ALPN string is built as a suite of (<len> <name>)* */
4144 conf->alpn_len = strlen(args[cur_arg + 1]) + 1;
4145 conf->alpn_str = calloc(1, conf->alpn_len);
4146 memcpy(conf->alpn_str + 1, args[cur_arg + 1], conf->alpn_len);
4147
4148 /* replace commas with the name length */
4149 p1 = conf->alpn_str;
4150 p2 = p1 + 1;
4151 while (1) {
4152 p2 = memchr(p1 + 1, ',', conf->alpn_str + conf->alpn_len - (p1 + 1));
4153 if (!p2)
4154 p2 = p1 + 1 + strlen(p1 + 1);
4155
4156 if (p2 - (p1 + 1) > 255) {
4157 *p2 = '\0';
4158 memprintf(err, "'%s' : ALPN protocol name too long : '%s'", args[cur_arg], p1 + 1);
4159 return ERR_ALERT | ERR_FATAL;
4160 }
4161
4162 *p1 = p2 - (p1 + 1);
4163 p1 = p2;
4164
4165 if (!*p2)
4166 break;
4167
4168 *(p2++) = '\0';
4169 }
4170 return 0;
4171#else
4172 if (err)
4173 memprintf(err, "'%s' : library does not support TLS ALPN extension", args[cur_arg]);
4174 return ERR_ALERT | ERR_FATAL;
4175#endif
4176}
4177
Willy Tarreau79eeafa2012-09-14 07:53:05 +02004178/* parse the "ssl" bind keyword */
Willy Tarreau4348fad2012-09-20 16:48:07 +02004179static int bind_parse_ssl(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
Willy Tarreau79eeafa2012-09-14 07:53:05 +02004180{
Willy Tarreau81796be2012-09-22 19:11:47 +02004181 struct listener *l;
4182
Willy Tarreau4348fad2012-09-20 16:48:07 +02004183 conf->is_ssl = 1;
Emeric Brun76d88952012-10-05 15:47:31 +02004184
4185 if (global.listen_default_ciphers && !conf->ciphers)
4186 conf->ciphers = strdup(global.listen_default_ciphers);
Emeric Brun2c86cbf2014-10-30 15:56:50 +01004187 conf->ssl_options |= global.listen_default_ssloptions;
Emeric Brun76d88952012-10-05 15:47:31 +02004188
Willy Tarreau81796be2012-09-22 19:11:47 +02004189 list_for_each_entry(l, &conf->listeners, by_bind)
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02004190 l->xprt = &ssl_sock;
Willy Tarreau81796be2012-09-22 19:11:47 +02004191
Willy Tarreau79eeafa2012-09-14 07:53:05 +02004192 return 0;
4193}
4194
Emmanuel Hocdet65623372013-01-24 17:17:15 +01004195/* parse the "strict-sni" bind keyword */
4196static int bind_parse_strict_sni(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
4197{
4198 conf->strict_sni = 1;
4199 return 0;
4200}
4201
Emeric Brund94b3fe2012-09-20 18:23:56 +02004202/* parse the "verify" bind keyword */
4203static int bind_parse_verify(char **args, int cur_arg, struct proxy *px, struct bind_conf *conf, char **err)
4204{
4205 if (!*args[cur_arg + 1]) {
4206 if (err)
4207 memprintf(err, "'%s' : missing verify method", args[cur_arg]);
4208 return ERR_ALERT | ERR_FATAL;
4209 }
4210
4211 if (strcmp(args[cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01004212 conf->verify = SSL_SOCK_VERIFY_NONE;
Emeric Brund94b3fe2012-09-20 18:23:56 +02004213 else if (strcmp(args[cur_arg + 1], "optional") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01004214 conf->verify = SSL_SOCK_VERIFY_OPTIONAL;
Emeric Brund94b3fe2012-09-20 18:23:56 +02004215 else if (strcmp(args[cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01004216 conf->verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brund94b3fe2012-09-20 18:23:56 +02004217 else {
4218 if (err)
4219 memprintf(err, "'%s' : unknown verify method '%s', only 'none', 'optional', and 'required' are supported\n",
4220 args[cur_arg], args[cur_arg + 1]);
4221 return ERR_ALERT | ERR_FATAL;
4222 }
4223
4224 return 0;
4225}
4226
Willy Tarreau92faadf2012-10-10 23:04:25 +02004227/************** "server" keywords ****************/
4228
Emeric Brunef42d922012-10-11 16:11:36 +02004229/* parse the "ca-file" server keyword */
4230static int srv_parse_ca_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4231{
4232 if (!*args[*cur_arg + 1]) {
4233 if (err)
4234 memprintf(err, "'%s' : missing CAfile path", args[*cur_arg]);
4235 return ERR_ALERT | ERR_FATAL;
4236 }
4237
4238 if ((*args[*cur_arg + 1] != '/') && global.ca_base)
4239 memprintf(&newsrv->ssl_ctx.ca_file, "%s/%s", global.ca_base, args[*cur_arg + 1]);
4240 else
4241 memprintf(&newsrv->ssl_ctx.ca_file, "%s", args[*cur_arg + 1]);
4242
4243 return 0;
4244}
4245
Willy Tarreau92faadf2012-10-10 23:04:25 +02004246/* parse the "check-ssl" server keyword */
4247static int srv_parse_check_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4248{
4249 newsrv->check.use_ssl = 1;
4250 if (global.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
4251 newsrv->ssl_ctx.ciphers = strdup(global.connect_default_ciphers);
Emeric Brun2c86cbf2014-10-30 15:56:50 +01004252 newsrv->ssl_ctx.options |= global.connect_default_ssloptions;
Willy Tarreau92faadf2012-10-10 23:04:25 +02004253 return 0;
4254}
4255
4256/* parse the "ciphers" server keyword */
4257static int srv_parse_ciphers(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4258{
4259 if (!*args[*cur_arg + 1]) {
4260 memprintf(err, "'%s' : missing cipher suite", args[*cur_arg]);
4261 return ERR_ALERT | ERR_FATAL;
4262 }
4263
4264 free(newsrv->ssl_ctx.ciphers);
4265 newsrv->ssl_ctx.ciphers = strdup(args[*cur_arg + 1]);
4266 return 0;
4267}
4268
Emeric Brunef42d922012-10-11 16:11:36 +02004269/* parse the "crl-file" server keyword */
4270static int srv_parse_crl_file(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4271{
4272#ifndef X509_V_FLAG_CRL_CHECK
4273 if (err)
4274 memprintf(err, "'%s' : library does not support CRL verify", args[*cur_arg]);
4275 return ERR_ALERT | ERR_FATAL;
4276#else
4277 if (!*args[*cur_arg + 1]) {
4278 if (err)
4279 memprintf(err, "'%s' : missing CRLfile path", args[*cur_arg]);
4280 return ERR_ALERT | ERR_FATAL;
4281 }
4282
4283 if ((*args[*cur_arg + 1] != '/') && global.ca_base)
4284 memprintf(&newsrv->ssl_ctx.crl_file, "%s/%s", global.ca_base, args[*cur_arg + 1]);
4285 else
4286 memprintf(&newsrv->ssl_ctx.crl_file, "%s", args[*cur_arg + 1]);
4287
4288 return 0;
4289#endif
4290}
4291
Emeric Bruna7aa3092012-10-26 12:58:00 +02004292/* parse the "crt" server keyword */
4293static int srv_parse_crt(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4294{
4295 if (!*args[*cur_arg + 1]) {
4296 if (err)
4297 memprintf(err, "'%s' : missing certificate file path", args[*cur_arg]);
4298 return ERR_ALERT | ERR_FATAL;
4299 }
4300
4301 if ((*args[*cur_arg + 1] != '/') && global.crt_base)
4302 memprintf(&newsrv->ssl_ctx.client_crt, "%s/%s", global.ca_base, args[*cur_arg + 1]);
4303 else
4304 memprintf(&newsrv->ssl_ctx.client_crt, "%s", args[*cur_arg + 1]);
4305
4306 return 0;
4307}
Emeric Brunef42d922012-10-11 16:11:36 +02004308
Willy Tarreau92faadf2012-10-10 23:04:25 +02004309/* parse the "force-sslv3" server keyword */
4310static int srv_parse_force_sslv3(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4311{
4312 newsrv->ssl_ctx.options |= SRV_SSL_O_USE_SSLV3;
4313 return 0;
4314}
4315
4316/* parse the "force-tlsv10" server keyword */
4317static int srv_parse_force_tlsv10(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4318{
4319 newsrv->ssl_ctx.options |= SRV_SSL_O_USE_TLSV10;
4320 return 0;
4321}
4322
4323/* parse the "force-tlsv11" server keyword */
4324static int srv_parse_force_tlsv11(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4325{
4326#if SSL_OP_NO_TLSv1_1
4327 newsrv->ssl_ctx.options |= SRV_SSL_O_USE_TLSV11;
4328 return 0;
4329#else
4330 if (err)
4331 memprintf(err, "'%s' : library does not support protocol TLSv1.1", args[*cur_arg]);
4332 return ERR_ALERT | ERR_FATAL;
4333#endif
4334}
4335
4336/* parse the "force-tlsv12" server keyword */
4337static int srv_parse_force_tlsv12(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4338{
4339#if SSL_OP_NO_TLSv1_2
4340 newsrv->ssl_ctx.options |= SRV_SSL_O_USE_TLSV12;
4341 return 0;
4342#else
4343 if (err)
4344 memprintf(err, "'%s' : library does not support protocol TLSv1.2", args[*cur_arg]);
4345 return ERR_ALERT | ERR_FATAL;
4346#endif
4347}
4348
4349/* parse the "no-sslv3" server keyword */
4350static int srv_parse_no_sslv3(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4351{
4352 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_SSLV3;
4353 return 0;
4354}
4355
4356/* parse the "no-tlsv10" server keyword */
4357static int srv_parse_no_tlsv10(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4358{
4359 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLSV10;
4360 return 0;
4361}
4362
4363/* parse the "no-tlsv11" server keyword */
4364static int srv_parse_no_tlsv11(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4365{
4366 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLSV11;
4367 return 0;
4368}
4369
4370/* parse the "no-tlsv12" server keyword */
4371static int srv_parse_no_tlsv12(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4372{
4373 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLSV12;
4374 return 0;
4375}
4376
Emeric Brunf9c5c472012-10-11 15:28:34 +02004377/* parse the "no-tls-tickets" server keyword */
4378static int srv_parse_no_tls_tickets(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4379{
4380 newsrv->ssl_ctx.options |= SRV_SSL_O_NO_TLS_TICKETS;
4381 return 0;
4382}
David Safb76832014-05-08 23:42:08 -04004383/* parse the "send-proxy-v2-ssl" server keyword */
4384static int srv_parse_send_proxy_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4385{
4386 newsrv->pp_opts |= SRV_PP_V2;
4387 newsrv->pp_opts |= SRV_PP_V2_SSL;
4388 return 0;
4389}
4390
4391/* parse the "send-proxy-v2-ssl-cn" server keyword */
4392static int srv_parse_send_proxy_cn(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4393{
4394 newsrv->pp_opts |= SRV_PP_V2;
4395 newsrv->pp_opts |= SRV_PP_V2_SSL;
4396 newsrv->pp_opts |= SRV_PP_V2_SSL_CN;
4397 return 0;
4398}
Emeric Brunf9c5c472012-10-11 15:28:34 +02004399
Willy Tarreau92faadf2012-10-10 23:04:25 +02004400/* parse the "ssl" server keyword */
4401static int srv_parse_ssl(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4402{
4403 newsrv->use_ssl = 1;
4404 if (global.connect_default_ciphers && !newsrv->ssl_ctx.ciphers)
4405 newsrv->ssl_ctx.ciphers = strdup(global.connect_default_ciphers);
4406 return 0;
4407}
4408
Emeric Brunef42d922012-10-11 16:11:36 +02004409/* parse the "verify" server keyword */
4410static int srv_parse_verify(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4411{
4412 if (!*args[*cur_arg + 1]) {
4413 if (err)
4414 memprintf(err, "'%s' : missing verify method", args[*cur_arg]);
4415 return ERR_ALERT | ERR_FATAL;
4416 }
4417
4418 if (strcmp(args[*cur_arg + 1], "none") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01004419 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_NONE;
Emeric Brunef42d922012-10-11 16:11:36 +02004420 else if (strcmp(args[*cur_arg + 1], "required") == 0)
Emeric Brun850efd52014-01-29 12:24:34 +01004421 newsrv->ssl_ctx.verify = SSL_SOCK_VERIFY_REQUIRED;
Emeric Brunef42d922012-10-11 16:11:36 +02004422 else {
4423 if (err)
4424 memprintf(err, "'%s' : unknown verify method '%s', only 'none' and 'required' are supported\n",
4425 args[*cur_arg], args[*cur_arg + 1]);
4426 return ERR_ALERT | ERR_FATAL;
4427 }
4428
Evan Broderbe554312013-06-27 00:05:25 -07004429 return 0;
4430}
4431
4432/* parse the "verifyhost" server keyword */
4433static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, struct server *newsrv, char **err)
4434{
4435 if (!*args[*cur_arg + 1]) {
4436 if (err)
4437 memprintf(err, "'%s' : missing hostname to verify against", args[*cur_arg]);
4438 return ERR_ALERT | ERR_FATAL;
4439 }
4440
4441 newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
4442
Emeric Brunef42d922012-10-11 16:11:36 +02004443 return 0;
4444}
4445
Emeric Brun2c86cbf2014-10-30 15:56:50 +01004446/* parse the "ssl-default-bind-options" keyword in global section */
4447static int ssl_parse_default_bind_options(char **args, int section_type, struct proxy *curpx,
4448 struct proxy *defpx, const char *file, int line,
4449 char **err) {
4450 int i = 1;
4451
4452 if (*(args[i]) == 0) {
4453 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
4454 return -1;
4455 }
4456 while (*(args[i])) {
4457 if (!strcmp(args[i], "no-sslv3"))
4458 global.listen_default_ssloptions |= BC_SSL_O_NO_SSLV3;
4459 else if (!strcmp(args[i], "no-tlsv10"))
4460 global.listen_default_ssloptions |= BC_SSL_O_NO_TLSV10;
4461 else if (!strcmp(args[i], "no-tlsv11"))
4462 global.listen_default_ssloptions |= BC_SSL_O_NO_TLSV11;
4463 else if (!strcmp(args[i], "no-tlsv12"))
4464 global.listen_default_ssloptions |= BC_SSL_O_NO_TLSV12;
4465 else if (!strcmp(args[i], "force-sslv3"))
4466 global.listen_default_ssloptions |= BC_SSL_O_USE_SSLV3;
4467 else if (!strcmp(args[i], "force-tlsv10"))
4468 global.listen_default_ssloptions |= BC_SSL_O_USE_TLSV10;
4469 else if (!strcmp(args[i], "force-tlsv11")) {
4470#if SSL_OP_NO_TLSv1_1
4471 global.listen_default_ssloptions |= BC_SSL_O_USE_TLSV11;
4472#else
4473 memprintf(err, "'%s' '%s': library does not support protocol TLSv1.1", args[0], args[i]);
4474 return -1;
4475#endif
4476 }
4477 else if (!strcmp(args[i], "force-tlsv12")) {
4478#if SSL_OP_NO_TLSv1_2
4479 global.listen_default_ssloptions |= BC_SSL_O_USE_TLSV12;
4480#else
4481 memprintf(err, "'%s' '%s': library does not support protocol TLSv1.2", args[0], args[i]);
4482 return -1;
4483#endif
4484 }
4485 else if (!strcmp(args[i], "no-tls-tickets"))
4486 global.listen_default_ssloptions |= BC_SSL_O_NO_TLS_TICKETS;
4487 else {
4488 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
4489 return -1;
4490 }
4491 i++;
4492 }
4493 return 0;
4494}
4495
4496/* parse the "ssl-default-server-options" keyword in global section */
4497static int ssl_parse_default_server_options(char **args, int section_type, struct proxy *curpx,
4498 struct proxy *defpx, const char *file, int line,
4499 char **err) {
4500 int i = 1;
4501
4502 if (*(args[i]) == 0) {
4503 memprintf(err, "global statement '%s' expects an option as an argument.", args[0]);
4504 return -1;
4505 }
4506 while (*(args[i])) {
4507 if (!strcmp(args[i], "no-sslv3"))
4508 global.connect_default_ssloptions |= SRV_SSL_O_NO_SSLV3;
4509 else if (!strcmp(args[i], "no-tlsv10"))
4510 global.connect_default_ssloptions |= SRV_SSL_O_NO_TLSV10;
4511 else if (!strcmp(args[i], "no-tlsv11"))
4512 global.connect_default_ssloptions |= SRV_SSL_O_NO_TLSV11;
4513 else if (!strcmp(args[i], "no-tlsv12"))
4514 global.connect_default_ssloptions |= SRV_SSL_O_NO_TLSV12;
4515 else if (!strcmp(args[i], "force-sslv3"))
4516 global.connect_default_ssloptions |= SRV_SSL_O_USE_SSLV3;
4517 else if (!strcmp(args[i], "force-tlsv10"))
4518 global.connect_default_ssloptions |= SRV_SSL_O_USE_TLSV10;
4519 else if (!strcmp(args[i], "force-tlsv11")) {
4520#if SSL_OP_NO_TLSv1_1
4521 global.connect_default_ssloptions |= SRV_SSL_O_USE_TLSV11;
4522#else
4523 memprintf(err, "'%s' '%s': library does not support protocol TLSv1.1", args[0], args[i]);
4524 return -1;
4525#endif
4526 }
4527 else if (!strcmp(args[i], "force-tlsv12")) {
4528#if SSL_OP_NO_TLSv1_2
4529 global.connect_default_ssloptions |= SRV_SSL_O_USE_TLSV12;
4530#else
4531 memprintf(err, "'%s' '%s': library does not support protocol TLSv1.2", args[0], args[i]);
4532 return -1;
4533#endif
4534 }
4535 else if (!strcmp(args[i], "no-tls-tickets"))
4536 global.connect_default_ssloptions |= SRV_SSL_O_NO_TLS_TICKETS;
4537 else {
4538 memprintf(err, "unknown option '%s' on global statement '%s'.", args[i], args[0]);
4539 return -1;
4540 }
4541 i++;
4542 }
4543 return 0;
4544}
4545
Willy Tarreau7875d092012-09-10 08:20:03 +02004546/* Note: must not be declared <const> as its list will be overwritten.
4547 * Please take care of keeping this list alphabetically sorted.
4548 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02004549static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, {
Emeric Brun645ae792014-04-30 14:21:06 +02004550 { "ssl_bc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5SRV },
4551 { "ssl_bc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_UINT, SMP_USE_L5SRV },
4552 { "ssl_bc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
4553 { "ssl_bc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5SRV },
Emeric Brunb73a9b02014-04-30 18:49:19 +02004554 { "ssl_bc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Emeric Brun645ae792014-04-30 14:21:06 +02004555 { "ssl_bc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_UINT, SMP_USE_L5SRV },
4556 { "ssl_bc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5SRV },
Willy Tarreau80aca902013-01-07 15:42:20 +01004557 { "ssl_c_ca_err", smp_fetch_ssl_c_ca_err, 0, NULL, SMP_T_UINT, SMP_USE_L5CLI },
4558 { "ssl_c_ca_err_depth", smp_fetch_ssl_c_ca_err_depth, 0, NULL, SMP_T_UINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01004559 { "ssl_c_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01004560 { "ssl_c_err", smp_fetch_ssl_c_err, 0, NULL, SMP_T_UINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02004561 { "ssl_c_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
4562 { "ssl_c_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
4563 { "ssl_c_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
4564 { "ssl_c_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
4565 { "ssl_c_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
4566 { "ssl_c_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
4567 { "ssl_c_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
4568 { "ssl_c_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01004569 { "ssl_c_used", smp_fetch_ssl_c_used, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
4570 { "ssl_c_verify", smp_fetch_ssl_c_verify, 0, NULL, SMP_T_UINT, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02004571 { "ssl_c_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_UINT, SMP_USE_L5CLI },
Emeric Brun43e79582014-10-29 19:03:26 +01004572 { "ssl_f_der", smp_fetch_ssl_x_der, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02004573 { "ssl_f_i_dn", smp_fetch_ssl_x_i_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
4574 { "ssl_f_key_alg", smp_fetch_ssl_x_key_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
4575 { "ssl_f_notafter", smp_fetch_ssl_x_notafter, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
4576 { "ssl_f_notbefore", smp_fetch_ssl_x_notbefore, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
4577 { "ssl_f_sig_alg", smp_fetch_ssl_x_sig_alg, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
4578 { "ssl_f_s_dn", smp_fetch_ssl_x_s_dn, ARG2(0,STR,SINT), NULL, SMP_T_STR, SMP_USE_L5CLI },
4579 { "ssl_f_serial", smp_fetch_ssl_x_serial, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brun55f4fa82014-04-30 17:11:25 +02004580 { "ssl_f_sha1", smp_fetch_ssl_x_sha1, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Emeric Brunba841a12014-04-30 17:05:08 +02004581 { "ssl_f_version", smp_fetch_ssl_x_version, 0, NULL, SMP_T_UINT, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01004582 { "ssl_fc", smp_fetch_ssl_fc, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
4583 { "ssl_fc_alg_keysize", smp_fetch_ssl_fc_alg_keysize, 0, NULL, SMP_T_UINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01004584 { "ssl_fc_cipher", smp_fetch_ssl_fc_cipher, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01004585 { "ssl_fc_has_crt", smp_fetch_ssl_fc_has_crt, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
4586 { "ssl_fc_has_sni", smp_fetch_ssl_fc_has_sni, 0, NULL, SMP_T_BOOL, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02004587#ifdef OPENSSL_NPN_NEGOTIATED
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01004588 { "ssl_fc_npn", smp_fetch_ssl_fc_npn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreaua33c6542012-10-15 13:19:06 +02004589#endif
Dirkjan Bussink48f1c4e2014-02-13 12:29:42 +01004590#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01004591 { "ssl_fc_alpn", smp_fetch_ssl_fc_alpn, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreauab861d32013-04-02 02:30:41 +02004592#endif
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01004593 { "ssl_fc_protocol", smp_fetch_ssl_fc_protocol, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Emeric Brunb73a9b02014-04-30 18:49:19 +02004594 { "ssl_fc_unique_id", smp_fetch_ssl_fc_unique_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
Willy Tarreau80aca902013-01-07 15:42:20 +01004595 { "ssl_fc_use_keysize", smp_fetch_ssl_fc_use_keysize, 0, NULL, SMP_T_UINT, SMP_USE_L5CLI },
Thierry FOURNIER7654c9f2013-12-17 00:20:33 +01004596 { "ssl_fc_session_id", smp_fetch_ssl_fc_session_id, 0, NULL, SMP_T_BIN, SMP_USE_L5CLI },
4597 { "ssl_fc_sni", smp_fetch_ssl_fc_sni, 0, NULL, SMP_T_STR, SMP_USE_L5CLI },
Willy Tarreau7875d092012-09-10 08:20:03 +02004598 { NULL, NULL, 0, 0, 0 },
4599}};
4600
4601/* Note: must not be declared <const> as its list will be overwritten.
4602 * Please take care of keeping this list alphabetically sorted.
4603 */
Willy Tarreaudc13c112013-06-21 23:16:39 +02004604static struct acl_kw_list acl_kws = {ILH, {
Thierry FOURNIERc5a4e982014-03-05 16:07:08 +01004605 { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END },
4606 { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG },
Willy Tarreau8ed669b2013-01-11 15:49:37 +01004607 { /* END */ },
Willy Tarreau7875d092012-09-10 08:20:03 +02004608}};
4609
Willy Tarreau79eeafa2012-09-14 07:53:05 +02004610/* Note: must not be declared <const> as its list will be overwritten.
4611 * Please take care of keeping this list alphabetically sorted, doing so helps
4612 * all code contributors.
4613 * Optional keywords are also declared with a NULL ->parse() function so that
4614 * the config parser can report an appropriate error when a known keyword was
4615 * not enabled.
4616 */
Willy Tarreau51fb7652012-09-18 18:24:39 +02004617static struct bind_kw_list bind_kws = { "SSL", { }, {
Willy Tarreauab861d32013-04-02 02:30:41 +02004618 { "alpn", bind_parse_alpn, 1 }, /* set ALPN supported protocols */
Emeric Brunfb510ea2012-10-05 12:00:26 +02004619 { "ca-file", bind_parse_ca_file, 1 }, /* set CAfile to process verify on client cert */
Emeric Brun2d0c4822012-10-02 13:45:20 +02004620 { "ca-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ignore on verify depth > 0 */
4621 { "ciphers", bind_parse_ciphers, 1 }, /* set SSL cipher suite */
Emeric Brunfb510ea2012-10-05 12:00:26 +02004622 { "crl-file", bind_parse_crl_file, 1 }, /* set certificat revocation list file use on client cert verify */
Emeric Brun2d0c4822012-10-02 13:45:20 +02004623 { "crt", bind_parse_crt, 1 }, /* load SSL certificates from this location */
4624 { "crt-ignore-err", bind_parse_ignore_err, 1 }, /* set error IDs to ingore on verify depth == 0 */
Emmanuel Hocdetfe616562013-01-22 15:31:15 +01004625 { "crt-list", bind_parse_crt_list, 1 }, /* load a list of crt from this location */
Emeric Brun2d0c4822012-10-02 13:45:20 +02004626 { "ecdhe", bind_parse_ecdhe, 1 }, /* defines named curve for elliptic curve Diffie-Hellman */
Emeric Brun2cb7ae52012-10-05 14:14:21 +02004627 { "force-sslv3", bind_parse_force_sslv3, 0 }, /* force SSLv3 */
4628 { "force-tlsv10", bind_parse_force_tlsv10, 0 }, /* force TLSv10 */
4629 { "force-tlsv11", bind_parse_force_tlsv11, 0 }, /* force TLSv11 */
4630 { "force-tlsv12", bind_parse_force_tlsv12, 0 }, /* force TLSv12 */
Emeric Brun9b3009b2012-10-05 11:55:06 +02004631 { "no-sslv3", bind_parse_no_sslv3, 0 }, /* disable SSLv3 */
4632 { "no-tlsv10", bind_parse_no_tlsv10, 0 }, /* disable TLSv10 */
4633 { "no-tlsv11", bind_parse_no_tlsv11, 0 }, /* disable TLSv11 */
4634 { "no-tlsv12", bind_parse_no_tlsv12, 0 }, /* disable TLSv12 */
Emeric Brun2d0c4822012-10-02 13:45:20 +02004635 { "no-tls-tickets", bind_parse_no_tls_tickets, 0 }, /* disable session resumption tickets */
Emeric Brun2d0c4822012-10-02 13:45:20 +02004636 { "ssl", bind_parse_ssl, 0 }, /* enable SSL processing */
Emmanuel Hocdet65623372013-01-24 17:17:15 +01004637 { "strict-sni", bind_parse_strict_sni, 0 }, /* refuse negotiation if sni doesn't match a certificate */
Emeric Brun2d0c4822012-10-02 13:45:20 +02004638 { "verify", bind_parse_verify, 1 }, /* set SSL verify method */
Willy Tarreau6c9a3d52012-10-18 18:57:14 +02004639 { "npn", bind_parse_npn, 1 }, /* set NPN supported protocols */
Willy Tarreau79eeafa2012-09-14 07:53:05 +02004640 { NULL, NULL, 0 },
4641}};
Emeric Brun46591952012-05-18 15:47:34 +02004642
Willy Tarreau92faadf2012-10-10 23:04:25 +02004643/* Note: must not be declared <const> as its list will be overwritten.
4644 * Please take care of keeping this list alphabetically sorted, doing so helps
4645 * all code contributors.
4646 * Optional keywords are also declared with a NULL ->parse() function so that
4647 * the config parser can report an appropriate error when a known keyword was
4648 * not enabled.
4649 */
4650static struct srv_kw_list srv_kws = { "SSL", { }, {
Emeric Brunef42d922012-10-11 16:11:36 +02004651 { "ca-file", srv_parse_ca_file, 1, 0 }, /* set CAfile to process verify server cert */
Emeric Brunecc91fe2012-10-11 15:05:10 +02004652 { "check-ssl", srv_parse_check_ssl, 0, 0 }, /* enable SSL for health checks */
4653 { "ciphers", srv_parse_ciphers, 1, 0 }, /* select the cipher suite */
Emeric Brunef42d922012-10-11 16:11:36 +02004654 { "crl-file", srv_parse_crl_file, 1, 0 }, /* set certificate revocation list file use on server cert verify */
Emeric Bruna7aa3092012-10-26 12:58:00 +02004655 { "crt", srv_parse_crt, 1, 0 }, /* set client certificate */
Emeric Brunecc91fe2012-10-11 15:05:10 +02004656 { "force-sslv3", srv_parse_force_sslv3, 0, 0 }, /* force SSLv3 */
4657 { "force-tlsv10", srv_parse_force_tlsv10, 0, 0 }, /* force TLSv10 */
4658 { "force-tlsv11", srv_parse_force_tlsv11, 0, 0 }, /* force TLSv11 */
4659 { "force-tlsv12", srv_parse_force_tlsv12, 0, 0 }, /* force TLSv12 */
4660 { "no-sslv3", srv_parse_no_sslv3, 0, 0 }, /* disable SSLv3 */
4661 { "no-tlsv10", srv_parse_no_tlsv10, 0, 0 }, /* disable TLSv10 */
4662 { "no-tlsv11", srv_parse_no_tlsv11, 0, 0 }, /* disable TLSv11 */
4663 { "no-tlsv12", srv_parse_no_tlsv12, 0, 0 }, /* disable TLSv12 */
Emeric Brunf9c5c472012-10-11 15:28:34 +02004664 { "no-tls-tickets", srv_parse_no_tls_tickets, 0, 0 }, /* disable session resumption tickets */
David Safb76832014-05-08 23:42:08 -04004665 { "send-proxy-v2-ssl", srv_parse_send_proxy_ssl, 0, 0 }, /* send PROXY protocol header v2 with SSL info */
4666 { "send-proxy-v2-ssl-cn", srv_parse_send_proxy_cn, 0, 0 }, /* send PROXY protocol header v2 with CN */
Emeric Brunecc91fe2012-10-11 15:05:10 +02004667 { "ssl", srv_parse_ssl, 0, 0 }, /* enable SSL processing */
Emeric Brunef42d922012-10-11 16:11:36 +02004668 { "verify", srv_parse_verify, 1, 0 }, /* set SSL verify method */
Evan Broderbe554312013-06-27 00:05:25 -07004669 { "verifyhost", srv_parse_verifyhost, 1, 0 }, /* require that SSL cert verifies for hostname */
Willy Tarreau92faadf2012-10-10 23:04:25 +02004670 { NULL, NULL, 0, 0 },
4671}};
4672
Emeric Brun2c86cbf2014-10-30 15:56:50 +01004673static struct cfg_kw_list cfg_kws = {ILH, {
4674 { CFG_GLOBAL, "ssl-default-bind-options", ssl_parse_default_bind_options },
4675 { CFG_GLOBAL, "ssl-default-server-options", ssl_parse_default_server_options },
4676 { 0, NULL, NULL },
4677}};
4678
Willy Tarreauf7bc57c2012-10-03 00:19:48 +02004679/* transport-layer operations for SSL sockets */
4680struct xprt_ops ssl_sock = {
Emeric Brun46591952012-05-18 15:47:34 +02004681 .snd_buf = ssl_sock_from_buf,
4682 .rcv_buf = ssl_sock_to_buf,
4683 .rcv_pipe = NULL,
4684 .snd_pipe = NULL,
4685 .shutr = NULL,
4686 .shutw = ssl_sock_shutw,
4687 .close = ssl_sock_close,
4688 .init = ssl_sock_init,
4689};
4690
4691__attribute__((constructor))
Willy Tarreau92faadf2012-10-10 23:04:25 +02004692static void __ssl_sock_init(void)
4693{
Emeric Brun46591952012-05-18 15:47:34 +02004694 STACK_OF(SSL_COMP)* cm;
4695
Willy Tarreau610f04b2014-02-13 11:36:41 +01004696#ifdef LISTEN_DEFAULT_CIPHERS
4697 global.listen_default_ciphers = LISTEN_DEFAULT_CIPHERS;
4698#endif
4699#ifdef CONNECT_DEFAULT_CIPHERS
4700 global.connect_default_ciphers = CONNECT_DEFAULT_CIPHERS;
4701#endif
4702 if (global.listen_default_ciphers)
4703 global.listen_default_ciphers = strdup(global.listen_default_ciphers);
4704 if (global.connect_default_ciphers)
4705 global.connect_default_ciphers = strdup(global.connect_default_ciphers);
Emeric Brun2c86cbf2014-10-30 15:56:50 +01004706 global.listen_default_ssloptions = BC_SSL_O_NONE;
4707 global.connect_default_ssloptions = SRV_SSL_O_NONE;
Willy Tarreau610f04b2014-02-13 11:36:41 +01004708
Emeric Brun46591952012-05-18 15:47:34 +02004709 SSL_library_init();
4710 cm = SSL_COMP_get_compression_methods();
4711 sk_SSL_COMP_zero(cm);
Willy Tarreau7875d092012-09-10 08:20:03 +02004712 sample_register_fetches(&sample_fetch_keywords);
4713 acl_register_keywords(&acl_kws);
Willy Tarreau79eeafa2012-09-14 07:53:05 +02004714 bind_register_keywords(&bind_kws);
Willy Tarreau92faadf2012-10-10 23:04:25 +02004715 srv_register_keywords(&srv_kws);
Emeric Brun2c86cbf2014-10-30 15:56:50 +01004716 cfg_register_keywords(&cfg_kws);
Emeric Brun46591952012-05-18 15:47:34 +02004717}
4718
4719/*
4720 * Local variables:
4721 * c-indent-level: 8
4722 * c-basic-offset: 8
4723 * End:
4724 */