[Bug 66036] New: pkcs#11: parent httpd not issuing C_Login() after graceful reload causing on-going connections to fail SSL/TLS handshake

Wed, 27 Apr 2022 09:24:04 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=66036

            Bug ID: 66036
           Summary: pkcs#11: parent httpd not issuing C_Login() after
                    graceful reload causing on-going connections to fail
                    SSL/TLS handshake
           Product: Apache httpd-2
           Version: 2.4.52
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_ssl
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

Given an Apache httpd SSL/TLS configuration with the certificate stored in a
pkcs#11 token, when renewing the certificate on the token, we reload the httpd
(i.e. apachectl -k graceful) in order to avoid killing current connections.

A minimal SSL/TLSv1.2 configuration:

<VirtualHost *:443>
ServerName www.my-server.example
SSLEngine on
SSLProtocol -all +TLSv1.2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateKeyFile
"pkcs11:model=p11ne-token;manufacturer=xyz;token=my-token;id=%01;object=my-key;type=private?pin-value=1234"
SSLCertificateFile "/run/app/httpd-cert.pem"
</VirtualHost>


Test that the server starts and works (should see Apache Hello message):

$ curl -k --tlsv1.2 https://www.my-server.example

Reload the server and check again:

$ curl -k --tlsv1.2 https://www.my-server.example
$ curl: (35) error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal
error

I've checked with the p11-kit with log-calls:yes parameter and
/var/log/httpd/error_log yields:

C_SignInit
  IN: hSession = S17
  IN: pMechanism = {
        mechanism: CKM_RSA_PKCS
        pParameter: (0) NULL
      }
  IN: hKey = H24
C_SignInit = CKR_USER_NOT_LOGGED_IN

This happens because after reload (in comparison to restart), no worker context
shall issue a C_Login() again in order to have access for C_Sign() with the
token private key. The pkcs#11 specification requires a C_Login() per each
application context for accessing the private key for signing requests.

A primitive workaround would be to issue WINCH signal for gracefully stopping
on-going connections and then restarting the sever, but this is still not as
powerful as graceful reloading the configuration as per documentation.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to