[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: svn commit: r1840585 - in /httpd/httpd/trunk: docs/log-message-tags/next-number modules/ssl/ssl_engine_kernel.c

> Am 11.09.2018 um 19:12 schrieb Joe Orton <jorton@xxxxxxxxxx>:
> On Tue, Sep 11, 2018 at 06:35:17PM +0200, Yann Ylavic wrote:
>> On Tue, Sep 11, 2018 at 6:01 PM <jorton@xxxxxxxxxx> wrote:
>>> Author: jorton
>>> Date: Tue Sep 11 16:01:47 2018
>>> New Revision: 1840585
>>> URL: http://svn.apache.org/viewvc?rev=1840585&view=rev
>>> Log:
>>> * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access_modern): Fail with
>>>  403 if SSL_verify_client_post_handshake() fails, e.g. when the
>>>  TLS/1.3 client didn't send the Post-Handshake Authentication
>>>  extension.
>> There also seems to be some subtilities between SSL_VERIFY_CLIENT_ONCE
>> (which we use in ssl_hook_Access_modern) and
>> SSL_VERIFY_POST_HANDSHAKES (another openssl flag related to PHA). I'm
>> not sure to understand the docs for now...
> Uh, I missed that. I'm not sure why _VERIFY_CLIENT_*ONCE* is set there 
> rather than just _VERIFY_CLIENT... Stefan?  This should restrict PHA to 
> once per connection, maybe that is sensible, not sure.

This part was not easy to understand in the SSL documentation. I did not
manage to setup proper cases in my test suite to really pin this down.

How much have your testings now proceeded? Yann reported interop with
firefox for him against trunk. Did you manage to track down your
problems? Something missing in the branch?



>> Both seem to be mutually exclusive (though it's not really stated in
>> the doc), and possibly we don't use the right one since we call
>> SSL_verify_client_post_handshake() explicitely. On the other hand
>> SSL_VERIFY_POST_HANDSHAKES might depend on the client being PHA aware
>> (and/or advertised?), and if so should we detect it on the server side
>> to use SSL_VERIFY_POST_HANDSHAKES for the handshake?
>> I'm asking, should you have more insight on those flags...
> I couldn't work out why SSL_VERIFY_POST_HANDSHAKE exists, but it didn't 
> seem to make any difference in testing here.  Assumed I was being stupid 
> but I've asked in https://github.com/openssl/openssl/issues/7178 now.
> Regards, Joe