Allow per-context SNI callback (state) #5413
Comments
mpg
added
enhancement
good-first-issue
mpg
added this to Incoming Items
in OBSOLETE - SEE https://github.com/orgs/Mbed-TLS/projects/3
via automation
|
Quoting from a comment on another issue:
@gstrauss It's not immediately clear to me what the thread safety issue would be. The model I have in mind is that the SNI callback function has some state that it only reads (so it's not a problem for that state to be shared between threads), such as a list of available certificates; it goes over that list and picks a certificate then calls Also, what do you think about this:
|
For lighttpd mod_mbedtls, making the pointer itself per-ssl-context would be a sufficient improvement. Right now, I overwrite the callback each and every time I enter the handshake in order to manually provide a per-ssl-context. When the |
|
Yes, I agree that modifying I still don't think I understand why it is that you need per-context state for your SNI callback. I agree that's something that's not achievable in a safe way with the current API, but it's just not clear to me why you have this need. (Not trying to push back on adding the feature, as it's a fairly simple on, just trying to understand better how Mbed TLS is used, hopefully that will help designing future APIs better.) |
Let me try to describe the server-side flow in more detail. First, lighttpd is a server. For simplicity, assume a single listening socket. In this case, there is one While I could maintain a separate lookup table to access lighttpd hctx by file descriptor, the primary point of per-context callback data for SNI is that SNI is per-context, not per-config. This concept should be extended to all TLS extensions, since the TLS extensions apply to the connection. The reason that lighttpd does not need this for ALPN, too, is that lighttpd manually processes the entire Client Hello for TLS extensions for ALPN before mbedtls processes Client Hello. lighttpd needs to do this since mbedtls does not expect certificate selection to occur twice. Since lighttpd can not set the server certificate in both the SNI callback and the (non-existent) callback for ALPN, lighttpd parses the ALPN so that when SNI occurs, certificate selection can be made once. (FYI: for ALPN "acme-tls/1", lighttpd selects a different challenge certificate for www.example.com, rather than the already-provisioned certificate for www.example.com) Since TLS extensions may occur in any order, there is a need (on the server-side) to collect the results of the callbacks into a per-context data structure (lighttpd mod_mbedtls hctx) and then to process them at the end of the TLS Client Hello (which is another feature request in #5331). All the hoop-jumping described above is done because mbedtls does not have a callback at the end of Client Hello, from which such a callback could query the results of all of the TLS extensions and perform such things as certificate selection. An alternative suggestion to SNI per-context callback or per-context callback data, is to have a single pointer per-context which is passed as the data pointer to all TLS extension callbacks. Perhaps if this pointer is non-NULL, this is used for TLS extension callbacks rather than the data pointer registered with the per-config callback. Personally, I would love to see both per-context data for TLS extension callbacks (or a single per-context data pointer, if set, used for all TLS extension callbacks) and a new callback at the end of Client Hello (and before Server Hello) (or, equivalently, a callback at the beginning of Server Hello). |
I think I'm missing something here: couldn't you achieve the same thing by passing the same pointer to all the callbacks? But anyway I think the best solution to this particular would be to add a public user pointer to |
Where there are callbacks, that is what I do. However, I need that data to be per-context, not per-config.
Yes, that would be a useful solution, and is what some other TLS libraries do, e.g. openssl |
Good point, I'd forgotten that Mbed TLS never allocates a context internally. |
Yes! Can this issue be reworded to this solution instead of "Allow per-context SNI callback (state)"? |
|
I added a user pointer in #5426. I'm not sure this resolve this issue: I get the impression we should also add a new callback. But regardless it's generally useful and extremely cheap. |
mpg
added this to To Do
in OBSOLETE - PLEASE SEE https://github.com/orgs/Mbed-TLS/projects/2
via automation
mpg
added this to High priority 3.0 follow-up
in OBSOLETE - PLEASE SEE https://github.com/orgs/Mbed-TLS/projects/1
daverodgman
removed this from Incoming Items
in OBSOLETE - SEE https://github.com/orgs/Mbed-TLS/projects/3
daverodgman
removed this from Done
in OBSOLETE - PLEASE SEE https://github.com/orgs/Mbed-TLS/projects/2
daverodgman
removed this from High priority 3.0 follow-up
in OBSOLETE - PLEASE SEE https://github.com/orgs/Mbed-TLS/projects/1
Currently the SNI callback, and its associated state, can only be configured per-
mbedtls_ssl_config, not per-mbedtls_ssl_context. When the separation betweenconfigandcontextappeared in Mbed TLS 2.0, it was not always clear what would in practice be shared by several contexts (hence, should go in config), and what would more often be context-specific. Turns out there is interest in having per-ssl-contextspecific SNI, as originally reported in #5331It remains to be clarified whether just having a per-
ssl_contextstate pointer for the SNI callback would be enough, or if it's desirable to also make the function pointer itself per-ssl-context.In terms for API, we could add a new function
mbedtls_ssl_set_sni(), coming in addition to the existingmbedtls_ssl_conf_sni()which wouldn't be deprecated. The SNI callback would be taken from thessl_contextif set there, or from thessl_configotherwise.The text was updated successfully, but these errors were encountered: