This function is used to manually establish a connection after
a call to ldap_initialize(). This is primarily so that a file
descriptor can be obtained before any requests are sent for the
purposes of polling for writability.
If TLS_CACERT pointed to a PEM file and TLS_CACERTDIR was set to NSS
certificate database, the backend assumed that the certificate is always
located in the certificate database. This assumption might be wrong.
This patch makes the library to try to load the certificate from NSS
database and fallback to PEM file if unsuccessfull.
CA certificate files in OpenSSL compatible CACERTDIR were loaded if the
file extension was '.0'. However the file name should be 8 letters long
certificate hash of the certificate subject name, followed by a numeric
suffix which is used to differentiate between two certificates with the
same subject name.
Wit this patch, certificate file names are matched correctly (using
regular expressions).
If multiple servers are specified, the connection to the first one
succeeds, and the hostname verification fails, *tls_session is not
dropped, but reused when connecting to the second server.
This is a problem with Mozilla NSS backend because another handshake
cannot be performed on the same file descriptor. From this reason,
hostname checking was moved into ldap_int_tls_connect() before
connection error handling.
The TLS configuration deliberately hid the error in case that
user specified CA locations cannot be read, by loading CAs from default
locations; and when user does not specify CA locations, the CAs from default
locations are not read at all.
This patch corrects the behaviour so that CAs from default location are used
if user does not specify a CA location, and user is informed of the error if
CAs cannot be loaded from the user specified location.
Fix NSS code to check for TLS_PROCOTOL_MIN, and then set the SSL
version range(min and max). Also updated SSL version string map
table to support up to TLSv1.3
From RFC 2782:
A client MUST attempt to contact the target host with the
lowest-numbered priority it can reach.
This patch sorts the DNS SRV records by their priority, and
additionally gives records with a larger weight a higher probability
of appearing earlier. This way, the DNS SRV records are tried in the
order of their priority.
Doc has been updated to note the default was actually 78.
The off-by-two error is fixed. Note that wrap=1 will still
output 2 columns, otherwise it can't output anything besides
the continuation character.
free(NULL) is supposed to be safe. "Portable wrapper libraries"
that fail to preserve this behavior are inherently broken.
But then again, this is Mozilla code, so that's redundant.
LDAP_CONNECTIONLESS code assumed that the size of an peer address
is equal to or smaller than sizeof (struct sockaddr).
Fix to use struct sockaddr_storage instead which is intended for
this purpose. Use getnameinfo() where appropriate so we don't
assume anything about the contents of struct sockaddr
Note: I could not test the MozNSS patch due to the absence of
NSS PEM support on my machine. Given the review comments in
https://bugzilla.mozilla.org/show_bug.cgi?id=402712 I doubt that
trustworthy PEM support will be appearing for MozNSS any time soon.
The patch unconditionally enabled DHparams, which is a significant
change of behavior. Reverting to previous behavior, which only enables
DH use if a DHparam file was configured.
If a DHParamFile or olcDHParamFile is specified, then it will be used,
otherwise a hardcoded 1024 bit parameter will be used. This allows the use of
larger parameters; previously only 512 or 1024 bit parameters would ever be
used.
If a DHParamFile or olcDHParamFile is specified then it will be loaded. This
allows use of DHE/EDH cipher suites which was previously impossible with
GnuTLS.
If a timeout is set, perform the SSL Handshake using non-blocking IO. This way
we can timeout if SSL Handshake gets stuck for whatever reason.
This code is currently hidden behind #ifdefs (LDAP_USE_NON_BLOCKING_TLS) and
disabled by default as there seem to be some problems using NON-blocking
I/O during the TLS Handshake when linking against NSS (either a bug in NSS
itself of in tls_m.c, see discussion on -devel)
This patch adds an additional parameter to ldap_int_poll() in order to indicate
if we're waiting in order to perform a read or write operation.
There are cases where the user may want to force the use of a particular
PKCS11 device to use for a given certificate. Allow the user to do this
with MozNSS by specifying the cert as "tokenname:certnickname" where
token name is the name of a token/slot in a PKCS11 device and certnickname
is the nickname of a certificate on that device.
Add a mutex in ldap_pvt_gettime(), delete the mutex comment
since it's no longer relevant (and was ignored anyway). This
could only ever affect multi-processor machines.
PEM certificates should not be referenced by nicknames, because the
nicknames are derived from basename of the cerificate file and in
general are not easy-predictable.
The code of Mozilla NSS backend depends on some aspects of PEM module
and tries to guess the nicknames correctly. In some cases the guessing
is wrong.
The buffer allocated for reading password file has to be initialized
with zeros, or we need to append zero at the end of the file. Otherwise
we might read unitialized memory and consider it to be a password.
Prior to this patch, if TLS_CACERTDIR was set to Mozilla NSS certificate
database and TLS_CACERT was set to a PEM bundle file with CA
certificates, the PEM file content was not loaded.
With this patch and the same settings, OpenLDAP can verify certificates
which are signed by CAs stored both in certdb and PEM bundle file.
Deferred TLS initialization is used with Mozilla NSS. The real
initialization takes place when the TLS context is needed for the first
time. If the initialization parameters were freed immediately after
tlsm_ctx_init was called, they were not available at the time of
deferred initialization which caused segmentation fault.
With this patch, initialization parameters are copied and stored until
the deferred initialization is finished. The parameters are freed
afterwards.
Red Hat Bugzilla: #783431
PEM nss is not thread safe when establishing the initial connection
using SSL_ForceHandshake. Create a new mutex - tlsm_pem_mutex - to
protect this function call.
The call to SSL_ConfigServerSessionIDCache() is not thread-safe - move it
to the init section and protect it with the init mutex.
Unfortunately automated checkers don't seem to read the documentation
for how APIs are expected to be used, and the C declaration syntax
isn't expressive enough to encode the documented usage.
The NSS_InitContext et. al, and their corresponding shutdown functions,
are not thread safe. There can only be one thread at a time calling
these functions. Protect the calls with a mutex. Create the mutex
using a PR_CallOnce to ensure that the mutex is only created once and
not used before created. Move the registration of the nss shutdown
callback to also use a PR_CallOnce. Removed the call to
SSL_ClearSessionCache() because it is always called at shutdown, and we must
not call it more than once.
If server certificate hostname does not match the server hostname,
connection is closed even if client has set TLS_REQCERT to 'allow'. This
is wrong - the documentation says, that bad certificates are being
ignored when TLS_REQCERT is set to 'allow'.
If the olcTLSVerifyClient is set to a value other than "never", the server
should request that the client send a client certificate for possible use
with client cert auth (e.g. SASL/EXTERNAL).
If set to "allow", if the client sends a cert, and there are problems with
it, the server will warn about problems, but will allow the SSL session to
proceed without a client cert.
If set to "try", if the client sends a cert, and there are problems with
it, the server will warn about those problems, and shutdown the SSL session.
If set to "demand" or "hard", the client must send a cert, and the server
will shutdown the SSL session if there are problems.
I added a new member of the tlsm context structure - tc_warn_only - if this
is set, tlsm_verify_cert will only warn about errors, and only if TRACE
level debug is set. This allows the server to warn but allow bad certs
if "allow" is set, and warn and fail if "try" is set.
If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails
to verify them, it will leave them allocated for the caller to dispose of.
There were a couple of places that were not disposing of the cert and key
upon error.
When server certificate is not required in a TLS session (e.g.
TLS_REQCERT is set to 'never'), ignore expired issuer certificate error
and do not terminate the connection.
In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate. This value is allocated and/or cached. We must
destroy it using CERT_DestroyCertificate.
OpenLDAP built with OpenSSL allows most any value of cacertdir - directory
is a file, directory does not contain any CA certs, directory does not
exist - users expect if they specify TLS_REQCERT=never, no matter what
the TLS_CACERTDIR setting is, TLS/SSL will just work.
TLS_CACERT, on the other hand, is a hard error. Even if TLS_REQCERT=never,
if TLS_CACERT is specified and is not a valid CA cert file, TLS/SSL will
fail. This patch makes CACERT errors hard errors, and makes CACERTDIR
errors "soft" errors. The code checks CACERT first and, even though
the function will return an error, checks CACERTDIR anyway so that if the
user sets TRACE mode they will get CACERTDIR processing messages.
