Commit 32097b33 authored by Matt Caswell's avatar Matt Caswell
Browse files

Change Post Handshake auth so that it is opt-in 



Having post handshake auth automatically switched on breaks some
applications written for TLSv1.2. This changes things so that an explicit
function call is required for a client to indicate support for
post-handshake auth.

Fixes #6933.

Reviewed-by: default avatarTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6938)
parent 756510c1

apps/s_client.c

+7 −7
Original line number Original line Diff line number Diff line
@@ -595,7 +595,7 @@ typedef enum OPTION_choice { 
    OPT_CT, OPT_NOCT, OPT_CTLOG_FILE,

    OPT_CT, OPT_NOCT, OPT_CTLOG_FILE,

#endif

#endif

    OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,

    OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,

    OPT_FORCE_PHA,

    OPT_ENABLE_PHA,

    OPT_R_ENUM

    OPT_R_ENUM

} OPTION_CHOICE;

} OPTION_CHOICE;
@@ -786,7 +786,7 @@ const OPTIONS s_client_options[] = { 
#endif

#endif

    {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"},

    {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"},

    {"early_data", OPT_EARLY_DATA, '<', "File to send as early data"},

    {"early_data", OPT_EARLY_DATA, '<', "File to send as early data"},

    {"force_pha", OPT_FORCE_PHA, '-', "Force-enable post-handshake-authentication"},

    {"enable_pha", OPT_ENABLE_PHA, '-', "Enable post-handshake-authentication"},

    {NULL, OPT_EOF, 0x00, NULL}

    {NULL, OPT_EOF, 0x00, NULL}

};

};
@@ -975,7 +975,7 @@ int s_client_main(int argc, char **argv) 
    int isdtls = 0;

    int isdtls = 0;

#endif

#endif

    char *psksessf = NULL;

    char *psksessf = NULL;

    int force_pha = 0;

    int enable_pha = 0;





    FD_ZERO(&readfds);

    FD_ZERO(&readfds);

    FD_ZERO(&writefds);

    FD_ZERO(&writefds);
@@ -1492,8 +1492,8 @@ int s_client_main(int argc, char **argv) 
        case OPT_EARLY_DATA:

        case OPT_EARLY_DATA:

            early_data_file = opt_arg();

            early_data_file = opt_arg();

            break;

            break;

        case OPT_FORCE_PHA:

        case OPT_ENABLE_PHA:

            force_pha = 1;

            enable_pha = 1;

            break;

            break;

        }

        }

    }

    }
@@ -1944,8 +1944,8 @@ int s_client_main(int argc, char **argv) 
    if (con == NULL)

    if (con == NULL)

        goto end;

        goto end;





    if (force_pha)

    if (enable_pha)

        SSL_force_post_handshake_auth(con);

        SSL_set_post_handshake_auth(con, 1);





    if (sess_in != NULL) {

    if (sess_in != NULL) {

        SSL_SESSION *sess;

        SSL_SESSION *sess;

doc/man1/s_client.pod

+4 −4
Original line number Original line Diff line number Diff line
@@ -134,7 +134,7 @@ B<openssl> B<s_client> 
[B<-ctlogfile>]

[B<-ctlogfile>]

[B<-keylogfile file>]

[B<-keylogfile file>]

[B<-early_data file>]

[B<-early_data file>]

[B<-force_pha>]

[B<-enable_pha>]

[B<target>]

[B<target>]





=head1 DESCRIPTION

=head1 DESCRIPTION
@@ -700,10 +700,10 @@ Reads the contents of the specified file and attempts to send it as early data 
to the server. This will only work with resumed sessions that support early

to the server. This will only work with resumed sessions that support early

data and when the server accepts the early data.

data and when the server accepts the early data.





=item B<-force_pha>

=item B<-enable_pha>





For TLSv1.3 only, always send the Post-Handshake Authentication extension,

For TLSv1.3 only, send the Post-Handshake Authentication extension. This will

whether or not a certificate has been provided via B<-cert>.

happen whether or not a certificate has been provided via B<-cert>.





=item B<[target]>

=item B<[target]>

doc/man3/SSL_CTX_set_verify.pod

+9 −8
Original line number Original line Diff line number Diff line
@@ -7,7 +7,7 @@ SSL_CTX_set_verify, SSL_set_verify, 
SSL_CTX_set_verify_depth, SSL_set_verify_depth,

SSL_CTX_set_verify_depth, SSL_set_verify_depth,

SSL_verify_cb,

SSL_verify_cb,

SSL_verify_client_post_handshake,

SSL_verify_client_post_handshake,

SSL_force_post_handshake_auth

SSL_set_post_handshake_auth

- set peer certificate verification parameters

- set peer certificate verification parameters





=head1 SYNOPSIS

=head1 SYNOPSIS
@@ -24,7 +24,7 @@ SSL_force_post_handshake_auth 
 void SSL_set_verify_depth(SSL *ssl, int depth);

 void SSL_set_verify_depth(SSL *ssl, int depth);





 int SSL_verify_client_post_handshake(SSL *ssl);

 int SSL_verify_client_post_handshake(SSL *ssl);

 void SSL_force_post_handshake_auth(SSL *ssl);

 void SSL_set_post_handshake_auth(SSL *ssl, int val);





=head1 DESCRIPTION

=head1 DESCRIPTION
@@ -48,11 +48,12 @@ verification that shall be allowed for B<ctx>. 
SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain

SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain

verification that shall be allowed for B<ssl>.

verification that shall be allowed for B<ssl>.





SSL_force_post_handshake_auth() forces the Post-Handshake Authentication

SSL_set_post_handshake_auth() enables the Post-Handshake Authentication

extension to be added to the ClientHello regardless of certificate configuration

extension to be added to the ClientHello such that post-handshake authentication

at the time of the initial handshake, such that post-handshake authentication

can be requested by the server. If B<val> is 0 then the extension is not sent,

can be requested by the server. A certificate callback will need to be set via

otherwise it is. By default the extension is not sent. A certificate callback

SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization.

will need to be set via SSL_CTX_set_client_cert_cb() if no certificate is

provided at initialization.





SSL_verify_client_post_handshake() causes a CertificateRequest message to be

SSL_verify_client_post_handshake() causes a CertificateRequest message to be

sent by a server on the given B<ssl> connection. The SSL_VERIFY_PEER flag must

sent by a server on the given B<ssl> connection. The SSL_VERIFY_PEER flag must
@@ -341,7 +342,7 @@ L<CRYPTO_get_ex_new_index(3)> 
=head1 HISTORY

=head1 HISTORY





The SSL_VERIFY_POST_HANDSHAKE option, and the SSL_verify_client_post_handshake()

The SSL_VERIFY_POST_HANDSHAKE option, and the SSL_verify_client_post_handshake()

and SSL_force_post_handshake_auth() functions were added in OpenSSL 1.1.1.

and SSL_set_post_handshake_auth() functions were added in OpenSSL 1.1.1.





=head1 COPYRIGHT

=head1 COPYRIGHT

include/openssl/ssl.h

+1 −1
Original line number Original line Diff line number Diff line
@@ -1898,7 +1898,7 @@ int SSL_renegotiate_abbreviated(SSL *s); 
__owur int SSL_renegotiate_pending(SSL *s);

__owur int SSL_renegotiate_pending(SSL *s);

int SSL_shutdown(SSL *s);

int SSL_shutdown(SSL *s);

__owur int SSL_verify_client_post_handshake(SSL *s);

__owur int SSL_verify_client_post_handshake(SSL *s);

void SSL_force_post_handshake_auth(SSL *s);

void SSL_set_post_handshake_auth(SSL *s, int val);





__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);

__owur const SSL_METHOD *SSL_CTX_get_ssl_method(SSL_CTX *ctx);

__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s);

__owur const SSL_METHOD *SSL_get_ssl_method(SSL *s);

ssl/ssl_lib.c

+2 −2
Original line number Original line Diff line number Diff line
@@ -5455,9 +5455,9 @@ int SSL_stateless(SSL *s) 
    return -1;

    return -1;

}

}





void SSL_force_post_handshake_auth(SSL *ssl)

void SSL_set_post_handshake_auth(SSL *ssl, int val)

{

{

    ssl->pha_forced = 1;

    ssl->pha_enabled = val;

}

}





int SSL_verify_client_post_handshake(SSL *ssl)

int SSL_verify_client_post_handshake(SSL *ssl)