[thirdparty/squid.git] / src / ssl / PeekingPeerConnector.cc

/*
 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/* DEBUG: section 83    SSL-Bump Server/Peer negotiation */

#include "squid.h"
#include "acl/FilledChecklist.h"
#include "client_side.h"
#include "errorpage.h"
#include "fde.h"
#include "http/Stream.h"
#include "HttpRequest.h"
#include "security/NegotiationHistory.h"
#include "SquidConfig.h"
#include "ssl/bio.h"
#include "ssl/PeekingPeerConnector.h"
#include "ssl/ServerBump.h"

CBDATA_NAMESPACED_CLASS_INIT(Ssl, PeekingPeerConnector);

void switchToTunnel(HttpRequest *request, Comm::ConnectionPointer & clientConn, Comm::ConnectionPointer &srvConn);

void
Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone(allow_t answer, void *data)
{
    Ssl::PeekingPeerConnector *peerConnect = (Ssl::PeekingPeerConnector *) data;
    // Use job calls to add done() checks and other job logic/protections.
    CallJobHere1(83, 7, CbcPointer<PeekingPeerConnector>(peerConnect), Ssl::PeekingPeerConnector, checkForPeekAndSpliceDone, answer);
}

void
Ssl::PeekingPeerConnector::checkForPeekAndSpliceDone(allow_t answer)
{
    const Ssl::BumpMode finalAction = (answer.code == ACCESS_ALLOWED) ?
                                      static_cast<Ssl::BumpMode>(answer.kind):
                                      checkForPeekAndSpliceGuess();
    checkForPeekAndSpliceMatched(finalAction);
}

void
Ssl::PeekingPeerConnector::checkForPeekAndSplice()
{
    // Mark Step3 of bumping
    if (request->clientConnectionManager.valid()) {
        if (Ssl::ServerBump *serverBump = request->clientConnectionManager->serverBump()) {
            serverBump->step = Ssl::bumpStep3;
        }
    }

    handleServerCertificate();

    ACLFilledChecklist *acl_checklist = new ACLFilledChecklist(
        ::Config.accessList.ssl_bump,
        request.getRaw(), NULL);
    acl_checklist->al = al;
    acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpNone));
    acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpPeek));
    acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpStare));
    acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpClientFirst));
    acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpServerFirst));
    Security::SessionPointer session(fd_table[serverConn->fd].ssl);
    BIO *b = SSL_get_rbio(session.get());
    Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));
    if (!srvBio->canSplice())
        acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpSplice));
    if (!srvBio->canBump())
        acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpBump));
    acl_checklist->nonBlockingCheck(Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone, this);
}

void
Ssl::PeekingPeerConnector::checkForPeekAndSpliceMatched(const Ssl::BumpMode action)
{
    Security::SessionPointer session(fd_table[serverConn->fd].ssl);
    BIO *b = SSL_get_rbio(session.get());
    Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));
    debugs(83,5, "Will check for peek and splice on FD " << serverConn->fd);

    Ssl::BumpMode finalAction = action;
    Must(finalAction == Ssl::bumpSplice || finalAction == Ssl::bumpBump || finalAction == Ssl::bumpTerminate);
    // Record final decision
    if (request->clientConnectionManager.valid()) {
        request->clientConnectionManager->sslBumpMode = finalAction;
        request->clientConnectionManager->serverBump()->act.step3 = finalAction;
    }

    if (finalAction == Ssl::bumpTerminate) {
        serverConn->close();
        clientConn->close();
    } else if (finalAction != Ssl::bumpSplice) {
        //Allow write, proceed with the connection
        srvBio->holdWrite(false);
        srvBio->recordInput(false);
        debugs(83,5, "Retry the fwdNegotiateSSL on FD " << serverConn->fd);
        Security::PeerConnector::noteWantWrite();
    } else {
        splice = true;
        // Ssl Negotiation stops here. Last SSL checks for valid certificates
        // and if done, switch to tunnel mode
        if (sslFinalized()) {
            debugs(83,5, "Abort NegotiateSSL on FD " << serverConn->fd << " and splice the connection");
            callBack();
        }
    }
}

Ssl::BumpMode
Ssl::PeekingPeerConnector::checkForPeekAndSpliceGuess() const
{
    if (const ConnStateData *csd = request->clientConnectionManager.valid()) {
        const Ssl::BumpMode currentMode = csd->sslBumpMode;
        if (currentMode == Ssl::bumpStare) {
            debugs(83,5, "default to bumping after staring");
            return Ssl::bumpBump;
        }
        debugs(83,5, "default to splicing after " << currentMode);
    } else {
        debugs(83,3, "default to splicing due to missing info");
    }

    return Ssl::bumpSplice;
}

Security::ContextPointer
Ssl::PeekingPeerConnector::getTlsContext()
{
    return ::Config.ssl_client.sslContext;
}

bool
Ssl::PeekingPeerConnector::initialize(Security::SessionPointer &serverSession)
{
    if (!Security::PeerConnector::initialize(serverSession))
        return false;

    if (ConnStateData *csd = request->clientConnectionManager.valid()) {

        // client connection is required in the case we need to splice
        // or terminate client and server connections
        assert(clientConn != NULL);
        SBuf *hostName = NULL;

        //Enable Status_request TLS extension, required to bump some clients
        SSL_set_tlsext_status_type(serverSession.get(), TLSEXT_STATUSTYPE_ocsp);

        const Security::TlsDetails::Pointer details = csd->tlsParser.details;
        if (details && !details->serverName.isEmpty())
            hostName = new SBuf(details->serverName);

        if (!hostName) {
            // While we are peeking at the certificate, we may not know the server
            // name that the client will request (after interception or CONNECT)
            // unless it was the CONNECT request with a user-typed address.
            const bool isConnectRequest = !csd->port->flags.isIntercepted();
            if (!request->flags.sslPeek || isConnectRequest)
                hostName = new SBuf(request->url.host());
        }

        if (hostName)
            SSL_set_ex_data(serverSession.get(), ssl_ex_index_server, (void*)hostName);

        Must(!csd->serverBump() || csd->serverBump()->step <= Ssl::bumpStep2);
        if (csd->sslBumpMode == Ssl::bumpPeek || csd->sslBumpMode == Ssl::bumpStare) {
            auto clientSession = fd_table[clientConn->fd].ssl.get();
            Must(clientSession);
            BIO *bc = SSL_get_rbio(clientSession);
            Ssl::ClientBio *cltBio = static_cast<Ssl::ClientBio *>(BIO_get_data(bc));
            Must(cltBio);
            if (details && details->tlsVersion.protocol != AnyP::PROTO_NONE) {
                applyTlsDetailsToSSL(serverSession.get(), details, csd->sslBumpMode);
                // Should we allow it for all protocols?
                if (details->tlsVersion.protocol == AnyP::PROTO_TLS || details->tlsVersion == AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0)) {
                    BIO *b = SSL_get_rbio(serverSession.get());
                    Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));
                    // Inherite client features, like SSL version, SNI and other
                    srvBio->setClientFeatures(details, cltBio->rBufData());
                    srvBio->recordInput(true);
                    srvBio->mode(csd->sslBumpMode);
                }
            }
        } else {
            // Set client SSL options
            SSL_set_options(serverSession.get(), ::Security::ProxyOutgoingConfig.parsedOptions);

            // Use SNI TLS extension only when we connect directly
            // to the origin server and we know the server host name.
            const char *sniServer = NULL;
            const bool redirected = request->flags.redirected && ::Config.onoff.redir_rewrites_host;
            if (!hostName || redirected)
                sniServer = !request->url.hostIsNumeric() ? request->url.host() : NULL;
            else
                sniServer = hostName->c_str();

            if (sniServer)
                Ssl::setClientSNI(serverSession.get(), sniServer);
        }

        if (Ssl::ServerBump *serverBump = csd->serverBump()) {
            serverBump->attachServerSession(serverSession);
            // store peeked cert to check SQUID_X509_V_ERR_CERT_CHANGE
            if (X509 *peeked_cert = serverBump->serverCert.get()) {
                X509_up_ref(peeked_cert);
                SSL_set_ex_data(serverSession.get(), ssl_ex_index_ssl_peeked_cert, peeked_cert);
            }
        }
    }

    return true;
}

void
Ssl::PeekingPeerConnector::noteNegotiationDone(ErrorState *error)
{
    // Check the list error with
    if (!request->clientConnectionManager.valid() || !fd_table[serverConnection()->fd].ssl)
        return;

    // remember the server certificate from the ErrorDetail object
    if (Ssl::ServerBump *serverBump = request->clientConnectionManager->serverBump()) {
        if (!serverBump->serverCert.get()) {
            // remember the server certificate from the ErrorDetail object
            if (error && error->detail && error->detail->peerCert())
                serverBump->serverCert.resetAndLock(error->detail->peerCert());
            else {
                handleServerCertificate();
            }
        }

        if (error) {
            // For intercepted connections, set the host name to the server
            // certificate CN. Otherwise, we just hope that CONNECT is using
            // a user-entered address (a host name or a user-entered IP).
            const bool isConnectRequest = !request->clientConnectionManager->port->flags.isIntercepted();
            if (request->flags.sslPeek && !isConnectRequest) {
                if (X509 *srvX509 = serverBump->serverCert.get()) {
                    if (const char *name = Ssl::CommonHostName(srvX509)) {
                        request->url.host(name);
                        debugs(83, 3, "reset request host: " << name);
                    }
                }
            }
        }
    }

    if (!error) {
        serverCertificateVerified();
        if (splice) {
            switchToTunnel(request.getRaw(), clientConn, serverConn);
            tunnelInsteadOfNegotiating();
        }
    }
}

void
Ssl::PeekingPeerConnector::noteWantWrite()
{
    const int fd = serverConnection()->fd;
    Security::SessionPointer session(fd_table[fd].ssl);
    BIO *b = SSL_get_rbio(session.get());
    Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));

    if ((srvBio->bumpMode() == Ssl::bumpPeek || srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) {
        debugs(81, 3, "hold write on SSL connection on FD " << fd);
        checkForPeekAndSplice();
        return;
    }

    Security::PeerConnector::noteWantWrite();
}

void
Ssl::PeekingPeerConnector::noteNegotiationError(const int result, const int ssl_error, const int ssl_lib_error)
{
    const int fd = serverConnection()->fd;
    Security::SessionPointer session(fd_table[fd].ssl);
    BIO *b = SSL_get_rbio(session.get());
    Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(BIO_get_data(b));

    // In Peek mode, the ClientHello message sent to the server. If the
    // server resuming a previous (spliced) SSL session with the client,
    // then probably we are here because local SSL object does not know
    // anything about the session being resumed.
    //
    if (srvBio->bumpMode() == Ssl::bumpPeek && (resumingSession = srvBio->resumingSession())) {
        // we currently splice all resumed sessions unconditionally
        if (const bool spliceResumed = true) {
            bypassCertValidator();
            checkForPeekAndSpliceMatched(Ssl::bumpSplice);
            return;
        } // else fall through to find a matching ssl_bump action (with limited info)
    }

    // If we are in peek-and-splice mode and still we did not write to
    // server yet, try to see if we should splice.
    // In this case the connection can be saved.
    // If the checklist decision is do not splice a new error will
    // occur in the next SSL_connect call, and we will fail again.
    // Abort on certificate validation errors to avoid splicing and
    // thus hiding them.
    // Abort if no certificate found probably because of malformed or
    // unsupported server Hello message (TODO: make configurable).
    if (!SSL_get_ex_data(session.get(), ssl_ex_index_ssl_error_detail) &&
            (srvBio->bumpMode() == Ssl::bumpPeek  || srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) {
        Security::CertPointer serverCert(SSL_get_peer_certificate(session.get()));
        if (serverCert) {
            debugs(81, 3, "Error ("  << Security::ErrorString(ssl_lib_error) <<  ") but, hold write on SSL connection on FD " << fd);
            checkForPeekAndSplice();
            return;
        }
    }

    // else call parent noteNegotiationError to produce an error page
    Security::PeerConnector::noteNegotiationError(result, ssl_error, ssl_lib_error);
}

void
Ssl::PeekingPeerConnector::handleServerCertificate()
{
    if (serverCertificateHandled)
        return;

    if (ConnStateData *csd = request->clientConnectionManager.valid()) {
        const int fd = serverConnection()->fd;
        Security::SessionPointer session(fd_table[fd].ssl);
        Security::CertPointer serverCert(SSL_get_peer_certificate(session.get()));
        if (!serverCert)
            return;

        serverCertificateHandled = true;

        // remember the server certificate for later use
        if (Ssl::ServerBump *serverBump = csd->serverBump()) {
            serverBump->serverCert = std::move(serverCert);
        }
    }
}

void
Ssl::PeekingPeerConnector::serverCertificateVerified()
{
    if (ConnStateData *csd = request->clientConnectionManager.valid()) {
        Security::CertPointer serverCert;
        if(Ssl::ServerBump *serverBump = csd->serverBump())
            serverCert.resetAndLock(serverBump->serverCert.get());
        else {
            const int fd = serverConnection()->fd;
            Security::SessionPointer session(fd_table[fd].ssl);
            serverCert.resetWithoutLocking(SSL_get_peer_certificate(session.get()));
        }
        if (serverCert) {
            csd->resetSslCommonName(Ssl::CommonHostName(serverCert.get()));
            debugs(83, 5, "HTTPS server CN: " << csd->sslCommonName() <<
                   " bumped: " << *serverConnection());
        }
    }
}

void
Ssl::PeekingPeerConnector::tunnelInsteadOfNegotiating()
{
    Must(callback != NULL);
    CbDialer *dialer = dynamic_cast<CbDialer*>(callback->getDialer());
    Must(dialer);
    dialer->answer().tunneled = true;
    debugs(83, 5, "The SSL negotiation with server aborted");
}
Commit	Line	Data
32f1ca3f AJ	1	/*
	2	* Copyright (C) 1996-2016 The Squid Software Foundation and contributors
	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
	9	/* DEBUG: section 83 SSL-Bump Server/Peer negotiation */
	10
	11	#include "squid.h"
	12	#include "acl/FilledChecklist.h"
	13	#include "client_side.h"
	14	#include "errorpage.h"
	15	#include "fde.h"
0ba8b2ad	16	#include "http/Stream.h"
64d0dd9f	17	#include "HttpRequest.h"
32f1ca3f AJ	18	#include "security/NegotiationHistory.h"
	19	#include "SquidConfig.h"
	20	#include "ssl/bio.h"
	21	#include "ssl/PeekingPeerConnector.h"
	22	#include "ssl/ServerBump.h"
	23
	24	CBDATA_NAMESPACED_CLASS_INIT(Ssl, PeekingPeerConnector);
	25
	26	void switchToTunnel(HttpRequest *request, Comm::ConnectionPointer & clientConn, Comm::ConnectionPointer &srvConn);
	27
	28	void
	29	Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone(allow_t answer, void *data)
	30	{
	31	Ssl::PeekingPeerConnector peerConnect = (Ssl::PeekingPeerConnector ) data;
	32	// Use job calls to add done() checks and other job logic/protections.
	33	CallJobHere1(83, 7, CbcPointer<PeekingPeerConnector>(peerConnect), Ssl::PeekingPeerConnector, checkForPeekAndSpliceDone, answer);
	34	}
	35
	36	void
	37	Ssl::PeekingPeerConnector::checkForPeekAndSpliceDone(allow_t answer)
	38	{
	39	const Ssl::BumpMode finalAction = (answer.code == ACCESS_ALLOWED) ?
	40	static_cast<Ssl::BumpMode>(answer.kind):
	41	checkForPeekAndSpliceGuess();
	42	checkForPeekAndSpliceMatched(finalAction);
	43	}
	44
	45	void
	46	Ssl::PeekingPeerConnector::checkForPeekAndSplice()
	47	{
	48	// Mark Step3 of bumping
	49	if (request->clientConnectionManager.valid()) {
	50	if (Ssl::ServerBump *serverBump = request->clientConnectionManager->serverBump()) {
	51	serverBump->step = Ssl::bumpStep3;
	52	}
	53	}
	54
	55	handleServerCertificate();
	56
	57	ACLFilledChecklist *acl_checklist = new ACLFilledChecklist(
	58	::Config.accessList.ssl_bump,
	59	request.getRaw(), NULL);
d4ddb3e6	60	acl_checklist->al = al;
32f1ca3f AJ	61	acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpNone));
	62	acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpPeek));
	63	acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpStare));
	64	acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpClientFirst));
	65	acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpServerFirst));
ad23e748 AJ	66	Security::SessionPointer session(fd_table[serverConn->fd].ssl);
ad23e748 AJ	67	BIO *b = SSL_get_rbio(session.get());
093deea9	68	Ssl::ServerBio srvBio = static_cast<Ssl::ServerBio >(BIO_get_data(b));
32f1ca3f AJ	69	if (!srvBio->canSplice())
	70	acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpSplice));
	71	if (!srvBio->canBump())
	72	acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpBump));
	73	acl_checklist->nonBlockingCheck(Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone, this);
	74	}
	75
	76	void
	77	Ssl::PeekingPeerConnector::checkForPeekAndSpliceMatched(const Ssl::BumpMode action)
	78	{
ad23e748 AJ	79	Security::SessionPointer session(fd_table[serverConn->fd].ssl);
ad23e748 AJ	80	BIO *b = SSL_get_rbio(session.get());
093deea9	81	Ssl::ServerBio srvBio = static_cast<Ssl::ServerBio >(BIO_get_data(b));
32f1ca3f AJ	82	debugs(83,5, "Will check for peek and splice on FD " << serverConn->fd);
	83
	84	Ssl::BumpMode finalAction = action;
	85	Must(finalAction == Ssl::bumpSplice \|\| finalAction == Ssl::bumpBump \|\| finalAction == Ssl::bumpTerminate);
	86	// Record final decision
	87	if (request->clientConnectionManager.valid()) {
	88	request->clientConnectionManager->sslBumpMode = finalAction;
	89	request->clientConnectionManager->serverBump()->act.step3 = finalAction;
	90	}
	91
	92	if (finalAction == Ssl::bumpTerminate) {
	93	serverConn->close();
	94	clientConn->close();
	95	} else if (finalAction != Ssl::bumpSplice) {
	96	//Allow write, proceed with the connection
	97	srvBio->holdWrite(false);
	98	srvBio->recordInput(false);
	99	debugs(83,5, "Retry the fwdNegotiateSSL on FD " << serverConn->fd);
a72b6e88	100	Security::PeerConnector::noteWantWrite();
32f1ca3f AJ	101	} else {
	102	splice = true;
	103	// Ssl Negotiation stops here. Last SSL checks for valid certificates
	104	// and if done, switch to tunnel mode
	105	if (sslFinalized()) {
	106	debugs(83,5, "Abort NegotiateSSL on FD " << serverConn->fd << " and splice the connection");
56753478	107	callBack();
32f1ca3f AJ	108	}
	109	}
	110	}
	111
	112	Ssl::BumpMode
	113	Ssl::PeekingPeerConnector::checkForPeekAndSpliceGuess() const
	114	{
	115	if (const ConnStateData *csd = request->clientConnectionManager.valid()) {
	116	const Ssl::BumpMode currentMode = csd->sslBumpMode;
	117	if (currentMode == Ssl::bumpStare) {
	118	debugs(83,5, "default to bumping after staring");
	119	return Ssl::bumpBump;
	120	}
	121	debugs(83,5, "default to splicing after " << currentMode);
	122	} else {
	123	debugs(83,3, "default to splicing due to missing info");
	124	}
	125
	126	return Ssl::bumpSplice;
	127	}
	128
b23f5f9c AJ	129	Security::ContextPointer
b23f5f9c AJ	130	Ssl::PeekingPeerConnector::getTlsContext()
32f1ca3f	131	{
b23f5f9c	132	return ::Config.ssl_client.sslContext;
32f1ca3f AJ	133	}
32f1ca3f AJ	134
eba8d9bb	135	bool
0166128b	136	Ssl::PeekingPeerConnector::initialize(Security::SessionPointer &serverSession)
32f1ca3f	137	{
0166128b	138	if (!Security::PeerConnector::initialize(serverSession))
eba8d9bb	139	return false;
32f1ca3f AJ	140
	141	if (ConnStateData *csd = request->clientConnectionManager.valid()) {
	142
	143	// client connection is required in the case we need to splice
	144	// or terminate client and server connections
	145	assert(clientConn != NULL);
	146	SBuf *hostName = NULL;
32f1ca3f	147
eba8d9bb AJ	148	//Enable Status_request TLS extension, required to bump some clients
eba8d9bb AJ	149	SSL_set_tlsext_status_type(serverSession.get(), TLSEXT_STATUSTYPE_ocsp);
32f1ca3f	150
3cae14a6	151	const Security::TlsDetails::Pointer details = csd->tlsParser.details;
49a4d72f	152	if (details && !details->serverName.isEmpty())
3cae14a6	153	hostName = new SBuf(details->serverName);
32f1ca3f AJ	154
	155	if (!hostName) {
	156	// While we are peeking at the certificate, we may not know the server
	157	// name that the client will request (after interception or CONNECT)
	158	// unless it was the CONNECT request with a user-typed address.
	159	const bool isConnectRequest = !csd->port->flags.isIntercepted();
	160	if (!request->flags.sslPeek \|\| isConnectRequest)
	161	hostName = new SBuf(request->url.host());
	162	}
	163
	164	if (hostName)
eba8d9bb	165	SSL_set_ex_data(serverSession.get(), ssl_ex_index_server, (void*)hostName);
32f1ca3f AJ	166
	167	Must(!csd->serverBump() \|\| csd->serverBump()->step <= Ssl::bumpStep2);
	168	if (csd->sslBumpMode == Ssl::bumpPeek \|\| csd->sslBumpMode == Ssl::bumpStare) {
eba8d9bb AJ	169	auto clientSession = fd_table[clientConn->fd].ssl.get();
	170	Must(clientSession);
	171	BIO *bc = SSL_get_rbio(clientSession);
093deea9	172	Ssl::ClientBio cltBio = static_cast<Ssl::ClientBio >(BIO_get_data(bc));
3cae14a6	173	Must(cltBio);
67c99fc6	174	if (details && details->tlsVersion.protocol != AnyP::PROTO_NONE) {
eba8d9bb	175	applyTlsDetailsToSSL(serverSession.get(), details, csd->sslBumpMode);
32f1ca3f	176	// Should we allow it for all protocols?
67c99fc6	177	if (details->tlsVersion.protocol == AnyP::PROTO_TLS \|\| details->tlsVersion == AnyP::ProtocolVersion(AnyP::PROTO_SSL, 3, 0)) {
eba8d9bb	178	BIO *b = SSL_get_rbio(serverSession.get());
093deea9	179	Ssl::ServerBio srvBio = static_cast<Ssl::ServerBio >(BIO_get_data(b));
32f1ca3f	180	// Inherite client features, like SSL version, SNI and other
21530947	181	srvBio->setClientFeatures(details, cltBio->rBufData());
32f1ca3f AJ	182	srvBio->recordInput(true);
	183	srvBio->mode(csd->sslBumpMode);
	184	}
	185	}
	186	} else {
	187	// Set client SSL options
eba8d9bb	188	SSL_set_options(serverSession.get(), ::Security::ProxyOutgoingConfig.parsedOptions);
32f1ca3f AJ	189
	190	// Use SNI TLS extension only when we connect directly
	191	// to the origin server and we know the server host name.
	192	const char *sniServer = NULL;
	193	const bool redirected = request->flags.redirected && ::Config.onoff.redir_rewrites_host;
	194	if (!hostName \|\| redirected)
	195	sniServer = !request->url.hostIsNumeric() ? request->url.host() : NULL;
	196	else
	197	sniServer = hostName->c_str();
	198
	199	if (sniServer)
eba8d9bb	200	Ssl::setClientSNI(serverSession.get(), sniServer);
32f1ca3f AJ	201	}
32f1ca3f AJ	202
088f0761	203	if (Ssl::ServerBump *serverBump = csd->serverBump()) {
8f917129	204	serverBump->attachServerSession(serverSession);
088f0761 CT	205	// store peeked cert to check SQUID_X509_V_ERR_CERT_CHANGE
088f0761 CT	206	if (X509 *peeked_cert = serverBump->serverCert.get()) {
6f2b8700	207	X509_up_ref(peeked_cert);
eba8d9bb	208	SSL_set_ex_data(serverSession.get(), ssl_ex_index_ssl_peeked_cert, peeked_cert);
088f0761	209	}
32f1ca3f AJ	210	}
	211	}
	212
eba8d9bb	213	return true;
32f1ca3f AJ	214	}
	215
	216	void
	217	Ssl::PeekingPeerConnector::noteNegotiationDone(ErrorState *error)
	218	{
32f1ca3f	219	// Check the list error with
ad23e748	220	if (!request->clientConnectionManager.valid() \|\| !fd_table[serverConnection()->fd].ssl)
32f1ca3f AJ	221	return;
	222
	223	// remember the server certificate from the ErrorDetail object
	224	if (Ssl::ServerBump *serverBump = request->clientConnectionManager->serverBump()) {
32f1ca3f AJ	225	if (!serverBump->serverCert.get()) {
	226	// remember the server certificate from the ErrorDetail object
	227	if (error && error->detail && error->detail->peerCert())
014a9017	228	serverBump->serverCert.resetAndLock(error->detail->peerCert());
32f1ca3f AJ	229	else {
	230	handleServerCertificate();
	231	}
	232	}
	233
	234	if (error) {
	235	// For intercepted connections, set the host name to the server
	236	// certificate CN. Otherwise, we just hope that CONNECT is using
	237	// a user-entered address (a host name or a user-entered IP).
	238	const bool isConnectRequest = !request->clientConnectionManager->port->flags.isIntercepted();
	239	if (request->flags.sslPeek && !isConnectRequest) {
	240	if (X509 *srvX509 = serverBump->serverCert.get()) {
	241	if (const char *name = Ssl::CommonHostName(srvX509)) {
	242	request->url.host(name);
	243	debugs(83, 3, "reset request host: " << name);
	244	}
	245	}
	246	}
	247	}
	248	}
	249
32f1ca3f AJ	250	if (!error) {
	251	serverCertificateVerified();
	252	if (splice) {
32f1ca3f	253	switchToTunnel(request.getRaw(), clientConn, serverConn);
56753478	254	tunnelInsteadOfNegotiating();
32f1ca3f AJ	255	}
	256	}
	257	}
	258
	259	void
	260	Ssl::PeekingPeerConnector::noteWantWrite()
	261	{
	262	const int fd = serverConnection()->fd;
ad23e748 AJ	263	Security::SessionPointer session(fd_table[fd].ssl);
ad23e748 AJ	264	BIO *b = SSL_get_rbio(session.get());
093deea9	265	Ssl::ServerBio srvBio = static_cast<Ssl::ServerBio >(BIO_get_data(b));
32f1ca3f AJ	266
32f1ca3f AJ	267	if ((srvBio->bumpMode() == Ssl::bumpPeek \|\| srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) {
bc8e1f18	268	debugs(81, 3, "hold write on SSL connection on FD " << fd);
32f1ca3f AJ	269	checkForPeekAndSplice();
	270	return;
	271	}
	272
a72b6e88	273	Security::PeerConnector::noteWantWrite();
32f1ca3f AJ	274	}
	275
	276	void
0166128b	277	Ssl::PeekingPeerConnector::noteNegotiationError(const int result, const int ssl_error, const int ssl_lib_error)
32f1ca3f AJ	278	{
32f1ca3f AJ	279	const int fd = serverConnection()->fd;
ad23e748 AJ	280	Security::SessionPointer session(fd_table[fd].ssl);
ad23e748 AJ	281	BIO *b = SSL_get_rbio(session.get());
093deea9	282	Ssl::ServerBio srvBio = static_cast<Ssl::ServerBio >(BIO_get_data(b));
32f1ca3f AJ	283
	284	// In Peek mode, the ClientHello message sent to the server. If the
	285	// server resuming a previous (spliced) SSL session with the client,
	286	// then probably we are here because local SSL object does not know
	287	// anything about the session being resumed.
	288	//
	289	if (srvBio->bumpMode() == Ssl::bumpPeek && (resumingSession = srvBio->resumingSession())) {
	290	// we currently splice all resumed sessions unconditionally
	291	if (const bool spliceResumed = true) {
	292	bypassCertValidator();
	293	checkForPeekAndSpliceMatched(Ssl::bumpSplice);
	294	return;
	295	} // else fall through to find a matching ssl_bump action (with limited info)
	296	}
	297
	298	// If we are in peek-and-splice mode and still we did not write to
	299	// server yet, try to see if we should splice.
	300	// In this case the connection can be saved.
	301	// If the checklist decision is do not splice a new error will
	302	// occur in the next SSL_connect call, and we will fail again.
	303	// Abort on certificate validation errors to avoid splicing and
	304	// thus hiding them.
	305	// Abort if no certificate found probably because of malformed or
	306	// unsupported server Hello message (TODO: make configurable).
ad23e748	307	if (!SSL_get_ex_data(session.get(), ssl_ex_index_ssl_error_detail) &&
32f1ca3f	308	(srvBio->bumpMode() == Ssl::bumpPeek \|\| srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) {
ad23e748 AJ	309	Security::CertPointer serverCert(SSL_get_peer_certificate(session.get()));
ad23e748 AJ	310	if (serverCert) {
ea574635	311	debugs(81, 3, "Error (" << Security::ErrorString(ssl_lib_error) << ") but, hold write on SSL connection on FD " << fd);
32f1ca3f AJ	312	checkForPeekAndSplice();
	313	return;
	314	}
	315	}
	316
	317	// else call parent noteNegotiationError to produce an error page
0166128b	318	Security::PeerConnector::noteNegotiationError(result, ssl_error, ssl_lib_error);
32f1ca3f AJ	319	}
	320
	321	void
	322	Ssl::PeekingPeerConnector::handleServerCertificate()
	323	{
	324	if (serverCertificateHandled)
	325	return;
	326
	327	if (ConnStateData *csd = request->clientConnectionManager.valid()) {
	328	const int fd = serverConnection()->fd;
ad23e748 AJ	329	Security::SessionPointer session(fd_table[fd].ssl);
	330	Security::CertPointer serverCert(SSL_get_peer_certificate(session.get()));
	331	if (!serverCert)
32f1ca3f AJ	332	return;
	333
	334	serverCertificateHandled = true;
	335
	336	// remember the server certificate for later use
	337	if (Ssl::ServerBump *serverBump = csd->serverBump()) {
35b3559c	338	serverBump->serverCert = std::move(serverCert);
32f1ca3f AJ	339	}
	340	}
	341	}
	342
	343	void
	344	Ssl::PeekingPeerConnector::serverCertificateVerified()
	345	{
	346	if (ConnStateData *csd = request->clientConnectionManager.valid()) {
	347	Security::CertPointer serverCert;
	348	if(Ssl::ServerBump *serverBump = csd->serverBump())
014a9017	349	serverCert.resetAndLock(serverBump->serverCert.get());
32f1ca3f AJ	350	else {
32f1ca3f AJ	351	const int fd = serverConnection()->fd;
ad23e748 AJ	352	Security::SessionPointer session(fd_table[fd].ssl);
ad23e748 AJ	353	serverCert.resetWithoutLocking(SSL_get_peer_certificate(session.get()));
32f1ca3f	354	}
ad23e748	355	if (serverCert) {
32f1ca3f AJ	356	csd->resetSslCommonName(Ssl::CommonHostName(serverCert.get()));
	357	debugs(83, 5, "HTTPS server CN: " << csd->sslCommonName() <<
	358	" bumped: " << *serverConnection());
	359	}
	360	}
	361	}
	362
56753478 CT	363	void
	364	Ssl::PeekingPeerConnector::tunnelInsteadOfNegotiating()
	365	{
	366	Must(callback != NULL);
	367	CbDialer dialer = dynamic_cast<CbDialer>(callback->getDialer());
	368	Must(dialer);
	369	dialer->answer().tunneled = true;
	370	debugs(83, 5, "The SSL negotiation with server aborted");
	371	}
	372