#
0992009d |
|
31-May-2023 |
Adrien Destugues <adrien.destugues@opensource.viveris.fr> |
libnetapi: remove support for old OpenSSL versions, prepare for OpenSSL 3 - Remove backported function that was needed only for old OpenSSL versions - Add compile time options to declare which version of OpenSSL API we want to use This should make it possible to build with OpenSSL 3 while keeping the old APIs available. Once the migration to OpenSSL 3 is done, we can bump the OPENSSL_API_COMPAT value to get compile time errors when using APIs that are deprecated in OpenSSL3, and rewrite all the code that needs changes. Change-Id: I606633739ed12f9698a3013989025b68478352fc Reviewed-on: https://review.haiku-os.org/c/haiku/+/6484 Tested-by: Commit checker robot <no-reply+buildbot@haiku-os.org> Reviewed-by: waddlesplash <waddlesplash@gmail.com>
|
#
60c165a5 |
|
16-Jan-2021 |
Stephan Aßmus <superstippi@gmx.de> |
BSecureSocket: Treat SSL-zero-return as B_IO_ERROR Somehow B_CANCELED doesn't seem to convey the correct meaning. Using B_IO_ERROR will also fit to the recent changes in the Package Kit and will trigger a re-try of package downloads. Change-Id: I58c4d4faa705e6519e0ff9ec7c4654a6151e5486 Reviewed-on: https://review.haiku-os.org/c/haiku/+/3635 Reviewed-by: Adrien Destugues <pulkomandy@gmail.com>
|
#
7b661b55 |
|
10-Jan-2021 |
Adrien Destugues <adrien.destugues@opensource.viveris.fr> |
BSecureSocket: fix read error handling The current documentation (https://www.openssl.org/docs/man1.1.1/man3/SSL_read.html) says that SSL_read returning 0 should be handled as an error. So, let's do that. Change-Id: I6781826ea700b6e597fd2d444fd96a1a5270c6cf Reviewed-on: https://review.haiku-os.org/c/haiku/+/3620 Reviewed-by: Stephan Aßmus <superstippi@gmx.de>
|
#
bc844514 |
|
15-Nov-2020 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
BSecureSocket: use openssl's default paths for certificates. It is confusing to use different sets of certificates for BSecureSocket based apps and ones using openssl directly. So, use the defaults in BSecureSocket. OpenSSL was modified to keep the user certificates in non-packaged so this does not change the behavior for native apps (needs openssl 1.1.1g-3) Change-Id: Ic398eec5efa9d036c3b810b7a3bb7142bdeb2d46 Reviewed-on: https://review.haiku-os.org/c/haiku/+/3394 Reviewed-by: Adrien Destugues <pulkomandy@gmail.com>
|
#
99d96cef |
|
12-Sep-2020 |
Pascal Abresch <nep@packageloss.eu> |
TLS: add user cert dir BSecureSocket currently only checks for trust anchors in the CA file, this change will add the openssl certs/ directory as a trust anchor dir. this matches the behaviour openssl has on the commandline and allows users to install their own trust anchors to verify against for TLS Change-Id: I9db5c3f3b063607e092dded3d5b141dba340a8e2 Reviewed-on: https://review.haiku-os.org/c/haiku/+/3207 Reviewed-by: Fredrik Holmqvist <fredrik.holmqvist@gmail.com>
|
#
38963e75 |
|
27-May-2020 |
Kyle Ambroff-Kao <kyle@ambroffkao.com> |
SecureSocket: Handle interrupted reads and writes If a system call performed by SSL_read is interrupted by a signal, it seems to set its error to SSL_ERROR_WANT_READ. This triggers logic added in hrev53853 which assumes the caller is doing async reads and returns B_WOULD_BLOCK. This breaks uses of BSecureSocket that do blocking reads. * Detect interrupted signal by checking for EINTR in errno. * Adding this retry loop to BScureSocket::Write as well since it can have the same problem. Resolves issue #15853. Change-Id: I8198a8496fa3a2ccee00bda87375a482a0d4ba3d Reviewed-on: https://review.haiku-os.org/c/haiku/+/2825 Reviewed-by: Adrien Destugues <pulkomandy@gmail.com>
|
#
b8aadcd2 |
|
19-Apr-2020 |
Augustin Cavalier <waddlesplash@gmail.com> |
libnetapi: Adapt to OpenSSL 1.1 API changes. Surprisingly easy: X509 was made opaque, and SSL_CTX_set_ecdh_auto was removed (it is now the default internally.)
|
#
0e280da5 |
|
08-Feb-2020 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
SecureSocket: fix non-blocking reads OpenSSL says we should retry when a non-blocking read finds no data is pending. But in that case we should not retry immediately, because the operation should be non-blocking.
|
#
8769583f |
|
03-Feb-2020 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Build fix.
|
#
3bea15ad |
|
03-Feb-2020 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
BSecureSocket: retry reads after interrupted syscalls. SSL_AUTO_RETRY does not cover this case (it only covers SSL errors, not underlying socket ones), so we still need to retry reads manually here. Fixes #14638.
|
#
a830ec9a |
|
23-Aug-2019 |
Augustin Cavalier <waddlesplash@gmail.com> |
BSecureSocket: Don't continue with an untrusted certificate by default. It has been multiple years since this comment was written; all relevant apps have added their own hooks around this, so we should now be "secure by default." Also spotted by a random Hacker News commenter.
|
#
8d63a906 |
|
23-Aug-2019 |
Augustin Cavalier <waddlesplash@gmail.com> |
BSecureSocket: Pass the hostname to the X509 layer to validate it. Now SSL certificates with the wrong hostname actually fail to validate. While I'm at it, remove the usage of BString and just check [0] directly. Spotted by a random commenter on Hacker News.
|
#
20312cfe |
|
27-Jan-2019 |
Adrien Destugues <pulkomandy@gmail.com> |
BSecureSocket: cleanup, no functional changes Change-Id: I3355067efe4c5d71f8656d244e17bb11175600eb Reviewed-on: https://review.haiku-os.org/c/910 Reviewed-by: waddlesplash <waddlesplash@gmail.com>
|
#
7dba237f |
|
05-May-2018 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
BSecureSocket: re-enable RSA cipher suite my.justenergy.com allows only RSA, so we can't connect there without this. Other websites may have a similar problem. Also improve the handling of the error, as it was giving a generic "general system error" to the user. Fixes #13975.
|
#
d1805b9a |
|
20-Nov-2017 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
BSecureSocket: use opt-out to select ciphersuites. We just want to disable known broken ones, rather than opt-in for working ones. This keeps the list of authentications shorter and is more future proof.
|
#
e1ca6769 |
|
26-Oct-2017 |
Jérôme Duval <jerome.duval@gmail.com> |
libbnetapi: style fixes only.
|
#
e62e979e |
|
03-May-2017 |
François Revol <revol@free.fr> |
Allow dumping SSL session keys on TRACE_SESSION_KEY This dumps SSL session keys to a log file specified by the SSLKEYLOGFILE environment variable. This permits decrypting SSL trafic in wireshark with a tcpdump capture for example. cf. https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites/42350#42350 https://wiki.wireshark.org/SSL#Using_the_.28Pre.29-Master-Secret https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/ Looks like we miss the required function from SSL... SSL_SESSION_print_keylog is only in 1.1.0. Also added dumping of client_random as it's required by wireshark.
|
#
ed6d3d88 |
|
31-Oct-2016 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
SecureSocket: add code to trace SSL events. Under a #define TRACE_SSL, should you need it. Also load error strings when initializing the SSL context, so we get human readable errors from SSL (also in the ser reported ones).
|
#
00a3a794 |
|
16-Jul-2016 |
Augustin Cavalier <waddlesplash@gmail.com> |
BSecureSocket: Let OpenSSL choose the most appropriate D-H curve.
|
#
b515f3b4 |
|
16-Jul-2016 |
Augustin Cavalier <waddlesplash@gmail.com> |
BSecureSocket: Print SSL error message as well as the error code. Helps with debugging failed SSL connections.
|
#
44ffe7c2 |
|
16-Jul-2016 |
Augustin Cavalier <waddlesplash@gmail.com> |
BSecureSocket: Explicitly set the list of ciphersuites. OpenSSL's default cipherlist has a lot of spurious and arguably insecure suites left in it for compatibility reasons. We have no need for all that, so let's just use the suites Firefox/Chrome do.
|
#
b39f9357 |
|
10-Jul-2016 |
Augustin Cavalier <waddlesplash@gmail.com> |
BSecureSocket: Disable SSL/TLS compression to prevent the CRIME attack. See wikipedia:CRIME (Compression-Rate Info-leak Made Easy) for details.
|
#
e1c98cea |
|
22-May-2016 |
Mark Hellegers <mark@firedisk.net> |
Add support for TLS SNI Signed-off-by: Augustin Cavalier <waddlesplash@gmail.com>
|
#
c9dd7d0d |
|
27-Apr-2016 |
Rene Gollent <rene@gollent.com> |
libbnetapi: Extend socket classes. B{Abstract,Datagram,Secure}Socket: - Add functionality to listen for and accept new connections, thus allowing one to use the socket classes for server functionality as well. BSecureSocket: - Adjust to take into account differences between how SSL needs to be called when accepting an incoming connection vs initiating an outbound one. The handshake on the accepted connection stills fails for unknown reasons at the moment though. Note that these changes break the ABI, and thus any packages making use of them directly will need a rebuild.
|
#
1f70a8df |
|
13-Nov-2015 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
SecureSocket: enable auto retry on connexion re-negociation This is required to talk with the proxy in Thalys trains. Now I'm online and I can push this!
|
#
f1c1a9df |
|
10-Nov-2015 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
SecureSocket: stubs for no-openssl version
|
#
c6149613 |
|
10-Nov-2015 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Implement CONNECT pass-through for HTTPS proxy * When using a proxy, HTTPS connexion must still go directly to the target website. The proxy can then act as a TCP stream relay and just transmit the raw SSL stream between the client and website. * For this, we ask the proxy sending an HTTP request with the CONNECT method. If the proxy supports this, we can then send anything as the payload and it will be forwarded. * Untested, as the network here in Dusseldorf doesn't let me use a proxy. ticket : #10973
|
#
d3b6b9e5 |
|
10-Nov-2015 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
BSecureSocket: use "trusted first" validation algorithm. * This makes it work with the new ca_root_certificates package. Fixes #12004.
|
#
c500331f |
|
24-Apr-2013 |
Axel Dörfler <axeld@pinc-software.de> |
BSecureSocket: prepared to do SSL error conversion. * For now, just print them to stderr; we don't really have matching error codes yet AFAICS.
|
#
fbd8b14a |
|
06-Nov-2014 |
Adrien Destugues <pulkomandy@gmail.com> |
SecureSocket: fix build without SSL.
|
#
c86ad7f9 |
|
04-Nov-2014 |
Adrien Destugues <pulkomandy@gmail.com> |
Add more features in BCertificate class * Make it possible to extract more useful data from the certificate * Also get the OpenSSL error message when a certificate can't be validated. Send it to the verification failure callback so it can be shown to the user.
|
#
1c0b6a42 |
|
15-Oct-2014 |
Adrien Destugues <pulkomandy@gmail.com> |
SecureSocket: disable SSL versions 2 and 3 There are known vulnerabilities in those. Everyone should be using TLS by now.
|
#
d10ecc2c |
|
22-Feb-2014 |
Julian Harnath <julian.harnath@rwth-aachen.de> |
Style fix: add parameter name * As pointed out by Axel.
|
#
c99d7ea4 |
|
21-Feb-2014 |
Julian Harnath <julian.harnath@rwth-aachen.de> |
Fix double-free crash in BSecureSocket when cert. verification fails * BSecureSocket::CertificateVerificationFailed() took a BCertificate instance by value as parameter. BCertificate deletes internal data in its destructor. Passing an object by value creates a copy, so the copy attempted to delete the internal data again during its destruction. This caused mail_daemon to crash here when it came across a failed certificate. * Fix: pass BCertificate object as reference.
|
#
ab390d3a |
|
17-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Style fixes and allocation checks
|
#
9e9ccf69 |
|
16-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Yet anoter noSSL build fix.
|
#
547c1486 |
|
16-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Add some missing std::nothrow ... and allocation failure checks.
|
#
b70c72a6 |
|
16-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Fix concurrency issues in BSecureSocket * Use pthread_once to initialize the SSL context once, in a thread-safe way. * Do not delete the BIO immediately when closing a connexion, instead delay this to the destructor. This makes sure the protocol loop is done running when we do that. * Instead of creating a new BIO when we reconnect an already used connection, create the BIO upfront, and reuse it with the new file descriptor. * Fix a memory leak: the SSL struct from OpenSSL was never freed, only the BIO was. Fixes #10414.
|
#
159d1fb6 |
|
15-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Style fixes, build fix with OpenSSL disabled.
|
#
4e4396fa |
|
15-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Fix build.
|
#
5ebdc799 |
|
15-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
SecureSocket: add some certificate support * Instead of creating an OpenSSL context ofor each socket, use a global one and initialize it lazily when the first SecureSocket is created * Load the certificates from our certificate list so SSL certificates sent by servers can be validated. * Add a callback for signalling that certificate validation failed, the default implementation proceeds with the connection anyway (to keep the old behavior). * Introduce BCertificate class, that provides some information about a certificate. Currently it's only used by the callback mentionned above, but it will be possible to get the leaf certificate for the connection after it's established. Review of the API and implementation is welcome, before I start making use of this in HttpRequest and WebKit to allow the user to accept new certificates.
|
#
5bdd4157 |
|
05-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
SecureSocket: avoid crash on close Deleting the BIO while it's still waiting on a read() in another thread will lead to a crash when the socket is eventually closed. Close the socket first, so the read() is unlocked, then safely delete the BIO.
|
#
02deec64 |
|
20-Jan-2013 |
Hamish Morrison <hamishm53@gmail.com> |
BSecureSocket: Read and Write should return 0 for closed sockets.
|
#
0e478f5a |
|
21-Nov-2011 |
Axel Dörfler <axeld@pinc-software.de> |
Added experimental version of a Socket API with SSL support. * Each class has a Socket() method to retrieve the underlaying file descriptor to be able to do the more advanced stuff, if necessary. * A server socket is yet missing, but the rest is pretty much covered.
|
#
c500331f6684588cd41b52dc438f9ab480b7d0ef |
|
24-Apr-2013 |
Axel Dörfler <axeld@pinc-software.de> |
BSecureSocket: prepared to do SSL error conversion. * For now, just print them to stderr; we don't really have matching error codes yet AFAICS.
|
#
fbd8b14ae7444d850a690af0b4908957a75b13c5 |
|
06-Nov-2014 |
Adrien Destugues <pulkomandy@gmail.com> |
SecureSocket: fix build without SSL.
|
#
c86ad7f93b8836113d6e40aa7972614ddbaf7e16 |
|
04-Nov-2014 |
Adrien Destugues <pulkomandy@gmail.com> |
Add more features in BCertificate class * Make it possible to extract more useful data from the certificate * Also get the OpenSSL error message when a certificate can't be validated. Send it to the verification failure callback so it can be shown to the user.
|
#
1c0b6a42930331b46d331b7e4403e887343f8624 |
|
15-Oct-2014 |
Adrien Destugues <pulkomandy@gmail.com> |
SecureSocket: disable SSL versions 2 and 3 There are known vulnerabilities in those. Everyone should be using TLS by now.
|
#
d10ecc2c41869f11dc7e5fa25f78fdeab02a7505 |
|
22-Feb-2014 |
Julian Harnath <julian.harnath@rwth-aachen.de> |
Style fix: add parameter name * As pointed out by Axel.
|
#
c99d7ea45c5e853a49308dbaa3d1e36681350768 |
|
21-Feb-2014 |
Julian Harnath <julian.harnath@rwth-aachen.de> |
Fix double-free crash in BSecureSocket when cert. verification fails * BSecureSocket::CertificateVerificationFailed() took a BCertificate instance by value as parameter. BCertificate deletes internal data in its destructor. Passing an object by value creates a copy, so the copy attempted to delete the internal data again during its destruction. This caused mail_daemon to crash here when it came across a failed certificate. * Fix: pass BCertificate object as reference.
|
#
ab390d3af3a0167584041758de25f383660c5332 |
|
17-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Style fixes and allocation checks
|
#
9e9ccf69c085c63161c8eb9b454a1cf74b627fc3 |
|
16-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Yet anoter noSSL build fix.
|
#
547c1486ff31415b89ffc4e87e3d06e933850b96 |
|
16-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Add some missing std::nothrow ... and allocation failure checks.
|
#
b70c72a692b02a4a62e527faf7d921106cd1d275 |
|
16-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Fix concurrency issues in BSecureSocket * Use pthread_once to initialize the SSL context once, in a thread-safe way. * Do not delete the BIO immediately when closing a connexion, instead delay this to the destructor. This makes sure the protocol loop is done running when we do that. * Instead of creating a new BIO when we reconnect an already used connection, create the BIO upfront, and reuse it with the new file descriptor. * Fix a memory leak: the SSL struct from OpenSSL was never freed, only the BIO was. Fixes #10414.
|
#
159d1fb69a57dfe50cafdbc9af1b9e99548e24f7 |
|
15-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Style fixes, build fix with OpenSSL disabled.
|
#
4e4396fa46cf89d55d44e07192030fa9f79ed3b7 |
|
15-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
Fix build.
|
#
5ebdc79955caf4781dfffd14b57849ce40df2117 |
|
15-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
SecureSocket: add some certificate support * Instead of creating an OpenSSL context ofor each socket, use a global one and initialize it lazily when the first SecureSocket is created * Load the certificates from our certificate list so SSL certificates sent by servers can be validated. * Add a callback for signalling that certificate validation failed, the default implementation proceeds with the connection anyway (to keep the old behavior). * Introduce BCertificate class, that provides some information about a certificate. Currently it's only used by the callback mentionned above, but it will be possible to get the leaf certificate for the connection after it's established. Review of the API and implementation is welcome, before I start making use of this in HttpRequest and WebKit to allow the user to accept new certificates.
|
#
5bdd4157d3f9823f9b50bd6846265fbd989c849b |
|
05-Jan-2014 |
Adrien Destugues <pulkomandy@pulkomandy.tk> |
SecureSocket: avoid crash on close Deleting the BIO while it's still waiting on a read() in another thread will lead to a crash when the socket is eventually closed. Close the socket first, so the read() is unlocked, then safely delete the BIO.
|
#
02deec6403705bbf3e7b90cbf547f8186a3392ff |
|
20-Jan-2013 |
Hamish Morrison <hamishm53@gmail.com> |
BSecureSocket: Read and Write should return 0 for closed sockets.
|
#
0e478f5aec9c927e74e335c03cde8a7f623ddc0b |
|
21-Nov-2011 |
Axel Dörfler <axeld@pinc-software.de> |
Added experimental version of a Socket API with SSL support. * Each class has a Socket() method to retrieve the underlaying file descriptor to be able to do the more advanced stuff, if necessary. * A server socket is yet missing, but the rest is pretty much covered.
|