CMP: fix flag indicating the use of SSL/TLS for client-side HTTP connections

[DDvO]

• CMP: fix OSSL_CMP_MSG_http_perform() by adding option OSSL_CMP_OPT_USE_TLS
• OSSL_CMP_CTX_new.pod: remove overlap with OSSL_HTTP_transfer.pod; improve the latter
• apps/cmp.c: -tls_used may be implied by -server https:...; improve related checks and doc

Fixes #21120

Checklist

• documentation is added or updated
• tests are added or updated

[DDvO]

The two CI failures are unrelated.

[t8m]

The two CI failures are unrelated.

Although unrelated the CMS failure looks really suspicious.

[DDvO]

The two CI failures are unrelated.

Although unrelated the CMS failure looks really suspicious.

I agree the failing CMS consistency tests on buildbot/master:unix-ubuntu-aarch64 looked suspicious,
but luckily this disappeared after I rebased to the latest master half an hour ago.

[t8m]

I do not think this is a bug fix. Also what if anyone is already depending on the existing behavior of having the callback implying TLS?

[DDvO]

I do not think this is a bug fix.

As witnessed by #21120, the existing code has at least unexpected and undocumented behavior.
I see it as a bug because the use of the callback and its optional argument is needlessly limited to adding TLS (to the given CMP HTTP transfer).
If it is used in the CMP context for anything else, as can be done for the general (non-CMP) HTTP client, things go wrong as it is falsely assumed that TLS is being used (if the argument is non-NULL) or not being used (if the arg is NULL).

Also what if anyone is already depending on the existing behavior of having the callback implying TLS?

This is indeed a problem, but I'd say the risk is small because it's an advanced feature and the existing behavior is weird and not documented.

[DDvO]

Also what if anyone is already depending on the existing behavior of having the callback implying TLS?

With this argument, we couldn't do any bug fixes because there might be someone who - for whatever strange reason - started relying on wrong behavior.

[tmshort]

Just a clarification needed on server vs client use of OSSL_CMP_OPT_USE_TLS.

[tmshort]

Presumably, this is not just for clients? In apps/cmp.c the flag is set regardless of opt_server

[DDvO]

So far, tls_used is implemented for the client side only.
And as now stated in openssl-cmp.h.in:

It is ignored if the B<-server> option is not given

[tmshort]

If this option is for clients only, should there be a && opt_server == NULL here?

[DDvO]

We could do that, but the option is anyway ignored in this case (with a warning).

If/when we later add TLS support to the server side, we would have to revert adding && opt_server == NULL.

[t8m]

Also what if anyone is already depending on the existing behavior of having the callback implying TLS?

With this argument, we couldn't do any bug fixes because there might be someone who - for whatever strange reason - started relying on wrong behavior.

The app code already did this, what if someone just mimicked it? Can you please try harder to make this backwards compatible?

For example this could be a new feature for 3.2 where the OP is OSSL_CMP_OPT_NO_TLS and it switches off the tls if the callback is in use.

[DDvO]

Also what if anyone is already depending on the existing behavior of having the callback implying TLS?

With this argument, we couldn't do any bug fixes because there might be someone who - for whatever strange reason - started relying on wrong behavior.

The app code already did this, what if someone just mimicked it? Can you please try harder to make this backwards compatible?

For example this could be a new feature for 3.2 where the OP is OSSL_CMP_OPT_NO_TLS and it switches off the tls if the callback is in use.

Hmm, such a OSSL_CMP_OPT_NO_TLS option would only solve half of the problem.

Here is my proposal for a backward compatible solution:
define for the new OSSL_CMP_OPT_USE_TLS option a third value, namely -1, which is assumed by the default and means the hitherto behavior, where the callback function arg being non-NULL determines whether to use TLS.
When the OSSL_CMP_OPT_USE_TLS option is used and explicitly set to 0, TLS is not used, and when set to 1, TLS is used.

This way, the old behavior is by default, and explicitly setting the TLS leads to the expected new behavior.
Ok?

[t8m]

OK, but for master branch only.

[DDvO]

OK, but for master branch only.

Good, but why not also for at least 3.0?
As mentioned, the hitherto behavior is weird and not documented.
Doing the backport with the new solution does not harm existing code
and gives users of the 3.0 LTS version both a to-the-point doc and the chance to do the TLS (de-)selection in a proper way.

[t8m]

I would not block merging it to 3.1 and 3.0 if someone else approves it, but in my opinion this is clearly a new feature, not a bug fix.

[tmshort]

I'm ok with a back port to 3.1/3.0. Should this also be in master (not labeled for master, but the PR is on master)?

[DDvO]

I'm ok with a back port to 3.1/3.0. Should this also be in master (not labeled for master, but the PR is on master)?

Pleased to hear.
I simply forgot to tick the master label - done now.

[openssl-machine]

This PR is in a state where it requires action by @openssl/otc but the last update was 30 days ago

[DDvO]

Ping @openssl/committers for 2nd review

[openssl-machine]

This PR is in a state where it requires action by @openssl/otc but the last update was 30 days ago

[DDvO]

Pinging again @openssl/committers for 2nd review.

[t8m]

OK for the master branch only.

[openssl-machine]

This pull request is ready to merge

[t8m]

Merged to the master branch. Thank you for your contribution.