Commit 32097b33 authored by Matt Caswell's avatar Matt Caswell
Browse files

Change Post Handshake auth so that it is opt-in 



Having post handshake auth automatically switched on breaks some
applications written for TLSv1.2. This changes things so that an explicit
function call is required for a client to indicate support for
post-handshake auth.

Fixes #6933.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6938)
parent 756510c1

apps/s_client.c

+7 −7
Original line number Diff line number Diff line
@@ -595,7 +595,7 @@ typedef enum OPTION_choice { 
    OPT_CT, OPT_NOCT, OPT_CTLOG_FILE,

#endif

    OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,

    OPT_FORCE_PHA,

    OPT_ENABLE_PHA,

    OPT_R_ENUM

} OPTION_CHOICE;
@@ -786,7 +786,7 @@ const OPTIONS s_client_options[] = { 
#endif

    {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"},

    {"early_data", OPT_EARLY_DATA, '<', "File to send as early data"},

    {"force_pha", OPT_FORCE_PHA, '-', "Force-enable post-handshake-authentication"},

    {"enable_pha", OPT_ENABLE_PHA, '-', "Enable post-handshake-authentication"},

    {NULL, OPT_EOF, 0x00, NULL}

};
@@ -975,7 +975,7 @@ int s_client_main(int argc, char **argv) 
    int isdtls = 0;

#endif

    char *psksessf = NULL;

    int force_pha = 0;

    int enable_pha = 0;



    FD_ZERO(&readfds);

    FD_ZERO(&writefds);
@@ -1492,8 +1492,8 @@ int s_client_main(int argc, char **argv) 
        case OPT_EARLY_DATA:

            early_data_file = opt_arg();

            break;

        case OPT_FORCE_PHA:

            force_pha = 1;

        case OPT_ENABLE_PHA:

            enable_pha = 1;

            break;

        }

    }
@@ -1944,8 +1944,8 @@ int s_client_main(int argc, char **argv) 
    if (con == NULL)

        goto end;



    if (force_pha)

        SSL_force_post_handshake_auth(con);

    if (enable_pha)

        SSL_set_post_handshake_auth(con, 1);



    if (sess_in != NULL) {

        SSL_SESSION *sess;

doc/man1/s_client.pod

+4 −4
Original line number Diff line number Diff line
@@ -134,7 +134,7 @@ B<openssl> B<s_client> 
[B<-ctlogfile>]

[B<-keylogfile file>]

[B<-early_data file>]

[B<-force_pha>]

[B<-enable_pha>]

[B<target>]



=head1 DESCRIPTION
@@ -700,10 +700,10 @@ Reads the contents of the specified file and attempts to send it as early data 
to the server. This will only work with resumed sessions that support early

data and when the server accepts the early data.



=item B<-force_pha>

=item B<-enable_pha>



For TLSv1.3 only, always send the Post-Handshake Authentication extension,

whether or not a certificate has been provided via B<-cert>.

For TLSv1.3 only, send the Post-Handshake Authentication extension. This will

happen whether or not a certificate has been provided via B<-cert>.



=item B<[target]>

doc/man3/SSL_CTX_set_verify.pod

+9 −8
Original line number Diff line number Diff line
@@ -7,7 +7,7 @@ SSL_CTX_set_verify, SSL_set_verify, 
SSL_CTX_set_verify_depth, SSL_set_verify_depth,

SSL_verify_cb,

SSL_verify_client_post_handshake,

SSL_force_post_handshake_auth

SSL_set_post_handshake_auth

- set peer certificate verification parameters



=head1 SYNOPSIS
@@ -24,7 +24,7 @@ SSL_force_post_handshake_auth 
 void SSL_set_verify_depth(SSL *ssl, int depth);



 int SSL_verify_client_post_handshake(SSL *ssl);

 void SSL_force_post_handshake_auth(SSL *ssl);

 void SSL_set_post_handshake_auth(SSL *ssl, int val);



=head1 DESCRIPTION
@@ -48,11 +48,12 @@ verification that shall be allowed for B<ctx>. 
SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain

verification that shall be allowed for B<ssl>.



SSL_force_post_handshake_auth() forces the Post-Handshake Authentication

extension to be added to the ClientHello regardless of certificate configuration

at the time of the initial handshake, such that post-handshake authentication

can be requested by the server. A certificate callback will need to be set via

SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization.

SSL_set_post_handshake_auth() enables the Post-Handshake Authentication

extension to be added to the ClientHello such that post-handshake authentication

can be requested by the server. If B<val> is 0 then the extension is not sent,

otherwise it is. By default the extension is not sent. A certificate callback

will need to be set via SSL_CTX_set_client_cert_cb() if no certificate is

provided at initialization.



SSL_verify_client_post_handshake() causes a CertificateRequest message to be

sent by a server on the given B<ssl> connection. The SSL_VERIFY_PEER flag must
@@ -341,7 +342,7 @@ L<CRYPTO_get_ex_new_index(3)> 
=head1 HISTORY



The SSL_VERIFY_POST_HANDSHAKE option, and the SSL_verify_client_post_handshake()

and SSL_force_post_handshake_auth() functions were added in OpenSSL 1.1.1.

and SSL_set_post_handshake_auth() functions were added in OpenSSL 1.1.1.



=head1 COPYRIGHT

include/openssl/ssl.h

+1 −1
Original line number Diff line number Diff line
@@ -1898,7 +1898,7 @@ int SSL_renegotiate_abbreviated(SSL *s); 
__owur int SSL_renegotiate_pending(SSL *s);

int SSL_shutdown(SSL *s);

__owur int SSL_verify_client_post_handshake(SSL *s);

void SSL_force_post_handshake_auth(SSL *s);

void SSL_set_post_handshake_auth(SSL *s, int val);



__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);

__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s);

ssl/ssl_lib.c

+2 −2
Original line number Diff line number Diff line
@@ -5455,9 +5455,9 @@ int SSL_stateless(SSL *s) 
    return -1;

}



void SSL_force_post_handshake_auth(SSL *ssl)

void SSL_set_post_handshake_auth(SSL *ssl, int val)

{

    ssl->pha_forced = 1;

    ssl->pha_enabled = val;

}



int SSL_verify_client_post_handshake(SSL *ssl)