Add TLSv1.3 support to mod_ssl:

                                                         -*- coding: utf-8 -*-

Changes with Apache 2.4.36

  *) mod_ssl: add experimental support for TLSv1.3 (tested with OpenSSL v1.1.1-pre9. 

     SSL(Proxy)CipherSuite now has an optional first parameter for the protocol the ciphers are for.

     Directive "SSLVerifyClient" now triggers certificate retrieval from the client.

     Verifying the client fails exactly the same for HTTP/2 connections for all SSL protocols,

     as this would need to trigger the master connection thread - which we do not support

     right now.

     Renegotiation of ciphers is intentionally ignored for TLSv1.3 connections. "SSLCipherSuite"

     does not allow to specify TLSv1.3 ciphers in a directory context (because it cannot work) and

     TLSv1.2 or lower ciphers are not relevant for 1.3, as cipher suites are completely separate.

     Sites which make use of such TLSv1.2 feature need to evaluate carefully if or how they 

     can match their needs onto the TLSv1.3 protocol.

     [Yann Ylavic, Stefan Eissing]

  *) mod_auth_basic: Be less tolerant when parsing the credencial. Only spaces

     should be accepted after the authorization scheme. \t are also tolerated.

     [Christophe Jaillet]

PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]

   *) Add TLSv1.3 support to mod_ssl:

      trunk: http://svn.apache.org/r1839946

             http://svn.apache.org/r1839920

             http://svn.apache.org/r1833589

             http://svn.apache.org/r1833588

             http://svn.apache.org/r1828723

             http://svn.apache.org/r1828720

             http://svn.apache.org/r1828222

             http://svn.apache.org/r1827992

             http://svn.apache.org/r1827924

             http://svn.apache.org/r1827912

             http://svn.apache.org/r1828790

             http://svn.apache.org/r1828791

             http://svn.apache.org/r1828792

             http://svn.apache.org/r1840585

             http://svn.apache.org/r1840710

             http://svn.apache.org/r1841218

      2.4.x branch: svn merge ^/httpd/httpd/branches/tlsv1.3-for-2.4.x

      +1: icing, jorton, minfrin (tested on openssl-1.0.2j and openssl-1.1.1)

PATCHES PROPOSED TO BACKPORT FROM TRUNK:

    A revision of the TLS 1.1 protocol, as defined in

    <a href="http://www.ietf.org/rfc/rfc5246.txt">RFC 5246</a>.</p></li>

<li><code>TLSv1.3</code> (when using OpenSSL 1.1.1 and later)

    <p>

    A new version of the TLS protocol, as defined in

    <a href="https://github.com/tlswg/tls13-spec">RFC TBD</a>.</p></li>

<li><code>all</code>

    <p>

    This is a shortcut for ``<code>+SSLv3 +TLSv1</code>'' or

<name>SSLCipherSuite</name>

<description>Cipher Suite available for negotiation in SSL

handshake</description>

<syntax>SSLCipherSuite <em>cipher-spec</em></syntax>

<syntax>SSLCipherSuite [<em>protocol</em>] <em>cipher-spec</em></syntax>

<default>SSLCipherSuite DEFAULT (depends on OpenSSL version)</default>

<contextlist><context>server config</context>

<context>virtual host</context>

<p>

This complex directive uses a colon-separated <em>cipher-spec</em> string

consisting of OpenSSL cipher specifications to configure the Cipher Suite the

client is permitted to negotiate in the SSL handshake phase. Notice that this

directive can be used both in per-server and per-directory context. In

per-server context it applies to the standard SSL handshake when a connection

client is permitted to negotiate in the SSL handshake phase. The optional 

protocol specifier can configure the Cipher Suite for a specific SSL version.

Possible values include "SSL" for all SSL Protocols up to and including TLSv1.2. 

<p>

Notice that this

directive can be used both in per-server and per-directory context. 

In per-server context it applies to the standard SSL handshake when a connection

is established. In per-directory context it forces a SSL renegotiation with the

reconfigured Cipher Suite after the HTTP request was read but before the HTTP

response is sent.</p>

response is sent. (Since renegotiation is not</p>

<p>

If the SSL library supports TLSv1.3 (OpenSSL 1.1.1 and later), the protocol 

specifier "TLSv1.3" can be used to configure the cipher suites for that protocol.

Since TLSv1.3 does not offer renegotiations, specifying ciphers for it in

a directory context is not allowed.</p>

<p>

For a list of TLSv1.3 cipher names, see 

<a href="https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html">the OpenSSL

documentation</a>.</p>

<p>

An SSL cipher specification in <em>cipher-spec</em> is composed of 4 major

attributes plus a few extra minor ones:</p>

<name>SSLProxyCipherSuite</name>

<description>Cipher Suite available for negotiation in SSL

proxy handshake</description>

<syntax>SSLProxyCipherSuite <em>cipher-spec</em></syntax>

<syntax>SSLProxyCipherSuite [<em>protocol</em>] <em>cipher-spec</em></syntax>

<default>SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP</default>

<contextlist><context>server config</context> <context>virtual host</context>

<context>proxy section</context></contextlist>

    SSL_CMD_SRV(FIPS, FLAG,

                "Enable FIPS-140 mode "

                "(`on', `off')")

    SSL_CMD_ALL(CipherSuite, TAKE1,

                "Colon-delimited list of permitted SSL Ciphers "

                "('XXX:...:XXX' - see manual)")

    SSL_CMD_ALL(CipherSuite, TAKE12,

                "Colon-delimited list of permitted SSL Ciphers, optional preceeded "

                "by protocol identifier ('XXX:...:XXX' - see manual)")

    SSL_CMD_SRV(CertificateFile, TAKE1,

                "SSL Server Certificate file "

                "('/path/to/file' - PEM or DER encoded)")

    SSL_CMD_PXY(ProxyProtocol, RAW_ARGS,

               "SSL Proxy: enable or disable SSL protocol flavors "

                "('[+-][" SSL_PROTOCOLS "] ...' - see manual)")

    SSL_CMD_PXY(ProxyCipherSuite, TAKE1,

    SSL_CMD_PXY(ProxyCipherSuite, TAKE12,

               "SSL Proxy: colon-delimited list of permitted SSL ciphers "

               "('XXX:...:XXX' - see manual)")

               ", optionally preceeded by protocol specifier ('XXX:...:XXX' - see manual)")

    SSL_CMD_PXY(ProxyVerify, TAKE1,

               "SSL Proxy: whether to verify the remote certificate "

               "('on' or 'off')")

    /* We must register the library in full, to ensure our configuration

     * code can successfully test the SSL environment.

     */

#if MODSSL_USE_OPENSSL_PRE_1_1_API

#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER)

    (void)CRYPTO_malloc_init();

#else

    OPENSSL_malloc_init();

    mctx->auth.cipher_suite   = NULL;

    mctx->auth.verify_depth   = UNSET;

    mctx->auth.verify_mode    = SSL_CVERIFY_UNSET;

    mctx->auth.tls13_ciphers = NULL;

    mctx->ocsp_mask           = UNSET;

    mctx->ocsp_force_default  = UNSET;

    cfgMergeString(auth.cipher_suite);

    cfgMergeInt(auth.verify_depth);

    cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET);

    cfgMergeString(auth.tls13_ciphers);

    cfgMergeInt(ocsp_mask);

    cfgMergeBool(ocsp_force_default);

const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd,

                                   void *dcfg,

                                   const char *arg)

                                   const char *arg1, const char *arg2)

{

    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);

    SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;

    /* always disable null and export ciphers */

    arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);

    if (arg2 == NULL) {

        arg2 = arg1;

        arg1 = "SSL";

    }

    if (!strcmp("SSL", arg1)) {

        /* always disable null and export ciphers */

        arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL);

        if (cmd->path) {

        dc->szCipherSuite = arg;

            dc->szCipherSuite = arg2;

        }

        else {

        sc->server->auth.cipher_suite = arg;

            sc->server->auth.cipher_suite = arg2;

        }

        return NULL;

    }

#if SSL_HAVE_PROTOCOL_TLSV1_3

    else if (!strcmp("TLSv1.3", arg1)) {

        if (cmd->path) {

            return "TLSv1.3 ciphers cannot be set inside a directory context";

        }

        sc->server->auth.tls13_ciphers = arg2;

        return NULL;

    }

#endif

    return apr_pstrcat(cmd->pool, "procotol '", arg1, "' not supported", NULL);

}

#define SSL_FLAGS_CHECK_FILE \

    (SSL_PCM_EXISTS|SSL_PCM_ISREG|SSL_PCM_ISNONZERO)

        else if (strcEQ(w, "TLSv1.2")) {

            thisopt = SSL_PROTOCOL_TLSV1_2;

        }

        else if (SSL_HAVE_PROTOCOL_TLSV1_3 && strcEQ(w, "TLSv1.3")) {

            thisopt = SSL_PROTOCOL_TLSV1_3;

        }

#endif

        else if (strcEQ(w, "all")) {

            thisopt = SSL_PROTOCOL_ALL;

const char *ssl_cmd_SSLProxyCipherSuite(cmd_parms *cmd,

                                        void *dcfg,

                                        const char *arg)

                                        const char *arg1, const char *arg2)

{

    SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;

    /* always disable null and export ciphers */

    arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);

    dc->proxy->auth.cipher_suite = arg;

    if (arg2 == NULL) {

        arg2 = arg1;

        arg1 = "SSL";

    }

    if (!strcmp("SSL", arg1)) {

        /* always disable null and export ciphers */

        arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL);

        dc->proxy->auth.cipher_suite = arg2;

        return NULL;

    }

#if SSL_HAVE_PROTOCOL_TLSV1_3

    else if (!strcmp("TLSv1.3", arg1)) {

        dc->proxy->auth.tls13_ciphers = arg2;

        return NULL;

    }

#endif

    return apr_pstrcat(cmd->pool, "procotol '", arg1, "' not supported", NULL);

}

const char *ssl_cmd_SSLProxyVerify(cmd_parms *cmd,

                                   void *dcfg,