mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-06 15:17:01 +02:00
Code Issues Projects Releases Wiki Activity

BUG/MEDIUM: ssl: abort with the correct SSL error when SNI not found

Browse Source 
Since commit c2aae74 ("MEDIUM: ssl: Handle early data with OpenSSL
1.1.1"), the codepath of the clientHello callback changed, letting an
unknown SNI escape with a 'return 1' instead of passing through the
abort label.

An error was still emitted because the frontend continued the handshake
with the initial_ctx, which can't be used to achieve an handshake.
However, it had the ugly side effect of letting the request pass in the
case of a TLS resume. Which could be surprising when combining strict-sni
with the removing of a crt-list entry over the CLI for example. (like
its done in the ssl/new_del_ssl_crlfile.vtc reg-test).

This patch switches the code path of the allow_early and abort label, so
the default code path is the abort one, letting the clientHello returns
the correct SSL_AD_UNRECOGNIZED_NAME in case of errors.

Which means the client will now receive:

	OpenSSL error[0x14094458] ssl3_read_bytes: tlsv1 unrecognized name

Instead of:

	OpenSSL error[0x14094410] ssl3_read_bytes: sslv3 alert handshake failure

Which was the error emitted before HAProxy 1.8.

This patch must be carrefuly backported as far as 1.8 once we validated
its impact.
This commit is contained in:
William Lallemand 2021-11-18 17:46:26 +01:00
parent e18d4e8286
commit 7980dff10c
1 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/ssl_sock.c
View File

@ -2679,16 +2679,11 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock); HA_RWLOCK_RDLOCK(SNI_LOCK, &s->sni_lock);
ssl_sock_switchctx_set(ssl, s->default_ctx); ssl_sock_switchctx_set(ssl, s->default_ctx);
HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock); HA_RWLOCK_RDUNLOCK(SNI_LOCK, &s->sni_lock);
goto allow_early;
} }
allow_early:
#ifdef OPENSSL_IS_BORINGSSL /* other cases fallback on abort, if strict-sni is set but no node was found */
if (allow_early)
SSL_set_early_data_enabled(ssl, 1);
#else
if (!allow_early)
SSL_set_max_early_data(ssl, 0);
#endif
return 1;
abort: abort:
/* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */ /* abort handshake (was SSL_TLSEXT_ERR_ALERT_FATAL) */
conn->err_code = CO_ER_SSL_HANDSHAKE; conn->err_code = CO_ER_SSL_HANDSHAKE;
@ -2698,6 +2693,16 @@ int ssl_sock_switchctx_cbk(SSL *ssl, int *al, void *arg)
*al = SSL_AD_UNRECOGNIZED_NAME; *al = SSL_AD_UNRECOGNIZED_NAME;
return 0; return 0;
#endif #endif
allow_early:
#ifdef OPENSSL_IS_BORINGSSL
if (allow_early)
SSL_set_early_data_enabled(ssl, 1);
#else
if (!allow_early)
SSL_set_max_early_data(ssl, 0);
#endif
return 1;
} }
#else /* ! HAVE_SSL_CLIENT_HELLO_CB */ #else /* ! HAVE_SSL_CLIENT_HELLO_CB */