You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2014/04/21 23:14:22 UTC
svn commit: r1588987 [2/3] - in /httpd/httpd/trunk: ./ docs/manual/mod/
docs/manual/programs/ modules/ssl/ support/
Added: httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c?rev=1588987&view=auto
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c (added)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl_ct.c Mon Apr 21 21:14:21 2014
@@ -0,0 +1,2979 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * Issues
+ *
+ * + Major limitations
+ * . ???
+ *
+ * + Known low-level code kludges/problems
+ * . proxy: an httpd child process validates SCTs from a server only on the
+ * first time the data is received; but it could fail once due to invalid
+ * timestamp and succeed later after time elapses; fixit!
+ * . server: shouldn't have to read file of server SCTs on every handshake
+ * . split mod_ssl_ct.c into more pieces
+ * . research: Is it possible to send an SCT that is outside of the known
+ * valid interval for the log?
+ */
+
+#if defined(WIN32)
+#define HAVE_SCT_DAEMON_THREAD
+#else
+#define HAVE_SCT_DAEMON_CHILD
+#endif
+
+#include <limits.h>
+
+#if defined(HAVE_SCT_DAEMON_CHILD)
+#include <unistd.h>
+#endif
+
+#include "apr_version.h"
+#if !APR_VERSION_AT_LEAST(1,5,0)
+#error mod_ssl_ct requires APR 1.5.0 or later! (for apr_escape.h)
+#endif
+
+#include "apr_escape.h"
+#include "apr_global_mutex.h"
+#include "apr_signal.h"
+#include "apr_strings.h"
+#include "apr_thread_rwlock.h"
+
+#include "apr_dbd.h"
+
+#include "httpd.h"
+#include "http_config.h"
+#include "http_core.h"
+#include "http_log.h"
+#include "http_main.h"
+#include "http_protocol.h"
+#include "mpm_common.h"
+#include "util_mutex.h"
+#include "ap_listen.h"
+#include "ap_mpm.h"
+
+#if AP_NEED_SET_MUTEX_PERMS
+#include "unixd.h"
+#endif
+
+#include "mod_proxy.h"
+#include "mod_ssl.h"
+#include "mod_ssl_openssl.h"
+
+#include "ssl_ct_util.h"
+#include "ssl_ct_sct.h"
+
+#include "openssl/x509v3.h"
+#include "openssl/ocsp.h"
+
+#if OPENSSL_VERSION_NUMBER < 0x10002001L
+#error "mod_ssl_ct requires OpenSSL 1.0.2-beta1 or later"
+#endif
+
+#ifdef WIN32
+#define DOTEXE ".exe"
+#else
+#define DOTEXE ""
+#endif
+
+#define STATUS_VAR "SSL_CT_PEER_STATUS"
+#define STATUS_VAR_AWARE_VAL "peer-aware"
+#define STATUS_VAR_UNAWARE_VAL "peer-unaware"
+
+#define PROXY_SCT_SOURCES_VAR "SSL_PROXY_SCT_SOURCES"
+
+#define DAEMON_NAME "SCT maintenance daemon"
+#define DAEMON_THREAD_NAME DAEMON_NAME " thread"
+#define SERVICE_THREAD_NAME "service thread"
+
+/** Limit on size of stored SCTs for a certificate (individual SCTs as well
+ * as size of all.
+ */
+#define MAX_SCTS_SIZE 10000
+
+/** Limit on size of log URL list for a certificate
+ */
+#define MAX_LOGLIST_SIZE 1000
+
+typedef struct ct_server_config {
+ apr_array_header_t *db_log_config;
+ apr_pool_t *db_log_config_pool;
+ apr_array_header_t *static_log_config;
+ apr_array_header_t *server_cert_info; /* ct_server_cert_info */
+ apr_hash_t *static_cert_sct_dirs;
+ const char *sct_storage;
+ const char *audit_storage;
+ const char *ct_exe;
+ const char *log_config_fname;
+ apr_time_t max_sct_age;
+ int max_sh_sct;
+#define PROXY_AWARENESS_UNSET -1
+#define PROXY_OBLIVIOUS 1
+#define PROXY_AWARE 2 /* default */
+#define PROXY_REQUIRE 3
+ int proxy_awareness;
+} ct_server_config;
+
+typedef struct ct_conn_config {
+ int peer_ct_aware;
+ /* proxy mode only */
+ cert_chain *certs;
+ int server_cert_has_sct_list;
+ void *cert_sct_list;
+ apr_size_t cert_sct_list_size;
+ int serverhello_has_sct_list;
+ void *serverhello_sct_list;
+ apr_size_t serverhello_sct_list_size;
+ int ocsp_has_sct_list;
+ void *ocsp_sct_list;
+ apr_size_t ocsp_sct_list_size;
+ apr_array_header_t *all_scts; /* array of ct_sct_data */
+} ct_conn_config;
+
+typedef struct ct_server_cert_info {
+ const char *fingerprint;
+ const char *sct_dir;
+} ct_server_cert_info;
+
+typedef struct ct_sct_data {
+ const void *data;
+ apr_uint16_t len;
+} ct_sct_data;
+
+typedef struct ct_callback_info {
+ server_rec *s;
+ conn_rec *c;
+ ct_conn_config *conncfg;
+} ct_callback_info;
+
+typedef struct ct_cached_server_data {
+ apr_status_t validation_result;
+} ct_cached_server_data;
+
+/* the log configuration in use -- either db_log_config or static_log_config */
+static apr_array_header_t *active_log_config;
+
+module AP_MODULE_DECLARE_DATA ssl_ct_module;
+
+#define SSL_CT_MUTEX_TYPE "ssl-ct-sct-update"
+
+static apr_global_mutex_t *ssl_ct_sct_update;
+
+static int refresh_all_scts(server_rec *s_main, apr_pool_t *p,
+ apr_array_header_t *log_config);
+
+static apr_thread_t *service_thread;
+
+static apr_hash_t *cached_server_data;
+
+static const char *audit_fn_perm, *audit_fn_active;
+static apr_file_t *audit_file;
+static int audit_file_nonempty;
+static apr_thread_mutex_t *audit_file_mutex;
+static apr_thread_mutex_t *cached_server_data_mutex;
+static apr_thread_rwlock_t *log_config_rwlock;
+
+#ifdef HAVE_SCT_DAEMON_CHILD
+
+/* The APR other-child API doesn't tell us how the daemon exited
+ * (SIGSEGV vs. exit(1)). The other-child maintenance function
+ * needs to decide whether to restart the daemon after a failure
+ * based on whether or not it exited due to a fatal startup error
+ * or something that happened at steady-state. This exit status
+ * is unlikely to collide with exit signals.
+ */
+#define DAEMON_STARTUP_ERROR 254
+
+static int daemon_start(apr_pool_t *p, server_rec *main_server, apr_proc_t *procnew);
+static server_rec *root_server = NULL;
+static apr_pool_t *root_pool = NULL;
+static pid_t daemon_pid;
+static int daemon_should_exit = 0;
+
+#endif /* HAVE_SCT_DAEMON_CHILD */
+
+static apr_pool_t *pdaemon = NULL;
+
+#ifdef HAVE_SCT_DAEMON_THREAD
+static apr_thread_t *daemon_thread;
+#endif /* HAVE_SCT_DAEMON_THREAD */
+
+static const char *get_cert_fingerprint(apr_pool_t *p, const X509 *x)
+{
+ const EVP_MD *digest;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ unsigned int n;
+ digest = EVP_get_digestbyname("sha256");
+ X509_digest(x, digest, md, &n);
+
+ return apr_pescape_hex(p, md, n, 0);
+}
+
+/* a server's SCT-related storage on disk:
+ *
+ * <rootdir>/<fingerprint>/servercerts.pem
+ * Concatenation of leaf certificate and any
+ * configured intermediate certificates
+ *
+ * <rootdir>/<fingerprint>/logs
+ * List of log URLs, one per line; this is
+ * used to recognize when a log URL configuration
+ * change makes our current SCT set invalid
+ *
+ * <rootdir>/<fingerprint>/AUTO_hostname_port_uri.sct
+ * SCT for cert with this fingerprint
+ * from this log (could be any number
+ * of these)
+ *
+ * <rootdir>/<fingerprint>/<anything>.sct
+ * (file is optional; could be any number
+ * of these; should not start with "AUTO_")
+ * Note that the administrator should store
+ * statically maintained SCTs in a different
+ * directory for the server certificate (specified
+ * by the CTStaticSCTs directive). A hypothetical
+ * external mechanism for maintaining SCTs following
+ * some other model could store them here for use
+ * by the server.
+ *
+ * <rootdir>/<fingerprint>/collated
+ * one or more SCTs ready to send
+ * (this is all that the web server
+ * processes care about)
+ *
+ * Additionally, the CTStaticSCTs directive specifies a certificate-
+ * specific directory of statically-maintained SCTs to be sent.
+ */
+
+#define SERVERCERTS_BASENAME "servercerts.pem"
+#define COLLATED_SCTS_BASENAME "collated"
+#define LOGLIST_BASENAME "logs"
+#define LOG_SCT_PREFIX "AUTO_" /* to distinguish from admin-created .sct
+ * files
+ */
+
+static apr_status_t collate_scts(server_rec *s, apr_pool_t *p,
+ const char *cert_sct_dir,
+ const char *static_cert_sct_dir,
+ int max_sh_sct)
+{
+ /* Read the various .sct files and stick them together in a single file */
+ apr_array_header_t *arr;
+ apr_status_t rv, tmprv;
+ apr_file_t *tmpfile;
+ apr_size_t bytes_written;
+ apr_uint16_t overall_len = 0;
+ char *tmp_collated_fn, *collated_fn;
+ const char *cur_sct_file;
+ const char * const *elts;
+ int i, scts_written = 0, skipped = 0;
+
+ rv = ctutil_path_join(&collated_fn, cert_sct_dir, COLLATED_SCTS_BASENAME, p, s);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ /* Note: We rebuild the file that combines the SCTs every time this
+ * code runs, even if no individual SCTs are new (or at least
+ * re-fetched).
+ * That allows the admin to see the last processing by looking
+ * at the timestamp.
+ * Rechecking even if no SCTs are new allows SCTs which were not
+ * yet valid originally (just submitted to a log) to be used as
+ * soon as practical.
+ */
+ tmp_collated_fn = apr_pstrcat(p, collated_fn, ".tmp", NULL);
+
+ rv = apr_file_open(&tmpfile, tmp_collated_fn,
+ APR_FOPEN_WRITE|APR_FOPEN_CREATE|APR_FOPEN_TRUNCATE
+ |APR_FOPEN_BINARY|APR_FOPEN_BUFFERED,
+ APR_FPROT_OS_DEFAULT, p);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "can't create %s", tmp_collated_fn);
+ return rv;
+ }
+
+ /* stick a 0 len (for the list) at the start of the file;
+ * we'll have to patch that later
+ */
+ rv = ctutil_file_write_uint16(s, tmpfile, overall_len);
+ if (rv != APR_SUCCESS) {
+ apr_file_close(tmpfile);
+ return rv;
+ }
+
+ arr = NULL; /* Build list from scratch, creating array */
+ rv = ctutil_read_dir(p, s, cert_sct_dir, "*.sct", &arr);
+ if (rv != APR_SUCCESS) {
+ apr_file_close(tmpfile);
+ return rv;
+ }
+
+ if (static_cert_sct_dir) {
+ /* Add in any SCTs that the administrator has configured */
+ rv = ctutil_read_dir(p, s, static_cert_sct_dir, "*.sct", &arr);
+ if (rv != APR_SUCCESS) {
+ apr_file_close(tmpfile);
+ return rv;
+ }
+ }
+
+ elts = (const char * const *)arr->elts;
+
+ for (i = 0; i < arr->nelts; i++) {
+ char *scts;
+ apr_size_t scts_size_wide;
+ apr_uint16_t scts_size;
+ sct_fields_t fields;
+
+ cur_sct_file = elts[i];
+
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+ "Adding SCT from file %s", cur_sct_file);
+
+ rv = ctutil_read_file(p, s, cur_sct_file, MAX_SCTS_SIZE, &scts,
+ &scts_size_wide);
+ if (rv != APR_SUCCESS) {
+ break;
+ }
+ ap_assert(scts_size_wide <= USHRT_MAX);
+ scts_size = (apr_uint16_t)scts_size_wide;
+
+ rv = sct_parse(cur_sct_file,
+ s, (const unsigned char *)scts, scts_size, NULL, &fields);
+ if (rv != APR_SUCCESS) {
+ sct_release(&fields);
+ break;
+ }
+
+ /* If the SCT has a timestamp in the future, it may have just been
+ * created by the log.
+ */
+ if (fields.time > apr_time_now()) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
+ "SCT in file %s has timestamp in future (%s), skipping",
+ cur_sct_file, fields.timestr);
+ sct_release(&fields);
+ continue;
+ }
+
+ sct_release(&fields);
+
+ /* Only now do we know that the SCT is valid to send, so
+ * see if it has to be skipped by configured limit.
+ */
+ if (scts_written >= max_sh_sct) {
+ skipped++;
+ continue;
+ }
+
+ overall_len += scts_size + 2; /* include size header */
+
+ rv = ctutil_file_write_uint16(s, tmpfile, (apr_uint16_t)scts_size);
+ if (rv != APR_SUCCESS) {
+ break;
+ }
+
+ rv = apr_file_write_full(tmpfile, scts, scts_size, &bytes_written);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "can't write %hu bytes to %s",
+ scts_size, tmp_collated_fn);
+ break;
+ }
+
+ scts_written++;
+ }
+
+ if (rv == APR_SUCCESS && skipped) {
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+ "SCTs sent in ServerHello are limited to %d by "
+ "CTServerHelloSCTLimit (ignoring %d)",
+ max_sh_sct,
+ skipped);
+ }
+
+ if (rv == APR_SUCCESS) {
+ apr_off_t offset = 0;
+
+ rv = apr_file_seek(tmpfile, APR_SET, &offset);
+ if (rv == APR_SUCCESS) {
+ rv = ctutil_file_write_uint16(s, tmpfile, overall_len);
+ }
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "could not write the SCT list length at the start of the file");
+ }
+ }
+
+ tmprv = apr_file_close(tmpfile);
+ if (tmprv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, tmprv, s,
+ "error flushing and closing %s", tmp_collated_fn);
+ if (rv == APR_SUCCESS) {
+ rv = tmprv;
+ }
+ }
+
+ if (rv == APR_SUCCESS && scts_written) {
+ int replacing = ctutil_file_exists(p, collated_fn);
+
+ if (replacing) {
+ if ((rv = apr_global_mutex_lock(ssl_ct_sct_update)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "global mutex lock failed");
+ return rv;
+ }
+ apr_file_remove(collated_fn, p);
+ }
+ rv = apr_file_rename(tmp_collated_fn, collated_fn, p);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
+ "couldn't rename %s to %s, no SCTs to send for now",
+ tmp_collated_fn, collated_fn);
+ }
+ if (replacing) {
+ if ((tmprv = apr_global_mutex_unlock(ssl_ct_sct_update)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, tmprv, s,
+ "global mutex unlock failed");
+ if (rv == APR_SUCCESS) {
+ rv = tmprv;
+ }
+ }
+ }
+ }
+
+ return rv;
+}
+
+static const char *url_to_fn(apr_pool_t *p, const apr_uri_t *log_url)
+{
+ char *fn = apr_psprintf(p, LOG_SCT_PREFIX "%s_%s_%s.sct",
+ log_url->hostname, log_url->port_str, log_url->path);
+ char *ch;
+
+ ch = fn;
+ while (*ch) {
+ switch(*ch) {
+ /* chars that shouldn't be used in a filename */
+ case ':':
+ case '/':
+ case '\\':
+ case '*':
+ case '?':
+ case '<':
+ case '>':
+ case '"':
+ case '|':
+ *ch = '-';
+ }
+ ++ch;
+ }
+ return fn;
+}
+
+static apr_status_t submission(server_rec *s, apr_pool_t *p, const char *ct_exe,
+ const apr_uri_t *log_url, const char *cert_file,
+ const char *sct_fn)
+{
+ apr_status_t rv;
+ const char *args[8];
+ int i;
+
+ i = 0;
+ args[i++] = ct_exe;
+ args[i++] = apr_pstrcat(p, "--ct_server=", log_url->hostinfo, NULL);
+ args[i++] = "--http_log";
+ args[i++] = "--logtostderr";
+ args[i++] = apr_pstrcat(p, "--ct_server_submission=", cert_file, NULL);
+ args[i++] = apr_pstrcat(p, "--ct_server_response_out=", sct_fn, NULL);
+ args[i++] = "upload";
+ args[i++] = NULL;
+ ap_assert(i == sizeof args / sizeof args[0]);
+
+ rv = ctutil_run_to_log(p, s, args, "log client");
+
+ return rv;
+}
+
+static apr_status_t fetch_sct(server_rec *s, apr_pool_t *p,
+ const char *cert_file,
+ const char *cert_sct_dir,
+ const apr_uri_t *log_url,
+ const char *ct_exe, apr_time_t max_sct_age)
+{
+ apr_status_t rv;
+ char *sct_fn;
+ apr_finfo_t finfo;
+ const char *log_url_basename;
+
+ log_url_basename = url_to_fn(p, log_url);
+
+ rv = ctutil_path_join(&sct_fn, cert_sct_dir, log_url_basename, p, s);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ rv = apr_stat(&finfo, sct_fn, APR_FINFO_MTIME, p);
+ if (rv == APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+ "Found SCT for %s in %s",
+ cert_file, sct_fn);
+
+ if (finfo.mtime + max_sct_age < apr_time_now()) {
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+ "SCT for %s is older than %d seconds, must refresh",
+ cert_file,
+ (int)(apr_time_sec(max_sct_age)));
+ }
+ else {
+ return APR_SUCCESS;
+ }
+ }
+ else {
+ ap_log_error(APLOG_MARK, APLOG_INFO,
+ /* no need to print error string for file-not-found err */
+ APR_STATUS_IS_ENOENT(rv) ? 0 : rv,
+ s,
+ "Did not find SCT for %s in %s, must fetch",
+ cert_file, sct_fn);
+ }
+
+ rv = submission(s, p, ct_exe, log_url, cert_file, sct_fn);
+
+ return rv;
+}
+
+static apr_status_t record_log_urls(server_rec *s, apr_pool_t *p,
+ const char *listfile, apr_array_header_t *log_config)
+{
+ apr_file_t *f;
+ apr_status_t rv, tmprv;
+ ct_log_config **config_elts;
+ int i;
+
+ rv = apr_file_open(&f, listfile,
+ APR_FOPEN_WRITE|APR_FOPEN_CREATE|APR_FOPEN_TRUNCATE
+ |APR_FOPEN_BUFFERED,
+ APR_FPROT_OS_DEFAULT, p);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "can't create %s", listfile);
+ return rv;
+ }
+
+ config_elts = (ct_log_config **)log_config->elts;
+
+ for (i = 0; i < log_config->nelts; i++) {
+ if (!config_elts[i]->uri_str) {
+ continue;
+ }
+ if (!log_valid_for_sent_sct(config_elts[i])) {
+ continue;
+ }
+ rv = apr_file_puts(config_elts[i]->uri_str, f);
+ if (rv == APR_SUCCESS) {
+ rv = apr_file_puts("\n", f);
+ }
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "error writing to %s", listfile);
+ break;
+ }
+ }
+
+ tmprv = apr_file_close(f);
+ if (tmprv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, tmprv, s,
+ "error flushing and closing %s", listfile);
+ if (rv == APR_SUCCESS) {
+ rv = tmprv;
+ }
+ }
+
+ return rv;
+}
+
+static int uri_in_config(const char *needle, const apr_array_header_t *haystack)
+{
+ ct_log_config **elts;
+ int i;
+
+ elts = (ct_log_config **)haystack->elts;
+ for (i = 0; i < haystack->nelts; i++) {
+ if (!elts[i]->uri_str) {
+ continue;
+ }
+ if (!log_valid_for_sent_sct(elts[i])) {
+ continue;
+ }
+ if (!strcmp(needle, elts[i]->uri_str)) {
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+static apr_status_t update_log_list_for_cert(server_rec *s, apr_pool_t *p,
+ const char *cert_sct_dir,
+ apr_array_header_t *log_config)
+{
+ apr_array_header_t *old_urls;
+ apr_size_t contents_size;
+ apr_status_t rv;
+ char *contents, *listfile;
+
+ /* The set of logs can change, and we need to remove SCTs retrieved
+ * from logs that we no longer trust. To track changes we'll use a
+ * file in the directory for the server certificate.
+ *
+ * (When can the set change? Right now they can only change at [re]start,
+ * but in the future we should be able to find the set of trusted logs
+ * dynamically.)
+ */
+
+ rv = ctutil_path_join(&listfile, cert_sct_dir, LOGLIST_BASENAME, p, s);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ if (ctutil_file_exists(p, listfile)) {
+ char **elts;
+ int i;
+
+ rv = ctutil_read_file(p, s, listfile, MAX_LOGLIST_SIZE, &contents, &contents_size);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ ctutil_buffer_to_array(p, contents, contents_size, &old_urls);
+
+ elts = (char **)old_urls->elts;
+ for (i = 0; i < old_urls->nelts; i++) {
+ if (!uri_in_config(elts[i], log_config)) {
+ char *sct_for_log;
+ int exists;
+ apr_uri_t uri;
+
+ rv = apr_uri_parse(p, elts[i], &uri);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
+ "unparseable log URL %s in file %s - ignoring",
+ elts[i], listfile);
+ /* some garbage in the file? can't map to an auto-maintained SCT,
+ * so just skip it
+ */
+ continue;
+ }
+
+ rv = ctutil_path_join(&sct_for_log, cert_sct_dir, url_to_fn(p, &uri), p, s);
+ ap_assert(rv == APR_SUCCESS);
+ exists = ctutil_file_exists(p, sct_for_log);
+
+ ap_log_error(APLOG_MARK,
+ exists ? APLOG_NOTICE : APLOG_DEBUG, 0, s,
+ "Log %s is no longer enabled%s",
+ elts[i],
+ exists ? ", removing SCT" : ", no SCT was present");
+
+ if (exists) {
+ rv = apr_file_remove(sct_for_log, p);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
+ "can't remove SCT %s from previously trusted log %s",
+ sct_for_log, elts[i]);
+ return rv;
+ }
+ }
+ }
+ }
+ }
+ else {
+ /* can't tell what was trusted before; just remove everything
+ * that was created automatically
+ */
+ apr_array_header_t *arr;
+ const char * const *elts;
+ int i;
+
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
+ "List of previous logs doesn't exist (%s), removing previously obtained SCTs",
+ listfile);
+
+ arr = NULL; /* Build list from scratch, creating array */
+ rv = ctutil_read_dir(p, s, cert_sct_dir, LOG_SCT_PREFIX "*.sct", &arr);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ elts = (const char * const *)arr->elts;
+ for (i = 0; i < arr->nelts; i++) {
+ const char *cur_sct_file = elts[i];
+
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+ "Removing %s", cur_sct_file);
+
+ rv = apr_file_remove(cur_sct_file, p);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
+ "can't remove %s", cur_sct_file);
+ }
+ }
+ }
+
+ if (rv == APR_SUCCESS) {
+ rv = record_log_urls(s, p, listfile, log_config);
+ }
+
+ return rv;
+}
+
+static apr_status_t refresh_scts_for_cert(server_rec *s, apr_pool_t *p,
+ const char *cert_sct_dir,
+ const char *static_cert_sct_dir,
+ apr_array_header_t *log_config,
+ const char *ct_exe,
+ apr_time_t max_sct_age,
+ int max_sh_sct)
+{
+ apr_status_t rv;
+ ct_log_config **config_elts;
+ char *cert_fn;
+ int i;
+
+ rv = ctutil_path_join(&cert_fn, cert_sct_dir, SERVERCERTS_BASENAME, p, s);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ config_elts = (ct_log_config **)log_config->elts;
+
+ rv = update_log_list_for_cert(s, p, cert_sct_dir, log_config);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ for (i = 0; i < log_config->nelts; i++) {
+ if (!config_elts[i]->url) {
+ continue;
+ }
+ if (!log_valid_for_sent_sct(config_elts[i])) {
+ continue;
+ }
+ rv = fetch_sct(s, p, cert_fn,
+ cert_sct_dir,
+ &config_elts[i]->uri,
+ ct_exe,
+ max_sct_age);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+ }
+
+ rv = collate_scts(s, p, cert_sct_dir, static_cert_sct_dir, max_sh_sct);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ return rv;
+}
+
+static void *run_service_thread(apr_thread_t *me, void *data)
+{
+ server_rec *s = data;
+ ct_server_config *sconf = ap_get_module_config(s->module_config,
+ &ssl_ct_module);
+ int mpmq_s;
+ apr_status_t rv;
+ int count = 0;
+
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+ SERVICE_THREAD_NAME " started");
+
+ while (1) {
+ if ((rv = ap_mpm_query(AP_MPMQ_MPM_STATE, &mpmq_s)) != APR_SUCCESS) {
+ break;
+ }
+ if (mpmq_s == AP_MPMQ_STOPPING) {
+ break;
+ }
+ apr_sleep(apr_time_from_sec(1));
+ if (++count >= 30) {
+ count = 0;
+ if (sconf->db_log_config) {
+ /* Reload log config DB */
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+ SERVICE_THREAD_NAME " - reloading config");
+ ap_assert(apr_thread_rwlock_wrlock(log_config_rwlock) == 0);
+ active_log_config = NULL;
+ apr_pool_clear(sconf->db_log_config_pool);
+ sconf->db_log_config =
+ apr_array_make(sconf->db_log_config_pool, 2,
+ sizeof(ct_log_config *));
+ rv = read_config_db(sconf->db_log_config_pool,
+ s, sconf->log_config_fname,
+ sconf->db_log_config);
+ ap_assert(apr_thread_rwlock_unlock(log_config_rwlock) == 0);
+ if (rv != APR_SUCCESS) {
+ /* specific issue already logged */
+ ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
+ SERVICE_THREAD_NAME " - no active configuration until "
+ "log config DB is corrected");
+ }
+ else {
+ active_log_config = sconf->db_log_config;
+ }
+ }
+ }
+ }
+
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, rv, s,
+ SERVICE_THREAD_NAME " exiting");
+
+ return NULL;
+}
+
+static apr_status_t wait_for_thread(void *data)
+{
+ apr_thread_t *thd = data;
+ apr_status_t retval;
+
+ apr_thread_join(&retval, thd);
+ return APR_SUCCESS;
+}
+
+static void sct_daemon_cycle(ct_server_config *sconf, server_rec *s_main,
+ apr_pool_t *ptemp, const char *daemon_name)
+{
+ apr_status_t rv;
+
+ if (sconf->db_log_config) { /* not using static config */
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s_main,
+ "%s - reloading config", daemon_name);
+ apr_pool_clear(sconf->db_log_config_pool);
+ active_log_config = NULL;
+ sconf->db_log_config =
+ apr_array_make(sconf->db_log_config_pool, 2,
+ sizeof(ct_log_config *));
+ rv = read_config_db(sconf->db_log_config_pool,
+ s_main, sconf->log_config_fname,
+ sconf->db_log_config);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s_main,
+ "%s - no active configuration until "
+ "log config DB is corrected", daemon_name);
+ return;
+ }
+ active_log_config = sconf->db_log_config;
+ }
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s_main,
+ "%s - refreshing SCTs as needed", daemon_name);
+ rv = refresh_all_scts(s_main, ptemp, active_log_config);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s_main,
+ "%s - SCT refresh failed; will try again later",
+ daemon_name);
+ }
+}
+
+#ifdef HAVE_SCT_DAEMON_CHILD
+
+static void daemon_signal_handler(int sig)
+{
+ if (sig == SIGHUP) {
+ ++daemon_should_exit;
+ }
+}
+
+#if APR_HAS_OTHER_CHILD
+static void daemon_maint(int reason, void *data, apr_wait_t status)
+{
+ apr_proc_t *proc = data;
+ int mpm_state;
+ int stopping;
+
+ switch (reason) {
+ case APR_OC_REASON_DEATH:
+ apr_proc_other_child_unregister(data);
+ /* If apache is not terminating or restarting,
+ * restart the daemon
+ */
+ stopping = 1; /* if MPM doesn't support query,
+ * assume we shouldn't restart daemon
+ */
+ if (ap_mpm_query(AP_MPMQ_MPM_STATE, &mpm_state) == APR_SUCCESS &&
+ mpm_state != AP_MPMQ_STOPPING) {
+ stopping = 0;
+ }
+ if (!stopping) {
+ if (status == DAEMON_STARTUP_ERROR) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, 0, ap_server_conf, APLOGNO(01238)
+ DAEMON_NAME " failed to initialize");
+ }
+ else {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, APLOGNO(01239)
+ DAEMON_NAME " process died, restarting");
+ daemon_start(root_pool, root_server, proc);
+ }
+ }
+ break;
+ case APR_OC_REASON_RESTART:
+ /* don't do anything; server is stopping or restarting */
+ apr_proc_other_child_unregister(data);
+ break;
+ case APR_OC_REASON_LOST:
+ /* Restart the child cgid daemon process */
+ apr_proc_other_child_unregister(data);
+ daemon_start(root_pool, root_server, proc);
+ break;
+ case APR_OC_REASON_UNREGISTER:
+ /* we get here when pcgi is cleaned up; pcgi gets cleaned
+ * up when pconf gets cleaned up
+ */
+ kill(proc->pid, SIGHUP); /* send signal to daemon telling it to die */
+ break;
+ }
+}
+#endif
+
+static int sct_daemon(server_rec *s_main)
+{
+ apr_status_t rv;
+ apr_pool_t *ptemp;
+ ct_server_config *sconf = ap_get_module_config(s_main->module_config,
+ &ssl_ct_module);
+ int rc;
+
+ /* Ignoring SIGCHLD results in errno ECHILD returned from apr_proc_wait().
+ * apr_signal(SIGCHLD, SIG_IGN);
+ */
+ apr_signal(SIGHUP, daemon_signal_handler);
+
+ /* Close our copy of the listening sockets */
+ ap_close_listeners();
+
+ rv = apr_global_mutex_child_init(&ssl_ct_sct_update,
+ apr_global_mutex_lockfile(ssl_ct_sct_update), pdaemon);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, root_server,
+ "could not initialize " SSL_CT_MUTEX_TYPE
+ " mutex in " DAEMON_NAME);
+ return DAEMON_STARTUP_ERROR;
+ }
+
+ if (!geteuid()) {
+ /* Fix up permissions of the directories written to by the daemon
+ */
+ int i;
+ apr_array_header_t *subdirs = apr_array_make(pdaemon, 5, sizeof(char *));
+
+ *(const char **)apr_array_push(subdirs) = sconf->sct_storage;
+ if (sconf->audit_storage) {
+ *(const char **)apr_array_push(subdirs) = sconf->audit_storage;
+ }
+
+ rv = ctutil_read_dir(pdaemon, root_server, sconf->sct_storage, "*",
+ &subdirs);
+ if (rv == APR_SUCCESS && subdirs->nelts > 0) {
+ const char * const *elts = (const char * const *)subdirs->elts;
+
+ for (i = 0; i < subdirs->nelts; i++) {
+ if (elts[i] && chown(elts[i], ap_unixd_config.user_id,
+ ap_unixd_config.group_id) < 0) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, errno, root_server,
+ "Couldn't change owner or group of directory %s",
+ elts[i]);
+ return errno;
+ }
+ }
+ }
+ else {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, rv, root_server,
+ "Did not read any entries from %s (no server certificate?)",
+ sconf->sct_storage);
+ }
+ }
+
+ /* if running as root, switch to configured user/group */
+ if ((rc = ap_run_drop_privileges(pdaemon, ap_server_conf)) != 0) {
+ return rc;
+ }
+
+ /* ptemp - temporary pool for refresh cycles */
+ apr_pool_create(&ptemp, pdaemon);
+
+ while (!daemon_should_exit) {
+ sct_daemon_cycle(sconf, s_main, ptemp, DAEMON_NAME);
+ apr_sleep(apr_time_from_sec(30)); /* SIGHUP at restart/stop will break out */
+ }
+
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s_main,
+ DAEMON_NAME " - exiting");
+
+ return 0;
+}
+
+static int daemon_start(apr_pool_t *p, server_rec *main_server,
+ apr_proc_t *procnew)
+{
+ daemon_should_exit = 0; /* clear setting from previous generation */
+ if ((daemon_pid = fork()) < 0) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, errno, main_server,
+ "Couldn't create " DAEMON_NAME " process");
+ return DECLINED;
+ }
+ else if (daemon_pid == 0) {
+ if (pdaemon == NULL) {
+ apr_pool_create(&pdaemon, p);
+ }
+ exit(sct_daemon(main_server) > 0 ? DAEMON_STARTUP_ERROR : -1);
+ }
+ procnew->pid = daemon_pid;
+ procnew->err = procnew->in = procnew->out = NULL;
+ apr_pool_note_subprocess(p, procnew, APR_KILL_AFTER_TIMEOUT);
+#if APR_HAS_OTHER_CHILD
+ apr_proc_other_child_register(procnew, daemon_maint, procnew, NULL, p);
+#endif
+ return OK;
+}
+#endif /* HAVE_SCT_DAEMON_CHILD */
+
+#ifdef HAVE_SCT_DAEMON_THREAD
+static void *sct_daemon_thread(apr_thread_t *me, void *data)
+{
+ server_rec *s = data;
+ ct_server_config *sconf = ap_get_module_config(s->module_config,
+ &ssl_ct_module);
+ int mpmq_s;
+ apr_pool_t *ptemp;
+ apr_status_t rv;
+ int count = 0;
+
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+ DAEMON_THREAD_NAME " started");
+
+ /* ptemp - temporary pool for refresh cycles */
+ apr_pool_create(&ptemp, pdaemon);
+
+ while (1) {
+ if ((rv = ap_mpm_query(AP_MPMQ_MPM_STATE, &mpmq_s)) != APR_SUCCESS) {
+ break;
+ }
+ if (mpmq_s == AP_MPMQ_STOPPING) {
+ break;
+ }
+ apr_sleep(apr_time_from_sec(1));
+ if (++count >= 30) {
+ count = 0;
+ sct_daemon_cycle(sconf, s, ptemp, DAEMON_THREAD_NAME);
+ }
+ }
+
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+ DAEMON_THREAD_NAME " - exiting");
+
+ return NULL;
+}
+
+static int daemon_thread_start(apr_pool_t *pconf, server_rec *s_main)
+{
+ apr_status_t rv;
+
+ apr_pool_create(&pdaemon, pconf);
+ rv = apr_thread_create(&daemon_thread, NULL, sct_daemon_thread, s_main,
+ pconf);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s_main,
+ "could not create " DAEMON_THREAD_NAME " in parent");
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ apr_pool_cleanup_register(pconf, daemon_thread, wait_for_thread,
+ apr_pool_cleanup_null);
+
+ return OK;
+}
+#endif /* HAVE_SCT_DAEMON_THREAD */
+
+static apr_status_t ssl_ct_mutex_remove(void *data)
+{
+ apr_global_mutex_destroy(ssl_ct_sct_update);
+ ssl_ct_sct_update = NULL;
+ return APR_SUCCESS;
+}
+
+static int refresh_all_scts(server_rec *s_main, apr_pool_t *p,
+ apr_array_header_t *log_config)
+{
+ apr_hash_t *already_processed;
+ apr_status_t rv = APR_SUCCESS;
+ server_rec *s;
+
+ already_processed = apr_hash_make(p);
+
+ s = s_main;
+ while (s) {
+ ct_server_config *sconf = ap_get_module_config(s->module_config,
+ &ssl_ct_module);
+ int i;
+ const ct_server_cert_info *cert_info_elts;
+
+ if (sconf && sconf->server_cert_info) {
+ cert_info_elts =
+ (const ct_server_cert_info *)sconf->server_cert_info->elts;
+ for (i = 0; i < sconf->server_cert_info->nelts; i++) {
+ /* we may have already processed this cert for another
+ * server_rec
+ */
+ if (!apr_hash_get(already_processed, cert_info_elts[i].sct_dir,
+ APR_HASH_KEY_STRING)) {
+ const char *static_cert_sct_dir =
+ apr_hash_get(sconf->static_cert_sct_dirs,
+ cert_info_elts[i].fingerprint,
+ APR_HASH_KEY_STRING);
+
+ apr_hash_set(already_processed, cert_info_elts[i].sct_dir,
+ APR_HASH_KEY_STRING, "done");
+ rv = refresh_scts_for_cert(s_main, p,
+ cert_info_elts[i].sct_dir,
+ static_cert_sct_dir,
+ log_config,
+ sconf->ct_exe,
+ sconf->max_sct_age,
+ sconf->max_sh_sct);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+ }
+ }
+ }
+
+ s = s->next;
+ }
+
+ return rv;
+}
+
+static int num_server_certs(server_rec *s_main)
+{
+ int num = 0;
+ server_rec *s;
+
+ s = s_main;
+ while (s) {
+ ct_server_config *sconf = ap_get_module_config(s->module_config,
+ &ssl_ct_module);
+
+ if (sconf && sconf->server_cert_info) {
+ num += sconf->server_cert_info->nelts;
+ }
+ s = s->next;
+ }
+
+ return num;
+}
+
+static int ssl_ct_post_config(apr_pool_t *pconf, apr_pool_t *plog,
+ apr_pool_t *ptemp, server_rec *s_main)
+{
+ ct_server_config *sconf = ap_get_module_config(s_main->module_config,
+ &ssl_ct_module);
+ apr_status_t rv;
+#ifdef HAVE_SCT_DAEMON_CHILD
+ apr_proc_t *procnew = NULL;
+ const char *userdata_key = "sct_daemon_init";
+
+ root_server = s_main;
+ root_pool = pconf;
+
+ procnew = ap_retained_data_get(userdata_key);
+ if (!procnew) {
+ procnew = ap_retained_data_create(userdata_key, sizeof(*procnew));
+ procnew->pid = -1;
+ procnew->err = procnew->in = procnew->out = NULL;
+ }
+#endif /* HAVE_SCT_DAEMON_CHILD */
+
+ if (num_server_certs(s_main) == 0) {
+ /* Theoretically this module could operate in a proxy-only
+ * configuration, where httpd does not act as a TLS server but proxy is
+ * configured as a TLS client. That isn't currently implemented.
+ */
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s_main,
+ "No server certificates were found.");
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s_main,
+ "mod_ssl_ct only supports configurations with a TLS server.");
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ rv = ap_global_mutex_create(&ssl_ct_sct_update, NULL,
+ SSL_CT_MUTEX_TYPE, NULL, s_main, pconf, 0);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s_main,
+ "could not create global mutex");
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ apr_pool_cleanup_register(pconf, (void *)s_main, ssl_ct_mutex_remove,
+ apr_pool_cleanup_null);
+
+ if (sconf->log_config_fname) {
+ if (!sconf->db_log_config) {
+ /* log config db in separate pool that can be cleared */
+ apr_pool_create(&sconf->db_log_config_pool, pconf);
+ sconf->db_log_config =
+ apr_array_make(sconf->db_log_config_pool, 2,
+ sizeof(ct_log_config *));
+ }
+ rv = read_config_db(sconf->db_log_config_pool,
+ s_main, sconf->log_config_fname,
+ sconf->db_log_config);
+ if (rv != APR_SUCCESS) {
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+ }
+
+ if (sconf->static_log_config && sconf->db_log_config) {
+ if (sconf->static_log_config->nelts > 0
+ && sconf->db_log_config->nelts > 0) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s_main,
+ "Either the static log configuration or the db log "
+ "configuration must be empty");
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+ }
+
+ if (sconf->static_log_config && sconf->static_log_config->nelts > 0) {
+ active_log_config = sconf->static_log_config;
+ }
+ else if (sconf->db_log_config && sconf->db_log_config->nelts > 0) {
+ active_log_config = sconf->db_log_config;
+ }
+ else {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s_main,
+ "No non-empty log configuration was provided");
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ /* Ensure that we already have, or can fetch, fresh SCTs for each
+ * certificate. If so, start the daemon to maintain these and let
+ * startup continue. (Otherwise abort startup.)
+ *
+ * Except when we start up as root. We don't want to run external
+ * certificate-transparency tools as root, and we don't want to have
+ * to fix up the permissions of everything we created so that the
+ * SCT maintenance daemon can continue to maintain the SCTs as the
+ * configured User/Group.
+ */
+
+#if AP_NEED_SET_MUTEX_PERMS /* Unix :) */
+ if (!geteuid()) { /* root */
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s_main,
+ "SCTs will be fetched from configured logs as needed "
+ "and may not be available immediately");
+ }
+ else {
+#endif
+ rv = refresh_all_scts(s_main, pconf, active_log_config);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s_main,
+ "refresh_all_scts() failed");
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+#if AP_NEED_SET_MUTEX_PERMS
+ }
+#endif
+
+#ifdef HAVE_SCT_DAEMON_CHILD
+ if (ap_state_query(AP_SQ_MAIN_STATE) != AP_SQ_MS_CREATE_PRE_CONFIG) {
+ int ret = daemon_start(pconf, s_main, procnew);
+ if (ret != OK) {
+ return ret;
+ }
+ }
+#endif /* HAVE_SCT_DAEMON_CHILD */
+
+#ifdef HAVE_SCT_DAEMON_THREAD
+ /* WIN32-ism: ensure this is the parent by checking AP_PARENT_PID,
+ * which is only set in WinNT children.
+ */
+ if (ap_state_query(AP_SQ_MAIN_STATE) != AP_SQ_MS_CREATE_PRE_CONFIG
+ && !getenv("AP_PARENT_PID")) {
+ int ret = daemon_thread_start(pconf, s_main);
+ if (ret != OK) {
+ return ret;
+ }
+ }
+#endif /* HAVE_SCT_DAEMON_THREAD */
+
+ return OK;
+}
+
+static int ssl_ct_check_config(apr_pool_t *pconf, apr_pool_t *plog,
+ apr_pool_t *ptemp, server_rec *s_main)
+{
+ ct_server_config *sconf = ap_get_module_config(s_main->module_config,
+ &ssl_ct_module);
+
+ if (!sconf->sct_storage) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s_main,
+ "Directive CTSCTStorage is required");
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ if (!sconf->audit_storage) {
+ /* umm, hard to tell if needed... must have server with
+ * SSL proxy enabled and server-specific-sconf->proxy_awareness
+ * != PROXY_OBLIVIOUS...
+ */
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s_main,
+ "Directive CTAuditStorage isn't set; proxy will not save "
+ "data for off-line audit");
+ }
+
+ if (!sconf->ct_exe) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s_main,
+ "Directive CTLogClient is required");
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ if (sconf->log_config_fname) {
+ const char *msg = NULL;
+ if (!log_config_readable(pconf, sconf->log_config_fname, &msg)) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s_main,
+ "Log config file %s cannot be read",
+ sconf->log_config_fname);
+ if (msg) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, 0, s_main,
+ "%s", msg);
+ }
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+ }
+
+ return OK;
+}
+
+static apr_status_t read_scts(apr_pool_t *p, const char *fingerprint,
+ const char *sct_dir,
+ server_rec *s,
+ char **scts, apr_size_t *scts_len)
+{
+ apr_status_t rv, tmprv;
+ char *cert_dir, *sct_fn;
+
+ rv = ctutil_path_join(&cert_dir, sct_dir, fingerprint, p, s);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ rv = ctutil_path_join(&sct_fn, cert_dir, COLLATED_SCTS_BASENAME, p, s);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ if ((rv = apr_global_mutex_lock(ssl_ct_sct_update)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "global mutex lock failed");
+ return rv;
+ }
+
+ rv = ctutil_read_file(p, s, sct_fn, MAX_SCTS_SIZE, scts, scts_len);
+
+ if ((tmprv = apr_global_mutex_unlock(ssl_ct_sct_update)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, tmprv, s,
+ "global mutex unlock failed");
+ }
+
+ return rv;
+}
+
+static void look_for_server_certs(server_rec *s, SSL_CTX *ctx, const char *sct_dir)
+{
+ ct_server_config *sconf = ap_get_module_config(s->module_config,
+ &ssl_ct_module);
+ apr_pool_t *p = s->process->pool;
+ apr_status_t rv;
+ FILE *concat;
+ X509 *x;
+ STACK_OF(X509) *chain;
+ int i, rc;
+ char *cert_sct_dir, *servercerts_pem;
+ const char *fingerprint;
+ ct_server_cert_info *cert_info;
+
+ sconf->server_cert_info = apr_array_make(p, 2, sizeof(ct_server_cert_info));
+
+ rc = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_FIRST);
+ while (rc) {
+ x = SSL_CTX_get0_certificate(ctx); /* UNDOC */
+ if (x) {
+ fingerprint = get_cert_fingerprint(s->process->pool, x);
+ rv = ctutil_path_join(&cert_sct_dir, sct_dir, fingerprint, p, s);
+ ap_assert(rv == APR_SUCCESS);
+
+ if (!ctutil_dir_exists(p, cert_sct_dir)) {
+ rv = apr_dir_make(cert_sct_dir, APR_FPROT_OS_DEFAULT, p);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "can't create directory %s",
+ cert_sct_dir);
+ ap_assert(rv == APR_SUCCESS);
+ }
+ }
+
+ rv = ctutil_path_join(&servercerts_pem, cert_sct_dir,
+ SERVERCERTS_BASENAME, p, s);
+ ap_assert(rv == APR_SUCCESS);
+
+ rv = ctutil_fopen(servercerts_pem, "wb", &concat);
+ ap_assert(rv == APR_SUCCESS);
+
+ ap_assert(1 == PEM_write_X509(concat, x)); /* leaf */
+
+ chain = NULL;
+
+ /* Not this: SSL_CTX_get0_chain_certs(ctx, &chain);
+ *
+ * See this thread:
+ * http://mail-archives.apache.org/mod_mbox/httpd-dev/
+ * 201402.mbox/%3CCAKUrXK5-2_Sg8FokxBP8nW7tmSuTZZWL-%3
+ * DBDhNnwyK-Z4dmQiQ%40mail.gmail.com%3E
+ */
+ SSL_CTX_get_extra_chain_certs(ctx, &chain); /* UNDOC */
+
+ if (chain) {
+ for (i = 0; i < sk_X509_num(chain); i++) { /* UNDOC */
+ X509 *x = sk_X509_value(chain, i); /* UNDOC */
+ ap_assert(1 == PEM_write_X509(concat, x));
+ }
+ }
+ ap_assert(0 == fclose(concat));
+
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
+ "wrote server cert and chain to %s", servercerts_pem);
+
+ cert_info = (ct_server_cert_info *)apr_array_push(sconf->server_cert_info);
+ cert_info->sct_dir = cert_sct_dir;
+ cert_info->fingerprint = fingerprint;
+ }
+ else {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
+ "could not find leaf certificate");
+ }
+ rc = SSL_CTX_set_current_cert(ctx, SSL_CERT_SET_NEXT);
+ }
+}
+
+static ct_conn_config *get_conn_config(conn_rec *c)
+{
+ ct_conn_config *conncfg =
+ ap_get_module_config(c->conn_config, &ssl_ct_module);
+
+ if (!conncfg) {
+ conncfg = apr_pcalloc(c->pool, sizeof *conncfg);
+ ap_set_module_config(c->conn_config, &ssl_ct_module, conncfg);
+ }
+
+ return conncfg;
+}
+
+static void client_is_ct_aware(conn_rec *c)
+{
+ ct_conn_config *conncfg = get_conn_config(c);
+ conncfg->peer_ct_aware = 1;
+}
+
+static int is_client_ct_aware(conn_rec *c)
+{
+ ct_conn_config *conncfg = get_conn_config(c);
+
+ return conncfg->peer_ct_aware;
+}
+
+static void server_cert_has_sct_list(conn_rec *c)
+{
+ ct_conn_config *conncfg = get_conn_config(c);
+ conncfg->server_cert_has_sct_list = 1;
+ conncfg->peer_ct_aware = 1;
+}
+
+/* Look at SSLClient::VerifyCallback() and WriteSSLClientCTData()
+ * for validation and saving of data for auditing in a form that
+ * the c-t tools can use.
+ */
+
+static cert_chain *cert_chain_init(apr_pool_t *p, STACK_OF(X509) *chain)
+{
+ cert_chain *cc = apr_pcalloc(p, sizeof(cert_chain));
+ int i;
+
+ cc->cert_arr = apr_array_make(p, 4, sizeof(X509 *));
+
+ for (i = 0; i < sk_X509_num(chain); i++) {
+ X509 **spot = apr_array_push(cc->cert_arr);
+ *spot = X509_dup(sk_X509_value(chain, i)); /* UNDOC */
+ if (i == 0) {
+ cc->leaf = *spot;
+ }
+ }
+
+ return cc;
+}
+
+static void cert_chain_free(cert_chain *cc) {
+ X509 **elts = (X509 **)cc->cert_arr->elts;
+ int i;
+
+ for (i = 0; i < cc->cert_arr->nelts; i++) {
+ X509_free(elts[i]);
+ }
+}
+
+/* Create hash of leaf certificate and any SCTs so that
+ * we can determine whether or not we've seen this exact
+ * info from the server before.
+ */
+static const char *gen_key(conn_rec *c, cert_chain *cc,
+ ct_conn_config *conncfg)
+{
+ const char *fp;
+ SHA256_CTX sha256ctx;
+ unsigned char digest[SHA256_DIGEST_LENGTH];
+
+ fp = get_cert_fingerprint(c->pool, cc->leaf);
+
+ SHA256_Init(&sha256ctx); /* UNDOC */
+ SHA256_Update(&sha256ctx, (unsigned char *)fp, strlen(fp)); /* UNDOC */
+ if (conncfg->cert_sct_list) {
+ SHA256_Update(&sha256ctx, conncfg->cert_sct_list,
+ conncfg->cert_sct_list_size);
+ }
+ if (conncfg->serverhello_sct_list) {
+ SHA256_Update(&sha256ctx, conncfg->serverhello_sct_list,
+ conncfg->serverhello_sct_list_size);
+ }
+ if (conncfg->ocsp_sct_list) {
+ SHA256_Update(&sha256ctx, conncfg->ocsp_sct_list,
+ conncfg->ocsp_sct_list_size);
+ }
+ SHA256_Final(digest, &sha256ctx); /* UNDOC */
+ return apr_pescape_hex(c->pool, digest, sizeof digest, 0);
+}
+
+static apr_status_t deserialize_SCTs(apr_pool_t *p,
+ ct_conn_config *conncfg,
+ void *sct_list,
+ apr_size_t sct_list_size)
+{
+ apr_size_t avail, len_of_data;
+ apr_status_t rv;
+ const unsigned char *mem, *start_of_data;
+
+ mem = sct_list;
+ avail = sct_list_size;
+
+ /* Make sure the overall length is correct */
+
+ rv = ctutil_read_var_bytes((const unsigned char **)&mem,
+ &avail, &start_of_data, &len_of_data);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ if (len_of_data + sizeof(apr_uint16_t) != sct_list_size) {
+ return APR_EINVAL;
+ }
+
+ /* add each SCT in the list to the all_scts array */
+
+ mem = (unsigned char *)sct_list + sizeof(apr_uint16_t);
+ avail = sct_list_size - sizeof(apr_uint16_t);
+
+ while (rv == APR_SUCCESS && avail > 0) {
+ rv = ctutil_read_var_bytes((const unsigned char **)&mem, &avail,
+ &start_of_data, &len_of_data);
+ if (rv == APR_SUCCESS) {
+ ct_sct_data *sct = (ct_sct_data *)apr_array_push(conncfg->all_scts);
+
+ sct->data = start_of_data;
+ ap_assert(len_of_data <= USHRT_MAX);
+ sct->len = (apr_uint16_t)len_of_data;
+ }
+ }
+
+ if (rv == APR_SUCCESS && avail != 0) {
+ return APR_EINVAL;
+ }
+
+ return APR_SUCCESS;
+}
+
+/* perform quick sanity check of server SCT(s) during handshake;
+ * errors should result in fatal alert
+ */
+static apr_status_t validate_server_data(apr_pool_t *p, conn_rec *c,
+ cert_chain *cc, ct_conn_config *conncfg,
+ ct_server_config *sconf)
+{
+ apr_status_t rv = APR_SUCCESS;
+
+#if AP_MODULE_MAGIC_AT_LEAST(20130702,2)
+ if (conncfg->serverhello_sct_list) {
+ ap_log_cdata(APLOG_MARK, APLOG_TRACE6, c, "SCT(s) from ServerHello",
+ conncfg->serverhello_sct_list,
+ conncfg->serverhello_sct_list_size,
+ AP_LOG_DATA_SHOW_OFFSET);
+ }
+
+ if (conncfg->cert_sct_list) {
+ ap_log_cdata(APLOG_MARK, APLOG_TRACE6, c, "SCT(s) from certificate",
+ conncfg->cert_sct_list,
+ conncfg->cert_sct_list_size,
+ AP_LOG_DATA_SHOW_OFFSET);
+ }
+
+ if (conncfg->ocsp_sct_list) {
+ ap_log_cdata(APLOG_MARK, APLOG_TRACE6, c, "SCT(s) from stapled OCSP response",
+ conncfg->ocsp_sct_list,
+ conncfg->ocsp_sct_list_size,
+ AP_LOG_DATA_SHOW_OFFSET);
+ }
+#endif /* httpd has ap_log_*data() */
+
+ if (!conncfg->all_scts) {
+ conncfg->all_scts = apr_array_make(p, 4, sizeof(ct_sct_data));
+ }
+
+ /* deserialize all the SCTs */
+ if (conncfg->cert_sct_list) {
+ rv = deserialize_SCTs(p, conncfg, conncfg->cert_sct_list,
+ conncfg->cert_sct_list_size);
+ if (rv != APR_SUCCESS) {
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c,
+ "couldn't deserialize SCT list from certificate");
+ }
+ }
+ if (rv == APR_SUCCESS && conncfg->serverhello_sct_list) {
+ rv = deserialize_SCTs(p, conncfg, conncfg->serverhello_sct_list,
+ conncfg->serverhello_sct_list_size);
+ if (rv != APR_SUCCESS) {
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c,
+ "couldn't deserialize SCT list from ServerHello");
+ }
+ }
+ if (rv == APR_SUCCESS && conncfg->ocsp_sct_list) {
+ rv = deserialize_SCTs(p, conncfg, conncfg->ocsp_sct_list,
+ conncfg->ocsp_sct_list_size);
+ if (rv != APR_SUCCESS) {
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, rv, c,
+ "couldn't deserialize SCT list from stapled OCSP response");
+ }
+ }
+
+ if (rv == APR_SUCCESS) {
+ if (conncfg->all_scts->nelts < 1) {
+ /* How did we get here without at least one SCT? */
+ ap_log_cerror(APLOG_MARK, APLOG_CRIT, 0, c,
+ "SNAFU: No deserialized SCTs found in validate_server_data()");
+ rv = APR_EINVAL;
+ }
+ else {
+ apr_status_t tmprv;
+ int i, verification_failures, verification_successes, unknown_log_ids;
+ ct_sct_data *sct_elts;
+ ct_sct_data sct;
+ sct_fields_t fields;
+
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
+ "%d SCTs received total", conncfg->all_scts->nelts);
+
+ verification_failures = verification_successes = unknown_log_ids = 0;
+ sct_elts = (ct_sct_data *)conncfg->all_scts->elts;
+ for (i = 0; i < conncfg->all_scts->nelts; i++) {
+ sct = sct_elts[i];
+ tmprv = sct_parse("backend server", c->base_server,
+ sct.data, sct.len, cc,
+ &fields);
+ if (tmprv != APR_SUCCESS) {
+ rv = tmprv;
+ }
+ else {
+ tmprv = sct_verify_timestamp(c, &fields);
+ if (tmprv != APR_SUCCESS) {
+ verification_failures++;
+ }
+
+ if (active_log_config) {
+ /* will only block if we have a DB-based log
+ * configuration which is currently being refreshed
+ */
+ ap_assert(apr_thread_rwlock_rdlock(log_config_rwlock)
+ == APR_SUCCESS);
+ tmprv = sct_verify_signature(c, &fields,
+ active_log_config);
+ ap_assert(apr_thread_rwlock_unlock(log_config_rwlock)
+ == APR_SUCCESS);
+ if (tmprv == APR_NOTFOUND) {
+ ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c,
+ "Server sent SCT from unrecognized log");
+ unknown_log_ids++;
+ }
+ else if (tmprv != APR_SUCCESS) {
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
+ "Server sent SCT with invalid signature");
+ tmprv = APR_EINVAL;
+ verification_failures++;
+ }
+ else {
+ verification_successes++;
+ }
+ }
+ else {
+ unknown_log_ids++;
+ ap_log_cerror(APLOG_MARK, APLOG_WARNING, 0, c,
+ "Signature of SCT from server could not be "
+ "verified (no configured log public keys)");
+ }
+ }
+ sct_release(&fields);
+ }
+ if (verification_failures && !verification_successes) {
+ /* If no SCTs are valid, don't communicate. */
+ rv = APR_EINVAL;
+ }
+ ap_log_cerror(APLOG_MARK,
+ rv != APR_SUCCESS ? APLOG_ERR : APLOG_INFO, 0, c,
+ "Signature/timestamp validation for %d SCTs: %d successes, "
+ "%d failures, %d from unknown logs",
+ conncfg->all_scts->nelts, verification_successes,
+ verification_failures, unknown_log_ids);
+ }
+ }
+
+ return rv;
+}
+
+/* Enqueue data from server for off-line audit (cert, SCT(s))
+ * We already filtered out duplicate data being saved from this
+ * process. (With reverse proxy it will be the same data over
+ * and over.)
+ */
+#define SERVER_START 0x0001
+#define KEY_START 0x0002
+#define CERT_START 0x0003
+#define SCT_START 0x0004
+
+static void save_server_data(conn_rec *c, cert_chain *cc,
+ ct_conn_config *conncfg,
+ const char *key)
+{
+ if (audit_file_mutex && audit_file) { /* child init successful, no
+ * subsequent error
+ */
+ apr_size_t bytes_written;
+ apr_status_t rv;
+ int i;
+ ct_sct_data *sct_elts;
+ X509 **x509elts;
+ server_rec *s = c->base_server;
+
+ /* Any error in this function is a file I/O error;
+ * if such an error occurs, the audit file will be closed
+ * and removed, and this child won't be able to queue
+ * anything for audit. (It is likely that other child
+ * processes will have the same problem.)
+ */
+
+ ctutil_thread_mutex_lock(audit_file_mutex);
+
+ if (audit_file) { /* no error just occurred... */
+ audit_file_nonempty = 1;
+
+ rv = ctutil_file_write_uint16(s, audit_file,
+ SERVER_START);
+
+ if (rv == APR_SUCCESS) {
+ rv = ctutil_file_write_uint16(s, audit_file, KEY_START);
+ }
+
+ if (rv == APR_SUCCESS) {
+ ap_assert(strlen(key) <= USHRT_MAX);
+ rv = ctutil_file_write_uint16(s, audit_file,
+ (apr_uint16_t)strlen(key));
+ }
+
+ if (rv == APR_SUCCESS) {
+ rv = apr_file_write_full(audit_file, key, strlen(key),
+ &bytes_written);
+ }
+
+ /* Write each certificate, starting with leaf */
+ x509elts = (X509 **)cc->cert_arr->elts;
+ for (i = 0; rv == APR_SUCCESS && i < cc->cert_arr->nelts; i++) {
+ unsigned char *der_buf = NULL;
+ int der_length;
+
+ rv = ctutil_file_write_uint16(s, audit_file, CERT_START);
+
+ /* now write the cert!!! */
+
+ if (rv == APR_SUCCESS) {
+ der_length = i2d_X509(x509elts[i], &der_buf);
+ ap_assert(der_length > 0);
+
+ rv = ctutil_file_write_uint24(s, audit_file, der_length);
+ }
+
+ if (rv == APR_SUCCESS) {
+ rv = apr_file_write_full(audit_file, der_buf, der_length,
+ &bytes_written);
+ }
+
+ OPENSSL_free(der_buf);
+ }
+
+ /* Write each SCT */
+ sct_elts = (ct_sct_data *)conncfg->all_scts->elts;
+ for (i = 0; rv == APR_SUCCESS && i < conncfg->all_scts->nelts; i++) {
+ ct_sct_data sct;
+
+ rv = ctutil_file_write_uint16(s, audit_file, SCT_START);
+
+ sct = sct_elts[i];
+
+ if (rv == APR_SUCCESS) {
+ rv = ctutil_file_write_uint16(s, audit_file, sct.len);
+ }
+
+ if (rv == APR_SUCCESS) {
+ rv = apr_file_write_full(audit_file, sct.data, sct.len,
+ &bytes_written);
+ }
+ }
+
+ if (rv != APR_SUCCESS) {
+ /* an I/O error occurred; file is not usable */
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, ap_server_conf,
+ "Failed to write to %s, disabling audit for this "
+ "child", audit_fn_active);
+ apr_file_close(audit_file);
+ audit_file = NULL;
+ apr_file_remove(audit_fn_active,
+ /* not used in current implementations */
+ c->pool);
+ }
+ }
+
+ ctutil_thread_mutex_unlock(audit_file_mutex);
+ }
+}
+
+/* signed_certificate_timestamp */
+static const unsigned short CT_EXTENSION_TYPE = 18;
+
+/* See function of this name in openssl/apps/s_client.c */
+static int ocsp_resp_cb(SSL *ssl, void *arg)
+{
+ conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
+ ct_conn_config *conncfg = get_conn_config(c);
+ const unsigned char *p;
+ int i, len;
+ OCSP_RESPONSE *rsp;
+ OCSP_BASICRESP *br;
+ OCSP_RESPDATA *rd;
+ OCSP_SINGLERESP *single;
+ STACK_OF(X509_EXTENSION) *exts;
+
+ len = SSL_get_tlsext_status_ocsp_resp(ssl, &p); /* UNDOC */
+ if (!p) {
+ /* normal case */
+ ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c,
+ "OCSP response callback called but no stapled response from server");
+ return 1;
+ }
+
+ rsp = d2i_OCSP_RESPONSE(NULL, &p, len); /* UNDOC */
+ if (!rsp) {
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
+ "Error parsing OCSP response");
+ return 0;
+ }
+
+ br = OCSP_response_get1_basic(rsp); /* UNDOC */
+ if (!br) {
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
+ "no OCSP basic response");
+ return 0;
+ }
+
+ rd = br->tbsResponseData;
+
+ for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) { /* UNDOC */
+ X509_EXTENSION *ext;
+ int idx;
+ ASN1_OCTET_STRING *oct;
+
+ single = sk_OCSP_SINGLERESP_value(rd->responses, i); /* UNDOC */
+ if (!single) {
+ continue;
+ }
+
+ idx = OCSP_SINGLERESP_get_ext_by_NID(single,
+ NID_ct_cert_scts, -1); /* UNDOC */
+
+ if (idx == -1) {
+ continue;
+ }
+
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
+ "index of NID_ct_cert_scts: %d", idx);
+
+ exts = single->singleExtensions;
+
+ ext = sk_X509_EXTENSION_value(exts, idx); /* UNDOC */
+ oct = X509_EXTENSION_get_data(ext); /* UNDOC */
+
+ conncfg->ocsp_has_sct_list = 1;
+ conncfg->peer_ct_aware = 1;
+ conncfg->ocsp_sct_list_size = oct->length - 2;
+ conncfg->ocsp_sct_list = apr_pmemdup(c->pool, oct->data + 2,
+ conncfg->ocsp_sct_list_size);
+ }
+
+ OCSP_RESPONSE_free(rsp); /* UNDOC */
+
+ return 1;
+}
+
+/* Callbacks and structures for handling custom TLS Extensions:
+ * cli_ext_first_cb - sends data for ClientHello TLS Extension
+ * cli_ext_second_cb - receives data from ServerHello TLS Extension
+ */
+static int client_extension_callback_1(SSL *ssl, unsigned short ext_type,
+ const unsigned char **out,
+ unsigned short *outlen, int *al,
+ void *arg)
+{
+ conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
+
+ /* nothing to send in ClientHello */
+
+ ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
+ "client_extension_callback_1 called, "
+ "ext %hu will be in ClientHello",
+ ext_type);
+
+ return 1;
+}
+
+/* Get SCT(s) from ServerHello */
+static int client_extension_callback_2(SSL *ssl, unsigned short ext_type,
+ const unsigned char *in, unsigned short inlen,
+ int *al, void *arg)
+{
+ conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
+ ct_conn_config *conncfg = get_conn_config(c);
+
+ ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
+ "client_extension_callback_2 called, "
+ "ext %hu was in ServerHello (len %hu)",
+ ext_type, inlen);
+
+ /* Note: Peer certificate is not available in this callback via
+ * SSL_get_peer_certificate(ssl)
+ */
+
+ conncfg->serverhello_has_sct_list = 1;
+ conncfg->peer_ct_aware = 1;
+ conncfg->serverhello_sct_list = apr_pmemdup(c->pool, in, inlen);
+ conncfg->serverhello_sct_list_size = inlen;
+ return 1;
+}
+
+/* See SSLClient::VerifyCallback() in c-t/src/client/ssl_client.cc
+ * (That's a beast and hard to duplicate in depth when you consider
+ * all the support classes it relies on; mod_ssl_ct needs to be a
+ * C++ module so that the bugs are fixed in one place.)
+ *
+ * . This code should care about stapled SCTs but doesn't.
+ * . This code, unlike SSLClient::VerifyCallback(), doesn't look
+ * at the OpenSSL "input" chain.
+ */
+static int ssl_ct_ssl_proxy_verify(server_rec *s, conn_rec *c,
+ STACK_OF(X509) *chain)
+{
+ apr_pool_t *p = c->pool;
+ ct_conn_config *conncfg = get_conn_config(c);
+ ct_server_config *sconf = ap_get_module_config(s->module_config,
+ &ssl_ct_module);
+ int chain_size = sk_X509_num(chain);
+ int extension_index;
+ cert_chain *certs;
+
+ if (sconf->proxy_awareness == PROXY_OBLIVIOUS) {
+ return OK;
+ }
+
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
+ "ssl_ct_ssl_proxy_verify() - get server certificate info");
+
+ if (chain_size < 1) {
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
+ "odd chain size %d -- cannot proceed", chain_size);
+ return APR_EINVAL;
+ }
+
+ /* Note: SSLClient::Verify looks in both the input chain and the
+ * verified chain.
+ */
+
+ certs = cert_chain_init(p, chain);
+ conncfg->certs = certs;
+
+ extension_index =
+ X509_get_ext_by_NID(certs->leaf,
+ NID_ct_precert_scts,
+ -1);
+ /* use X509_get_ext(certs->leaf, extension_index) to obtain X509_EXTENSION * */
+
+ if (extension_index >= 0) {
+ void *ext_struct;
+
+ server_cert_has_sct_list(c);
+ /* as in Cert::ExtensionStructure() */
+ ext_struct = X509_get_ext_d2i(certs->leaf,
+ NID_ct_precert_scts,
+ NULL, /* ignore criticality of extension */
+ NULL); /* UNDOC */
+
+ if (ext_struct == NULL) {
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
+ "Could not retrieve SCT list from certificate (unexpected)");
+ }
+ else {
+ /* as in Cert::OctetStringExtensionData */
+ ASN1_OCTET_STRING *octet = (ASN1_OCTET_STRING *)ext_struct;
+ conncfg->cert_sct_list = apr_pmemdup(p,
+ octet->data,
+ octet->length);
+ conncfg->cert_sct_list_size = octet->length;
+ ASN1_OCTET_STRING_free(octet); /* UNDOC */
+ }
+ }
+
+ return OK;
+}
+
+static int ssl_ct_proxy_post_handshake(conn_rec *c, SSL *ssl)
+{
+ apr_pool_t *p = c->pool;
+ apr_status_t rv = APR_SUCCESS;
+ const char *key;
+ ct_cached_server_data *cached;
+ ct_conn_config *conncfg = get_conn_config(c);
+ server_rec *s = c->base_server;
+ ct_server_config *sconf = ap_get_module_config(s->module_config,
+ &ssl_ct_module);
+ int validation_error = 0, missing_sct_error = 0;
+ STACK_OF(X509) *chain = SSL_get_peer_cert_chain(ssl);
+
+ if (sconf->proxy_awareness == PROXY_OBLIVIOUS) {
+ return OK;
+ }
+
+ ssl_ct_ssl_proxy_verify(s, c, chain);
+
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
+ "finally at the point where we can see where SCTs came from"
+ " %pp/%pp/%pp (c %pp)",
+ conncfg->cert_sct_list, conncfg->serverhello_sct_list,
+ conncfg->ocsp_sct_list, c);
+
+ /* At this point we have the SCTs from the cert (if any) and the
+ * SCTs from the TLS extension (if any) in ct_conn_config.
+ */
+
+ if (conncfg->cert_sct_list || conncfg->serverhello_sct_list
+ || conncfg->ocsp_sct_list) {
+
+ /* The key is critical to avoiding validating and queueing of
+ * the same stuff over and over.
+ *
+ * Is there any cheaper check than server cert and SCTs all exactly
+ * the same as before?
+ */
+
+ key = gen_key(c, conncfg->certs, conncfg);
+
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
+ "key for server data: %s", key);
+
+ ctutil_thread_mutex_lock(cached_server_data_mutex);
+
+ cached = apr_hash_get(cached_server_data, key, APR_HASH_KEY_STRING);
+
+ ctutil_thread_mutex_unlock(cached_server_data_mutex);
+
+ if (!cached) {
+ ct_cached_server_data *new_server_data =
+ (ct_cached_server_data *)calloc(1, sizeof(ct_cached_server_data));
+
+ new_server_data->validation_result =
+ rv = validate_server_data(p, c, conncfg->certs, conncfg, sconf);
+
+ if (rv != APR_SUCCESS) {
+ validation_error = 1;
+ }
+
+ ctutil_thread_mutex_lock(cached_server_data_mutex);
+
+ if ((cached = apr_hash_get(cached_server_data, key, APR_HASH_KEY_STRING))) {
+ /* some other thread snuck in
+ * we assume that the other thread got the same validation
+ * result that we did
+ */
+ free(new_server_data);
+ new_server_data = NULL;
+ }
+ else {
+ /* no other thread snuck in */
+ apr_hash_set(cached_server_data, key, APR_HASH_KEY_STRING,
+ new_server_data);
+ new_server_data = NULL;
+ }
+
+ ctutil_thread_mutex_unlock(cached_server_data_mutex);
+
+ if (rv == APR_SUCCESS && !cached) {
+ save_server_data(c, conncfg->certs, conncfg, key);
+ }
+ }
+ else {
+ /* cached */
+ rv = cached->validation_result;
+ if (rv != APR_SUCCESS) {
+ validation_error = 1;
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, rv, c, "bad cached validation result");
+ }
+ }
+ }
+ else {
+ /* No SCTs at all; consult configuration to know what to do. */
+ missing_sct_error = 1;
+ }
+
+ if (conncfg->certs) {
+ cert_chain_free(conncfg->certs);
+ conncfg->certs = NULL;
+ }
+
+ ap_log_cerror(APLOG_MARK,
+ rv == APR_SUCCESS ? APLOG_DEBUG : APLOG_ERR, rv, c,
+ "SCT list received in: %s%s%s(%s) (c %pp)",
+ conncfg->serverhello_has_sct_list ? "ServerHello " : "",
+ conncfg->server_cert_has_sct_list ? "certificate-extension " : "",
+ conncfg->ocsp_has_sct_list ? "OCSP " : "",
+ cached ? "already saved" : "seen for the first time",
+ c);
+
+ if (sconf->proxy_awareness == PROXY_REQUIRE) {
+ if (missing_sct_error || validation_error) {
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
+ "Forbidding access to backend server; no valid SCTs");
+ return HTTP_FORBIDDEN;
+ }
+ }
+
+ return OK;
+}
+
+static int server_extension_callback_1(SSL *ssl, unsigned short ext_type,
+ const unsigned char *in,
+ unsigned short inlen, int *al,
+ void *arg)
+{
+ conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
+
+ /* this callback tells us that client is CT-aware;
+ * there's nothing of interest in the extension data
+ */
+ client_is_ct_aware(c);
+
+ ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
+ "server_extension_callback_1 called, "
+ "ext %hu was in ClientHello (len %hu)",
+ ext_type, inlen);
+
+ return 1;
+}
+
+static int server_extension_callback_2(SSL *ssl, unsigned short ext_type,
+ const unsigned char **out,
+ unsigned short *outlen, int *al,
+ void *arg)
+{
+ conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
+ ct_server_config *sconf = ap_get_module_config(c->base_server->module_config,
+ &ssl_ct_module);
+ X509 *server_cert;
+ const char *fingerprint;
+ const unsigned char *scts;
+ apr_size_t scts_len;
+ apr_status_t rv;
+
+ if (!is_client_ct_aware(c)) {
+ /* Hmmm... Is this actually called if the client doesn't include
+ * the extension in the ClientHello? I don't think so.
+ */
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
+ "server_extension_callback_2: client isn't CT-aware");
+ /* Skip this extension for ServerHello */
+ return -1;
+ }
+
+ /* need to reply with SCT */
+
+ server_cert = SSL_get_certificate(ssl); /* no need to free! */
+ fingerprint = get_cert_fingerprint(c->pool, server_cert);
+
+ ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
+ "server_extension_callback_2 called, "
+ "ext %hu will be in ServerHello",
+ ext_type);
+
+ rv = read_scts(c->pool, fingerprint,
+ sconf->sct_storage,
+ c->base_server, (char **)&scts, &scts_len);
+ if (rv == APR_SUCCESS) {
+ *out = scts;
+ ap_assert(scts_len <= USHRT_MAX);
+ *outlen = (unsigned short)scts_len;
+ }
+ else {
+ /* Skip this extension for ServerHello */
+ return -1;
+ }
+
+ return 1;
+}
+
+static void tlsext_cb(SSL *ssl, int client_server, int type,
+ unsigned char *data, int len,
+ void *arg)
+{
+ conn_rec *c = arg;
+
+ if (type == CT_EXTENSION_TYPE) {
+ ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, c,
+ "tlsext_cb called, got CT TLS extension");
+
+ client_is_ct_aware(c);
+ }
+}
+
+static int ssl_ct_pre_handshake(conn_rec *c, SSL *ssl)
+{
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, "client connected (pre-handshake)");
+
+ SSL_set_tlsext_status_type(ssl, TLSEXT_STATUSTYPE_ocsp); /* UNDOC */
+
+ /* This callback is needed only to determine that the peer is CT-aware
+ * when resuming a session. For an initial handshake, the callbacks
+ * registered via SSL_CTX_set_custom_srv_ext() are sufficient.
+ */
+ SSL_set_tlsext_debug_callback(ssl, tlsext_cb); /* UNDOC */
+ SSL_set_tlsext_debug_arg(ssl, c); /* UNDOC */
+
+ return OK;
+}
+
+static int ssl_ct_init_server(server_rec *s, apr_pool_t *p, int is_proxy,
+ SSL_CTX *ssl_ctx)
+{
+ ct_callback_info *cbi = apr_pcalloc(p, sizeof *cbi);
+ ct_server_config *sconf = ap_get_module_config(s->module_config,
+ &ssl_ct_module);
+
+ cbi->s = s;
+
+ if (is_proxy && sconf->proxy_awareness != PROXY_OBLIVIOUS) {
+ /* _cli_ = "client" */
+ if (!SSL_CTX_set_custom_cli_ext(ssl_ctx, CT_EXTENSION_TYPE,
+ client_extension_callback_1,
+ client_extension_callback_2, cbi)) { /* UNDOC */
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+ "Unable to initalize Certificate Transparency client "
+ "extension callbacks (callback for %d already registered?)",
+ CT_EXTENSION_TYPE);
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ /* Uhh, hopefully this doesn't collide with anybody else. mod_ssl
+ * currently only sets this on the server SSL_CTX, when OCSP is
+ * enabled.
+ */
+ SSL_CTX_set_tlsext_status_cb(ssl_ctx, ocsp_resp_cb); /* UNDOC */
+ SSL_CTX_set_tlsext_status_arg(ssl_ctx, cbi); /* UNDOC */
+ }
+ else if (!is_proxy) {
+ look_for_server_certs(s, ssl_ctx, sconf->sct_storage);
+
+ /* _srv_ = "server" */
+ if (!SSL_CTX_set_custom_srv_ext(ssl_ctx, CT_EXTENSION_TYPE,
+ server_extension_callback_1,
+ server_extension_callback_2, cbi)) { /* UNDOC */
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+ "Unable to initalize Certificate Transparency server "
+ "extension callback (callbacks for %d already registered?)",
+ CT_EXTENSION_TYPE);
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+ }
+
+ return OK;
+}
+
+static int ssl_ct_post_read_request(request_rec *r)
+{
+ ct_conn_config *conncfg =
+ ap_get_module_config(r->connection->conn_config, &ssl_ct_module);
+
+ if (conncfg && conncfg->peer_ct_aware) {
+ apr_table_set(r->subprocess_env, STATUS_VAR, STATUS_VAR_AWARE_VAL);
+ }
+ else {
+ apr_table_set(r->subprocess_env, STATUS_VAR, STATUS_VAR_UNAWARE_VAL);
+ }
+
+ return DECLINED;
+}
+
+static int ssl_ct_pre_config(apr_pool_t *pconf, apr_pool_t *plog,
+ apr_pool_t *ptemp)
+{
+ apr_status_t rv = ap_mutex_register(pconf, SSL_CT_MUTEX_TYPE, NULL,
+ APR_LOCK_DEFAULT, 0);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ apr_dbd_init(pconf);
+
+ ctutil_run_internal_tests(ptemp);
+
+ return OK;
+}
+
+static apr_status_t inactivate_audit_file(void *data)
+{
+ apr_status_t rv;
+ server_rec *s = data;
+
+ if (!audit_file) { /* something bad happened after child init */
+ return APR_SUCCESS;
+ }
+
+ /* the normal cleanup was disabled in the call to apr_file_open */
+ rv = apr_file_close(audit_file);
+ audit_file = NULL;
+ if (rv == APR_SUCCESS) {
+ if (audit_file_nonempty) {
+ rv = apr_file_rename(audit_fn_active, audit_fn_perm,
+ /* not used in current implementations */
+ s->process->pool);
+ }
+ else {
+ /* No data written; just remove the file */
+ apr_file_remove(audit_fn_active,
+ /* not used in current implementations */
+ s->process->pool);
+ }
+ }
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
+ "error flushing/closing %s or renaming it to %s",
+ audit_fn_active, audit_fn_perm);
+ }
+
+ return APR_SUCCESS; /* what, you think anybody cares? */
+}
+
+static void ssl_ct_child_init(apr_pool_t *p, server_rec *s)
+{
+ apr_status_t rv;
+ const char *audit_basename;
+ ct_server_config *sconf = ap_get_module_config(s->module_config,
+ &ssl_ct_module);
+
+ cached_server_data = apr_hash_make(p);
+
+ rv = apr_global_mutex_child_init(&ssl_ct_sct_update,
+ apr_global_mutex_lockfile(ssl_ct_sct_update), p);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
+ "could not initialize " SSL_CT_MUTEX_TYPE
+ " mutex in child");
+ /* might crash otherwise due to lack of checking for initialized data
+ * in all the right places, but this is going to skip pchild cleanup
+ */
+ exit(APEXIT_CHILDSICK);
+ }
+
+ rv = apr_thread_rwlock_create(&log_config_rwlock, p);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
+ "could not create rwlock in child");
+ exit(APEXIT_CHILDSICK);
+ }
+
+ rv = apr_thread_create(&service_thread, NULL, run_service_thread, s, p);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
+ "could not create " SERVICE_THREAD_NAME " in child");
+ /* might crash otherwise due to lack of checking for initialized data
+ * in all the right places, but this is going to skip pchild cleanup
+ */
+ exit(APEXIT_CHILDSICK);
+ }
+
+ apr_pool_cleanup_register(p, service_thread, wait_for_thread,
+ apr_pool_cleanup_null);
+
+ if (sconf->proxy_awareness != PROXY_OBLIVIOUS) {
+ rv = apr_thread_mutex_create(&cached_server_data_mutex,
+ APR_THREAD_MUTEX_DEFAULT,
+ p);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
+ "could not allocate a thread mutex");
+ /* might crash otherwise due to lack of checking for initialized data
+ * in all the right places, but this is going to skip pchild cleanup
+ */
+ exit(APEXIT_CHILDSICK);
+ }
+ }
+
+ if (sconf->proxy_awareness != PROXY_OBLIVIOUS && sconf->audit_storage) {
+ rv = apr_thread_mutex_create(&audit_file_mutex,
+ APR_THREAD_MUTEX_DEFAULT, p);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s,
+ "could not allocate a thread mutex");
+ /* might crash otherwise due to lack of checking for initialized data
+ * in all the right places, but this is going to skip pchild cleanup
+ */
+ exit(APEXIT_CHILDSICK);
+ }
+
+ audit_basename = apr_psprintf(p, "audit_%" APR_PID_T_FMT,
+ getpid());
+ rv = ctutil_path_join((char **)&audit_fn_perm, sconf->audit_storage,
+ audit_basename, p, s);
+ if (rv != APR_SUCCESS) {
+ /* might crash otherwise due to lack of checking for initialized data
+ * in all the right places, but this is going to skip pchild cleanup
+ */
+ exit(APEXIT_CHILDSICK);
+ }
+
+ audit_fn_active = apr_pstrcat(p, audit_fn_perm, ".tmp", NULL);
+ audit_fn_perm = apr_pstrcat(p, audit_fn_perm, ".out", NULL);
+
+ if (ctutil_file_exists(p, audit_fn_active)) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
+ "ummm, pid-specific file %s was reused before audit grabbed it! (removing)",
+ audit_fn_active);
+ apr_file_remove(audit_fn_active, p);
+ }
+
+ if (ctutil_file_exists(p, audit_fn_perm)) {
+ ap_log_error(APLOG_MARK, APLOG_CRIT, 0, s,
+ "ummm, pid-specific file %s was reused before audit grabbed it! (removing)",
+ audit_fn_perm);
+ apr_file_remove(audit_fn_perm, p);
+ }
+
+ rv = apr_file_open(&audit_file, audit_fn_active,
+ APR_FOPEN_WRITE|APR_FOPEN_CREATE|APR_FOPEN_TRUNCATE
+ |APR_FOPEN_BINARY|APR_FOPEN_BUFFERED|APR_FOPEN_NOCLEANUP,
+ APR_FPROT_OS_DEFAULT, p);
+ if (rv != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "can't create %s", audit_fn_active);
+ audit_file = NULL;
+ }
+
+ if (audit_file) {
+ apr_pool_cleanup_register(p, s, inactivate_audit_file, apr_pool_cleanup_null);
+ }
+ } /* !PROXY_OBLIVIOUS */
+}
+
[... 452 lines stripped ...]