mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-11-13 06:51:00 +01:00
96c7b8dbd2
This patch fixes the commit 2ab8867 ("MINOR: ssl: compare server certificate
names to the SNI on outgoing connections")
When we check the certificate sent by a server, in the verify callback, we get
the SNI from the session (SSL_SESSION object). In OpenSSL, tlsext_hostname value
for this session is copied from the ssl connection (SSL object). But the copy is
done only if the "server_name" extension is found in the server hello
message. This means the server has found a certificate matching the client's
SNI.
When the server returns a default certificate not matching the client's SNI, it
doesn't set any "server_name" extension in the server hello message. So no SNI
is set on the SSL session and SSL_SESSION_get0_hostname always returns NULL.
To fix the problemn, we get the SNI directly from the SSL connection. It is
always defined with the value set by the client.
If the commit 2ab8867 is backported in 1.7 and/or 1.6, this one must be
backported too.
Note: it's worth mentionning that by making the SNI check work, we
introduce another problem by which failed SNI checks can cause
long connection retries on the server, and in certain cases the
SNI value used comes from the client. So this patch series must
not be backported until this issue is resolved.
200 lines
4.9 KiB
C
200 lines
4.9 KiB
C
#ifndef _PROTO_OPENSSL_COMPAT_H
|
|
#define _PROTO_OPENSSL_COMPAT_H
|
|
#include <openssl/crypto.h>
|
|
#include <openssl/ssl.h>
|
|
#include <openssl/x509.h>
|
|
#include <openssl/x509v3.h>
|
|
#include <openssl/x509.h>
|
|
#include <openssl/err.h>
|
|
#include <openssl/rand.h>
|
|
#if (defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB && !defined OPENSSL_NO_OCSP)
|
|
#include <openssl/ocsp.h>
|
|
#endif
|
|
#ifndef OPENSSL_NO_DH
|
|
#include <openssl/dh.h>
|
|
#endif
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x0090800fL)
|
|
/* Functions present in OpenSSL 0.9.8, older not tested */
|
|
static inline const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *sess, unsigned int *sid_length)
|
|
{
|
|
*sid_length = sess->session_id_length;
|
|
return sess->session_id;
|
|
}
|
|
|
|
static inline X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc)
|
|
{
|
|
return sk_X509_NAME_ENTRY_value(name->entries, loc);
|
|
}
|
|
|
|
static inline ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
|
|
{
|
|
return ne->object;
|
|
}
|
|
|
|
static inline ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
|
|
{
|
|
return ne->value;
|
|
}
|
|
|
|
static inline int ASN1_STRING_length(const ASN1_STRING *x)
|
|
{
|
|
return x->length;
|
|
}
|
|
|
|
static inline int X509_NAME_entry_count(X509_NAME *name)
|
|
{
|
|
return sk_X509_NAME_ENTRY_num(name->entries)
|
|
}
|
|
|
|
static inline void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, const void **ppval, const X509_ALGOR *algor)
|
|
{
|
|
*paobj = algor->algorithm;
|
|
}
|
|
|
|
#endif // OpenSSL < 0.9.8
|
|
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x1000000fL)
|
|
/* Functions introduced in OpenSSL 1.0.0 */
|
|
static inline int EVP_PKEY_base_id(const EVP_PKEY *pkey)
|
|
{
|
|
return EVP_PKEY_type(pkey->type);
|
|
}
|
|
|
|
/* minimal implementation based on the fact that the only known call place
|
|
* doesn't make use of other arguments.
|
|
*/
|
|
static inline int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub)
|
|
{
|
|
*ppkalg = pub->algor->algorithm;
|
|
return 1;
|
|
}
|
|
|
|
#ifndef X509_get_X509_PUBKEY
|
|
#define X509_get_X509_PUBKEY(x) ((x)->cert_info->key
|
|
#endif
|
|
|
|
#endif
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
|
|
/*
|
|
* Functions introduced in OpenSSL 1.0.1
|
|
*/
|
|
static inline int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len)
|
|
{
|
|
s->sid_ctx_length = sid_ctx_len;
|
|
memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
|
|
return 1;
|
|
}
|
|
#endif
|
|
|
|
#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
|
|
/*
|
|
* Functions introduced in OpenSSL 1.1.0 and not yet present in LibreSSL
|
|
*/
|
|
|
|
static inline const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length)
|
|
{
|
|
*sid_ctx_length = sess->sid_ctx_length;
|
|
return sess->sid_ctx;
|
|
}
|
|
|
|
static inline int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid, unsigned int sid_len)
|
|
{
|
|
s->session_id_length = sid_len;
|
|
memcpy(s->session_id, sid, sid_len);
|
|
return 1;
|
|
}
|
|
|
|
#if (!defined OPENSSL_NO_OCSP)
|
|
static inline const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
|
|
{
|
|
return single->certId;
|
|
}
|
|
#endif
|
|
|
|
static inline pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
|
|
{
|
|
return ctx->default_passwd_callback;
|
|
}
|
|
|
|
static inline void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
|
|
{
|
|
return ctx->default_passwd_callback_userdata;
|
|
}
|
|
|
|
#ifndef OPENSSL_NO_DH
|
|
static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
|
|
{
|
|
/* Implements only the bare necessities for HAProxy */
|
|
dh->p = p;
|
|
dh->g = g;
|
|
return 1;
|
|
}
|
|
#endif
|
|
|
|
static inline const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
|
|
{
|
|
return x->data;
|
|
}
|
|
|
|
static inline X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
|
|
{
|
|
return x->cert_info->signature;
|
|
}
|
|
|
|
#endif
|
|
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
|
|
#define __OPENSSL_110_CONST__ const
|
|
#else
|
|
#define __OPENSSL_110_CONST__
|
|
#endif
|
|
|
|
#if defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
|
|
#undef OPENSSL_NO_SSL_TRACE
|
|
#define OPENSSL_NO_SSL_TRACE
|
|
#endif
|
|
|
|
#ifdef OPENSSL_IS_BORINGSSL
|
|
#define SSL_NO_GENERATE_CERTIFICATES
|
|
|
|
static inline int EVP_PKEY_base_id(EVP_PKEY *pkey)
|
|
{
|
|
return EVP_PKEY_type(pkey->type);
|
|
}
|
|
#endif
|
|
|
|
/* ERR_remove_state() was deprecated in 1.0.0 in favor of
|
|
* ERR_remove_thread_state(), which was in turn deprecated in
|
|
* 1.1.0 and does nothing anymore. Let's simply silently kill
|
|
* it.
|
|
*/
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
|
|
#undef ERR_remove_state
|
|
#define ERR_remove_state(x)
|
|
#endif
|
|
|
|
|
|
/* RAND_pseudo_bytes() is deprecated in 1.1.0 in favor of RAND_bytes(). Note
|
|
* that the return codes differ, but it happens that the only use case (ticket
|
|
* key update) was already wrong, considering a non-cryptographic random as a
|
|
* failure.
|
|
*/
|
|
#if (OPENSSL_VERSION_NUMBER >= 0x1010000fL)
|
|
#undef RAND_pseudo_bytes
|
|
#define RAND_pseudo_bytes(x,y) RAND_bytes(x,y)
|
|
#endif
|
|
|
|
|
|
/* Signature from RFC 5246, missing in openssl < 1.0.1 */
|
|
#ifndef TLSEXT_signature_anonymous
|
|
#define TLSEXT_signature_anonymous 0
|
|
#define TLSEXT_signature_rsa 1
|
|
#define TLSEXT_signature_dsa 2
|
|
#define TLSEXT_signature_ecdsa 3
|
|
#endif
|
|
|
|
#endif /* _PROTO_OPENSSL_COMPAT_H */
|