1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * _ __ ___ ___ __| | ___ ___| | mod_ssl
19 * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
20 * | | | | | | (_) | (_| | \__ \__ \ |
21 * |_| |_| |_|\___/ \__,_|___|___/___/_|
24 * OCSP Stapling Support
26 /* ``Where's the spoons?
28 Where's the bloody spoons?''
31 #include "ssl_private.h"
33 #include "apr_thread_mutex.h"
35 #ifdef HAVE_OCSP_STAPLING
38 * Maxiumum OCSP stapling response size. This should be the response for a
39 * single certificate and will typically include the responder certificate chain
40 * so 10K should be more than enough.
44 #define MAX_STAPLING_DER 10240
46 /* Cached info stored in certificate ex_info. */
48 /* Index in session cache SHA1 hash of certificate */
50 /* Certificate ID for OCSP requests or NULL if ID cannot be determined */
52 /* Responder details */
56 static void certinfo_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
57 int idx, long argl, void *argp)
64 OPENSSL_free(cinf->uri);
68 static int stapling_ex_idx = -1;
70 void ssl_stapling_ex_init(void)
72 if (stapling_ex_idx != -1)
74 stapling_ex_idx = X509_get_ex_new_index(0, "X509 cached OCSP info", 0, 0,
78 static X509 *stapling_get_issuer(modssl_ctx_t *mctx, X509 *x)
82 X509_STORE *st = SSL_CTX_get_cert_store(mctx->ssl_ctx);
84 STACK_OF(X509) *extra_certs = NULL;
86 #ifdef OPENSSL_NO_SSL_INTERN
87 SSL_CTX_get_extra_chain_certs(mctx->ssl_ctx, &extra_certs);
89 extra_certs = mctx->ssl_ctx->extra_certs;
92 for (i = 0; i < sk_X509_num(extra_certs); i++) {
93 issuer = sk_X509_value(extra_certs, i);
94 if (X509_check_issued(issuer, x) == X509_V_OK) {
95 CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509);
100 if (!X509_STORE_CTX_init(&inctx, st, NULL, NULL))
102 if (X509_STORE_CTX_get1_issuer(&issuer, &inctx, x) <= 0)
104 X509_STORE_CTX_cleanup(&inctx);
109 int ssl_stapling_init_cert(server_rec *s, modssl_ctx_t *mctx, X509 *x)
113 STACK_OF(OPENSSL_STRING) *aia = NULL;
117 cinf = X509_get_ex_data(x, stapling_ex_idx);
119 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02215)
120 "ssl_stapling_init_cert: certificate already initialized!");
123 cinf = OPENSSL_malloc(sizeof(certinfo));
125 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02216)
126 "ssl_stapling_init_cert: error allocating memory!");
131 X509_set_ex_data(x, stapling_ex_idx, cinf);
133 issuer = stapling_get_issuer(mctx, x);
135 if (issuer == NULL) {
136 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02217)
137 "ssl_stapling_init_cert: Can't retrieve issuer certificate!");
141 cinf->cid = OCSP_cert_to_id(NULL, x, issuer);
145 X509_digest(x, EVP_sha1(), cinf->idx, NULL);
147 aia = X509_get1_ocsp(x);
149 cinf->uri = sk_OPENSSL_STRING_pop(aia);
150 X509_email_free(aia);
152 if (!cinf->uri && !mctx->stapling_force_url) {
153 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02218)
154 "ssl_stapling_init_cert: no responder URL");
160 static certinfo *stapling_get_cert_info(server_rec *s, modssl_ctx_t *mctx,
165 x = SSL_get_certificate(ssl);
168 cinf = X509_get_ex_data(x, stapling_ex_idx);
169 if (cinf && cinf->cid)
171 ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01926)
172 "stapling_get_cert_info: stapling not supported for certificate");
177 * OCSP response caching code. The response is preceded by a flag value
178 * which indicates whether the response was invalid when it was stored.
179 * the purpose of this flag is to avoid repeated queries to a server
180 * which has given an invalid response while allowing a response which
181 * has subsequently become invalid to be retried immediately.
183 * The key for the cache is the hash of the certificate the response
186 static BOOL stapling_cache_response(server_rec *s, modssl_ctx_t *mctx,
187 OCSP_RESPONSE *rsp, certinfo *cinf,
188 BOOL ok, apr_pool_t *pool)
190 SSLModConfigRec *mc = myModConfig(s);
191 unsigned char resp_der[MAX_STAPLING_DER];
197 resp_derlen = i2d_OCSP_RESPONSE(rsp, NULL) + 1;
199 if (resp_derlen <= 0) {
200 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01927)
201 "OCSP stapling response encode error??");
205 if (resp_derlen > sizeof resp_der) {
206 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01928)
207 "OCSP stapling response too big (%u bytes)", resp_derlen);
213 /* TODO: potential optimization; _timeout members as apr_interval_time_t */
216 expiry = apr_time_from_sec(mctx->stapling_cache_timeout);
220 expiry = apr_time_from_sec(mctx->stapling_errcache_timeout);
223 expiry += apr_time_now();
225 i2d_OCSP_RESPONSE(rsp, &p);
227 rv = mc->stapling_cache->store(mc->stapling_cache_context, s,
228 cinf->idx, sizeof(cinf->idx),
229 expiry, resp_der, resp_derlen, pool);
230 if (rv != APR_SUCCESS) {
231 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01929)
232 "stapling_cache_response: OCSP response session store error!");
239 static BOOL stapling_get_cached_response(server_rec *s, OCSP_RESPONSE **prsp,
240 BOOL *pok, certinfo *cinf,
243 SSLModConfigRec *mc = myModConfig(s);
246 unsigned char resp_der[MAX_STAPLING_DER];
247 const unsigned char *p;
248 unsigned int resp_derlen = MAX_STAPLING_DER;
250 rv = mc->stapling_cache->retrieve(mc->stapling_cache_context, s,
251 cinf->idx, sizeof(cinf->idx),
252 resp_der, &resp_derlen, pool);
253 if (rv != APR_SUCCESS) {
254 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01930)
255 "stapling_get_cached_response: cache miss");
258 if (resp_derlen <= 1) {
259 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01931)
260 "stapling_get_cached_response: response length invalid??");
272 rsp = d2i_OCSP_RESPONSE(NULL, &p, resp_derlen);
274 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01932)
275 "stapling_get_cached_response: response parse error??");
278 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01933)
279 "stapling_get_cached_response: cache hit");
286 static int stapling_set_response(SSL *ssl, OCSP_RESPONSE *rsp)
289 unsigned char *rspder = NULL;
291 rspderlen = i2d_OCSP_RESPONSE(rsp, &rspder);
294 SSL_set_tlsext_status_ocsp_resp(ssl, rspder, rspderlen);
298 static int stapling_check_response(server_rec *s, modssl_ctx_t *mctx,
299 certinfo *cinf, OCSP_RESPONSE *rsp,
303 OCSP_BASICRESP *bs = NULL;
304 ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
305 int response_status = OCSP_response_status(rsp);
309 /* Check to see if response is an error. If so we automatically accept
310 * it because it would have expired from the cache if it was time to
313 if (response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
314 if (mctx->stapling_return_errors)
315 return SSL_TLSEXT_ERR_OK;
317 return SSL_TLSEXT_ERR_NOACK;
320 bs = OCSP_response_get1_basic(rsp);
322 /* If we can't parse response just pass it to client */
323 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01934)
324 "stapling_check_response: Error Parsing Response!");
325 return SSL_TLSEXT_ERR_OK;
328 if (!OCSP_resp_find_status(bs, cinf->cid, &status, &reason, &rev,
329 &thisupd, &nextupd)) {
330 /* If ID not present just pass back to client */
331 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01935)
332 "stapling_check_response: certificate ID not present in response!");
335 if (OCSP_check_validity(thisupd, nextupd,
336 mctx->stapling_resptime_skew,
337 mctx->stapling_resp_maxage)) {
342 /* If pok is not NULL response was direct from a responder and
343 * the times should be valide. If pok is NULL the response was
344 * retrieved from cache and it is expected to subsequently expire
347 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01936)
348 "stapling_check_response: response times invalid");
351 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01937)
352 "stapling_check_response: cached response expired");
355 OCSP_BASICRESP_free(bs);
356 return SSL_TLSEXT_ERR_NOACK;
360 OCSP_BASICRESP_free(bs);
362 return SSL_TLSEXT_ERR_OK;
365 static BOOL stapling_renew_response(server_rec *s, modssl_ctx_t *mctx, SSL *ssl,
366 certinfo *cinf, OCSP_RESPONSE **prsp,
369 conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
371 OCSP_REQUEST *req = NULL;
372 OCSP_CERTID *id = NULL;
373 STACK_OF(X509_EXTENSION) *exts;
381 /* Build up OCSP query from server certificate info */
382 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01938)
383 "stapling_renew_response: querying responder");
385 req = OCSP_REQUEST_new();
388 id = OCSP_CERTID_dup(cinf->cid);
391 if (!OCSP_request_add0_id(req, id))
394 /* Add any extensions to the request */
395 SSL_get_tlsext_status_exts(ssl, &exts);
396 for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
397 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
398 if (!OCSP_REQUEST_add_ext(req, ext, -1))
402 if (mctx->stapling_force_url)
403 ocspuri = mctx->stapling_force_url;
408 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02621)
409 "stapling_renew_response: no uri for responder");
414 /* Create a temporary pool to constrain memory use */
415 apr_pool_create(&vpool, conn->pool);
417 ok = apr_uri_parse(vpool, ocspuri, &uri);
418 if (ok != APR_SUCCESS) {
419 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01939)
420 "stapling_renew_response: Error parsing uri %s",
425 else if (strcmp(uri.scheme, "http")) {
426 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01940)
427 "stapling_renew_response: Unsupported uri %s", ocspuri);
433 uri.port = apr_uri_port_of_scheme(uri.scheme);
436 *prsp = modssl_dispatch_ocsp_request(&uri, mctx->stapling_responder_timeout,
439 apr_pool_destroy(vpool);
442 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01941)
443 "stapling_renew_response: responder error");
444 if (mctx->stapling_fake_trylater) {
445 *prsp = OCSP_response_create(OCSP_RESPONSE_STATUS_TRYLATER, NULL);
452 int response_status = OCSP_response_status(*prsp);
454 if (response_status == OCSP_RESPONSE_STATUS_SUCCESSFUL) {
455 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01942)
456 "stapling_renew_response: query response received");
457 stapling_check_response(s, mctx, cinf, *prsp, &ok);
459 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01943)
460 "stapling_renew_response: error in retrieved response!");
464 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01944)
465 "stapling_renew_response: responder error %s",
466 OCSP_response_status_str(response_status));
469 if (stapling_cache_response(s, mctx, *prsp, cinf, ok, pool) == FALSE) {
470 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01945)
471 "stapling_renew_response: error caching response!");
476 OCSP_CERTID_free(id);
478 OCSP_REQUEST_free(req);
486 * SSLStaplingMutex operations. Similar to SSL mutex except a mutex is
487 * mandatory if stapling is enabled.
489 static int ssl_stapling_mutex_init(server_rec *s, apr_pool_t *p)
491 SSLModConfigRec *mc = myModConfig(s);
492 SSLSrvConfigRec *sc = mySrvConfig(s);
495 if (mc->stapling_mutex || sc->server->stapling_enabled != TRUE) {
499 if ((rv = ap_global_mutex_create(&mc->stapling_mutex, NULL,
500 SSL_STAPLING_MUTEX_TYPE, NULL, s,
501 s->process->pool, 0)) != APR_SUCCESS) {
508 int ssl_stapling_mutex_reinit(server_rec *s, apr_pool_t *p)
510 SSLModConfigRec *mc = myModConfig(s);
512 const char *lockfile;
514 if (mc->stapling_mutex == NULL) {
518 lockfile = apr_global_mutex_lockfile(mc->stapling_mutex);
519 if ((rv = apr_global_mutex_child_init(&mc->stapling_mutex,
520 lockfile, p)) != APR_SUCCESS) {
522 ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(01946)
523 "Cannot reinit %s mutex with file `%s'",
524 SSL_STAPLING_MUTEX_TYPE, lockfile);
527 ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s, APLOGNO(01947)
528 "Cannot reinit %s mutex", SSL_STAPLING_MUTEX_TYPE);
535 static int stapling_mutex_on(server_rec *s)
537 SSLModConfigRec *mc = myModConfig(s);
540 if ((rv = apr_global_mutex_lock(mc->stapling_mutex)) != APR_SUCCESS) {
541 ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s, APLOGNO(01948)
542 "Failed to acquire OCSP stapling lock");
548 static int stapling_mutex_off(server_rec *s)
550 SSLModConfigRec *mc = myModConfig(s);
553 if ((rv = apr_global_mutex_unlock(mc->stapling_mutex)) != APR_SUCCESS) {
554 ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s, APLOGNO(01949)
555 "Failed to release OCSP stapling lock");
561 /* Certificate Status callback. This is called when a client includes a
562 * certificate status request extension.
564 * Check for cached responses in session cache. If valid send back to
565 * client. If absent or no longer valid query responder and update
567 static int stapling_cb(SSL *ssl, void *arg)
569 conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
570 server_rec *s = mySrvFromConn(conn);
571 SSLSrvConfigRec *sc = mySrvConfig(s);
572 SSLConnRec *sslconn = myConnConfig(conn);
573 modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
574 certinfo *cinf = NULL;
575 OCSP_RESPONSE *rsp = NULL;
579 if (sc->server->stapling_enabled != TRUE) {
580 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01950)
581 "stapling_cb: OCSP Stapling disabled");
582 return SSL_TLSEXT_ERR_NOACK;
585 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01951)
586 "stapling_cb: OCSP Stapling callback called");
588 cinf = stapling_get_cert_info(s, mctx, ssl);
590 return SSL_TLSEXT_ERR_NOACK;
593 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01952)
594 "stapling_cb: retrieved cached certificate data");
596 /* Check to see if we already have a response for this certificate */
597 stapling_mutex_on(s);
599 rv = stapling_get_cached_response(s, &rsp, &ok, cinf, conn->pool);
601 stapling_mutex_off(s);
602 return SSL_TLSEXT_ERR_ALERT_FATAL;
606 /* see if response is acceptable */
607 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01953)
608 "stapling_cb: retrieved cached response");
609 rv = stapling_check_response(s, mctx, cinf, rsp, NULL);
610 if (rv == SSL_TLSEXT_ERR_ALERT_FATAL) {
611 OCSP_RESPONSE_free(rsp);
612 stapling_mutex_off(s);
613 return SSL_TLSEXT_ERR_ALERT_FATAL;
615 else if (rv == SSL_TLSEXT_ERR_NOACK) {
616 /* Error in response. If this error was not present when it was
617 * stored (i.e. response no longer valid) then it can be
618 * renewed straight away.
620 * If the error *was* present at the time it was stored then we
621 * don't renew the response straight away we just wait for the
622 * cached response to expire.
625 OCSP_RESPONSE_free(rsp);
628 else if (!mctx->stapling_return_errors) {
629 OCSP_RESPONSE_free(rsp);
630 stapling_mutex_off(s);
631 return SSL_TLSEXT_ERR_NOACK;
637 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01954)
638 "stapling_cb: renewing cached response");
639 rv = stapling_renew_response(s, mctx, ssl, cinf, &rsp, conn->pool);
642 stapling_mutex_off(s);
643 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01955)
644 "stapling_cb: fatal error");
645 return SSL_TLSEXT_ERR_ALERT_FATAL;
648 stapling_mutex_off(s);
651 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01956)
652 "stapling_cb: setting response");
653 if (!stapling_set_response(ssl, rsp))
654 return SSL_TLSEXT_ERR_ALERT_FATAL;
655 return SSL_TLSEXT_ERR_OK;
657 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01957)
658 "stapling_cb: no response available");
660 return SSL_TLSEXT_ERR_NOACK;
664 apr_status_t modssl_init_stapling(server_rec *s, apr_pool_t *p,
665 apr_pool_t *ptemp, modssl_ctx_t *mctx)
667 SSL_CTX *ctx = mctx->ssl_ctx;
668 SSLModConfigRec *mc = myModConfig(s);
670 if (mc->stapling_cache == NULL) {
671 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01958)
672 "SSLStapling: no stapling cache available");
675 if (ssl_stapling_mutex_init(s, ptemp) == FALSE) {
676 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01959)
677 "SSLStapling: cannot initialise stapling mutex");
680 /* Set some default values for parameters if they are not set */
681 if (mctx->stapling_resptime_skew == UNSET) {
682 mctx->stapling_resptime_skew = 60 * 5;
684 if (mctx->stapling_cache_timeout == UNSET) {
685 mctx->stapling_cache_timeout = 3600;
687 if (mctx->stapling_return_errors == UNSET) {
688 mctx->stapling_return_errors = TRUE;
690 if (mctx->stapling_fake_trylater == UNSET) {
691 mctx->stapling_fake_trylater = TRUE;
693 if (mctx->stapling_errcache_timeout == UNSET) {
694 mctx->stapling_errcache_timeout = 600;
696 if (mctx->stapling_responder_timeout == UNSET) {
697 mctx->stapling_responder_timeout = 10 * APR_USEC_PER_SEC;
699 SSL_CTX_set_tlsext_status_cb(ctx, stapling_cb);
700 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01960) "OCSP stapling initialized");