1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * _ __ ___ ___ __| | ___ ___| | mod_ssl
19 * | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
20 * | | | | | | (_) | (_| | \__ \__ \ |
21 * |_| |_| |_|\___/ \__,_|___|___/___/_|
24 * OCSP Stapling Support
26 /* ``Where's the spoons?
28 Where's the bloody spoons?''
31 #include "ssl_private.h"
33 #include "apr_thread_mutex.h"
35 #ifdef HAVE_OCSP_STAPLING
38 * Maxiumum OCSP stapling response size. This should be the response for a
39 * single certificate and will typically include the responder certificate chain
40 * so 10K should be more than enough.
44 #define MAX_STAPLING_DER 10240
46 /* Cached info stored in the global stapling_certinfo hash. */
48 /* Index in session cache (SHA-1 digest of DER encoded certificate) */
49 UCHAR idx[SHA_DIGEST_LENGTH];
50 /* Certificate ID for OCSP request */
52 /* URI of the OCSP responder */
56 static apr_status_t ssl_stapling_certid_free(void *data)
58 OCSP_CERTID *cid = data;
61 OCSP_CERTID_free(cid);
67 static apr_hash_t *stapling_certinfo;
69 void ssl_stapling_certinfo_hash_init(apr_pool_t *p)
71 stapling_certinfo = apr_hash_make(p);
74 static X509 *stapling_get_issuer(modssl_ctx_t *mctx, X509 *x)
78 X509_STORE *st = SSL_CTX_get_cert_store(mctx->ssl_ctx);
80 STACK_OF(X509) *extra_certs = NULL;
82 #ifdef OPENSSL_NO_SSL_INTERN
83 SSL_CTX_get_extra_chain_certs(mctx->ssl_ctx, &extra_certs);
85 extra_certs = mctx->ssl_ctx->extra_certs;
88 for (i = 0; i < sk_X509_num(extra_certs); i++) {
89 issuer = sk_X509_value(extra_certs, i);
90 if (X509_check_issued(issuer, x) == X509_V_OK) {
91 CRYPTO_add(&issuer->references, 1, CRYPTO_LOCK_X509);
96 if (!X509_STORE_CTX_init(&inctx, st, NULL, NULL))
98 if (X509_STORE_CTX_get1_issuer(&issuer, &inctx, x) <= 0)
100 X509_STORE_CTX_cleanup(&inctx);
105 int ssl_stapling_init_cert(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp,
106 modssl_ctx_t *mctx, X509 *x)
108 UCHAR idx[SHA_DIGEST_LENGTH];
109 certinfo *cinf = NULL;
111 OCSP_CERTID *cid = NULL;
112 STACK_OF(OPENSSL_STRING) *aia = NULL;
114 if ((x == NULL) || (X509_digest(x, EVP_sha1(), idx, NULL) != 1))
117 cinf = apr_hash_get(stapling_certinfo, idx, sizeof(idx));
120 * We already parsed the certificate, and no OCSP URI was found.
121 * The certificate might be used for multiple vhosts, though,
122 * so we check for a ForceURL for this vhost.
124 if (!cinf->uri && !mctx->stapling_force_url) {
125 ssl_log_xerror(SSLLOG_MARK, APLOG_ERR, 0, ptemp, s, x,
126 APLOGNO(02814) "ssl_stapling_init_cert: no OCSP URI "
127 "in certificate and no SSLStaplingForceURL "
128 "configured for server %s", mctx->sc->vhost_id);
134 if (!(issuer = stapling_get_issuer(mctx, x))) {
135 ssl_log_xerror(SSLLOG_MARK, APLOG_ERR, 0, ptemp, s, x, APLOGNO(02217)
136 "ssl_stapling_init_cert: can't retrieve issuer "
141 cid = OCSP_cert_to_id(NULL, x, issuer);
144 ssl_log_xerror(SSLLOG_MARK, APLOG_ERR, 0, ptemp, s, x, APLOGNO(02815)
145 "ssl_stapling_init_cert: can't create CertID "
150 aia = X509_get1_ocsp(x);
151 if (!aia && !mctx->stapling_force_url) {
152 OCSP_CERTID_free(cid);
153 ssl_log_xerror(SSLLOG_MARK, APLOG_ERR, 0, ptemp, s, x,
154 APLOGNO(02218) "ssl_stapling_init_cert: no OCSP URI "
155 "in certificate and no SSLStaplingForceURL set");
159 /* At this point, we have determined that there's something to store */
160 cinf = apr_pcalloc(p, sizeof(certinfo));
161 memcpy (cinf->idx, idx, sizeof(idx));
163 /* make sure cid is also freed at pool cleanup */
164 apr_pool_cleanup_register(p, cid, ssl_stapling_certid_free,
165 apr_pool_cleanup_null);
167 /* allocate uri from the pconf pool */
168 cinf->uri = apr_pstrdup(p, sk_OPENSSL_STRING_value(aia, 0));
169 X509_email_free(aia);
172 ssl_log_xerror(SSLLOG_MARK, APLOG_TRACE1, 0, ptemp, s, x,
173 "ssl_stapling_init_cert: storing certinfo for server %s",
176 apr_hash_set(stapling_certinfo, cinf->idx, sizeof(cinf->idx), cinf);
181 static certinfo *stapling_get_certinfo(server_rec *s, modssl_ctx_t *mctx,
186 UCHAR idx[SHA_DIGEST_LENGTH];
187 x = SSL_get_certificate(ssl);
188 if ((x == NULL) || (X509_digest(x, EVP_sha1(), idx, NULL) != 1))
190 cinf = apr_hash_get(stapling_certinfo, idx, sizeof(idx));
191 if (cinf && cinf->cid)
193 ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01926)
194 "stapling_get_certinfo: stapling not supported for certificate");
199 * OCSP response caching code. The response is preceded by a flag value
200 * which indicates whether the response was invalid when it was stored.
201 * the purpose of this flag is to avoid repeated queries to a server
202 * which has given an invalid response while allowing a response which
203 * has subsequently become invalid to be retried immediately.
205 * The key for the cache is the hash of the certificate the response
208 static BOOL stapling_cache_response(server_rec *s, modssl_ctx_t *mctx,
209 OCSP_RESPONSE *rsp, certinfo *cinf,
210 BOOL ok, apr_pool_t *pool)
212 SSLModConfigRec *mc = myModConfig(s);
213 unsigned char resp_der[MAX_STAPLING_DER];
219 resp_derlen = i2d_OCSP_RESPONSE(rsp, NULL) + 1;
221 if (resp_derlen <= 0) {
222 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01927)
223 "OCSP stapling response encode error??");
227 if (resp_derlen > sizeof resp_der) {
228 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01928)
229 "OCSP stapling response too big (%u bytes)", resp_derlen);
235 /* TODO: potential optimization; _timeout members as apr_interval_time_t */
238 expiry = apr_time_from_sec(mctx->stapling_cache_timeout);
242 expiry = apr_time_from_sec(mctx->stapling_errcache_timeout);
245 expiry += apr_time_now();
247 i2d_OCSP_RESPONSE(rsp, &p);
249 rv = mc->stapling_cache->store(mc->stapling_cache_context, s,
250 cinf->idx, sizeof(cinf->idx),
251 expiry, resp_der, resp_derlen, pool);
252 if (rv != APR_SUCCESS) {
253 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01929)
254 "stapling_cache_response: OCSP response session store error!");
261 static BOOL stapling_get_cached_response(server_rec *s, OCSP_RESPONSE **prsp,
262 BOOL *pok, certinfo *cinf,
265 SSLModConfigRec *mc = myModConfig(s);
268 unsigned char resp_der[MAX_STAPLING_DER];
269 const unsigned char *p;
270 unsigned int resp_derlen = MAX_STAPLING_DER;
272 rv = mc->stapling_cache->retrieve(mc->stapling_cache_context, s,
273 cinf->idx, sizeof(cinf->idx),
274 resp_der, &resp_derlen, pool);
275 if (rv != APR_SUCCESS) {
276 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01930)
277 "stapling_get_cached_response: cache miss");
280 if (resp_derlen <= 1) {
281 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01931)
282 "stapling_get_cached_response: response length invalid??");
294 rsp = d2i_OCSP_RESPONSE(NULL, &p, resp_derlen);
296 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01932)
297 "stapling_get_cached_response: response parse error??");
300 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01933)
301 "stapling_get_cached_response: cache hit");
308 static int stapling_set_response(SSL *ssl, OCSP_RESPONSE *rsp)
311 unsigned char *rspder = NULL;
313 rspderlen = i2d_OCSP_RESPONSE(rsp, &rspder);
316 SSL_set_tlsext_status_ocsp_resp(ssl, rspder, rspderlen);
320 static int stapling_check_response(server_rec *s, modssl_ctx_t *mctx,
321 certinfo *cinf, OCSP_RESPONSE *rsp,
325 OCSP_BASICRESP *bs = NULL;
326 ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
327 int response_status = OCSP_response_status(rsp);
331 /* Check to see if response is an error. If so we automatically accept
332 * it because it would have expired from the cache if it was time to
335 if (response_status != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
336 if (mctx->stapling_return_errors)
337 return SSL_TLSEXT_ERR_OK;
339 return SSL_TLSEXT_ERR_NOACK;
342 bs = OCSP_response_get1_basic(rsp);
344 /* If we can't parse response just pass it to client */
345 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01934)
346 "stapling_check_response: Error Parsing Response!");
347 return SSL_TLSEXT_ERR_OK;
350 if (!OCSP_resp_find_status(bs, cinf->cid, &status, &reason, &rev,
351 &thisupd, &nextupd)) {
352 /* If ID not present just pass back to client */
353 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01935)
354 "stapling_check_response: certificate ID not present in response!");
357 if (OCSP_check_validity(thisupd, nextupd,
358 mctx->stapling_resptime_skew,
359 mctx->stapling_resp_maxage)) {
364 /* If pok is not NULL response was direct from a responder and
365 * the times should be valide. If pok is NULL the response was
366 * retrieved from cache and it is expected to subsequently expire
369 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01936)
370 "stapling_check_response: response times invalid");
373 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01937)
374 "stapling_check_response: cached response expired");
377 OCSP_BASICRESP_free(bs);
378 return SSL_TLSEXT_ERR_NOACK;
382 OCSP_BASICRESP_free(bs);
384 return SSL_TLSEXT_ERR_OK;
387 static BOOL stapling_renew_response(server_rec *s, modssl_ctx_t *mctx, SSL *ssl,
388 certinfo *cinf, OCSP_RESPONSE **prsp,
391 conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
393 OCSP_REQUEST *req = NULL;
394 OCSP_CERTID *id = NULL;
395 STACK_OF(X509_EXTENSION) *exts;
403 /* Build up OCSP query from server certificate info */
404 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01938)
405 "stapling_renew_response: querying responder");
407 req = OCSP_REQUEST_new();
410 id = OCSP_CERTID_dup(cinf->cid);
413 if (!OCSP_request_add0_id(req, id))
416 /* Add any extensions to the request */
417 SSL_get_tlsext_status_exts(ssl, &exts);
418 for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
419 X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
420 if (!OCSP_REQUEST_add_ext(req, ext, -1))
424 if (mctx->stapling_force_url)
425 ocspuri = mctx->stapling_force_url;
430 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02621)
431 "stapling_renew_response: no uri for responder");
436 /* Create a temporary pool to constrain memory use */
437 apr_pool_create(&vpool, conn->pool);
439 ok = apr_uri_parse(vpool, ocspuri, &uri);
440 if (ok != APR_SUCCESS) {
441 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01939)
442 "stapling_renew_response: Error parsing uri %s",
447 else if (strcmp(uri.scheme, "http")) {
448 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01940)
449 "stapling_renew_response: Unsupported uri %s", ocspuri);
455 uri.port = apr_uri_port_of_scheme(uri.scheme);
458 *prsp = modssl_dispatch_ocsp_request(&uri, mctx->stapling_responder_timeout,
461 apr_pool_destroy(vpool);
464 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01941)
465 "stapling_renew_response: responder error");
466 if (mctx->stapling_fake_trylater) {
467 *prsp = OCSP_response_create(OCSP_RESPONSE_STATUS_TRYLATER, NULL);
474 int response_status = OCSP_response_status(*prsp);
476 if (response_status == OCSP_RESPONSE_STATUS_SUCCESSFUL) {
477 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01942)
478 "stapling_renew_response: query response received");
479 stapling_check_response(s, mctx, cinf, *prsp, &ok);
481 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01943)
482 "stapling_renew_response: error in retrieved response!");
486 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01944)
487 "stapling_renew_response: responder error %s",
488 OCSP_response_status_str(response_status));
491 if (stapling_cache_response(s, mctx, *prsp, cinf, ok, pool) == FALSE) {
492 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01945)
493 "stapling_renew_response: error caching response!");
498 OCSP_CERTID_free(id);
500 OCSP_REQUEST_free(req);
508 * SSLStaplingMutex operations. Similar to SSL mutex except a mutex is
509 * mandatory if stapling is enabled.
511 static int ssl_stapling_mutex_init(server_rec *s, apr_pool_t *p)
513 SSLModConfigRec *mc = myModConfig(s);
514 SSLSrvConfigRec *sc = mySrvConfig(s);
517 if (mc->stapling_mutex || sc->server->stapling_enabled != TRUE) {
521 if ((rv = ap_global_mutex_create(&mc->stapling_mutex, NULL,
522 SSL_STAPLING_MUTEX_TYPE, NULL, s,
523 s->process->pool, 0)) != APR_SUCCESS) {
530 int ssl_stapling_mutex_reinit(server_rec *s, apr_pool_t *p)
532 SSLModConfigRec *mc = myModConfig(s);
534 const char *lockfile;
536 if (mc->stapling_mutex == NULL) {
540 lockfile = apr_global_mutex_lockfile(mc->stapling_mutex);
541 if ((rv = apr_global_mutex_child_init(&mc->stapling_mutex,
542 lockfile, p)) != APR_SUCCESS) {
544 ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(01946)
545 "Cannot reinit %s mutex with file `%s'",
546 SSL_STAPLING_MUTEX_TYPE, lockfile);
549 ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s, APLOGNO(01947)
550 "Cannot reinit %s mutex", SSL_STAPLING_MUTEX_TYPE);
557 static int stapling_mutex_on(server_rec *s)
559 SSLModConfigRec *mc = myModConfig(s);
562 if ((rv = apr_global_mutex_lock(mc->stapling_mutex)) != APR_SUCCESS) {
563 ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s, APLOGNO(01948)
564 "Failed to acquire OCSP stapling lock");
570 static int stapling_mutex_off(server_rec *s)
572 SSLModConfigRec *mc = myModConfig(s);
575 if ((rv = apr_global_mutex_unlock(mc->stapling_mutex)) != APR_SUCCESS) {
576 ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s, APLOGNO(01949)
577 "Failed to release OCSP stapling lock");
583 /* Certificate Status callback. This is called when a client includes a
584 * certificate status request extension.
586 * Check for cached responses in session cache. If valid send back to
587 * client. If absent or no longer valid query responder and update
589 static int stapling_cb(SSL *ssl, void *arg)
591 conn_rec *conn = (conn_rec *)SSL_get_app_data(ssl);
592 server_rec *s = mySrvFromConn(conn);
593 SSLSrvConfigRec *sc = mySrvConfig(s);
594 SSLConnRec *sslconn = myConnConfig(conn);
595 modssl_ctx_t *mctx = myCtxConfig(sslconn, sc);
596 certinfo *cinf = NULL;
597 OCSP_RESPONSE *rsp = NULL;
601 if (sc->server->stapling_enabled != TRUE) {
602 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01950)
603 "stapling_cb: OCSP Stapling disabled");
604 return SSL_TLSEXT_ERR_NOACK;
607 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01951)
608 "stapling_cb: OCSP Stapling callback called");
610 cinf = stapling_get_certinfo(s, mctx, ssl);
612 return SSL_TLSEXT_ERR_NOACK;
615 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01952)
616 "stapling_cb: retrieved cached certificate data");
618 /* Check to see if we already have a response for this certificate */
619 stapling_mutex_on(s);
621 rv = stapling_get_cached_response(s, &rsp, &ok, cinf, conn->pool);
623 stapling_mutex_off(s);
624 return SSL_TLSEXT_ERR_ALERT_FATAL;
628 /* see if response is acceptable */
629 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01953)
630 "stapling_cb: retrieved cached response");
631 rv = stapling_check_response(s, mctx, cinf, rsp, NULL);
632 if (rv == SSL_TLSEXT_ERR_ALERT_FATAL) {
633 OCSP_RESPONSE_free(rsp);
634 stapling_mutex_off(s);
635 return SSL_TLSEXT_ERR_ALERT_FATAL;
637 else if (rv == SSL_TLSEXT_ERR_NOACK) {
638 /* Error in response. If this error was not present when it was
639 * stored (i.e. response no longer valid) then it can be
640 * renewed straight away.
642 * If the error *was* present at the time it was stored then we
643 * don't renew the response straight away we just wait for the
644 * cached response to expire.
647 OCSP_RESPONSE_free(rsp);
650 else if (!mctx->stapling_return_errors) {
651 OCSP_RESPONSE_free(rsp);
652 stapling_mutex_off(s);
653 return SSL_TLSEXT_ERR_NOACK;
659 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01954)
660 "stapling_cb: renewing cached response");
661 rv = stapling_renew_response(s, mctx, ssl, cinf, &rsp, conn->pool);
664 stapling_mutex_off(s);
665 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01955)
666 "stapling_cb: fatal error");
667 return SSL_TLSEXT_ERR_ALERT_FATAL;
670 stapling_mutex_off(s);
673 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01956)
674 "stapling_cb: setting response");
675 if (!stapling_set_response(ssl, rsp))
676 return SSL_TLSEXT_ERR_ALERT_FATAL;
677 return SSL_TLSEXT_ERR_OK;
679 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01957)
680 "stapling_cb: no response available");
682 return SSL_TLSEXT_ERR_NOACK;
686 apr_status_t modssl_init_stapling(server_rec *s, apr_pool_t *p,
687 apr_pool_t *ptemp, modssl_ctx_t *mctx)
689 SSL_CTX *ctx = mctx->ssl_ctx;
690 SSLModConfigRec *mc = myModConfig(s);
692 if (mc->stapling_cache == NULL) {
693 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01958)
694 "SSLStapling: no stapling cache available");
697 if (ssl_stapling_mutex_init(s, ptemp) == FALSE) {
698 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(01959)
699 "SSLStapling: cannot initialise stapling mutex");
702 /* Set some default values for parameters if they are not set */
703 if (mctx->stapling_resptime_skew == UNSET) {
704 mctx->stapling_resptime_skew = 60 * 5;
706 if (mctx->stapling_cache_timeout == UNSET) {
707 mctx->stapling_cache_timeout = 3600;
709 if (mctx->stapling_return_errors == UNSET) {
710 mctx->stapling_return_errors = TRUE;
712 if (mctx->stapling_fake_trylater == UNSET) {
713 mctx->stapling_fake_trylater = TRUE;
715 if (mctx->stapling_errcache_timeout == UNSET) {
716 mctx->stapling_errcache_timeout = 600;
718 if (mctx->stapling_responder_timeout == UNSET) {
719 mctx->stapling_responder_timeout = 10 * APR_USEC_PER_SEC;
721 SSL_CTX_set_tlsext_status_cb(ctx, stapling_cb);
722 ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01960) "OCSP stapling initialized");