On Tue, Sep 11, 2018 at 06:35:17PM +0200, Yann Ylavic wrote: > On Tue, Sep 11, 2018 at 6:01 PM <jor...@apache.org> wrote: > > > > Author: jorton > > Date: Tue Sep 11 16:01:47 2018 > > New Revision: 1840585 > > > > URL: http://svn.apache.org/viewvc?rev=1840585&view=rev > > Log: > > * modules/ssl/ssl_engine_kernel.c (ssl_hook_Access_modern): Fail with > > 403 if SSL_verify_client_post_handshake() fails, e.g. when the > > TLS/1.3 client didn't send the Post-Handshake Authentication > > extension. > > There also seems to be some subtilities between SSL_VERIFY_CLIENT_ONCE > (which we use in ssl_hook_Access_modern) and > SSL_VERIFY_POST_HANDSHAKES (another openssl flag related to PHA). I'm > not sure to understand the docs for now...
Uh, I missed that. I'm not sure why _VERIFY_CLIENT_*ONCE* is set there rather than just _VERIFY_CLIENT... Stefan? This should restrict PHA to once per connection, maybe that is sensible, not sure. > Both seem to be mutually exclusive (though it's not really stated in > the doc), and possibly we don't use the right one since we call > SSL_verify_client_post_handshake() explicitely. On the other hand > SSL_VERIFY_POST_HANDSHAKES might depend on the client being PHA aware > (and/or advertised?), and if so should we detect it on the server side > to use SSL_VERIFY_POST_HANDSHAKES for the handshake? > > I'm asking, should you have more insight on those flags... I couldn't work out why SSL_VERIFY_POST_HANDSHAKE exists, but it didn't seem to make any difference in testing here. Assumed I was being stupid but I've asked in https://github.com/openssl/openssl/issues/7178 now. Regards, Joe
