Fix TLS session resumption via IDs when Mutual TLS is used

This commit fixes TLS session resumption via session IDs when client certificates are used. To do so it makes sure that session ID contexts are set within server TLS contexts. See OpenSSL documentation for 'SSL_CTX_set_session_id_context()', the "Warnings" section. (cherry picked from commit 837fef78b1)
2022-12-09 18:44:01 +02:00
parent 605e714438
commit 5de938c6cf
3 changed files with 44 additions and 0 deletions
--- a/lib/isc/include/isc/tls.h
+++ b/lib/isc/include/isc/tls.h
@@ -562,3 +562,23 @@ isc_tlsctx_cache_find(
 *		'pstore' still might get initialised as there is one to many
 *		relation between stores and contexts.
 */
+
+void
+isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx);
+/*%<
+ * Set context within which session can be reused to a randomly
+ * generated value. This one is used for TLS session resumption using
+ * session IDs. See OpenSSL documentation for
+ * 'SSL_CTX_set_session_id_context()'.
+ *
+ * It might be worth noting that usually session ID contexts are kept
+ * static for an application and particular certificate
+ * combination. However, for the cases when exporting server side TLS
+ * session cache to/loading from external memory is not required, we
+ * might use random IDs just fine. See,
+ * e.g. 'ngx_ssl_session_id_context()' in NGINX for an example of how
+ * a session ID might be obtained.
+ *
+ * Requires:
+ *\li   'ctx' - a valid non-NULL pointer;
+ */
--- a/lib/isc/tls.c
+++ b/lib/isc/tls.c
@@ -1654,3 +1654,16 @@ isc_tlsctx_client_session_cache_getctx(
 	REQUIRE(VALID_TLSCTX_CLIENT_SESSION_CACHE(cache));
 	return (cache->ctx);
 }
+
+void
+isc_tlsctx_set_random_session_id_context(isc_tlsctx_t *ctx) {
+	uint8_t session_id_ctx[SSL_MAX_SID_CTX_LENGTH] = { 0 };
+	const size_t len = ISC_MIN(20, sizeof(session_id_ctx));
+
+	REQUIRE(ctx != NULL);
+
+	RUNTIME_CHECK(RAND_bytes(session_id_ctx, len) == 1);
+
+	RUNTIME_CHECK(
+		SSL_CTX_set_session_id_context(ctx, session_id_ctx, len) == 1);
+}
--- a/lib/ns/listenlist.c
+++ b/lib/ns/listenlist.c
@@ -64,6 +64,17 @@ listenelt_create(isc_mem_t *mctx, in_port_t port, isc_dscp_t dscp,
 				goto tls_error;
 			}

+			/*
+			 * We need to initialise session ID context to make TLS
+			 * session resumption work correctly - in particular in
+			 * the case when client certificates are used (Mutual
+			 * TLS) - otherwise resumption attempts will lead to
+			 * handshake failures. See OpenSSL documentation for
+			 * 'SSL_CTX_set_session_id_context()', the "Warnings"
+			 * section.
+			 */
+			isc_tlsctx_set_random_session_id_context(sslctx);
+
 			/*
 			 * If CA-bundle file is specified - enable client
 			 * certificates validation.