mod_openssl leverages cert callback in openssl 1.0.2 and later
(SSL_CTX_set_cert_cb())
server certificate chain
is now set in the cert callback
verify_store (for client certificate verification) (ssl.ca-file)
is now set in the cert callback
more carefully load sensitive files and clear temporary storage
(with openssl 1.1.1 and later)
x-ref:
"Lighttpd Returns Wrong Cert In Multi-cert Set-up"
https://redmine.lighttpd.net/issues/2842
set server certificate from callback in openssl 1.0.2 and later
(SSL_CTX_set_cert_cb())
For existing versions of lighttpd, certificate selection influenced by
ssl.cipher-list which can be used to set server cipher order preference
(along with ssl.honor-cipher-order = "enable", which is the default)
x-ref:
"Lighttpd Returns Wrong Cert In Multi-cert Set-up"
https://redmine.lighttpd.net/issues/2842
"lighttpd uses wrong pem-file"
https://redmine.lighttpd.net/issues/3009
server ticket encryption key (STEK) rotation occurs every 86400 seconds
and upon lighttpd server restart. If using lighttpd with multiple
lighttpd workers, then restarting lighttpd keeps the STEK in sync
between lighttpd workers.
report SSL_R_UNEXPECTED_EOF_WHILE_READING if debug.log-ssl-noise enabled
SSL_R_UNEXPECTED_EOF_WHILE_READING
added in openssl 1.1.1e and reverted in 1.1.1f, but kept in 3.0 branch
NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access)
NB: request read and write chunkqueues currently point to connection
chunkqueues; per-request and per-connection chunkqueues are
not distinct from one another
con->read_queue == r->read_queue
con->write_queue == r->write_queue
NB: in the future, a separate connection config may be needed for
connection-level module hooks. Similarly, might need to have
per-request chunkqueues separate from per-connection chunkqueues.
Should probably also have a request_reset() which is distinct from
connection_reset().
use global rather than passing around (server *) just for that
li_itostrn() and li_utostrn() return string length
(rather than requiring subsequent strlen() to find length)
convert all log_error_write() to log_error() and pass (log_error_st *)
use con->errh in preference to srv->errh (even though currently same)
avoid passing (server *) when previously used only for logging (errh)
array_get_element_klen() is now intended for read-only access
array_get_data_unset() is used by config processing for r/w access
array_get_buf_ptr() is used for r/w access to ds->value (string buffer)
use openssl to read,discard request body after response has been sent
on a TLS connection, at least until SSL close notify has been sent
x-ref:
"HTTPS POST upload hangs when i reach maximum supported request size"
https://redmine.lighttpd.net/boards/2/topics/8491
(expect < 256 octets for DNS name)
Since limit is imposed, can use buffer_clear() instead of buffer_reset()
for con->uri.authority and con->server_name. (Also, con->uri.scheme is
limited to "http" and "https", so use buffer_clear() for it, too)
elliptic curve auto selection where available
openssl v1.0.2 - SSL_CTX_set_ecdh_auto()
openssl v1.1.0 - ECDH support always enabled
x-ref:
"Using X25519 Key exchange"
https://redmine.lighttpd.net/issues/2833
"SSL_CTX_set_ecdh_auto is undefined for newer openssl's"
https://github.com/openssl/openssl/issues/1437
It has been removed from OpenSSL 1.1.0.
Here is the relevant CHANGES entry:
*) SSL_{CTX_}set_ecdh_auto() has been removed and ECDH is support is
always enabled now. If you want to disable the support you should
exclude it using the list of supported ciphers. This also means
that the "-no_ecdhe" option has been removed from s_server.
[Kurt Roeckx]
(similar to Apache mod_ssl SSLOpenSSLConfCmd directive)
(experimental)
This new directive is for use with OpenSSL only, and is not currently
available in LibreSSL.
https://wiki.openssl.org/index.php/Manual:SSL_CONF_cmd(3)
lighttpd takes "file commands" not "command line commands" as
openssl SSL_CONF_cmd() appears to permit only one mode at a time.
lighttpd processes this directive after all other ssl.* directives
have been applied for the $SERVER["socket"] scope.
x-ref:
"Option to disable TLS session tickets"
https://redmine.lighttpd.net/issues/2758
"Allow to selectively disable TLS 1.0, 1.1 and 1.2 versions"
https://github.com/lighttpd/lighttpd1.4/pull/84
github: closes #84
error if ssl.engine in wrong section of config.
ssl.engine is valid only in global scope or $SERVER["socket"] condition
x-ref:
"HTTPS requests timeout when cert not set for socket"
https://redmine.lighttpd.net/issues/2837
set ssl.read-ahead = "disable" by default (modifies commit f4e1357d)
Given various reports from users of embedded systems, the default is
being changed to do the sane thing for these systems. This is the
right setting on slow embedded systems for which decoding SSL input
is slower than receiving that input over the network.
On the other hand, for faster systems, ssl.read-ahead = "enable" is
recommended for a slight performance gain and should be explicitly set
in the global or $SERVER["socket"] configuration blocks in lighttpd.conf
x-ref:
"https POST requests buffered in RAM since v1.4.41?"
https://redmine.lighttpd.net/boards/2/topics/7520
remove erroneous call to SSL_set_shutdown()
(historical from commit:3888c103)
(erroneous since lighttpd 1.4.40 moved to bidirectional input/output)
x-ref:
"wstunnel sample config"
https://redmine.lighttpd.net/boards/2/topics/7600
copy small mem chunks into single large buffer before SSL_write()
to reduce number times write() called underneath SSL_write() and
potentially reduce number of packets generated if socket TCP_NODELAY
set default ssl.read-ahead = "disable" for streaming when
server.stream-request-body = 1 or 2 is set in the global scope
It is still recommended that embedded and other low-memory systems
explicitly set ssl.read-ahead = "disable" in the global scope
(regardless of server.stream-request-body setting)
On the other hand, for systems which enable server.stream-request-body
to non-zero value, and for which sufficient memory is available, then
ssl.read-ahead = "enable" is recommended and should be explicitly set
in the global or $SERVER["socket"] configuration blocks in lighttpd.conf
x-ref:
"https POST requests buffered in RAM since v1.4.41?"
https://redmine.lighttpd.net/boards/2/topics/7520
ssl.ca-dn-file is used to send list of valid CA DNs to client for client
cert verification. If ssl.ca-dn-file is not specified, then the CAs in
ssl.ca-file are used.
client certs are validated against the set of certs from both
ssl.ca-dn-file and ssl.ca-file, but issuer of cert provided by
client must be in ssl.ca-dn-file if ssl.ca-dn-file is specified.
(certs should not need to be in to both ssl.ca-file and ssl.ca-dn-file)
(thx m4t)
If lighttpd is started privileged, then SSL/TLS modules need to be
initialized prior to chroot (optional) and prior to dropping privileges
in order to be able to read sensitive files such as private certificates
(thx m4t)
provide a safer X590_NAME_oneline() with return value semantics similar
to those of snprintf() and use safer_X509_NAME_oneline() to set
SSL_CLIENT_S_DN when client cert is validated.
The manpage for X509_NAME_oneline() says:
The functions X509_NAME_oneline() and X509_NAME_print() are legacy functions which produce a non standard output form, they don't handle multi character fields and have various quirks and inconsistencies. Their use is strongly discouraged in new applications.
Besides X509_NAME_oneline() function being deprecated, until fairly recently, there was a security issue with the function, too.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2176
The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.
github: closes #63, closes #83
x-ref:
"support SSL_CLIENT_VERIFY & SSL_CLIENT_S_DN"
https://redmine.lighttpd.net/issues/2693https://github.com/lighttpd/lighttpd1.4/pull/63https://github.com/lighttpd/lighttpd1.4/pull/83
ignore client verification error if not enforced
e.g. *not* ssl.verifyclient.enforce = "enable"
github: closes #83
x-ref:
"ignore client verification error if not enforced"
https://github.com/lighttpd/lighttpd1.4/pull/83
(original patch by mackyle)
The ssl.ca-dn-file option provides independent control of
the "certificate_authorities" field (see RFC 5246 section
7.4.4 Certificate Request) separate from the actual list
of trusted certificate authorities used for client
certificate verification.
It may be necessary to send a hint that includes the DN
of a non-root client CA in order to receive the correct
certificate from the client, but such a non-root CA really
does not belong in the trusted client root CA list.
Signed-off-by: Kyle J. McKay mackyle@gmail.com
github: closes #64
x-ref:
"add support for ssl.cadn-file"
https://redmine.lighttpd.net/issues/2694https://github.com/lighttpd/lighttpd1.4/pull/64
If lighttpd.conf is invalid, some modules may not have initialized their
per-context config structures, but will have their free-functions
called, which should not be run on uninitialized per-context configs.
x-ref:
"Segfault with simple-vhost.debug = "enable""
https://redmine.lighttpd.net/issues/2798
inherit ssl.* from global scope if $SERVER["socket"] contains
ssl.engine = "enable" and no other ssl.* settings
(In earlier versions of lighttpd, specifying ssl.engine = "enable"
without specifying ssl.pemfile was a configuration error, so this
change should not break any pre-existing and previously working
configs)
x-ref:
https://github.com/pfsense/FreeBSD-ports/pull/284
re-patch mod_openssl config within the request so that per-request
settings can be applied, such as activating client cert verification
for specific URL paths.
(This can be used in conjunction with auth.backend = "extern"
to require auth to occur)
x-ref:
"SSL : authenticate only clients for a particular URL"
https://redmine.lighttpd.net/issues/2245
large code move, but minimal changes made to code (besides whitespace),
so that code builds
next: need to isolate openssl data structures and config parsing
Mohammed Sadiq