2 ** _ __ ___ ___ __| | ___ ___| | mod_ssl
3 ** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
4 ** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org
5 ** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org
11 /* ====================================================================
12 * The Apache Software License, Version 1.1
14 * Copyright (c) 2000-2004 The Apache Software Foundation. All rights
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
21 * 1. Redistributions of source code must retain the above copyright
22 * notice, this list of conditions and the following disclaimer.
24 * 2. Redistributions in binary form must reproduce the above copyright
25 * notice, this list of conditions and the following disclaimer in
26 * the documentation and/or other materials provided with the
29 * 3. The end-user documentation included with the redistribution,
30 * if any, must include the following acknowledgment:
31 * "This product includes software developed by the
32 * Apache Software Foundation (http://www.apache.org/)."
33 * Alternately, this acknowledgment may appear in the software itself,
34 * if and wherever such third-party acknowledgments normally appear.
36 * 4. The names "Apache" and "Apache Software Foundation" must
37 * not be used to endorse or promote products derived from this
38 * software without prior written permission. For written
39 * permission, please contact apache@apache.org.
41 * 5. Products derived from this software may not be called "Apache",
42 * nor may "Apache" appear in their name, without prior written
43 * permission of the Apache Software Foundation.
45 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
46 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
47 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
48 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
49 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
50 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
51 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
52 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
53 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
54 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
55 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
57 * ====================================================================
59 /* ``MY HACK: This universe.
60 Just one little problem:
65 /* _________________________________________________________________
68 ** _________________________________________________________________
71 /* This file is designed to be the bridge between OpenSSL and httpd.
72 * However, we really don't expect anyone (let alone ourselves) to
73 * remember what is in this file. So, first, a quick overview.
75 * In this file, you will find:
76 * - ssl_io_filter_input (Apache input filter)
77 * - ssl_io_filter_output (Apache output filter)
79 * - bio_filter_in_* (OpenSSL input filter)
80 * - bio_filter_out_* (OpenSSL output filter)
82 * The input chain is roughly:
84 * ssl_io_filter_input->ssl_io_input_read->SSL_read->...
85 * ...->bio_filter_in_read->ap_get_brigade/next-httpd-filter
87 * In mortal terminology, we do the following:
88 * - Receive a request for data to the SSL input filter
89 * - Call a helper function once we know we should perform a read
90 * - Call OpenSSL's SSL_read()
91 * - SSL_read() will then call bio_filter_in_read
92 * - bio_filter_in_read will then try to fetch data from the next httpd filter
93 * - bio_filter_in_read will flatten that data and return it to SSL_read
94 * - SSL_read will then decrypt the data
95 * - ssl_io_input_read will then receive decrypted data as a char* and
96 * ensure that there were no read errors
97 * - The char* is placed in a brigade and returned
99 * Since connection-level input filters in httpd need to be able to
100 * handle AP_MODE_GETLINE calls (namely identifying LF-terminated strings),
101 * ssl_io_input_getline which will handle this special case.
103 * Due to AP_MODE_GETLINE and AP_MODE_SPECULATIVE, we may sometimes have
104 * 'leftover' decoded data which must be setaside for the next read. That
105 * is currently handled by the char_buffer_{read|write} functions. So,
106 * ssl_io_input_read may be able to fulfill reads without invoking
109 * Note that the filter context of ssl_io_filter_input and bio_filter_in_*
110 * are shared as bio_filter_in_ctx_t.
112 * Note that the filter is by choice limited to reading at most
113 * AP_IOBUFSIZE (8192 bytes) per call.
117 /* this custom BIO allows us to hook SSL_write directly into
118 * an apr_bucket_brigade and use transient buckets with the SSL
119 * malloc-ed buffer, rather than copying into a mem BIO.
120 * also allows us to pass the brigade as data is being written
121 * rather than buffering up the entire response in the mem BIO.
123 * when SSL needs to flush (e.g. SSL_accept()), it will call BIO_flush()
124 * which will trigger a call to bio_filter_out_ctrl() -> bio_filter_out_flush().
125 * so we only need to flush the output ourselves if we receive an
126 * EOS or FLUSH bucket. this was not possible with the mem BIO where we
127 * had to flush all over the place not really knowing when it was required
135 ap_filter_t *pInputFilter;
136 ap_filter_t *pOutputFilter;
140 ssl_filter_ctx_t *filter_ctx;
142 apr_bucket_brigade *bb;
144 char buffer[AP_IOBUFSIZE];
147 } bio_filter_out_ctx_t;
149 static bio_filter_out_ctx_t *bio_filter_out_ctx_new(ssl_filter_ctx_t *filter_ctx,
152 bio_filter_out_ctx_t *outctx = apr_palloc(c->pool, sizeof(*outctx));
154 outctx->filter_ctx = filter_ctx;
156 outctx->bb = apr_brigade_create(c->pool, c->bucket_alloc);
163 static int bio_filter_out_flush(BIO *bio)
165 bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio->ptr);
168 if (!(outctx->blen || outctx->length)) {
169 outctx->rc = APR_SUCCESS;
174 e = apr_bucket_transient_create(outctx->buffer, outctx->blen,
175 outctx->bb->bucket_alloc);
176 /* we filled this buffer first so add it to the
177 * head of the brigade
179 APR_BRIGADE_INSERT_HEAD(outctx->bb, e);
184 e = apr_bucket_flush_create(outctx->bb->bucket_alloc);
185 APR_BRIGADE_INSERT_TAIL(outctx->bb, e);
187 outctx->rc = ap_pass_brigade(outctx->filter_ctx->pOutputFilter->next,
189 return (outctx->rc == APR_SUCCESS) ? 1 : -1;
192 static int bio_filter_create(BIO *bio)
202 static int bio_filter_destroy(BIO *bio)
208 /* nothing to free here.
209 * apache will destroy the bucket brigade for us
214 static int bio_filter_out_read(BIO *bio, char *out, int outl)
216 /* this is never called */
220 static int bio_filter_out_write(BIO *bio, const char *in, int inl)
222 bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio->ptr);
224 /* when handshaking we'll have a small number of bytes.
225 * max size SSL will pass us here is about 16k.
226 * (16413 bytes to be exact)
228 BIO_clear_retry_flags(bio);
230 if (!outctx->length && (inl + outctx->blen < sizeof(outctx->buffer))) {
231 /* the first two SSL_writes (of 1024 and 261 bytes)
232 * need to be in the same packet (vec[0].iov_base)
234 /* XXX: could use apr_brigade_write() to make code look cleaner
235 * but this way we avoid the malloc(APR_BUCKET_BUFF_SIZE)
236 * and free() of it later
238 memcpy(&outctx->buffer[outctx->blen], in, inl);
242 /* pass along the encrypted data
243 * need to flush since we're using SSL's malloc-ed buffer
244 * which will be overwritten once we leave here
246 apr_bucket *bucket = apr_bucket_transient_create(in, inl,
247 outctx->bb->bucket_alloc);
249 outctx->length += inl;
250 APR_BRIGADE_INSERT_TAIL(outctx->bb, bucket);
252 if (bio_filter_out_flush(bio) < 0) {
260 static long bio_filter_out_ctrl(BIO *bio, int cmd, long num, void *ptr)
265 bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)(bio->ptr);
269 outctx->blen = outctx->length = 0;
272 ret = (long)((outctx->blen + outctx->length) == 0);
274 case BIO_C_SET_BUF_MEM_EOF_RETURN:
275 outctx->blen = outctx->length = (apr_size_t)num;
278 ret = (long)(outctx->blen + outctx->length);
281 *pptr = (char *)&(outctx->buffer[0]);
284 case BIO_CTRL_GET_CLOSE:
285 ret = (long)bio->shutdown;
287 case BIO_CTRL_SET_CLOSE:
288 bio->shutdown = (int)num;
290 case BIO_CTRL_WPENDING:
293 case BIO_CTRL_PENDING:
294 ret = (long)(outctx->blen + outctx->length);
297 ret = bio_filter_out_flush(bio);
303 case BIO_C_SET_BUF_MEM:
304 case BIO_C_GET_BUF_MEM_PTR:
316 static int bio_filter_out_gets(BIO *bio, char *buf, int size)
318 /* this is never called */
322 static int bio_filter_out_puts(BIO *bio, const char *str)
324 /* this is never called */
328 static BIO_METHOD bio_filter_out_method = {
331 bio_filter_out_write,
332 bio_filter_out_read, /* read is never called */
333 bio_filter_out_puts, /* puts is never called */
334 bio_filter_out_gets, /* gets is never called */
338 #ifdef OPENSSL_VERSION_NUMBER
339 NULL /* sslc does not have the callback_ctrl field */
353 ap_input_mode_t mode;
354 apr_read_type_e block;
355 apr_bucket_brigade *bb;
358 char buffer[AP_IOBUFSIZE];
359 ssl_filter_ctx_t *filter_ctx;
360 } bio_filter_in_ctx_t;
363 * this char_buffer api might seem silly, but we don't need to copy
364 * any of this data and we need to remember the length.
366 static int char_buffer_read(char_buffer_t *buffer, char *in, int inl)
368 if (!buffer->length) {
372 if (buffer->length > inl) {
373 /* we have have enough to fill the caller's buffer */
374 memcpy(in, buffer->value, inl);
375 buffer->value += inl;
376 buffer->length -= inl;
379 /* swallow remainder of the buffer */
380 memcpy(in, buffer->value, buffer->length);
381 inl = buffer->length;
382 buffer->value = NULL;
389 static int char_buffer_write(char_buffer_t *buffer, char *in, int inl)
392 buffer->length = inl;
396 /* This function will read from a brigade and discard the read buckets as it
397 * proceeds. It will read at most *len bytes.
399 static apr_status_t brigade_consume(apr_bucket_brigade *bb,
400 apr_read_type_e block,
401 char *c, apr_size_t *len)
403 apr_size_t actual = 0;
404 apr_status_t status = APR_SUCCESS;
406 while (!APR_BRIGADE_EMPTY(bb)) {
407 apr_bucket *b = APR_BRIGADE_FIRST(bb);
412 /* Justin points out this is an http-ism that might
413 * not fit if brigade_consume is added to APR. Perhaps
414 * apr_bucket_read(eos_bucket) should return APR_EOF?
415 * Then this becomes mainline instead of a one-off.
417 if (APR_BUCKET_IS_EOS(b)) {
422 /* The reason I'm not offering brigade_consume yet
423 * across to apr-util is that the following call
424 * illustrates how borked that API really is. For
425 * this sort of case (caller provided buffer) it
426 * would be much more trivial for apr_bucket_consume
427 * to do all the work that follows, based on the
428 * particular characteristics of the bucket we are
431 status = apr_bucket_read(b, &str, &str_len, block);
433 if (status != APR_SUCCESS) {
434 if (APR_STATUS_IS_EOF(status)) {
435 /* This stream bucket was consumed */
436 apr_bucket_delete(b);
443 /* Do not block once some data has been consumed */
444 block = APR_NONBLOCK_READ;
446 /* Assure we don't overflow. */
447 consume = (str_len + actual > *len) ? *len - actual : str_len;
449 memcpy(c, str, consume);
454 if (consume >= b->length) {
455 /* This physical bucket was consumed */
456 apr_bucket_delete(b);
459 /* Only part of this physical bucket was consumed */
461 b->length -= consume;
464 else if (b->length == 0) {
465 apr_bucket_delete(b);
468 /* This could probably be actual == *len, but be safe from stray
470 if (actual >= *len) {
480 * this is the function called by SSL_read()
482 static int bio_filter_in_read(BIO *bio, char *in, int inlen)
484 apr_size_t inl = inlen;
485 bio_filter_in_ctx_t *inctx = (bio_filter_in_ctx_t *)(bio->ptr);
486 apr_read_type_e block = inctx->block;
487 SSLConnRec *sslconn = myConnConfig(inctx->f->c);
489 inctx->rc = APR_SUCCESS;
491 /* OpenSSL catches this case, so should we. */
495 /* XXX: flush here only required for SSLv2;
496 * OpenSSL calls BIO_flush() at the appropriate times for
497 * the other protocols.
499 if ((SSL_version(inctx->ssl) == SSL2_VERSION) || sslconn->is_proxy) {
500 if (bio_filter_out_flush(inctx->bio_out) < 0) {
501 bio_filter_out_ctx_t *outctx =
502 (bio_filter_out_ctx_t *)(inctx->bio_out->ptr);
503 inctx->rc = outctx->rc;
508 BIO_clear_retry_flags(bio);
515 if (APR_BRIGADE_EMPTY(inctx->bb)) {
517 inctx->rc = ap_get_brigade(inctx->f->next, inctx->bb,
518 AP_MODE_READBYTES, block,
521 /* Not a problem, there was simply no data ready yet.
523 if (APR_STATUS_IS_EAGAIN(inctx->rc) || APR_STATUS_IS_EINTR(inctx->rc)
524 || (inctx->rc == APR_SUCCESS && APR_BRIGADE_EMPTY(inctx->bb))) {
525 BIO_set_retry_read(bio);
529 if (inctx->rc != APR_SUCCESS) {
530 /* Unexpected errors discard the brigade */
531 apr_brigade_cleanup(inctx->bb);
537 inctx->rc = brigade_consume(inctx->bb, block, in, &inl);
539 if (inctx->rc == APR_SUCCESS) {
543 if (APR_STATUS_IS_EAGAIN(inctx->rc)
544 || APR_STATUS_IS_EINTR(inctx->rc)) {
545 BIO_set_retry_read(bio);
549 /* Unexpected errors and APR_EOF clean out the brigade.
550 * Subsequent calls will return APR_EOF.
552 apr_brigade_cleanup(inctx->bb);
555 if (APR_STATUS_IS_EOF(inctx->rc) && inl) {
556 /* Provide the results of this read pass,
557 * without resetting the BIO retry_read flag
566 static BIO_METHOD bio_filter_in_method = {
569 NULL, /* write is never called */
571 NULL, /* puts is never called */
572 NULL, /* gets is never called */
573 NULL, /* ctrl is never called */
576 #ifdef OPENSSL_VERSION_NUMBER
577 NULL /* sslc does not have the callback_ctrl field */
582 static apr_status_t ssl_io_input_read(bio_filter_in_ctx_t *inctx,
586 apr_size_t wanted = *len;
587 apr_size_t bytes = 0;
592 /* If we have something leftover from last time, try that first. */
593 if ((bytes = char_buffer_read(&inctx->cbuf, buf, wanted))) {
595 if (inctx->mode == AP_MODE_SPECULATIVE) {
596 /* We want to rollback this read. */
597 inctx->cbuf.value -= bytes;
598 inctx->cbuf.length += bytes;
601 /* This could probably be *len == wanted, but be safe from stray
604 if (*len >= wanted) {
607 if (inctx->mode == AP_MODE_GETLINE) {
608 if (memchr(buf, APR_ASCII_LF, *len)) {
613 /* Down to a nonblock pattern as we have some data already
615 inctx->block = APR_NONBLOCK_READ;
621 if (!inctx->filter_ctx->pssl) {
625 /* SSL_read may not read because we haven't taken enough data
626 * from the stack. This is where we want to consider all of
627 * the blocking and SPECULATIVE semantics
629 rc = SSL_read(inctx->filter_ctx->pssl, buf + bytes, wanted - bytes);
633 if (inctx->mode == AP_MODE_SPECULATIVE) {
634 /* We want to rollback this read. */
635 char_buffer_write(&inctx->cbuf, buf, rc);
640 /* If EAGAIN, we will loop given a blocking read,
641 * otherwise consider ourselves at EOF.
643 if (APR_STATUS_IS_EAGAIN(inctx->rc)
644 || APR_STATUS_IS_EINTR(inctx->rc)) {
645 /* Already read something, return APR_SUCCESS instead.
646 * On win32 in particular, but perhaps on other kernels,
647 * a blocking call isn't 'always' blocking.
650 inctx->rc = APR_SUCCESS;
653 if (inctx->block == APR_NONBLOCK_READ) {
659 inctx->rc = APR_SUCCESS;
667 else /* (rc < 0) */ {
668 int ssl_err = SSL_get_error(inctx->filter_ctx->pssl, rc);
669 conn_rec *c = (conn_rec*)SSL_get_app_data(inctx->filter_ctx->pssl);
671 if (ssl_err == SSL_ERROR_WANT_READ) {
673 * If OpenSSL wants to read more, and we were nonblocking,
674 * report as an EAGAIN. Otherwise loop, pulling more
675 * data from network filter.
677 * (This is usually the case when the client forces an SSL
678 * renegotation which is handled implicitly by OpenSSL.)
680 inctx->rc = APR_EAGAIN;
683 inctx->rc = APR_SUCCESS;
686 if (inctx->block == APR_NONBLOCK_READ) {
689 continue; /* Blocking and nothing yet? Try again. */
691 else if (ssl_err == SSL_ERROR_SYSCALL) {
692 if (APR_STATUS_IS_EAGAIN(inctx->rc)
693 || APR_STATUS_IS_EINTR(inctx->rc)) {
694 /* Already read something, return APR_SUCCESS instead. */
696 inctx->rc = APR_SUCCESS;
699 if (inctx->block == APR_NONBLOCK_READ) {
702 continue; /* Blocking and nothing yet? Try again. */
705 ap_log_error(APLOG_MARK, APLOG_INFO, inctx->rc, c->base_server,
706 "SSL input filter read failed.");
709 else /* if (ssl_err == SSL_ERROR_SSL) */ {
711 * Log SSL errors and any unexpected conditions.
713 ap_log_error(APLOG_MARK, APLOG_INFO, inctx->rc, c->base_server,
714 "SSL library error %d reading data", ssl_err);
715 ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
718 if (inctx->rc == APR_SUCCESS) {
719 inctx->rc = APR_EGENERAL;
727 static apr_status_t ssl_io_input_getline(bio_filter_in_ctx_t *inctx,
731 const char *pos = NULL;
733 apr_size_t tmplen = *len, buflen = *len, offset = 0;
738 * in most cases we get all the headers on the first SSL_read.
739 * however, in certain cases SSL_read will only get a partial
740 * chunk of the headers, so we try to read until LF is seen.
744 status = ssl_io_input_read(inctx, buf + offset, &tmplen);
746 if (status != APR_SUCCESS) {
752 if ((pos = memchr(buf, APR_ASCII_LF, *len))) {
757 tmplen = buflen - offset;
763 apr_size_t bytes = pos - buf;
767 length = *len - bytes;
769 char_buffer_write(&inctx->cbuf, value, length);
778 static apr_status_t ssl_filter_write(ap_filter_t *f,
782 ssl_filter_ctx_t *filter_ctx = f->ctx;
783 bio_filter_out_ctx_t *outctx;
787 if (filter_ctx->pssl == NULL) {
791 outctx = (bio_filter_out_ctx_t *)filter_ctx->pbioWrite->ptr;
792 res = SSL_write(filter_ctx->pssl, (unsigned char *)data, len);
795 int ssl_err = SSL_get_error(filter_ctx->pssl, res);
796 conn_rec *c = (conn_rec*)SSL_get_app_data(outctx->filter_ctx->pssl);
798 if (ssl_err == SSL_ERROR_WANT_WRITE) {
800 * If OpenSSL wants to write more, and we were nonblocking,
801 * report as an EAGAIN. Otherwise loop, pushing more
802 * data at the network filter.
804 * (This is usually the case when the client forces an SSL
805 * renegotation which is handled implicitly by OpenSSL.)
807 outctx->rc = APR_EAGAIN;
809 else if (ssl_err == SSL_ERROR_SYSCALL) {
810 ap_log_error(APLOG_MARK, APLOG_INFO, outctx->rc, c->base_server,
811 "SSL output filter write failed.");
813 else /* if (ssl_err == SSL_ERROR_SSL) */ {
817 ap_log_error(APLOG_MARK, APLOG_INFO, outctx->rc, c->base_server,
818 "SSL library error %d writing data", ssl_err);
819 ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
821 if (outctx->rc == APR_SUCCESS) {
822 outctx->rc = APR_EGENERAL;
825 else if ((apr_size_t)res != len) {
827 char *reason = "reason unknown";
829 /* XXX: probably a better way to determine this */
830 if (SSL_total_renegotiations(filter_ctx->pssl)) {
831 reason = "likely due to failed renegotiation";
834 ap_log_error(APLOG_MARK, APLOG_INFO, outctx->rc, c->base_server,
835 "failed to write %" APR_SSIZE_T_FMT
836 " of %" APR_SIZE_T_FMT " bytes (%s)",
837 len - (apr_size_t)res, len, reason);
839 outctx->rc = APR_EGENERAL;
844 /* Just use a simple request. Any request will work for this, because
845 * we use a flag in the conn_rec->conn_vector now. The fake request just
846 * gets the request back to the Apache core so that a response can be sent.
848 * To avoid calling back for more data from the socket, use an HTTP/0.9
849 * request, and tack on an EOS bucket.
851 #define HTTP_ON_HTTPS_PORT \
854 #define HTTP_ON_HTTPS_PORT_BUCKET(alloc) \
855 apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, \
856 sizeof(HTTP_ON_HTTPS_PORT) - 1, \
859 static void ssl_io_filter_disable(ap_filter_t *f)
861 bio_filter_in_ctx_t *inctx = f->ctx;
863 inctx->filter_ctx->pssl = NULL;
866 static apr_status_t ssl_io_filter_error(ap_filter_t *f,
867 apr_bucket_brigade *bb,
870 SSLConnRec *sslconn = myConnConfig(f->c);
874 case HTTP_BAD_REQUEST:
875 /* log the situation */
876 ap_log_error(APLOG_MARK, APLOG_INFO, 0,
878 "SSL handshake failed: HTTP spoken on HTTPS port; "
879 "trying to send HTML error page");
880 ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, f->c->base_server);
882 sslconn->non_ssl_request = 1;
883 ssl_io_filter_disable(f);
885 /* fake the request line */
886 bucket = HTTP_ON_HTTPS_PORT_BUCKET(f->c->bucket_alloc);
893 APR_BRIGADE_INSERT_TAIL(bb, bucket);
894 bucket = apr_bucket_eos_create(f->c->bucket_alloc);
895 APR_BRIGADE_INSERT_TAIL(bb, bucket);
900 static const char ssl_io_filter[] = "SSL/TLS Filter";
903 * Close the SSL part of the socket connection
904 * (called immediately _before_ the socket is closed)
907 static apr_status_t ssl_filter_io_shutdown(ssl_filter_ctx_t *filter_ctx,
911 SSL *ssl = filter_ctx->pssl;
912 const char *type = "";
913 SSLConnRec *sslconn = myConnConfig(c);
921 * Now close the SSL layer of the connection. We've to take
922 * the TLSv1 standard into account here:
924 * | 7.2.1. Closure alerts
926 * | The client and the server must share knowledge that the connection is
927 * | ending in order to avoid a truncation attack. Either party may
928 * | initiate the exchange of closing messages.
931 * | This message notifies the recipient that the sender will not send
932 * | any more messages on this connection. The session becomes
933 * | unresumable if any connection is terminated without proper
934 * | close_notify messages with level equal to warning.
936 * | Either party may initiate a close by sending a close_notify alert.
937 * | Any data received after a closure alert is ignored.
939 * | Each party is required to send a close_notify alert before closing
940 * | the write side of the connection. It is required that the other party
941 * | respond with a close_notify alert of its own and close down the
942 * | connection immediately, discarding any pending writes. It is not
943 * | required for the initiator of the close to wait for the responding
944 * | close_notify alert before closing the read side of the connection.
946 * This means we've to send a close notify message, but haven't to wait
947 * for the close notify of the client. Actually we cannot wait for the
948 * close notify of the client because some clients (including Netscape
949 * 4.x) don't send one, so we would hang.
953 * exchange close notify messages, but allow the user
954 * to force the type of handshake via SetEnvIf directive
957 shutdown_type = SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN;
960 else switch (sslconn->shutdown_type) {
961 case SSL_SHUTDOWN_TYPE_UNCLEAN:
962 /* perform no close notify handshake at all
963 (violates the SSL/TLS standard!) */
964 shutdown_type = SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN;
967 case SSL_SHUTDOWN_TYPE_ACCURATE:
968 /* send close notify and wait for clients close notify
969 (standard compliant, but usually causes connection hangs) */
975 * case SSL_SHUTDOWN_TYPE_UNSET:
976 * case SSL_SHUTDOWN_TYPE_STANDARD:
978 /* send close notify, but don't wait for clients close notify
979 (standard compliant and safe, so it's the DEFAULT!) */
980 shutdown_type = SSL_RECEIVED_SHUTDOWN;
985 SSL_set_shutdown(ssl, shutdown_type);
986 SSL_smart_shutdown(ssl);
988 /* and finally log the fact that we've closed the connection */
989 if (c->base_server->loglevel >= APLOG_INFO) {
990 ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
991 "Connection to child %ld closed with %s shutdown"
992 "(server %s, client %s)",
994 ssl_util_vhostid(c->pool, c->base_server),
995 c->remote_ip ? c->remote_ip : "unknown");
998 /* deallocate the SSL connection */
999 if (sslconn->client_cert) {
1000 X509_free(sslconn->client_cert);
1001 sslconn->client_cert = NULL;
1004 sslconn->ssl = NULL;
1005 filter_ctx->pssl = NULL; /* so filters know we've been shutdown */
1008 /* prevent any further I/O */
1015 static apr_status_t ssl_io_filter_cleanup(void *data)
1018 ssl_filter_ctx_t *filter_ctx = (ssl_filter_ctx_t *)data;
1021 if (!filter_ctx->pssl) {
1022 /* already been shutdown */
1026 c = (conn_rec *)SSL_get_app_data(filter_ctx->pssl);
1027 if ((ret = ssl_filter_io_shutdown(filter_ctx, c, 0)) != APR_SUCCESS) {
1028 ap_log_error(APLOG_MARK, APLOG_INFO, ret, NULL,
1029 "SSL filter error shutting down I/O");
1036 * The hook is NOT registered with ap_hook_process_connection. Instead, it is
1037 * called manually from the churn () before it tries to read any data.
1038 * There is some problem if I accept conn_rec *. Still investigating..
1039 * Adv. if conn_rec * can be accepted is we can hook this function using the
1040 * ap_hook_process_connection hook.
1042 static int ssl_io_filter_connect(ssl_filter_ctx_t *filter_ctx)
1044 conn_rec *c = (conn_rec *)SSL_get_app_data(filter_ctx->pssl);
1045 SSLConnRec *sslconn = myConnConfig(c);
1046 SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
1052 if (SSL_is_init_finished(filter_ctx->pssl)) {
1056 if (sslconn->is_proxy) {
1057 if ((n = SSL_connect(filter_ctx->pssl)) <= 0) {
1058 ap_log_error(APLOG_MARK, APLOG_INFO, 0,
1060 "SSL Proxy connect failed");
1061 ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
1062 return ssl_filter_io_shutdown(filter_ctx, c, 1);
1068 if ((n = SSL_accept(filter_ctx->pssl)) <= 0) {
1069 bio_filter_in_ctx_t *inctx = (bio_filter_in_ctx_t *)
1070 (filter_ctx->pbioRead->ptr);
1071 bio_filter_out_ctx_t *outctx = (bio_filter_out_ctx_t *)
1072 (filter_ctx->pbioWrite->ptr);
1073 apr_status_t rc = inctx->rc ? inctx->rc : outctx->rc ;
1074 ssl_err = SSL_get_error(filter_ctx->pssl, n);
1076 if (ssl_err == SSL_ERROR_ZERO_RETURN) {
1078 * The case where the connection was closed before any data
1079 * was transferred. That's not a real error and can occur
1080 * sporadically with some clients.
1082 ap_log_error(APLOG_MARK, APLOG_INFO, rc,
1084 "SSL handshake stopped: connection was closed");
1086 else if (ssl_err == SSL_ERROR_WANT_READ) {
1088 * This is in addition to what was present earlier. It is
1089 * borrowed from openssl_state_machine.c [mod_tls].
1092 outctx->rc = APR_EAGAIN;
1093 return SSL_ERROR_WANT_READ;
1095 else if (ERR_GET_LIB(ERR_peek_error()) == ERR_LIB_SSL &&
1096 ERR_GET_REASON(ERR_peek_error()) == SSL_R_HTTP_REQUEST) {
1098 * The case where OpenSSL has recognized a HTTP request:
1099 * This means the client speaks plain HTTP on our HTTPS port.
1100 * ssl_io_filter_error will disable the ssl filters when it
1101 * sees this status code.
1103 return HTTP_BAD_REQUEST;
1105 else if (ssl_err == SSL_ERROR_SYSCALL) {
1106 ap_log_error(APLOG_MARK, APLOG_INFO, rc, c->base_server,
1107 "SSL handshake interrupted by system "
1108 "[Hint: Stop button pressed in browser?!]");
1110 else /* if (ssl_err == SSL_ERROR_SSL) */ {
1112 * Log SSL errors and any unexpected conditions.
1114 ap_log_error(APLOG_MARK, APLOG_INFO, rc, c->base_server,
1115 "SSL library error %d in handshake "
1116 "(server %s, client %s)", ssl_err,
1117 ssl_util_vhostid(c->pool, c->base_server),
1118 c->remote_ip ? c->remote_ip : "unknown");
1119 ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
1122 if (inctx->rc == APR_SUCCESS) {
1123 inctx->rc = APR_EGENERAL;
1126 return ssl_filter_io_shutdown(filter_ctx, c, 1);
1130 * Check for failed client authentication
1132 verify_result = SSL_get_verify_result(filter_ctx->pssl);
1134 if ((verify_result != X509_V_OK) ||
1135 sslconn->verify_error)
1137 if (ssl_verify_error_is_optional(verify_result) &&
1138 (sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
1140 /* leaving this log message as an error for the moment,
1141 * according to the mod_ssl docs:
1142 * "level optional_no_ca is actually against the idea
1143 * of authentication (but can be used to establish
1144 * SSL test pages, etc.)"
1145 * optional_no_ca doesn't appear to work as advertised
1148 ap_log_error(APLOG_MARK, APLOG_INFO, 0,
1150 "SSL client authentication failed, "
1151 "accepting certificate based on "
1152 "\"SSLVerifyClient optional_no_ca\" "
1154 ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
1157 const char *error = sslconn->verify_error ?
1158 sslconn->verify_error :
1159 X509_verify_cert_error_string(verify_result);
1161 ap_log_error(APLOG_MARK, APLOG_INFO, 0,
1163 "SSL client authentication failed: %s",
1164 error ? error : "unknown");
1165 ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
1167 return ssl_filter_io_shutdown(filter_ctx, c, 1);
1172 * Remember the peer certificate's DN
1174 if ((cert = SSL_get_peer_certificate(filter_ctx->pssl))) {
1175 if (sslconn->client_cert) {
1176 X509_free(sslconn->client_cert);
1178 sslconn->client_cert = cert;
1179 sslconn->client_dn = NULL;
1183 * Make really sure that when a peer certificate
1184 * is required we really got one... (be paranoid)
1186 if ((sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE) &&
1187 !sslconn->client_cert)
1189 ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
1190 "No acceptable peer certificate available");
1192 return ssl_filter_io_shutdown(filter_ctx, c, 1);
1198 static apr_status_t ssl_io_filter_Upgrade(ap_filter_t *f,
1199 apr_bucket_brigade *bb)
1202 #define SWITCH_STATUS_LINE "HTTP/1.1 101 Switching Protocols"
1203 #define UPGRADE_HEADER "Upgrade: TLS/1.0 HTTP/1.1"
1204 #define CONNECTION_HEADER "Connection: Upgrade"
1205 const char *upgrade;
1206 const char *connection;
1207 apr_bucket_brigade *upgradebb;
1208 request_rec *r = f->r;
1209 SSLConnRec *sslconn;
1212 /* Just remove the filter, if it doesn't work the first time, it won't
1213 * work at all for this request.
1215 ap_remove_output_filter(f);
1217 /* No need to ensure that this is a server with optional SSL, the filter
1218 * is only inserted if that is true.
1221 upgrade = apr_table_get(r->headers_in, "Upgrade");
1222 if (upgrade == NULL) {
1223 return ap_pass_brigade(f->next, bb);
1225 connection = apr_table_get(r->headers_in, "Connection");
1227 apr_table_unset(r->headers_out, "Upgrade");
1229 /* XXX: I don't think the requirement that the client sends exactly
1230 * "Connection: Upgrade" is correct; the only requirement here is
1231 * on the client to send a Connection header including the "upgrade"
1234 if (strcmp(connection, "Upgrade") || strcmp(upgrade, "TLS/1.0")) {
1235 return ap_pass_brigade(f->next, bb);
1238 if (r->method_number == M_OPTIONS) {
1239 apr_bucket *b = NULL;
1240 /* This is a mandatory SSL upgrade. */
1242 upgradebb = apr_brigade_create(r->pool, f->c->bucket_alloc);
1244 ap_fputstrs(f->next, upgradebb, SWITCH_STATUS_LINE, CRLF,
1245 UPGRADE_HEADER, CRLF, CONNECTION_HEADER, CRLF, CRLF, NULL);
1247 b = apr_bucket_flush_create(f->c->bucket_alloc);
1248 APR_BRIGADE_INSERT_TAIL(upgradebb, b);
1250 ap_pass_brigade(f->next, upgradebb);
1253 /* This is optional, and should be configurable, for now don't bother
1256 return ap_pass_brigade(f->next, bb);
1259 ssl_init_ssl_connection(f->c);
1261 ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
1262 "Awaiting re-negotiation handshake");
1264 sslconn = myConnConfig(f->c);
1267 /* XXX: Should replace SSL_set_state with SSL_renegotiate(ssl);
1268 * However, this causes failures in perl-framework currently,
1269 * perhaps pre-test if we have already negotiated?
1271 SSL_set_state(ssl, SSL_ST_ACCEPT);
1272 SSL_do_handshake(ssl);
1274 if (SSL_get_state(ssl) != SSL_ST_OK) {
1275 ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
1276 "Re-negotiation handshake failed: "
1277 "Not accepted by client!?");
1279 return AP_FILTER_ERROR;
1285 static apr_status_t ssl_io_filter_input(ap_filter_t *f,
1286 apr_bucket_brigade *bb,
1287 ap_input_mode_t mode,
1288 apr_read_type_e block,
1289 apr_off_t readbytes)
1291 apr_status_t status;
1292 bio_filter_in_ctx_t *inctx = f->ctx;
1294 apr_size_t len = sizeof(inctx->buffer);
1295 int is_init = (mode == AP_MODE_INIT);
1297 if (f->c->aborted) {
1298 /* XXX: Ok, if we aborted, we ARE at the EOS. We also have
1299 * aborted. This 'double protection' is probably redundant,
1300 * but also effective against just about anything.
1302 apr_bucket *bucket = apr_bucket_eos_create(f->c->bucket_alloc);
1303 APR_BRIGADE_INSERT_TAIL(bb, bucket);
1304 return APR_ECONNABORTED;
1308 return ap_get_brigade(f->next, bb, mode, block, readbytes);
1311 /* XXX: we don't currently support anything other than these modes. */
1312 if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE &&
1313 mode != AP_MODE_SPECULATIVE && mode != AP_MODE_INIT) {
1314 return APR_ENOTIMPL;
1318 inctx->block = block;
1320 /* XXX: we could actually move ssl_io_filter_connect to an
1321 * ap_hook_process_connection but would still need to call it for
1322 * AP_MODE_INIT for protocols that may upgrade the connection
1323 * rather than have SSLEngine On configured.
1325 if ((status = ssl_io_filter_connect(inctx->filter_ctx)) != APR_SUCCESS) {
1326 return ssl_io_filter_error(f, bb, status);
1330 /* protocol module needs to handshake before sending
1331 * data to client (e.g. NNTP or FTP)
1336 if (inctx->mode == AP_MODE_READBYTES ||
1337 inctx->mode == AP_MODE_SPECULATIVE) {
1338 /* Protected from truncation, readbytes < MAX_SIZE_T
1339 * FIXME: No, it's *not* protected. -- jre */
1340 if (readbytes < len) {
1341 len = (apr_size_t)readbytes;
1343 status = ssl_io_input_read(inctx, inctx->buffer, &len);
1345 else if (inctx->mode == AP_MODE_GETLINE) {
1346 status = ssl_io_input_getline(inctx, inctx->buffer, &len);
1349 /* We have no idea what you are talking about, so return an error. */
1350 return APR_ENOTIMPL;
1353 if (status != APR_SUCCESS) {
1354 return ssl_io_filter_error(f, bb, status);
1357 /* Create a transient bucket out of the decrypted data. */
1359 apr_bucket *bucket =
1360 apr_bucket_transient_create(inctx->buffer, len, f->c->bucket_alloc);
1361 APR_BRIGADE_INSERT_TAIL(bb, bucket);
1367 static apr_status_t ssl_io_filter_output(ap_filter_t *f,
1368 apr_bucket_brigade *bb)
1370 apr_status_t status = APR_SUCCESS;
1371 ssl_filter_ctx_t *filter_ctx = f->ctx;
1372 bio_filter_in_ctx_t *inctx;
1373 bio_filter_out_ctx_t *outctx;
1374 apr_read_type_e rblock = APR_NONBLOCK_READ;
1376 if (f->c->aborted) {
1377 apr_brigade_cleanup(bb);
1378 return APR_ECONNABORTED;
1381 if (!filter_ctx->pssl) {
1382 /* ssl_filter_io_shutdown was called */
1383 return ap_pass_brigade(f->next, bb);
1386 inctx = (bio_filter_in_ctx_t *)filter_ctx->pbioRead->ptr;
1387 outctx = (bio_filter_out_ctx_t *)filter_ctx->pbioWrite->ptr;
1389 /* When we are the writer, we must initialize the inctx
1390 * mode so that we block for any required ssl input, because
1391 * output filtering is always nonblocking.
1393 inctx->mode = AP_MODE_READBYTES;
1394 inctx->block = APR_BLOCK_READ;
1396 if ((status = ssl_io_filter_connect(filter_ctx)) != APR_SUCCESS) {
1397 return ssl_io_filter_error(f, bb, status);
1400 while (!APR_BRIGADE_EMPTY(bb)) {
1401 apr_bucket *bucket = APR_BRIGADE_FIRST(bb);
1403 /* If it is a flush or EOS, we need to pass this down.
1404 * These types do not require translation by OpenSSL.
1406 if (APR_BUCKET_IS_EOS(bucket) || APR_BUCKET_IS_FLUSH(bucket)) {
1407 if (bio_filter_out_flush(filter_ctx->pbioWrite) < 0) {
1408 status = outctx->rc;
1412 if (APR_BUCKET_IS_EOS(bucket)) {
1414 * By definition, nothing can come after EOS.
1415 * which also means we can pass the rest of this brigade
1416 * without creating a new one since it only contains the
1420 if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
1426 /* bio_filter_out_flush() already passed down a flush bucket
1427 * if there was any data to be flushed.
1429 apr_bucket_delete(bucket);
1437 status = apr_bucket_read(bucket, &data, &len, rblock);
1439 if (APR_STATUS_IS_EAGAIN(status)) {
1440 /* No data available: flush... */
1441 if (bio_filter_out_flush(filter_ctx->pbioWrite) < 0) {
1442 status = outctx->rc;
1445 rblock = APR_BLOCK_READ;
1446 continue; /* and try again with a blocking read. */
1449 rblock = APR_NONBLOCK_READ;
1451 if (!APR_STATUS_IS_EOF(status) && (status != APR_SUCCESS)) {
1455 status = ssl_filter_write(f, data, len);
1456 apr_bucket_delete(bucket);
1458 if (status != APR_SUCCESS) {
1467 static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c,
1470 bio_filter_in_ctx_t *inctx;
1472 inctx = apr_palloc(c->pool, sizeof(*inctx));
1474 filter_ctx->pInputFilter = ap_add_input_filter(ssl_io_filter, inctx, NULL, c);
1476 filter_ctx->pbioRead = BIO_new(&bio_filter_in_method);
1477 filter_ctx->pbioRead->ptr = (void *)inctx;
1480 inctx->bio_out = filter_ctx->pbioWrite;
1481 inctx->f = filter_ctx->pInputFilter;
1482 inctx->rc = APR_SUCCESS;
1483 inctx->mode = AP_MODE_READBYTES;
1484 inctx->cbuf.length = 0;
1485 inctx->bb = apr_brigade_create(c->pool, c->bucket_alloc);
1486 inctx->block = APR_BLOCK_READ;
1487 inctx->pool = c->pool;
1488 inctx->filter_ctx = filter_ctx;
1491 void ssl_io_filter_init(conn_rec *c, SSL *ssl)
1493 ssl_filter_ctx_t *filter_ctx;
1495 filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t));
1497 filter_ctx->pOutputFilter = ap_add_output_filter(ssl_io_filter,
1498 filter_ctx, NULL, c);
1500 filter_ctx->pbioWrite = BIO_new(&bio_filter_out_method);
1501 filter_ctx->pbioWrite->ptr = (void *)bio_filter_out_ctx_new(filter_ctx, c);
1503 ssl_io_input_add_filter(filter_ctx, c, ssl);
1505 SSL_set_bio(ssl, filter_ctx->pbioRead, filter_ctx->pbioWrite);
1506 filter_ctx->pssl = ssl;
1508 apr_pool_cleanup_register(c->pool, (void*)filter_ctx,
1509 ssl_io_filter_cleanup, apr_pool_cleanup_null);
1511 if (c->base_server->loglevel >= APLOG_DEBUG) {
1512 BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
1513 BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
1519 void ssl_io_filter_register(apr_pool_t *p)
1521 /* This filter MUST be after the HTTP_HEADER filter, but it also must be
1522 * a resource-level filter so it has the request_rec.
1524 ap_register_output_filter ("UPGRADE_FILTER", ssl_io_filter_Upgrade, NULL, AP_FTYPE_PROTOCOL + 5);
1526 ap_register_input_filter (ssl_io_filter, ssl_io_filter_input, NULL, AP_FTYPE_CONNECTION + 5);
1527 ap_register_output_filter (ssl_io_filter, ssl_io_filter_output, NULL, AP_FTYPE_CONNECTION + 5);
1531 /* _________________________________________________________________
1533 ** I/O Data Debugging
1534 ** _________________________________________________________________
1537 #define DUMP_WIDTH 16
1539 static void ssl_io_data_dump(server_rec *srvr,
1540 MODSSL_BIO_CB_ARG_TYPE *s,
1545 int i, j, rows, trunc;
1549 for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--)
1551 rows = (len / DUMP_WIDTH);
1552 if ((rows * DUMP_WIDTH) < len)
1554 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
1555 "+-------------------------------------------------------------------------+");
1556 for(i = 0 ; i< rows; i++) {
1557 apr_snprintf(tmp, sizeof(tmp), "| %04x: ", i * DUMP_WIDTH);
1558 apr_cpystrn(buf, tmp, sizeof(buf));
1559 for (j = 0; j < DUMP_WIDTH; j++) {
1560 if (((i * DUMP_WIDTH) + j) >= len)
1561 apr_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
1563 ch = ((unsigned char)*((char *)(s) + i * DUMP_WIDTH + j)) & 0xff;
1564 apr_snprintf(tmp, sizeof(tmp), "%02x%c", ch , j==7 ? '-' : ' ');
1565 apr_cpystrn(buf+strlen(buf), tmp, sizeof(buf)-strlen(buf));
1568 apr_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
1569 for (j = 0; j < DUMP_WIDTH; j++) {
1570 if (((i * DUMP_WIDTH) + j) >= len)
1571 apr_cpystrn(buf+strlen(buf), " ", sizeof(buf)-strlen(buf));
1573 ch = ((unsigned char)*((char *)(s) + i * DUMP_WIDTH + j)) & 0xff;
1574 apr_snprintf(tmp, sizeof(tmp), "%c", ((ch >= ' ') && (ch <= '~')) ? ch : '.');
1575 apr_cpystrn(buf+strlen(buf), tmp, sizeof(buf)-strlen(buf));
1578 apr_cpystrn(buf+strlen(buf), " |", sizeof(buf)-strlen(buf));
1579 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
1583 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
1584 "| %04ld - <SPACES/NULS>", len + trunc);
1585 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
1586 "+-------------------------------------------------------------------------+");
1590 long ssl_io_data_cb(BIO *bio, int cmd,
1591 MODSSL_BIO_CB_ARG_TYPE *argp,
1592 int argi, long argl, long rc)
1598 if ((ssl = (SSL *)BIO_get_callback_arg(bio)) == NULL)
1600 if ((c = (conn_rec *)SSL_get_app_data(ssl)) == NULL)
1604 if ( cmd == (BIO_CB_WRITE|BIO_CB_RETURN)
1605 || cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
1607 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1608 "%s: %s %ld/%d bytes %s BIO#%pp [mem: %pp] %s",
1610 (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
1611 rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"),
1613 (argp != NULL ? "(BIO dump follows)" : "(Oops, no memory buffer?)"));
1615 ssl_io_data_dump(s, argp, rc);
1618 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
1619 "%s: I/O error, %d bytes expected to %s on BIO#%pp [mem: %pp]",
1620 SSL_LIBRARY_NAME, argi,
1621 (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),