mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-14 15:34:35 +00:00
2ab88675ec
When support for passing SNI to the server was added in 1.6-dev3, there was no way to validate that the certificate presented by the server would really match the name requested in the SNI, which is quite a problem as it allows other (valid) certificates to be presented instead (when hitting the wrong server or due to a man in the middle). This patch adds the missing check against the value passed in the SNI. The "verifyhost" value keeps precedence if set. If no SNI is used and no verifyhost directive is specified, then the certificate name is not checked (this is unchanged). In order to extract the SNI value, it was necessary to make use of SSL_SESSION_get0_hostname(), which appeared in openssl 1.1.0. This is a trivial function which returns the value of s->tlsext_hostname, so it was provided in the compat layer for older versions. After some refinements from Emmanuel, it now builds with openssl 1.0.2, openssl 1.1.0 and boringssl. A test file was provided to ease testing all cases. After some careful observation period it may make sense to backport this to 1.7 and 1.6 as some users rightfully consider this limitation as a bug. Cc: Emmanuel Hocdet <manu@gandi.net> Signed-off-by: Willy Tarreau <w@1wt.eu>
196 lines
4.8 KiB
C
196 lines
4.8 KiB
C
#ifndef _PROTO_OPENSSL_COMPAT_H
|
|
#define _PROTO_OPENSSL_COMPAT_H
|
|
#include <openssl/crypto.h>
|
|
#include <openssl/ssl.h>
|
|
#include <openssl/x509.h>
|
|
#include <openssl/x509v3.h>
|
|
#include <openssl/x509.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/rand.h>
|
|
#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
|
|
#include <openssl/ocsp.h>
|
|
#endif
|
|
#ifndef OPENSSL_NO_DH
|
|
#include <openssl/dh.h>
|
|
#endif
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x0090800fL)
|
|
/* Functions present in OpenSSL 0.9.8, older not tested */
|
|
static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length)
|
|
{
|
|
*sid_length = sess->session_id_length;
|
|
return sess->session_id;
|
|
}
|
|
|
|
static inline X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc)
|
|
{
|
|
return sk_X509_NAME_ENTRY_value(name->entries, loc);
|
|
}
|
|
|
|
static inline ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
|
|
{
|
|
return ne->object;
|
|
}
|
|
|
|
static inline ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
|
|
{
|
|
return ne->value;
|
|
}
|
|
|
|
static inline int ASN1_STRING_length(const ASN1_STRING *x)
|
|
{
|
|
return x->length;
|
|
}
|
|
|
|
static inline int X509_NAME_entry_count(X509_NAME *name)
|
|
{
|
|
return sk_X509_NAME_ENTRY_num(name->entries)
|
|
}
|
|
|
|
static inline void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor)
|
|
{
|
|
*paobj = algor->algorithm;
|
|
}
|
|
|
|
#endif // OpenSSL < 0.9.8
|
|
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x1000000fL)
|
|
/* Functions introduced in OpenSSL 1.0.0 */
|
|
static inline int EVP_PKEY_base_id(const EVP_PKEY *pkey)
|
|
{
|
|
return EVP_PKEY_type(pkey->type);
|
|
}
|
|
|
|
/* minimal implementation based on the fact that the only known call place
|
|
* doesn't make use of other arguments.
|
|
*/
|
|
static inline int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub)
|
|
{
|
|
*ppkalg = pub->algor->algorithm;
|
|
return 1;
|
|
}
|
|
|
|
#ifndef X509_get_X509_PUBKEY
|
|
#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key
|
|
#endif
|
|
|
|
#endif
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
|
|
/*
|
|
* Functions introduced in OpenSSL 1.0.1
|
|
*/
|
|
static inline int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len)
|
|
{
|
|
s->sid_ctx_length = sid_ctx_len;
|
|
memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
|
|
return 1;
|
|
}
|
|
#endif
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
|
|
/*
|
|
* Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
|
|
*/
|
|
|
|
static inline const char *SSL_SESSION_get0_hostname(const SSL_SESSION *sess)
|
|
{
|
|
return sess->tlsext_hostname;
|
|
}
|
|
|
|
static inline const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length)
|
|
{
|
|
*sid_ctx_length = sess->sid_ctx_length;
|
|
return sess->sid_ctx;
|
|
}
|
|
|
|
static inline int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, unsigned int sid_len)
|
|
{
|
|
s->session_id_length = sid_len;
|
|
memcpy(s->session_id, sid, sid_len);
|
|
return 1;
|
|
}
|
|
|
|
#if (!defined OPENSSL_NO_OCSP)
|
|
static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
|
|
{
|
|
return single->certId;
|
|
}
|
|
#endif
|
|
|
|
static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
|
|
{
|
|
return ctx->default_passwd_callback;
|
|
}
|
|
|
|
static inline void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
|
|
{
|
|
return ctx->default_passwd_callback_userdata;
|
|
}
|
|
|
|
#ifndef OPENSSL_NO_DH
|
|
static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
|
|
{
|
|
/* Implements only the bare necessities for HAProxy */
|
|
dh->p = p;
|
|
dh->g = g;
|
|
return 1;
|
|
}
|
|
#endif
|
|
|
|
static inline const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
|
|
{
|
|
return x->data;
|
|
}
|
|
|
|
static inline X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
|
|
{
|
|
return x->cert_info->signature;
|
|
}
|
|
|
|
#endif
|
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
|
|
#define __OPENSSL_110_CONST__ const
|
|
#else
|
|
#define __OPENSSL_110_CONST__
|
|
#endif
|
|
|
|
#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
|
|
#undef OPENSSL_NO_SSL_TRACE
|
|
#define OPENSSL_NO_SSL_TRACE
|
|
#endif
|
|
|
|
#ifdef OPENSSL_IS_BORINGSSL
|
|
#define SSL_NO_GENERATE_CERTIFICATES
|
|
|
|
static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
|
|
{
|
|
return EVP_PKEY_type(pkey->type);
|
|
}
|
|
#endif
|
|
|
|
/* ERR_remove_state() was deprecated in 1.0.0 in favor of
|
|
* ERR_remove_thread_state(), which was in turn deprecated in
|
|
* 1.1.0 and does nothing anymore. Let's simply silently kill
|
|
* it.
|
|
*/
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
|
|
#undef ERR_remove_state
|
|
#define ERR_remove_state(x)
|
|
#endif
|
|
|
|
|
|
/* RAND_pseudo_bytes() is deprecated in 1.1.0 in favor of RAND_bytes(). Note
|
|
* that the return codes differ, but it happens that the only use case (ticket
|
|
* key update) was already wrong, considering a non-cryptographic random as a
|
|
* failure.
|
|
*/
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
|
|
#undef RAND_pseudo_bytes
|
|
#define RAND_pseudo_bytes(x,y) RAND_bytes(x,y)
|
|
#endif
|
|
|
|
#endif /* _PROTO_OPENSSL_COMPAT_H */
|