but safe fix for the mod_ssl renegotiation-vs-requests-with-bodies
bug:
* modules/ssl/ssl_private.h (ssl_io_buffer_fill): Add prototype.
* modules/ssl/ssl_engine_io.c (ssl_io_buffer_fill,
ssl_io_filter_buffer): New functions.
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): If a
renegotiation is needed, and the request has a non-zero
content-length, or a t-e header (and 100-continue was not requested),
call ssl_io_buffer_fill to set aside the request body data if
possible, then proceed with the negotiation.
PR: 12355
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@290965 13f79535-47bb-0310-9956-ffa450edef68
This is useful to know as the most likely cause will be a misconfiguration
and so should be easily fixed, but to be fixed it's helpful if you're
aware it needs fixed!
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@279893 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that
renegotiation is performed for a transition from "SSLVerifyClient
optional" to "SSLVerifyClient require".
The boolean "verify_old & SSL_VERIFY_PEER_STRICT" is true if the old
context merely has optional verification configured, since the
definition of SSL_VERIFY_PEER_STRICT is
(SSL_VERIFY_FAIL_IF_NO_PEER_CERT | SSL_VERIFY_PEER).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264800 13f79535-47bb-0310-9956-ffa450edef68
SSLUsername-controlled assignment of r->user above the SSLRequire
checks so that the "username" gets logged if SSLRequire denies access.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@153280 13f79535-47bb-0310-9956-ffa450edef68
X509_STORE_CTX_get_ex_data() and SSL_get_ex_data_X509_STORE_CTX_idx()
to use the correct ex_data index from the context in pathological
cases where SSL_get_ex_data_X509_STORE_CTX_idx() does not return 0.
PR: 32529
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@111241 13f79535-47bb-0310-9956-ffa450edef68
modules/mod_ssl.c: Switch to using ap_log_cerror() in place of
ap_log_error() everywhere that the conn_rec * is available.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105739 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that a
correct cipher suite has been negotiated, else deny access.
* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): With OpenSSL
0.9.7, prevent session resumption during a renegotiation to force the
client to negotiate a new (and acceptable) cipher suite.
Submitted by: Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105396 13f79535-47bb-0310-9956-ffa450edef68
function. (ssl_var_lookup_ssl_cert): Support _V_REMAIN suffix for
SSL_{SERVER,CLIENT} as number of days until certificate expires.
* modules/ssl_engine_kernel.c: Export SSL_CLIENT_V_REMAIN if
+StdEnvVars is configured.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104700 13f79535-47bb-0310-9956-ffa450edef68
overflow in FakeBasicAuth code if client's subject DN exceeds 6K in
length (CVE CAN-2004-0488); switch to using apr-util base64 encoder
functions.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103754 13f79535-47bb-0310-9956-ffa450edef68
to be included even when mod_ssl is not enabled.
* Makefile.in (install-include): Only install mod_ssl.h.
* modules/ssl/ssl_private.h: New file.
* modules/ssl/mod_ssl.h: Move everything apart from than the optional
hook definitions into ssl_private.h.
* modules/ssl/*.c: Include ssl_private.h not mod_ssl.h
* modules/ssl/config.m4: Always add the mod_ssl directory to the
include path so other modules can find mod_ssl.h.
* modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional
hook definitions rather than copy'n'pasting them.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102803 13f79535-47bb-0310-9956-ffa450edef68
* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Set aborted flag
after renegotiation failure.
* modules/ssl/ssl_engine_io.c (ssl_filter_write, ssl_io_filter_output):
Don't dereference BIOs in filter_ctx when filter_ctx->pssl is NULL.
(ssl_filter_io_shutdown): Set aborted flag on abortive shutdown.
PR: 21370
Submitted by: Hartmut Keil <Hartmut.Keil@adnovum.ch>
Cleaned up by: Jeff Trawick, Joe Orton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100720 13f79535-47bb-0310-9956-ffa450edef68
SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences
of per-directory renegotiations and the SSLCipherSuite directive
being used to upgrade from a weak ciphersuite to a strong one
could result in the weak ciphersuite being used in place of the
strong one. [Ben Laurie]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100518 13f79535-47bb-0310-9956-ffa450edef68
Some additional work or research is required in order to pass the
perl-framework regressions, but I don't have the cycles and don't
care to leave the broken code in cvs HEAD.
REVERTING: wrowe 2003/05/19 08:13:19
Modified: modules/ssl config.m4 ssl_engine_io.c ssl_engine_kernel.c
ssl_toolkit_compat.h
Log:
Drop SSL_set_state() in favor of a proper SSL_renegotiate() to begin
rehandshaking the SSL connection, vis-a-vis ApacheSSL.
Revision Changes Path
1.15 +0 -1 httpd-2.0/modules/ssl/config.m4
1.108 +1 -1 httpd-2.0/modules/ssl/ssl_engine_io.c
1.93 +1 -1 httpd-2.0/modules/ssl/ssl_engine_kernel.c
1.34 +0 -6 httpd-2.0/modules/ssl/ssl_toolkit_compat.h
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100004 13f79535-47bb-0310-9956-ffa450edef68
ssl_engine_kernel.c rev 1.88. SSL* is not const under SSL-C.
I've confirmed Jeff's comment that the original patch doesn't harm
earlier OpenSSL versions which declared no arguments at all.
I suspect now that we could fold
#define MODSSL_BIO_CB_ARG_TYPE const char
#define MODSSL_CRYPTO_CB_ARG_TYPE const char
#define MODSSL_INFO_CB_ARG_TYPE const SSL*
into a single MODSSL_CB_ARG_CONST define, but this works for now.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99263 13f79535-47bb-0310-9956-ffa450edef68
all assignments and the final SSL_free(), free ssl_conn->client_cert
to avoid leaks of this refcounted X509*. Prereleasing refcounted
objects is unsafe programming; fix applied to both branches.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99252 13f79535-47bb-0310-9956-ffa450edef68
Eliminate a number of test failures by conditionally reverting rev 1.79
pubkey handling in ssl_engine_kernel.c, except under OpenSSL.
Also revert a rev 1.79 bogisity for all toolkits; it's entirely bogus
to release a refcount after setting aside the results in a persistant
structure, in this case sslconn->client_cert from SSL_get_peer_certificate()
mustn't be freed while sslconn is still in play. The proper patch (not
written yet) is to invoke the X509_free(sslconn->client_cert) when we
cleanup the sslconn structure.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99250 13f79535-47bb-0310-9956-ffa450edef68
(e.g., OpenSSL 0.9.7a and xlc_r on AIX).
The OpenSSL info callback field changed recently from a generic
function pointer to a specific one, and ssl_callback_LogTracingState
wasn't quite right.
old:
ssl.h: void (*info_callback)();
new:
ssl.h: void (*info_callback)(const SSL *ssl,int type,int val);
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99201 13f79535-47bb-0310-9956-ffa450edef68
type overrides;
MODSSL_CLIENT_CERT_CB_ARG_TYPE
MODSSL_PCHAR_CAST (for a host of non-void/const sslc values)
modssl_read_bio_cb_fn (for several callbacks with same prototypes)
Declare callback functions appropriately.
And protect us from indetermineant toolkits with
#error "Unrecognized SSL Toolkit!"
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99183 13f79535-47bb-0310-9956-ffa450edef68
SSLEngine upgrade so that we can begin and continue to support these
facilities. This makes it simpler to keep this effort (while we have
no known clients that support Connection: upgrade at this time), and
begin refactoring more of SSL into smaller and tighter (and then optional)
components.
Submitted by: Ryan Bloom
Reviewed by: William Rowe, Joe Orton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97912 13f79535-47bb-0310-9956-ffa450edef68
ssl_abort into what was ssl_hook_CloseConnection, clean out a bunch of
now-static or private headers from mod_ssl.h, and final fix a very small
but potent segfault if ->pssl is destroyed within our read loop.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97411 13f79535-47bb-0310-9956-ffa450edef68
Also, uncomment a line of code that the last commit should have uncommented.
Randall found this line and the fix, but I forgot to uncomment this line
along with the fix.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97179 13f79535-47bb-0310-9956-ffa450edef68
using the value of SSL_get_peer_certificate(ssl) to verify as it will
have been removed from the chain before it was put in the cache.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95603 13f79535-47bb-0310-9956-ffa450edef68
Obtained from:
Submitted by:
Reviewed by:
allow POST method over SSL when per-directory client cert
authentication is used with 'SSLOptions +OptRenegotiate' enabled
and a client cert was found in the ssl session cache.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95602 13f79535-47bb-0310-9956-ffa450edef68
