1 /*-------------------------------------------------------------------------
4 * functions related to setting up a secure connection to the frontend.
5 * Secure connections are expected to provide confidentiality,
6 * message integrity and endpoint authentication.
9 * Portions Copyright (c) 1996-2010, PostgreSQL Global Development Group
10 * Portions Copyright (c) 1994, Regents of the University of California
14 * $PostgreSQL: pgsql/src/backend/libpq/be-secure.c,v 1.98 2010/02/25 13:26:15 mha Exp $
16 * Since the server static private key ($DataDir/server.key)
17 * will normally be stored unencrypted so that the database
18 * backend can restart automatically, it is important that
19 * we select an algorithm that continues to provide confidentiality
20 * even if the attacker has the server's private key. Empheral
21 * DH (EDH) keys provide this, and in fact provide Perfect Forward
22 * Secrecy (PFS) except for situations where the session can
23 * be hijacked during a periodic handshake/renegotiation.
24 * Even that backdoor can be closed if client certificates
25 * are used (since the imposter will be unable to successfully
26 * complete renegotiation).
28 * N.B., the static private key should still be protected to
29 * the largest extent possible, to minimize the risk of
32 * Another benefit of EDH is that it allows the backend and
33 * clients to use DSA keys. DSA keys can only provide digital
34 * signatures, not encryption, and are often acceptable in
35 * jurisdictions where RSA keys are unacceptable.
37 * The downside to EDH is that it makes it impossible to
38 * use ssldump(1) if there's a problem establishing an SSL
39 * session. In this case you'll need to temporarily disable
40 * EDH by commenting out the callback.
44 * Because the risk of cryptanalysis increases as large
45 * amounts of data are sent with the same session key, the
46 * session keys are periodically renegotiated.
48 *-------------------------------------------------------------------------
57 #include <sys/socket.h>
60 #include <netinet/in.h>
61 #ifdef HAVE_NETINET_TCP_H
62 #include <netinet/tcp.h>
63 #include <arpa/inet.h>
67 #include <openssl/ssl.h>
68 #include <openssl/dh.h>
69 #if SSLEAY_VERSION_NUMBER >= 0x0907000L
70 #include <openssl/conf.h>
74 #include "libpq/libpq.h"
75 #include "tcop/tcopprot.h"
80 #define ROOT_CERT_FILE "root.crt"
81 #define ROOT_CRL_FILE "root.crl"
82 #define SERVER_CERT_FILE "server.crt"
83 #define SERVER_PRIVATE_KEY_FILE "server.key"
85 static DH *load_dh_file(int keylength);
86 static DH *load_dh_buffer(const char *, size_t);
87 static DH *tmp_dh_cb(SSL *s, int is_export, int keylength);
88 static int verify_cb(int, X509_STORE_CTX *);
89 static void info_cb(const SSL *ssl, int type, int args);
90 static void initialize_SSL(void);
91 static int open_server_SSL(Port *);
92 static void close_SSL(Port *);
93 static const char *SSLerrmessage(void);
97 * How much data can be sent across a secure connection
98 * (total in both directions) before we require renegotiation.
99 * Set to 0 to disable renegotiation completely.
101 int ssl_renegotiation_limit;
104 static SSL_CTX *SSL_context = NULL;
105 static bool ssl_loaded_verify_locations = false;
107 /* GUC variable controlling SSL cipher list */
108 char *SSLCipherSuites = NULL;
111 /* ------------------------------------------------------------ */
112 /* Hardcoded values */
113 /* ------------------------------------------------------------ */
116 * Hardcoded DH parameters, used in empheral DH keying.
117 * As discussed above, EDH protects the confidentiality of
118 * sessions even if the static private key is compromised,
119 * so we are *highly* motivated to ensure that we can use
120 * EDH even if the DBA... or an attacker... deletes the
121 * $DataDir/dh*.pem files.
123 * We could refuse SSL connections unless a good DH parameter
124 * file exists, but some clients may quietly renegotiate an
125 * unsecured connection without fully informing the user.
128 * Alternatively, the backend could attempt to load these files
129 * on startup if SSL is enabled - and refuse to start if any
130 * do not exist - but this would tend to piss off DBAs.
132 * If you want to create your own hardcoded DH parameters
133 * for fun and profit, review "Assigned Number for SKIP
134 * Protocols" (http://www.skip-vpn.org/spec/numbers.html)
139 static const char file_dh512[] =
140 "-----BEGIN DH PARAMETERS-----\n\
141 MEYCQQD1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWak\n\
142 XUGfnHy9iUsiGSa6q6Jew1XpKgVfAgEC\n\
143 -----END DH PARAMETERS-----\n";
145 static const char file_dh1024[] =
146 "-----BEGIN DH PARAMETERS-----\n\
147 MIGHAoGBAPSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsY\n\
148 jY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6\n\
149 ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpL3jHAgEC\n\
150 -----END DH PARAMETERS-----\n";
152 static const char file_dh2048[] =
153 "-----BEGIN DH PARAMETERS-----\n\
154 MIIBCAKCAQEA9kJXtwh/CBdyorrWqULzBej5UxE5T7bxbrlLOCDaAadWoxTpj0BV\n\
155 89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJPPT2N286Z4VeSWc39uK50\n\
156 T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrUGvC/RgBYK+X0iP1YTknb\n\
157 zSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVbGI2Ou1WMuF040zT9fBdX\n\
158 Q6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcpesqVDNmWn6vQClCbAkbT\n\
159 CD1mpF1Bn5x8vYlLIhkmuquiXsNV6TILOwIBAg==\n\
160 -----END DH PARAMETERS-----\n";
162 static const char file_dh4096[] =
163 "-----BEGIN DH PARAMETERS-----\n\
164 MIICCAKCAgEA+hRyUsFN4VpJ1O8JLcCo/VWr19k3BCgJ4uk+d+KhehjdRqNDNyOQ\n\
165 l/MOyQNQfWXPeGKmOmIig6Ev/nm6Nf9Z2B1h3R4hExf+zTiHnvVPeRBhjdQi81rt\n\
166 Xeoh6TNrSBIKIHfUJWBh3va0TxxjQIs6IZOLeVNRLMqzeylWqMf49HsIXqbcokUS\n\
167 Vt1BkvLdW48j8PPv5DsKRN3tloTxqDJGo9tKvj1Fuk74A+Xda1kNhB7KFlqMyN98\n\
168 VETEJ6c7KpfOo30mnK30wqw3S8OtaIR/maYX72tGOno2ehFDkq3pnPtEbD2CScxc\n\
169 alJC+EL7RPk5c/tgeTvCngvc1KZn92Y//EI7G9tPZtylj2b56sHtMftIoYJ9+ODM\n\
170 sccD5Piz/rejE3Ome8EOOceUSCYAhXn8b3qvxVI1ddd1pED6FHRhFvLrZxFvBEM9\n\
171 ERRMp5QqOaHJkM+Dxv8Cj6MqrCbfC4u+ZErxodzuusgDgvZiLF22uxMZbobFWyte\n\
172 OvOzKGtwcTqO/1wV5gKkzu1ZVswVUQd5Gg8lJicwqRWyyNRczDDoG9jVDxmogKTH\n\
173 AaqLulO7R8Ifa1SwF2DteSGVtgWEN8gDpN3RBmmPTDngyF2DHb5qmpnznwtFKdTL\n\
174 KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=\n\
175 -----END DH PARAMETERS-----\n";
178 /* ------------------------------------------------------------ */
179 /* Procedures common to all secure sessions */
180 /* ------------------------------------------------------------ */
183 * Initialize global context
186 secure_initialize(void)
196 * Indicate if we have loaded the root CA store to verify certificates
199 secure_loaded_verify_locations(void)
202 return ssl_loaded_verify_locations;
209 * Attempt to negotiate secure session.
212 secure_open_server(Port *port)
217 r = open_server_SSL(port);
224 * Close secure session.
227 secure_close(Port *port)
236 * Read data from a secure connection.
239 secure_read(Port *port, void *ptr, size_t len)
250 n = SSL_read(port->ssl, ptr, len);
251 err = SSL_get_error(port->ssl, n);
257 case SSL_ERROR_WANT_READ:
258 case SSL_ERROR_WANT_WRITE:
266 pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
267 (err == SSL_ERROR_WANT_READ) ?
268 FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE,
272 case SSL_ERROR_SYSCALL:
273 /* leave it to caller to ereport the value of errno */
282 (errcode(ERRCODE_PROTOCOL_VIOLATION),
283 errmsg("SSL error: %s", SSLerrmessage())));
285 case SSL_ERROR_ZERO_RETURN:
291 (errcode(ERRCODE_PROTOCOL_VIOLATION),
292 errmsg("unrecognized SSL error code: %d",
301 prepare_for_client_read();
303 n = recv(port->sock, ptr, len, 0);
312 * Write data to a secure connection.
315 secure_write(Port *port, void *ptr, size_t len)
324 if (ssl_renegotiation_limit && port->count > ssl_renegotiation_limit * 1024L)
326 SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
327 sizeof(SSL_context));
328 if (SSL_renegotiate(port->ssl) <= 0)
330 (errcode(ERRCODE_PROTOCOL_VIOLATION),
331 errmsg("SSL renegotiation failure")));
332 if (SSL_do_handshake(port->ssl) <= 0)
334 (errcode(ERRCODE_PROTOCOL_VIOLATION),
335 errmsg("SSL renegotiation failure")));
336 if (port->ssl->state != SSL_ST_OK)
338 (errcode(ERRCODE_PROTOCOL_VIOLATION),
339 errmsg("SSL failed to send renegotiation request")));
340 port->ssl->state |= SSL_ST_ACCEPT;
341 SSL_do_handshake(port->ssl);
342 if (port->ssl->state != SSL_ST_OK)
344 (errcode(ERRCODE_PROTOCOL_VIOLATION),
345 errmsg("SSL renegotiation failure")));
351 n = SSL_write(port->ssl, ptr, len);
352 err = SSL_get_error(port->ssl, n);
358 case SSL_ERROR_WANT_READ:
359 case SSL_ERROR_WANT_WRITE:
361 pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
362 (err == SSL_ERROR_WANT_READ) ?
363 FD_READ | FD_CLOSE : FD_WRITE | FD_CLOSE,
367 case SSL_ERROR_SYSCALL:
368 /* leave it to caller to ereport the value of errno */
377 (errcode(ERRCODE_PROTOCOL_VIOLATION),
378 errmsg("SSL error: %s", SSLerrmessage())));
380 case SSL_ERROR_ZERO_RETURN:
386 (errcode(ERRCODE_PROTOCOL_VIOLATION),
387 errmsg("unrecognized SSL error code: %d",
395 n = send(port->sock, ptr, len, 0);
400 /* ------------------------------------------------------------ */
401 /* SSL specific code */
402 /* ------------------------------------------------------------ */
406 * Private substitute BIO: this does the sending and receiving using send() and
407 * recv() instead. This is so that we can enable and disable interrupts
408 * just while calling recv(). We cannot have interrupts occurring while
409 * the bulk of openssl runs, because it uses malloc() and possibly other
410 * non-reentrant libc facilities. We also need to call send() and recv()
411 * directly so it gets passed through the socket/signals layer on Win32.
413 * They are closely modelled on the original socket implementations in OpenSSL.
417 static bool my_bio_initialized = false;
418 static BIO_METHOD my_bio_methods;
421 my_sock_read(BIO *h, char *buf, int size)
425 prepare_for_client_read();
429 res = recv(h->num, buf, size, 0);
430 BIO_clear_retry_flags(h);
433 /* If we were interrupted, tell caller to retry */
436 BIO_set_retry_read(h);
447 my_sock_write(BIO *h, const char *buf, int size)
451 res = send(h->num, buf, size, 0);
456 BIO_set_retry_write(h);
464 my_BIO_s_socket(void)
466 if (!my_bio_initialized)
468 memcpy(&my_bio_methods, BIO_s_socket(), sizeof(BIO_METHOD));
469 my_bio_methods.bread = my_sock_read;
470 my_bio_methods.bwrite = my_sock_write;
471 my_bio_initialized = true;
473 return &my_bio_methods;
476 /* This should exactly match openssl's SSL_set_fd except for using my BIO */
478 my_SSL_set_fd(SSL *s, int fd)
483 bio = BIO_new(my_BIO_s_socket());
487 SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
490 BIO_set_fd(bio, fd, BIO_NOCLOSE);
491 SSL_set_bio(s, bio, bio);
498 * Load precomputed DH parameters.
500 * To prevent "downgrade" attacks, we perform a number of checks
501 * to verify that the DBA-generated DH parameters file contains
502 * what we expect it to contain.
505 load_dh_file(int keylength)
508 char fnbuf[MAXPGPATH];
512 /* attempt to open file. It's not an error if it doesn't exist. */
513 snprintf(fnbuf, sizeof(fnbuf), "dh%d.pem", keylength);
514 if ((fp = fopen(fnbuf, "r")) == NULL)
517 /* flock(fileno(fp), LOCK_SH); */
518 dh = PEM_read_DHparams(fp, NULL, NULL, NULL);
519 /* flock(fileno(fp), LOCK_UN); */
522 /* is the prime the correct size? */
523 if (dh != NULL && 8 * DH_size(dh) < keylength)
525 elog(LOG, "DH errors (%s): %d bits expected, %d bits found",
526 fnbuf, keylength, 8 * DH_size(dh));
530 /* make sure the DH parameters are usable */
533 if (DH_check(dh, &codes) == 0)
535 elog(LOG, "DH_check error (%s): %s", fnbuf, SSLerrmessage());
538 if (codes & DH_CHECK_P_NOT_PRIME)
540 elog(LOG, "DH error (%s): p is not prime", fnbuf);
543 if ((codes & DH_NOT_SUITABLE_GENERATOR) &&
544 (codes & DH_CHECK_P_NOT_SAFE_PRIME))
547 "DH error (%s): neither suitable generator or safe prime",
557 * Load hardcoded DH parameters.
559 * To prevent problems if the DH parameters files don't even
560 * exist, we can load DH parameters hardcoded into this file.
563 load_dh_buffer(const char *buffer, size_t len)
568 bio = BIO_new_mem_buf((char *) buffer, len);
571 dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
574 (errmsg_internal("DH load buffer: %s",
582 * Generate an empheral DH key. Because this can take a long
583 * time to compute, we can use precomputed parameters of the
586 * Since few sites will bother to precompute these parameter
587 * files, we also provide a fallback to the parameters provided
588 * by the OpenSSL project.
590 * These values can be static (once loaded or computed) since
591 * the OpenSSL library can efficiently generate random keys from
592 * the information provided.
595 tmp_dh_cb(SSL *s, int is_export, int keylength)
598 static DH *dh = NULL;
599 static DH *dh512 = NULL;
600 static DH *dh1024 = NULL;
601 static DH *dh2048 = NULL;
602 static DH *dh4096 = NULL;
608 dh512 = load_dh_file(keylength);
610 dh512 = load_dh_buffer(file_dh512, sizeof file_dh512);
616 dh1024 = load_dh_file(keylength);
618 dh1024 = load_dh_buffer(file_dh1024, sizeof file_dh1024);
624 dh2048 = load_dh_file(keylength);
626 dh2048 = load_dh_buffer(file_dh2048, sizeof file_dh2048);
632 dh4096 = load_dh_file(keylength);
634 dh4096 = load_dh_buffer(file_dh4096, sizeof file_dh4096);
640 dh = load_dh_file(keylength);
644 /* this may take a long time, but it may be necessary... */
645 if (r == NULL || 8 * DH_size(r) < keylength)
648 (errmsg_internal("DH: generating parameters (%d bits)....",
650 r = DH_generate_parameters(keylength, DH_GENERATOR_2, NULL, NULL);
657 * Certificate verification callback
659 * This callback allows us to log intermediate problems during
660 * verification, but for now we'll see if the final error message
661 * contains enough information.
663 * This callback also allows us to override the default acceptance
664 * criteria (e.g., accepting self-signed or expired certs), but
665 * for now we accept the default checks.
668 verify_cb(int ok, X509_STORE_CTX *ctx)
674 * This callback is used to copy SSL information messages
675 * into the PostgreSQL log.
678 info_cb(const SSL *ssl, int type, int args)
682 case SSL_CB_HANDSHAKE_START:
684 (errmsg_internal("SSL: handshake start")));
686 case SSL_CB_HANDSHAKE_DONE:
688 (errmsg_internal("SSL: handshake done")));
690 case SSL_CB_ACCEPT_LOOP:
692 (errmsg_internal("SSL: accept loop")));
694 case SSL_CB_ACCEPT_EXIT:
696 (errmsg_internal("SSL: accept exit (%d)", args)));
698 case SSL_CB_CONNECT_LOOP:
700 (errmsg_internal("SSL: connect loop")));
702 case SSL_CB_CONNECT_EXIT:
704 (errmsg_internal("SSL: connect exit (%d)", args)));
706 case SSL_CB_READ_ALERT:
708 (errmsg_internal("SSL: read alert (0x%04x)", args)));
710 case SSL_CB_WRITE_ALERT:
712 (errmsg_internal("SSL: write alert (0x%04x)", args)));
718 * Initialize global SSL context.
727 #if SSLEAY_VERSION_NUMBER >= 0x0907000L
728 OPENSSL_config(NULL);
731 SSL_load_error_strings();
732 SSL_context = SSL_CTX_new(SSLv23_method());
735 (errmsg("could not create SSL context: %s",
739 * Load and verify certificate and private key
741 if (SSL_CTX_use_certificate_chain_file(SSL_context,
742 SERVER_CERT_FILE) != 1)
744 (errcode(ERRCODE_CONFIG_FILE_ERROR),
745 errmsg("could not load server certificate file \"%s\": %s",
746 SERVER_CERT_FILE, SSLerrmessage())));
748 if (stat(SERVER_PRIVATE_KEY_FILE, &buf) != 0)
750 (errcode_for_file_access(),
751 errmsg("could not access private key file \"%s\": %m",
752 SERVER_PRIVATE_KEY_FILE)));
755 * Require no public access to key file.
757 * XXX temporarily suppress check when on Windows, because there may
758 * not be proper support for Unix-y file permissions. Need to think
759 * of a reasonable check to apply on Windows. (See also the data
760 * directory permission check in postmaster.c)
762 #if !defined(WIN32) && !defined(__CYGWIN__)
763 if (!S_ISREG(buf.st_mode) || buf.st_mode & (S_IRWXG | S_IRWXO))
765 (errcode(ERRCODE_CONFIG_FILE_ERROR),
766 errmsg("private key file \"%s\" has group or world access",
767 SERVER_PRIVATE_KEY_FILE),
768 errdetail("Permissions should be u=rw (0600) or less.")));
771 if (SSL_CTX_use_PrivateKey_file(SSL_context,
772 SERVER_PRIVATE_KEY_FILE,
773 SSL_FILETYPE_PEM) != 1)
775 (errmsg("could not load private key file \"%s\": %s",
776 SERVER_PRIVATE_KEY_FILE, SSLerrmessage())));
778 if (SSL_CTX_check_private_key(SSL_context) != 1)
780 (errmsg("check of private key failed: %s",
784 /* set up empheral DH keys */
785 SSL_CTX_set_tmp_dh_callback(SSL_context, tmp_dh_cb);
786 SSL_CTX_set_options(SSL_context, SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2);
788 /* setup the allowed cipher list */
789 if (SSL_CTX_set_cipher_list(SSL_context, SSLCipherSuites) != 1)
790 elog(FATAL, "could not set the cipher list (no valid ciphers available)");
793 * Attempt to load CA store, so we can verify client certificates if
796 if (access(ROOT_CERT_FILE, R_OK))
798 ssl_loaded_verify_locations = false;
801 * If root certificate file simply not found. Don't log an error here,
802 * because it's quite likely the user isn't planning on using client
803 * certificates. If we can't access it for other reasons, it is an
809 (errmsg("could not access root certificate file \"%s\": %m",
813 else if (SSL_CTX_load_verify_locations(SSL_context, ROOT_CERT_FILE, NULL) != 1)
816 * File was there, but we could not load it. This means the file is
817 * somehow broken, and we cannot do verification at all - so abort
820 ssl_loaded_verify_locations = false;
822 (errmsg("could not load root certificate file \"%s\": %s",
823 ROOT_CERT_FILE, SSLerrmessage())));
828 * Check the Certificate Revocation List (CRL) if file exists.
829 * http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci803160,
832 X509_STORE *cvstore = SSL_CTX_get_cert_store(SSL_context);
836 /* Set the flags to check against the complete CRL chain */
837 if (X509_STORE_load_locations(cvstore, ROOT_CRL_FILE, NULL) == 1)
838 /* OpenSSL 0.96 does not support X509_V_FLAG_CRL_CHECK */
839 #ifdef X509_V_FLAG_CRL_CHECK
840 X509_STORE_set_flags(cvstore,
841 X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
844 (errmsg("SSL certificate revocation list file \"%s\" ignored",
846 errdetail("SSL library does not support certificate revocation lists.")));
850 /* Not fatal - we do not require CRL */
852 (errmsg("SSL certificate revocation list file \"%s\" not found, skipping: %s",
853 ROOT_CRL_FILE, SSLerrmessage()),
854 errdetail("Certificates will not be checked against revocation list.")));
858 * Always ask for SSL client cert, but don't fail if it's not
859 * presented. We'll fail later in this case, based on what we find
862 SSL_CTX_set_verify(SSL_context,
864 SSL_VERIFY_CLIENT_ONCE),
867 ssl_loaded_verify_locations = true;
873 * Attempt to negotiate SSL connection.
876 open_server_SSL(Port *port)
884 if (!(port->ssl = SSL_new(SSL_context)))
887 (errcode(ERRCODE_PROTOCOL_VIOLATION),
888 errmsg("could not initialize SSL connection: %s",
893 if (!my_SSL_set_fd(port->ssl, port->sock))
896 (errcode(ERRCODE_PROTOCOL_VIOLATION),
897 errmsg("could not set SSL socket: %s",
904 r = SSL_accept(port->ssl);
907 err = SSL_get_error(port->ssl, r);
910 case SSL_ERROR_WANT_READ:
911 case SSL_ERROR_WANT_WRITE:
913 pgwin32_waitforsinglesocket(SSL_get_fd(port->ssl),
914 (err == SSL_ERROR_WANT_READ) ?
915 FD_READ | FD_CLOSE | FD_ACCEPT : FD_WRITE | FD_CLOSE,
919 case SSL_ERROR_SYSCALL:
922 (errcode_for_socket_access(),
923 errmsg("could not accept SSL connection: %m")));
926 (errcode(ERRCODE_PROTOCOL_VIOLATION),
927 errmsg("could not accept SSL connection: EOF detected")));
931 (errcode(ERRCODE_PROTOCOL_VIOLATION),
932 errmsg("could not accept SSL connection: %s",
935 case SSL_ERROR_ZERO_RETURN:
937 (errcode(ERRCODE_PROTOCOL_VIOLATION),
938 errmsg("could not accept SSL connection: EOF detected")));
942 (errcode(ERRCODE_PROTOCOL_VIOLATION),
943 errmsg("unrecognized SSL error code: %d",
953 /* get client certificate, if available. */
954 port->peer = SSL_get_peer_certificate(port->ssl);
955 if (port->peer == NULL)
957 strlcpy(port->peer_dn, "(anonymous)", sizeof(port->peer_dn));
958 strlcpy(port->peer_cn, "(anonymous)", sizeof(port->peer_cn));
962 X509_NAME_oneline(X509_get_subject_name(port->peer),
963 port->peer_dn, sizeof(port->peer_dn));
964 port->peer_dn[sizeof(port->peer_dn) - 1] = '\0';
965 r = X509_NAME_get_text_by_NID(X509_get_subject_name(port->peer),
966 NID_commonName, port->peer_cn, sizeof(port->peer_cn));
967 port->peer_cn[sizeof(port->peer_cn) - 1] = '\0';
970 /* Unable to get the CN, set it to blank so it can't be used */
971 port->peer_cn[0] = '\0';
976 * Reject embedded NULLs in certificate common name to prevent attacks like
979 if (r != strlen(port->peer_cn))
982 (errcode(ERRCODE_PROTOCOL_VIOLATION),
983 errmsg("SSL certificate's common name contains embedded null")));
990 (errmsg("SSL connection from \"%s\"", port->peer_cn)));
992 /* set up debugging/info callback */
993 SSL_CTX_set_info_callback(SSL_context, info_cb);
999 * Close SSL connection.
1002 close_SSL(Port *port)
1006 SSL_shutdown(port->ssl);
1007 SSL_free(port->ssl);
1013 X509_free(port->peer);
1019 * Obtain reason string for last SSL error
1021 * Some caution is needed here since ERR_reason_error_string will
1022 * return NULL if it doesn't recognize the error code. We don't
1023 * want to return NULL ever.
1028 unsigned long errcode;
1029 const char *errreason;
1030 static char errbuf[32];
1032 errcode = ERR_get_error();
1034 return _("no SSL error reported");
1035 errreason = ERR_reason_error_string(errcode);
1036 if (errreason != NULL)
1038 snprintf(errbuf, sizeof(errbuf), _("SSL error code %lu"), errcode);
1042 #endif /* USE_SSL */