Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(D)TLS fixes, especially certificate verification #128

Merged
merged 12 commits into from
Nov 5, 2024
Merged

(D)TLS fixes, especially certificate verification #128

merged 12 commits into from
Nov 5, 2024

Conversation

cgzones
Copy link
Contributor

@cgzones cgzones commented Oct 29, 2024

See individual commits for more details.

@cgzones
Fix typo
a673318
@cgzones
Split SSL verification into new source file
da7f295 
The SSL verification is used by TLS and DTLS, refactor to a separate
translation unit.
@cgzones
Drop unused BIO member from SSL managers
a896ad5
@cgzones
shared: sync TAKE_FD() from systemd
34770be 
Used version from systemd/systemd@90d5967
since the current upstream implementation via TAKE_GENERIC is not
available here.
@cgzones
Free socket on SSL failure
9595f0e 
SSL_set_fd(3) does not consume the file descriptor.
@cgzones
Avoid leaking old SSL context on reconnect
ea71812 
The SSL context is currently unconditionally created during connect,
while it is only destroyed in free. Move the initialization to init,
since the context is independent from the individual connection.
@cgzones
Use pseudo errno value instead of SSL_write() result
cd3f965 
SSL_write(3) does not set errno, but sets an internal error code.
Also check for EAGAIN cases.
@cgzones
Rework TLS pretty address handling
85b79c4 
Avoid accidental TLS verification passed in
ssl_verify_certificate_validity() due to a sockaddr_pretty() failure.
Store the prettified string instead of the raw address struct.
@cgzones
Drop SSL authentication mode NONE and use DENY as default
eb6f652 
Drop the mode NONE, since NO, DENY, WARN and ALLOW should cover all
cases.
Use DENY as default as its the most secure one, and users might expect
applications to be secure by default.  Failures are reported in the logs
and can then be exempted by choosing a different option.
@cgzones
Fix SSL verification
1ec047b 
Currently SSL verification is broken as SSL_get_verify_result(3) is not
supposed to be called in the verify callback, but afterwards.  Thus
currently the wrong error code is checked.
Re-implement the callback similar to the example from SSL_set_verify(3).
@cgzones
Add missing default configuration settings to template file
44bb86f
@cgzones
Enable BIO_ctrl() call by reordering it before transferring to SSL ob…
2664158 
…ejct
@ssahani ssahani merged commit ca76343 into systemd:main Nov 5, 2024
1 check passed
@cgzones cgzones deleted the tls branch November 5, 2024 16:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cgzones @ssahani