It is rarely needed and imposes a light DoS risk. LibreSSL's libssl
allows to turn it off with a simple SSL_OP_NO_CLIENT_RENEGOTIATION
option instead of the complicated implementation that was used before.
It now turns it off completely instead of allowing one initial
client-initiated renegotiation.
It can still be enabled with "tls client-renegotiation".
ok benno@ beck@ jsing@
This replaces log_verbose() and "extern int verbose" with the two functions
log_setverbose() and log_getverbose().
Pointed out by benno@
OK krw@ eric@ gilles@ (OK gilles@ for the snmpd bits as well)
relayd_config". This way we can send all the relevant global
configuration to the children, not just the flags and the opts.
With input from and
OK claudio@ benno@
nature of relayd) to tls session tickets to do TLS session resumption.
TLS session tickets do not need to store SSL session data in the server but
instead send an encrypted ticket to the clients that allows to resume the
session. This is mostly stateless (apart from the encryption keys).
relayd now ensures that all relay processes use the same key to encrypt
the tickets. Keys are rotated every 2h and there is a primary and backup key.
The tls session timeout is set to 2h to hint to the clients how long the
session tickets is supposed to be alive.
Input and OK benno@, reyk@
with a hash generated from different data and calculate modulo
rlt->rlt_nhosts to find the host the session should go to. If this
host is down, the current algorithm simply selects the next host that
is up, obviously not ideal, because this puts heavier load on this
next host.
this changes the algorithm: if the chosen host is not available, the
hash value is recalculated and and retried until a host that is usable
is found or a maximum of retires is reached (in that case the old
method is used).
ok and nice input on my original idea bluhm@
so add a shortcut proc_compose*() that skips all of them. Only use the
full argument list if needed. The functions with full argument lists can
eventually be replaced with a nicer transaction-based approach later.
OK benno@
we would consume large ammounts of memory.
Found by Matthew Martin <matt DOT a DOT martin AT gmail DOT com> in
httpd, fixed in httpd by florian@
feedback from florian, reyk and bluhm, ok bluhm, reyk
to better track the connection state of a session and stops doing double
opens in certain situations using http relays. Using a state field to
simplify the logic since relay_connect() is called multiple times.
OK benno@, bluhm@ and running in production for more than a week
client or server writes multiple requests or chunks in a single
transfer, relayd invokes the libevent callback manually for the
next data. If the callback closes the session, this resulted in
an use after free.
Instead of the more complicated fix suggested by Bertrand PROVOST,
just move the invocation of the callback to the end of the function.
So in case the callback frees any structures, they are not accessed.
OK benno@ reyk@
parsig the HTTP header, the session was never destroyed. This
resulted in a file descriptor leak.
Add a check wether the protocol knows how much data to expect. If
relayd is reading unlimited data or is expecting nothing to read,
ignore the end-of-file. Otherwise it is a protocol violation, so
close the session immediately.
While there, make relayd compile with DEBUG defined.
Based on a diff from claudio@; tested by claudio@; OK claudio@ benno@
the internal and long-serving ssl_ctx_load_verify_memory() function
with a call to the SSL_CTX_load_verify_mem() API function. The
ssl_privsep.c file with hacks for using OpenSSL in privsep'ed
processes can now go away; portable versions of smtpd and relayd
should start depending on LibreSSL or they have to carry ssl_privsep.c
in openbsd-compat to work with legacy OpenSSL. No functional change.
Based on previous discussions with gilles@ bluhm@ and many others
OK bluhm@ (as part of the libcrypto/libssl/libtls diff)
is no need to keep a local copy in ssl_privsep.c. This adds a little
burden on OpenSMTPD-portable because it will have to put it in
openbsd-compat for compatibility with legacy OpenSSL.
OK gilles@
using the name of relayd relay or smtpd pki, use a 32 byte arc4random
buffer that should be unique for the context. This fixes an issue in
OpenSMTPD when a long pki name could break the configuration.
OK gilles@ benno@
loadbalance and hash modes use a random key by default that can be
forced to be a static key with a new configuration argument.
With input from Max Fillinger.
ok tedu@
effectively disabled support for the SSL protocols. SSL remains a
common term describing SSL/TLS, there is some controvery about this
change, and the name really doesn't matter, but I feel confident about
it now.
(btw., sthen@ pointed out some historical context:
http://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html)
OK benno@, with input from tedu@
SSL_OP_NO_SSLv2 in case you happen to be running relayd on another platform
with another SSL library). Also fix the SSLv3 handling so that 'no sslv3'
actually works as intended.
ok reyk@
work done by andre@
Re-add a randomized hash seed (which had apparently
gotten inadvertently removed in the past).
Allows for multiple relayd instances to be configured
to forward traffic to the same host, falling back to
the random seed when not explicitly configured to do so.
ok reyk@
the other direction, the timeouts did not work. They were longer
than specified. Link the splicing and non-splicing timeouts.
Found by make run-regress-args-timeout-http.pl
OK reyk@
clients. Additionally, add options for disallowing client-initiated
renegotiations and to prefer the server's cipher list over the
client's preferences.
This work is based on a diff by Markus Gebert at hostpoint.ch, and was
discussed with jsing@ resulting in a few different defaults.
ok benno@
language. The grammar is inspired by pf and allows to write versatile
last-matching filter rules in protocol sections starting with the
"pass", "block" or "match" keywords. This work was started almost two
years ago and replaces large parts of relayd(8)'s HTTP and filtering
code. The initial version reimplements and extends HTTP filtering,
but will be improved to support generic TCP and other protocols later.
With some testing, feedback, and help from benno@ and andre@.
OK benno@
