Commit Graph

206 Commits

Author SHA1 Message Date
Ruslan Ermilov
7ad57da598 Style. 2016-03-30 11:52:16 +03:00
Maxim Dounin
7b232ef5aa SSL: avoid calling SSL_shutdown() during handshake (ticket #901).
This fixes "called a function you should not call" and
"shutdown while in init" errors as observed with OpenSSL 1.0.2f
due to changes in how OpenSSL handles SSL_shutdown() during
SSL handshakes.
2016-02-19 17:27:30 +03:00
Maxim Dounin
89d3762863 SSL: fixed SSL_shutdown() comment. 2016-02-19 17:27:23 +03:00
Maxim Dounin
a6befbb40f SSL: preserve default server context in connection (ticket #235).
This context is needed for shared sessions cache to work in configurations
with multiple virtual servers sharing the same port.  Unfortunately, OpenSSL
does not provide an API to access the session context, thus storing it
separately.

In collaboration with Vladimir Homutov.
2015-10-19 21:22:38 +03:00
Vladimir Homutov
645697f111 SSL: handled long string truncation in ngx_ssl_error().
If no space left in buffer after adding formatting symbols, error message
could be left without terminating null.  The fix is to output message using
actual length.
2015-10-07 22:19:42 +03:00
Maxim Dounin
4bab18f63d SSL: compatibility with OpenSSL master branch.
RAND_pseudo_bytes() is deprecated in the OpenSSL master branch, so the only
use was changed to RAND_bytes().  Access to internal structures is no longer
possible, so now we don't try to set SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS even
if it's defined.
2015-09-24 17:19:08 +03:00
Maxim Dounin
47c44355b5 SSL: use of SSL_MODE_NO_AUTO_CHAIN.
The SSL_MODE_NO_AUTO_CHAIN mode prevents OpenSSL from automatically
building a certificate chain on the fly if there is no certificate chain
explicitly provided.  Before this change, certificates provided via the
ssl_client_certificate and ssl_trusted_certificate directives were
used by OpenSSL to automatically build certificate chains, resulting
in unexpected (and in some cases unneeded) chains being sent to clients.
2015-03-23 02:42:35 +03:00
Maxim Dounin
b0d8ff55a1 SSL: clear protocol options.
LibreSSL 2.1.1+ started to set SSL_OP_NO_SSLv3 option by default on
new contexts.  This makes sure to clear it to make it possible to use SSLv3
with LibreSSL if enabled in nginx config.

Prodded by Kuramoto Eiji.
2015-03-23 02:42:32 +03:00
Ruslan Ermilov
c2c9a1c03e SSL: account sent bytes in ngx_ssl_write(). 2015-02-24 23:52:47 +03:00
Lukas Tribus
cf92831131 SSL: safeguard use of SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS.
The flag was recently removed by BoringSSL.
2014-12-17 15:12:50 +01:00
Dmitrii Pichulin
cf5013dd3f SSL: loading certificate keys via ENGINE_load_private_key(). 2014-08-04 11:03:20 +04:00
Maxim Dounin
1fd4cd0b96 SSL: logging level of "inappropriate fallback" (ticket #662).
Patch by Erik Dubbelboer.
2014-11-17 16:38:48 +03:00
Sergey Kandaurov
33f5555940 SSL: simplified ssl_password_file error handling.
Instead of collecting a number of the possible SSL_CTX_use_PrivateKey_file()
error codes that becomes more and more difficult with the rising variety of
OpenSSL versions and its derivatives, just continue with the next password.

Multiple passwords in a single ssl_password_file feature was broken after
recent OpenSSL changes (commit 4aac102f75b517bdb56b1bcfd0a856052d559f6e).

Affected OpenSSL releases: 0.9.8zc, 1.0.0o, 1.0.1j and 1.0.2-beta3.

Reported by Piotr Sikora.
2014-10-24 04:28:00 -07:00
Roman Arutyunyan
0989d63f06 Core: added limit to recv_chain(). 2014-10-28 12:29:58 +03:00
Maxim Dounin
6ec0f4d85b SSL: session id context now includes certificate hash.
This prevents inappropriate session reuse in unrelated server{}
blocks, while preserving ability to restore sessions on other servers
when using TLS Session Tickets.

Additionally, session context is now set even if there is no session cache
configured.  This is needed as it's also used for TLS Session Tickets.

Thanks to Antoine Delignat-Lavaud and Piotr Sikora.
2014-09-15 17:59:47 +04:00
Piotr Sikora
2af7181b3b SSL: guard use of all SSL options for bug workarounds.
Some of the OpenSSL forks (read: BoringSSL) started removing unused,
no longer necessary and/or not really working bug workarounds along
with the SSL options and defines for them.

Instead of fixing nginx build after each removal, be proactive
and guard use of all SSL options for bug workarounds.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-09-03 14:49:55 -07:00
Piotr Sikora
9ed633b930 SSL: let it build against LibreSSL.
LibreSSL developers decided that LibreSSL is OpenSSL-2.0.0, so tests
for OpenSSL-1.0.2+ are now passing, even though the library doesn't
provide functions that are expected from that version of OpenSSL.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-07-30 04:32:16 -07:00
Piotr Sikora
0dcfca0301 SSL: let it build against BoringSSL.
This change adds support for using BoringSSL as a drop-in replacement
for OpenSSL without adding support for any of the BoringSSL-specific
features.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-07-30 04:32:15 -07:00
Piotr Sikora
a57394b3e9 SSL: fix build with OPENSSL_NO_ENGINE and/or OPENSSL_NO_OCSP.
This is really just a prerequisite for building against BoringSSL,
which doesn't provide either of those features.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-07-28 12:27:57 -07:00
Maxim Dounin
8639e17f94 SSL: misplaced space in debug message. 2014-07-28 18:30:18 +04:00
Piotr Sikora
79c55b2cca SSL: fix build with recent OpenSSL.
X509_check_host() prototype changed recently:
- http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ced3d91
- http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=297c67f

Bump version requirement, so that OpenSSL-1.0.2-beta1 uses fallback code.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-07-09 12:27:15 -07:00
Piotr Sikora
a02ca8e173 Style: use ngx_memcpy() instead of memcpy().
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-07-08 03:03:14 -07:00
Piotr Sikora
d224ed7eea SSL: stop accessing SSL_SESSION's fields directly.
SSL_SESSION struct is internal part of the OpenSSL library and it's fields
should be accessed via API (when exposed), not directly.

The unfortunate side-effect of this change is that we're losing reference
count that used to be printed at the debug log level, but this seems to be
an acceptable trade-off.

Almost fixes build with -DOPENSSL_NO_SSL_INTERN.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-07-06 16:41:14 -07:00
Maxim Dounin
ce64398751 SSL: fixed build with OPENSSL_NO_DEPRECATED defined.
The RSA_generate_key() is marked as deprecated and causes build to
fail.  On the other hand, replacement function, RSA_generate_key_ex(),
requires much more code.  Since RSA_generate_key() is only needed
for barely usable EXP ciphers, the #ifdef was added instead.

Prodded by Piotr Sikora.
2014-07-09 04:08:13 +04:00
Piotr Sikora
bd058b9d24 SSL: return temporary RSA key only when the key length matches.
This change is mostly cosmetic, because in practice this callback
is used only for 512-bit RSA keys.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-07-06 16:41:13 -07:00
Maxim Dounin
d9152910d3 SSL: logging level of "peer closed connection in SSL handshake".
Previously, the NGX_LOG_INFO level was used unconditionally.  This is
correct for client SSL connections, but too low for connections to
upstream servers.  To resolve this, ngx_connection_error() now used
to log this error, it will select logging level appropriately.

With this change, if an upstream connection is closed during SSL
handshake, it is now properly logged at "error" level.
2014-07-04 22:14:36 +04:00
Valentin Bartenev
9f8785ae5e SSL: the "ssl_password_file" directive. 2014-06-16 19:43:25 +04:00
Sergey Budnevitch
27899a923a SSL: $ssl_client_fingerprint variable. 2014-05-20 14:03:03 +04:00
Maxim Dounin
6898a634d3 SSL: explicit handling of empty names.
X509_check_host() can't handle non null-terminated names with zero length,
so make sure to fail before calling it.
2014-04-23 20:31:31 +04:00
Maxim Dounin
0fd4f76e68 SSL: added explicit check for ngx_strlchr() result. 2014-04-22 14:02:45 +04:00
Maxim Dounin
27475dd7ee Upstream: proxy_ssl_verify and friends. 2014-04-18 20:13:30 +04:00
Maxim Dounin
6c9c973aa7 SSL: $ssl_server_name variable. 2014-04-18 20:13:21 +04:00
Maxim Dounin
583821c547 SSL: fixed misuse of NGX_LOG_DEBUG_HTTP. 2014-04-18 20:13:14 +04:00
Maxim Dounin
55bef30474 Win32: fixed shared ssl_session_cache (ticket #528).
In a worker process shm_zone->data was set to NULL instead of a proper value
extracted from shared memory.
2014-04-07 18:55:57 +04:00
Maxim Dounin
23f6689846 Core: slab log_nomem flag.
The flag allows to suppress "ngx_slab_alloc() failed: no memory" messages
from a slab allocator, e.g., if an LRU expiration is used by a consumer
and allocation failures aren't fatal.

The flag is now used in the SSL session cache code, and in the limit_req
module.
2014-03-31 21:38:30 +04:00
Maxim Dounin
381d507467 SSL: the $ssl_session_reused variable. 2014-02-11 19:20:25 +04:00
Maxim Dounin
1ebb44e3e3 SSL: fixed $ssl_session_id possible segfault after 97e3769637a7.
Even during execution of a request it is possible that there will be
no session available, notably in case of renegotiation.  As a result
logging of $ssl_session_id in some cases caused NULL pointer dereference
after revision 97e3769637a7 (1.5.9).  The check added returns an empty
string if there is no session available.
2014-01-23 18:32:26 +04:00
Maxim Dounin
096bcd03c3 SSL: fixed $ssl_session_id variable.
Previously, it used to contain full session serialized instead of just
a session id, making it almost impossible to use the variable in a safe
way.

Thanks to Ivan Ristić.
2014-01-22 16:05:06 +04:00
Maxim Dounin
37b7de6df7 SSL: ssl_buffer_size directive. 2013-12-20 16:18:25 +04:00
Maxim Dounin
067c1d2a4f SSL: fixed c->read->ready handling in ngx_ssl_recv().
If c->read->ready was reset, but later some data were read from a socket
buffer due to a call to ngx_ssl_recv(), the c->read->ready flag should
be restored if not all data were read from OpenSSL buffers (as kernel
won't notify us about the data anymore).

More details are available here:
http://mailman.nginx.org/pipermail/nginx/2013-November/041178.html
2013-11-29 17:16:06 +04:00
Piotr Sikora
79be6a5462 SSL: added ability to set keys used for Session Tickets (RFC5077).
In order to support key rollover, ssl_session_ticket_key can be defined
multiple times. The first key will be used to issue and resume Session
Tickets, while the rest will be used only to resume them.

    ssl_session_ticket_key  session_tickets/current.key;
    ssl_session_ticket_key  session_tickets/prev-1h.key;
    ssl_session_ticket_key  session_tickets/prev-2h.key;

Please note that nginx supports Session Tickets even without explicit
configuration of the keys and this feature should be only used in setups
where SSL traffic is distributed across multiple nginx servers.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2013-10-11 16:05:24 -07:00
Maxim Dounin
a8ad0c02cc SSL: SSL_CTX_set_timeout() now always called.
The timeout set is used by OpenSSL as a hint for clients in TLS Session
Tickets.  Previous code resulted in a default timeout (5m) used for TLS
Sessions Tickets if there was no session cache configured.

Prodded by Piotr Sikora.
2013-10-14 13:59:35 +04:00
Maxim Dounin
87a607a031 SSL: fixed build with OpenSSL 0.9.7.
SSL_get_rbio() and SSL_get_wbio() functions used to get non-const pointer
in OpenSSL 0.9.7, hence an explicit cast added to drop const qualifier.
2013-10-14 13:44:09 +04:00
Maxim Dounin
af897b7f03 SSL: adjust buffer used by OpenSSL during handshake (ticket #413). 2013-09-27 19:39:33 +04:00
Piotr Sikora
0a5124502d SSL: fixed possible memory and file descriptor leak on HUP signal.
The problem appeared in 386a06a22c40 (1.3.7).

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2013-09-18 16:51:30 -07:00
Piotr Sikora
29ea1273fe SSL: guard use of SSL_OP_MSIE_SSLV2_RSA_PADDING.
This option had no effect since 0.9.7h / 0.9.8b and it was removed
in recent OpenSSL.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2013-09-16 14:24:38 -07:00
Maxim Dounin
3d1e616d0b SSL: clear error queue after SSL_CTX_load_verify_locations().
The SSL_CTX_load_verify_locations() may leave errors in the error queue
while returning success (e.g. if there are duplicate certificates in the file
specified), resulting in "ignoring stale global SSL error" alerts later
at runtime.
2013-09-04 21:17:02 +04:00
Maxim Dounin
e3cab76758 Backed out f1a91825730a and 7094bd12c1ff.
While ngx_get_full_name() might have a bit more descriptive arguments,
the ngx_conf_full_name() is generally easier to use when parsing
configuration and limits exposure of cycle->prefix / cycle->conf_prefix
details.
2013-08-20 21:11:19 +04:00
Valentin Bartenev
d29d21bade Replaced ngx_conf_full_name() with ngx_get_full_name().
The ngx_get_full_name() function takes more readable arguments list.
2013-08-06 19:58:40 +04:00
Piotr Sikora
407c831116 Style: replace SSL *ssl with ngx_ssl_conn_t *ssl_conn.
No functional changes.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2013-05-21 18:45:07 -07:00