httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <shen...@opensslfoundation.com>
Subject Re: [PATCH 55593] Add "SSLServerInfoFile" directive
Date Wed, 09 Oct 2013 14:00:31 GMT
On 02/10/2013 08:35, Kaspar Brand wrote:
> On 01.10.2013 12:15, Dr Stephen Henson wrote:
>> That's just OpenSSL internals though. To handle ServerInfo properly in mod_ssl
>> IMHO you would need a new directive as there's no support for per-certificate
>> SSL_CONF commands: it wasn't intended to be used like that in its current form.
>>
>> This also runs against what IMHO is a long standing historical problem with the
>> way mod_ssl handles certificates: it hard codes the algorithms used in the
>> source. That means every new algorithm needs mod_ssl code changes to support:
>> ECC for example.
> 
> True. I guess it's a side effect of keeping private key pass phrases in
> the global SSLModConfigRec. From ssl_private.h:
> 
>> /* BIG FAT WARNING: SSLModConfigRec has unusual memory lifetime: it is
>>  * allocated out of the "process" pool and only a single such
>>  * structure is created and used for the lifetime of the process.
> [...]
>>  * This odd lifetime strategy is used so that encrypted private keys
>>  * can be decrypted once at startup and continue to be used across
>>  * subsequent server reloads where the interactive password prompt is
>>  * not possible.
> [...]
>>  * This should really be fixed using a smaller structure which only
>>  * stores that which is absolutely necessary (the private keys, maybe
>>  * the random seed), and have that structure be strictly ABI-versioned
>>  * for safety.
> 
> Whether the latter is doable without breaking backward config
> compatibility (in particular for the SSLCertificate*File directives)
> needs further examination, I guess.
> 

I'd be interested in seeing what can be done to address this. One problem I
noticed in the past is that the serialisation of keys in Apache is not algorithm
independent: you can get around that by using PKCS#8 which is supported in all
the versions of OpenSSL of interest.

Well it works for software keys. For HSM keys there are some rather thorny
issues which are trickier to handle. I don't think those are currently supported?

Are you (or is anyone else) aware of any limitations on the OpenSSL side that
prevent revision of the code to support arbitrary numbers of certificates in an
algorithm independent way?

There's one (relatively minor) one I can think of. If you set another
certificate of the same type OpenSSL silently overwrites the old one. That means
you can't currently catch configuration errors: e.g. trying to use two
certificates of the same type.

Steve.
-- 
Dr Stephen Henson. OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
+1 877-673-6775
shenson@opensslfoundation.com

Mime
View raw message