kore

An easy to use, scalable and secure web application framework for writing web APIs in C.
Commits | Files | Refs | README | LICENSE | git clone https://git.kore.io/kore.git

tls_openssl.c (29120B)



      1 /*
      2  * Copyright (c) 2022 Joris Vink <joris@coders.se>
      3  *
      4  * Permission to use, copy, modify, and distribute this software for any
      5  * purpose with or without fee is hereby granted, provided that the above
      6  * copyright notice and this permission notice appear in all copies.
      7  *
      8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
      9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
     10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
     11  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
     12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
     13  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
     14  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
     15  */
     16 
     17 /*
     18  * This TLS backend is the original TLS code used in Kore.
     19  */
     20 
     21 #include <sys/types.h>
     22 
     23 #include <openssl/bio.h>
     24 #include <openssl/dh.h>
     25 #include <openssl/ec.h>
     26 #include <openssl/ecdsa.h>
     27 #include <openssl/err.h>
     28 #include <openssl/ssl.h>
     29 #include <openssl/evp.h>
     30 #include <openssl/rand.h>
     31 #include <openssl/x509.h>
     32 #include <openssl/x509v3.h>
     33 
     34 #include <poll.h>
     35 
     36 #include "kore.h"
     37 #include "http.h"
     38 
     39 #define TLS_SESSION_ID		"kore_tls_sessionid"
     40 
     41 static int	tls_domain_x509_verify(int, X509_STORE_CTX *);
     42 static X509	*tls_domain_load_certificate_chain(SSL_CTX *,
     43 		    const void *, size_t);
     44 
     45 static int	tls_sni_cb(SSL *, int *, void *);
     46 static void	tls_info_callback(const SSL *, int, int);
     47 
     48 #if defined(KORE_USE_ACME)
     49 static void	tls_acme_challenge_set_cert(SSL *, struct kore_domain *);
     50 static int	tls_acme_alpn(SSL *, const unsigned char **, unsigned char *,
     51 		    const unsigned char *, unsigned int, void *);
     52 #endif
     53 
     54 static void	tls_keymgr_await_data(void);
     55 static void	tls_keymgr_msg_response(struct kore_msg *, const void *);
     56 
     57 static int	tls_keymgr_rsa_init(RSA *);
     58 static int	tls_keymgr_rsa_finish(RSA *);
     59 static int	tls_keymgr_rsa_privenc(int, const unsigned char *,
     60 		    unsigned char *, RSA *, int);
     61 
     62 static ECDSA_SIG *tls_keymgr_ecdsa_sign(const unsigned char *, int,
     63 		    const BIGNUM *, const BIGNUM *, EC_KEY *);
     64 
     65 static RSA_METHOD	*keymgr_rsa_meth = NULL;
     66 static EC_KEY_METHOD	*keymgr_ec_meth = NULL;
     67 
     68 static DH		*dh_params = NULL;
     69 static int		tls_version = KORE_TLS_VERSION_BOTH;
     70 static char		*tls_cipher_list = KORE_DEFAULT_CIPHER_LIST;
     71 
     72 static u_int8_t		keymgr_buf[2048];
     73 static size_t		keymgr_buflen = 0;
     74 static int		keymgr_response = 0;
     75 
     76 #if defined(KORE_USE_ACME)
     77 static u_int8_t acme_alpn_name[] =
     78     { 0xa, 'a', 'c', 'm', 'e', '-', 't', 'l', 's', '/', '1' };
     79 #endif
     80 
     81 struct kore_privsep	keymgr_privsep;
     82 int			kore_keymgr_active = 0;
     83 
     84 int
     85 kore_tls_supported(void)
     86 {
     87 	return (KORE_RESULT_OK);
     88 }
     89 
     90 void
     91 kore_tls_init(void)
     92 {
     93 	SSL_library_init();
     94 	SSL_load_error_strings();
     95 	ERR_load_crypto_strings();
     96 
     97 	if ((keymgr_rsa_meth = RSA_meth_new("kore RSA keymgr method",
     98 	    RSA_METHOD_FLAG_NO_CHECK)) == NULL)
     99 		fatal("failed to setup RSA method");
    100 
    101 	RSA_meth_set_init(keymgr_rsa_meth, tls_keymgr_rsa_init);
    102 	RSA_meth_set_finish(keymgr_rsa_meth, tls_keymgr_rsa_finish);
    103 	RSA_meth_set_priv_enc(keymgr_rsa_meth, tls_keymgr_rsa_privenc);
    104 
    105 	if ((keymgr_ec_meth = EC_KEY_METHOD_new(NULL)) == NULL)
    106 		fatal("failed to allocate EC KEY method");
    107 
    108 	EC_KEY_METHOD_set_sign(keymgr_ec_meth,
    109 	    NULL, NULL, tls_keymgr_ecdsa_sign);
    110 
    111 	kore_log(LOG_NOTICE, "TLS backend %s", OPENSSL_VERSION_TEXT);
    112 #if !defined(TLS1_3_VERSION)
    113 	if (!kore_quiet) {
    114 		kore_log(LOG_NOTICE,
    115 		    "%s has no TLS 1.3 - will only use TLS 1.2",
    116 		    OPENSSL_VERSION_TEXT);
    117 	}
    118 #endif
    119 }
    120 
    121 void
    122 kore_tls_cleanup(void)
    123 {
    124 	RSA_meth_free(keymgr_rsa_meth);
    125 	EC_KEY_METHOD_free(keymgr_ec_meth);
    126 }
    127 
    128 void
    129 kore_tls_version_set(int version)
    130 {
    131 	tls_version = version;
    132 }
    133 
    134 void
    135 kore_tls_dh_check(void)
    136 {
    137 	if (dh_params != NULL)
    138 		return;
    139 
    140 	if (!kore_tls_dh_load(KORE_DHPARAM_PATH))
    141 		fatal("failed to load default DH parameters");
    142 }
    143 
    144 int
    145 kore_tls_dh_load(const char *path)
    146 {
    147 	BIO	*bio;
    148 
    149 	if (dh_params != NULL) {
    150 		kore_log(LOG_ERR, "tls_dhparam already specified");
    151 		return (KORE_RESULT_ERROR);
    152 	}
    153 
    154 	if ((bio = BIO_new_file(path, "r")) == NULL) {
    155 		kore_log(LOG_ERR, "tls_dhparam file '%s' not accessible", path);
    156 		return (KORE_RESULT_ERROR);
    157 	}
    158 
    159 	dh_params = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
    160 	BIO_free(bio);
    161 
    162 	if (dh_params == NULL) {
    163 		kore_log(LOG_ERR, "PEM_read_bio_DHparams(): %s", ssl_errno_s);
    164 		return (KORE_RESULT_ERROR);
    165 	}
    166 
    167 	return (KORE_RESULT_OK);
    168 }
    169 
    170 int
    171 kore_tls_ciphersuite_set(const char *list)
    172 {
    173 	if (strcmp(tls_cipher_list, KORE_DEFAULT_CIPHER_LIST)) {
    174 		kore_log(LOG_ERR, "tls_cipher specified twice");
    175 		return (KORE_RESULT_ERROR);
    176 	}
    177 
    178 	tls_cipher_list = kore_strdup(list);
    179 
    180 	return (KORE_RESULT_OK);
    181 }
    182 
    183 void
    184 kore_tls_keymgr_init(void)
    185 {
    186 	const RSA_METHOD	*meth;
    187 
    188 	if ((meth = RSA_get_default_method()) == NULL)
    189 		fatal("failed to obtain RSA method");
    190 
    191 	RSA_meth_set_pub_enc(keymgr_rsa_meth, RSA_meth_get_pub_enc(meth));
    192 	RSA_meth_set_pub_dec(keymgr_rsa_meth, RSA_meth_get_pub_dec(meth));
    193 	RSA_meth_set_bn_mod_exp(keymgr_rsa_meth, RSA_meth_get_bn_mod_exp(meth));
    194 
    195 	kore_msg_register(KORE_MSG_KEYMGR_RESP, tls_keymgr_msg_response);
    196 }
    197 
    198 void
    199 kore_tls_domain_setup(struct kore_domain *dom, int type,
    200     const void *data, size_t datalen)
    201 {
    202 	const u_int8_t		*ptr;
    203 	RSA			*rsa;
    204 	X509			*x509;
    205 	EVP_PKEY		*pkey;
    206 	STACK_OF(X509_NAME)	*certs;
    207 	EC_KEY			*eckey;
    208 	const SSL_METHOD	*method;
    209 
    210 	if (dom->tls_ctx != NULL)
    211 		SSL_CTX_free(dom->tls_ctx);
    212 
    213 	if ((method = TLS_method()) == NULL)
    214 		fatalx("TLS_method(): %s", ssl_errno_s);
    215 
    216 	if ((dom->tls_ctx = SSL_CTX_new(method)) == NULL)
    217 		fatalx("SSL_ctx_new(): %s", ssl_errno_s);
    218 
    219 	if (!SSL_CTX_set_min_proto_version(dom->tls_ctx, TLS1_2_VERSION))
    220 		fatalx("SSL_CTX_set_min_proto_version: %s", ssl_errno_s);
    221 
    222 #if defined(TLS1_3_VERSION)
    223 	if (!SSL_CTX_set_max_proto_version(dom->tls_ctx, TLS1_3_VERSION))
    224 		fatalx("SSL_CTX_set_max_proto_version: %s", ssl_errno_s);
    225 #else
    226 	if (!SSL_CTX_set_max_proto_version(dom->tls_ctx, TLS1_2_VERSION))
    227 		fatalx("SSL_CTX_set_min_proto_version: %s", ssl_errno_s);
    228 #endif
    229 
    230 	switch (tls_version) {
    231 	case KORE_TLS_VERSION_1_3:
    232 #if defined(TLS1_3_VERSION)
    233 		if (!SSL_CTX_set_min_proto_version(dom->tls_ctx,
    234 		    TLS1_3_VERSION)) {
    235 			fatalx("SSL_CTX_set_min_proto_version: %s",
    236 			    ssl_errno_s);
    237 		}
    238 		break;
    239 #endif
    240 	case KORE_TLS_VERSION_1_2:
    241 		if (!SSL_CTX_set_max_proto_version(dom->tls_ctx,
    242 		    TLS1_2_VERSION)) {
    243 			fatalx("SSL_CTX_set_min_proto_version: %s",
    244 			    ssl_errno_s);
    245 		}
    246 		break;
    247 	case KORE_TLS_VERSION_BOTH:
    248 		break;
    249 	default:
    250 		fatalx("unknown tls_version: %d", tls_version);
    251 		return;
    252 	}
    253 
    254 	switch (type) {
    255 	case KORE_PEM_CERT_CHAIN:
    256 		x509 = tls_domain_load_certificate_chain(dom->tls_ctx,
    257 		    data, datalen);
    258 		break;
    259 	case KORE_DER_CERT_DATA:
    260 		ptr = data;
    261 		if ((x509 = d2i_X509(NULL, &ptr, datalen)) == NULL)
    262 			fatalx("d2i_X509: %s", ssl_errno_s);
    263 		if (SSL_CTX_use_certificate(dom->tls_ctx, x509) == 0)
    264 			fatalx("SSL_CTX_use_certificate: %s", ssl_errno_s);
    265 		break;
    266 	default:
    267 		fatalx("%s: unknown type %d", __func__, type);
    268 	}
    269 
    270 	if (x509 == NULL) {
    271 		kore_log(LOG_NOTICE, "failed to load certificate for '%s': %s",
    272 		    dom->domain, ssl_errno_s);
    273 		SSL_CTX_free(dom->tls_ctx);
    274 		dom->tls_ctx = NULL;
    275 		return;
    276 	}
    277 
    278 	if ((pkey = X509_get_pubkey(x509)) == NULL)
    279 		fatalx("certificate has no public key");
    280 
    281 	switch (EVP_PKEY_id(pkey)) {
    282 	case EVP_PKEY_RSA:
    283 		if ((rsa = EVP_PKEY_get1_RSA(pkey)) == NULL)
    284 			fatalx("no RSA public key present");
    285 		RSA_set_app_data(rsa, dom);
    286 		RSA_set_method(rsa, keymgr_rsa_meth);
    287 		break;
    288 	case EVP_PKEY_EC:
    289 		if ((eckey = EVP_PKEY_get1_EC_KEY(pkey)) == NULL)
    290 			fatalx("no EC public key present");
    291 		EC_KEY_set_ex_data(eckey, 0, dom);
    292 		EC_KEY_set_method(eckey, keymgr_ec_meth);
    293 		break;
    294 	default:
    295 		fatalx("unknown public key in certificate");
    296 	}
    297 
    298 	if (!SSL_CTX_use_PrivateKey(dom->tls_ctx, pkey))
    299 		fatalx("SSL_CTX_use_PrivateKey(): %s", ssl_errno_s);
    300 
    301 	if (!SSL_CTX_check_private_key(dom->tls_ctx)) {
    302 		fatalx("Public/Private key for %s do not match (%s)",
    303 		    dom->domain, ssl_errno_s);
    304 	}
    305 
    306 	if (dh_params == NULL)
    307 		fatal("no DH parameters specified");
    308 
    309 	SSL_CTX_set_tmp_dh(dom->tls_ctx, dh_params);
    310 	SSL_CTX_set_options(dom->tls_ctx, SSL_OP_SINGLE_DH_USE);
    311 
    312 	if (!SSL_CTX_set_ecdh_auto(dom->tls_ctx, 1))
    313 		fatalx("SSL_CTX_set_ecdh_auto: %s", ssl_errno_s);
    314 
    315 	SSL_CTX_set_options(dom->tls_ctx, SSL_OP_SINGLE_ECDH_USE);
    316 	SSL_CTX_set_options(dom->tls_ctx, SSL_OP_NO_COMPRESSION);
    317 
    318 	if (dom->cafile != NULL) {
    319 		if ((certs = SSL_load_client_CA_file(dom->cafile)) == NULL) {
    320 			fatalx("SSL_load_client_CA_file(%s): %s",
    321 			    dom->cafile, ssl_errno_s);
    322 		}
    323 
    324 		SSL_CTX_load_verify_locations(dom->tls_ctx, dom->cafile, NULL);
    325 		SSL_CTX_set_verify_depth(dom->tls_ctx, dom->x509_verify_depth);
    326 		SSL_CTX_set_client_CA_list(dom->tls_ctx, certs);
    327 		SSL_CTX_set_verify(dom->tls_ctx, SSL_VERIFY_PEER |
    328 		    SSL_VERIFY_FAIL_IF_NO_PEER_CERT, tls_domain_x509_verify);
    329 	}
    330 
    331 	SSL_CTX_set_session_id_context(dom->tls_ctx,
    332 	    (unsigned char *)TLS_SESSION_ID, strlen(TLS_SESSION_ID));
    333 	SSL_CTX_set_mode(dom->tls_ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
    334 
    335 	if (tls_version == KORE_TLS_VERSION_BOTH) {
    336 		SSL_CTX_set_options(dom->tls_ctx, SSL_OP_NO_SSLv2);
    337 		SSL_CTX_set_options(dom->tls_ctx, SSL_OP_NO_SSLv3);
    338 		SSL_CTX_set_options(dom->tls_ctx, SSL_OP_NO_TLSv1);
    339 		SSL_CTX_set_options(dom->tls_ctx, SSL_OP_NO_TLSv1_1);
    340 	}
    341 
    342 	SSL_CTX_set_options(dom->tls_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
    343 	SSL_CTX_set_cipher_list(dom->tls_ctx, tls_cipher_list);
    344 
    345 	SSL_CTX_set_info_callback(dom->tls_ctx, tls_info_callback);
    346 	SSL_CTX_set_tlsext_servername_callback(dom->tls_ctx, tls_sni_cb);
    347 
    348 #if defined(KORE_USE_ACME)
    349 	SSL_CTX_set_alpn_select_cb(dom->tls_ctx, tls_acme_alpn, dom);
    350 #endif
    351 
    352 	X509_free(x509);
    353 }
    354 
    355 void
    356 kore_tls_domain_crl(struct kore_domain *dom, const void *pem, size_t pemlen)
    357 {
    358 	int			err;
    359 	BIO			*in;
    360 	X509_CRL		*crl;
    361 	X509_REVOKED		*rev;
    362 	X509_STORE		*store;
    363 	struct connection	*c, *next;
    364 
    365 	ERR_clear_error();
    366 	in = BIO_new_mem_buf(pem, pemlen);
    367 
    368 	if ((store = SSL_CTX_get_cert_store(dom->tls_ctx)) == NULL) {
    369 		BIO_free(in);
    370 		kore_log(LOG_ERR, "SSL_CTX_get_cert_store(): %s", ssl_errno_s);
    371 		return;
    372 	}
    373 
    374 	X509_STORE_set_flags(store,
    375 	    X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
    376 
    377 	for (;;) {
    378 		crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
    379 		if (crl == NULL) {
    380 			err = ERR_GET_REASON(ERR_peek_last_error());
    381 			if (err == PEM_R_NO_START_LINE) {
    382 				ERR_clear_error();
    383 				break;
    384 			}
    385 
    386 			kore_log(LOG_WARNING, "failed to read CRL %s: %s",
    387 			    dom->crlfile, ssl_errno_s);
    388 			continue;
    389 		}
    390 
    391 		if (!X509_STORE_add_crl(store, crl)) {
    392 			err = ERR_GET_REASON(ERR_peek_last_error());
    393 			if (err == X509_R_CERT_ALREADY_IN_HASH_TABLE) {
    394 				X509_CRL_free(crl);
    395 				continue;
    396 			}
    397 
    398 			kore_log(LOG_WARNING, "failed to add CRL %s: %s",
    399 			    dom->crlfile, ssl_errno_s);
    400 			X509_CRL_free(crl);
    401 			continue;
    402 		}
    403 
    404 		/*
    405 		 * Check if any accepted connection authenticated themselves
    406 		 * with a now revoked certificate.
    407 		 */
    408 		for (c = TAILQ_FIRST(&connections); c != NULL; c = next) {
    409 			next = TAILQ_NEXT(c, list);
    410 			if (c->proto != CONN_PROTO_HTTP)
    411 				continue;
    412 
    413 			/*
    414 			 * Prune any connection that is currently not yet done
    415 			 * with the TLS handshake. This is to prevent a race
    416 			 * where a handshake could not yet be complete but
    417 			 * did pass the x509 verification step and their cert
    418 			 * was revoked in this CRL update.
    419 			 */
    420 			if (c->state == CONN_STATE_TLS_SHAKE) {
    421 				kore_connection_disconnect(c);
    422 				continue;
    423 			}
    424 
    425 			if (c->tls_cert == NULL)
    426 				continue;
    427 
    428 			if (X509_CRL_get0_by_cert(crl, &rev, c->tls_cert) != 1)
    429 				continue;
    430 
    431 			kore_connection_log(c,
    432 			    "connection removed, its certificate is revoked");
    433 
    434 			kore_connection_disconnect(c);
    435 		}
    436 	}
    437 
    438 	BIO_free(in);
    439 }
    440 
    441 void
    442 kore_tls_domain_cleanup(struct kore_domain *dom)
    443 {
    444 	if (dom->tls_ctx != NULL)
    445 		SSL_CTX_free(dom->tls_ctx);
    446 }
    447 
    448 int
    449 kore_tls_connection_accept(struct connection *c)
    450 {
    451 	int		r;
    452 
    453 	if (primary_dom == NULL) {
    454 		kore_connection_log(c,
    455 		    "TLS handshake but no TLS configured on server");
    456 		return (KORE_RESULT_ERROR);
    457 	}
    458 
    459 	if (primary_dom->tls_ctx == NULL) {
    460 		kore_connection_log(c,
    461 		    "TLS configuration for %s not yet complete",
    462 		    primary_dom->domain);
    463 		return (KORE_RESULT_ERROR);
    464 	}
    465 
    466 	if (c->tls == NULL) {
    467 		c->tls = SSL_new(primary_dom->tls_ctx);
    468 		if (c->tls == NULL)
    469 			return (KORE_RESULT_ERROR);
    470 
    471 		SSL_set_fd(c->tls, c->fd);
    472 		SSL_set_accept_state(c->tls);
    473 
    474 		if (!SSL_set_ex_data(c->tls, 0, c)) {
    475 			kore_connection_log(c,
    476 			    "SSL_set_ex_data: %s", ssl_errno_s);
    477 			return (KORE_RESULT_ERROR);
    478 		}
    479 
    480 		if (primary_dom->cafile != NULL)
    481 			c->flags |= CONN_LOG_TLS_FAILURE;
    482 	}
    483 
    484 	ERR_clear_error();
    485 	r = SSL_accept(c->tls);
    486 	if (r <= 0) {
    487 		r = SSL_get_error(c->tls, r);
    488 		switch (r) {
    489 		case SSL_ERROR_WANT_READ:
    490 		case SSL_ERROR_WANT_WRITE:
    491 			kore_connection_start_idletimer(c);
    492 			return (KORE_RESULT_RETRY);
    493 		default:
    494 			if (c->flags & CONN_LOG_TLS_FAILURE) {
    495 				kore_connection_log(c,
    496 				    "SSL_accept: %s", ssl_errno_s);
    497 			}
    498 			return (KORE_RESULT_ERROR);
    499 		}
    500 	}
    501 
    502 #if defined(KORE_USE_ACME)
    503 	if (c->proto == CONN_PROTO_ACME_ALPN) {
    504 		kore_connection_log(c, "disconnecting ACME client");
    505 		kore_connection_disconnect(c);
    506 		return (KORE_RESULT_ERROR);
    507 	}
    508 #endif
    509 
    510 	if (SSL_get_verify_mode(c->tls) & SSL_VERIFY_PEER) {
    511 		c->tls_cert = SSL_get_peer_certificate(c->tls);
    512 		if (c->tls_cert == NULL) {
    513 			kore_connection_log(c, "no peer certificate returned");
    514 			return (KORE_RESULT_ERROR);
    515 		}
    516 	} else {
    517 		c->tls_cert = NULL;
    518 	}
    519 
    520 	return (KORE_RESULT_OK);
    521 }
    522 
    523 int
    524 kore_tls_read(struct connection *c, size_t *bytes)
    525 {
    526 	int		r;
    527 
    528 	ERR_clear_error();
    529 	r = SSL_read(c->tls, (c->rnb->buf + c->rnb->s_off),
    530 	    (c->rnb->b_len - c->rnb->s_off));
    531 
    532 	if (c->tls_reneg > 1)
    533 		return (KORE_RESULT_ERROR);
    534 
    535 	if (r <= 0) {
    536 		r = SSL_get_error(c->tls, r);
    537 		switch (r) {
    538 		case SSL_ERROR_WANT_READ:
    539 		case SSL_ERROR_WANT_WRITE:
    540 			c->evt.flags &= ~KORE_EVENT_READ;
    541 			return (KORE_RESULT_OK);
    542 		case SSL_ERROR_ZERO_RETURN:
    543 			return (KORE_RESULT_ERROR);
    544 		case SSL_ERROR_SYSCALL:
    545 			switch (errno) {
    546 			case EINTR:
    547 				*bytes = 0;
    548 				return (KORE_RESULT_OK);
    549 			case EAGAIN:
    550 				c->evt.flags &= ~KORE_EVENT_READ;
    551 				c->snb->flags |= NETBUF_MUST_RESEND;
    552 				return (KORE_RESULT_OK);
    553 			default:
    554 				break;
    555 			}
    556 			/* FALLTHROUGH */
    557 		default:
    558 			if (c->flags & CONN_LOG_TLS_FAILURE) {
    559 				kore_connection_log(c, "SSL_read: %s",
    560 				    ssl_errno_s);
    561 			}
    562 			return (KORE_RESULT_ERROR);
    563 		}
    564 	}
    565 
    566 	*bytes = (size_t)r;
    567 
    568 	return (KORE_RESULT_OK);
    569 }
    570 
    571 int
    572 kore_tls_write(struct connection *c, size_t len, size_t *written)
    573 {
    574 	int		r;
    575 
    576 	if (len > INT_MAX)
    577 		return (KORE_RESULT_ERROR);
    578 
    579 	ERR_clear_error();
    580 	r = SSL_write(c->tls, (c->snb->buf + c->snb->s_off), len);
    581 	if (c->tls_reneg > 1)
    582 		return (KORE_RESULT_ERROR);
    583 
    584 	if (r <= 0) {
    585 		r = SSL_get_error(c->tls, r);
    586 		switch (r) {
    587 		case SSL_ERROR_WANT_READ:
    588 		case SSL_ERROR_WANT_WRITE:
    589 			c->evt.flags &= ~KORE_EVENT_WRITE;
    590 			c->snb->flags |= NETBUF_MUST_RESEND;
    591 			return (KORE_RESULT_OK);
    592 		case SSL_ERROR_SYSCALL:
    593 			switch (errno) {
    594 			case EINTR:
    595 				*written = 0;
    596 				return (KORE_RESULT_OK);
    597 			case EAGAIN:
    598 				c->evt.flags &= ~KORE_EVENT_WRITE;
    599 				c->snb->flags |= NETBUF_MUST_RESEND;
    600 				return (KORE_RESULT_OK);
    601 			default:
    602 				break;
    603 			}
    604 			/* FALLTHROUGH */
    605 		default:
    606 			if (c->flags & CONN_LOG_TLS_FAILURE) {
    607 				kore_connection_log(c,
    608 				    "SSL_write: %s", ssl_errno_s);
    609 			}
    610 			return (KORE_RESULT_ERROR);
    611 		}
    612 	}
    613 
    614 	*written = (size_t)r;
    615 
    616 	return (KORE_RESULT_OK);
    617 }
    618 
    619 void
    620 kore_tls_connection_cleanup(struct connection *c)
    621 {
    622 	if (c->tls != NULL) {
    623 		SSL_shutdown(c->tls);
    624 		SSL_free(c->tls);
    625 	}
    626 
    627 	if (c->tls_cert != NULL)
    628 		X509_free(c->tls_cert);
    629 
    630 	if (c->tls_sni != NULL)
    631 		kore_free(c->tls_sni);
    632 }
    633 
    634 
    635 KORE_PRIVATE_KEY *
    636 kore_tls_rsakey_load(const char *path)
    637 {
    638 	FILE			*fp;
    639 	KORE_PRIVATE_KEY	*pkey;
    640 
    641 	if (access(path, R_OK) == -1)
    642 		return (NULL);
    643 
    644 	if ((fp = fopen(path, "r")) == NULL)
    645 		fatalx("%s(%s): %s", __func__, path, errno_s);
    646 
    647 	if ((pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL)) == NULL)
    648 		fatalx("PEM_read_PrivateKey: %s", ssl_errno_s);
    649 
    650 	fclose(fp);
    651 
    652 	return (pkey);
    653 }
    654 
    655 KORE_PRIVATE_KEY *
    656 kore_tls_rsakey_generate(const char *path)
    657 {
    658 	FILE			*fp;
    659 	EVP_PKEY_CTX		*ctx;
    660 	KORE_PRIVATE_KEY	*pkey;
    661 
    662 	if ((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL)
    663 		fatalx("EVP_PKEY_CTX_new_id: %s", ssl_errno_s);
    664 
    665 	if (EVP_PKEY_keygen_init(ctx) <= 0)
    666 		fatalx("EVP_PKEY_keygen_init: %s", ssl_errno_s);
    667 
    668 	if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, KORE_RSAKEY_BITS) <= 0)
    669 		fatalx("EVP_PKEY_CTX_set_rsa_keygen_bits: %s", ssl_errno_s);
    670 
    671 	pkey = NULL;
    672 	if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
    673 		fatalx("EVP_PKEY_keygen: %s", ssl_errno_s);
    674 
    675 	if (path != NULL) {
    676 		if ((fp = fopen(path, "w")) == NULL)
    677 			fatalx("fopen(%s): %s", path, errno_s);
    678 
    679 		if (!PEM_write_PrivateKey(fp, pkey, NULL, NULL, 0, NULL, NULL))
    680 			fatalx("PEM_write_PrivateKey: %s", ssl_errno_s);
    681 
    682 		fclose(fp);
    683 	}
    684 
    685 	return (pkey);
    686 }
    687 
    688 KORE_X509_NAMES *
    689 kore_tls_x509_subject_name(struct connection *c)
    690 {
    691 	X509_NAME	*name;
    692 
    693 	if ((name = X509_get_subject_name(c->tls_cert)) == NULL) {
    694 		kore_connection_log(c,
    695 		    "X509_get_subject_name: %s", ssl_errno_s);
    696 	}
    697 
    698 	return (name);
    699 }
    700 
    701 KORE_X509_NAMES *
    702 kore_tls_x509_issuer_name(struct connection *c)
    703 {
    704 	X509_NAME	*name;
    705 
    706 	if ((name = X509_get_issuer_name(c->tls_cert)) == NULL)
    707 		kore_connection_log(c, "X509_get_issuer_name: %s", ssl_errno_s);
    708 
    709 	return (name);
    710 }
    711 
    712 int
    713 kore_tls_x509name_foreach(KORE_X509_NAMES *name, int flags, void *udata,
    714     int (*cb)(void *, int, int, const char *, const void *, size_t, int))
    715 {
    716 	u_int8_t		*data;
    717 	ASN1_STRING		*astr;
    718 	X509_NAME_ENTRY		*entry;
    719 	const char		*field;
    720 	int			islast, ret, idx, namelen, nid, len;
    721 
    722 	data = NULL;
    723 	ret = KORE_RESULT_ERROR;
    724 
    725 	if ((namelen = X509_NAME_entry_count(name)) == 0)
    726 		goto cleanup;
    727 
    728 	for (idx = 0; idx < namelen; idx++) {
    729 		if ((entry = X509_NAME_get_entry(name, idx)) == NULL)
    730 			goto cleanup;
    731 
    732 		nid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(entry));
    733 		if ((field = OBJ_nid2sn(nid)) == NULL)
    734 			goto cleanup;
    735 
    736 		switch (nid) {
    737 		case NID_commonName:
    738 			nid = KORE_X509_NAME_COMMON_NAME;
    739 			break;
    740 		default:
    741 			nid = -1;
    742 			break;
    743 		}
    744 
    745 		if ((astr = X509_NAME_ENTRY_get_data(entry)) == NULL)
    746 			goto cleanup;
    747 
    748 		data = NULL;
    749 		if ((len = ASN1_STRING_to_UTF8(&data, astr)) < 0)
    750 			goto cleanup;
    751 
    752 		if (idx != (namelen - 1))
    753 			islast = 0;
    754 		else
    755 			islast = 1;
    756 
    757 		if (!cb(udata, islast, nid, field, data, len, flags))
    758 			goto cleanup;
    759 
    760 		OPENSSL_free(data);
    761 		data = NULL;
    762 	}
    763 
    764 	ret = KORE_RESULT_OK;
    765 
    766 cleanup:
    767 	if (data != NULL)
    768 		OPENSSL_free(data);
    769 
    770 	return (ret);
    771 }
    772 
    773 int
    774 kore_tls_x509_data(struct connection *c, u_int8_t **ptr, size_t *olen)
    775 {
    776 	int		len;
    777 	u_int8_t	*der, *pp;
    778 
    779 	if ((len = i2d_X509(c->tls_cert, NULL)) <= 0) {
    780 		kore_connection_log(c, "i2d_X509: %s", ssl_errno_s);
    781 		return (KORE_RESULT_ERROR);
    782 	}
    783 
    784 	der = kore_calloc(1, len);
    785 	pp = der;
    786 
    787 	if (i2d_X509(c->tls_cert, &pp) <= 0) {
    788 		kore_free(der);
    789 		kore_connection_log(c, "i2d_X509: %s", ssl_errno_s);
    790 		return (KORE_RESULT_ERROR);
    791 	}
    792 
    793 	*ptr = der;
    794 	*olen = len;
    795 
    796 	return (KORE_RESULT_OK);
    797 }
    798 
    799 void
    800 kore_tls_seed(const void *data, size_t len)
    801 {
    802 	RAND_poll();
    803 	RAND_seed(data, len);
    804 }
    805 
    806 static void
    807 tls_info_callback(const SSL *ssl, int flags, int ret)
    808 {
    809 	struct connection	*c;
    810 
    811 	if (flags & SSL_CB_HANDSHAKE_START) {
    812 		if ((c = SSL_get_app_data(ssl)) == NULL)
    813 			fatal("no SSL_get_app_data");
    814 
    815 #if defined(TLS1_3_VERSION)
    816 		if (SSL_version(ssl) != TLS1_3_VERSION)
    817 #endif
    818 			c->tls_reneg++;
    819 	}
    820 }
    821 
    822 static int
    823 tls_sni_cb(SSL *ssl, int *ad, void *arg)
    824 {
    825 	struct connection	*c;
    826 	struct kore_domain	*dom;
    827 	const char		*sname;
    828 
    829 	if ((c = SSL_get_ex_data(ssl, 0)) == NULL)
    830 		fatal("no connection data in %s", __func__);
    831 
    832 	sname = SSL_get_servername(ssl, TLSEXT_NAMETYPE_host_name);
    833 
    834 	if (sname != NULL)
    835 		c->tls_sni = kore_strdup(sname);
    836 
    837 	if (sname != NULL &&
    838 	    (dom = kore_domain_lookup(c->owner->server, sname)) != NULL) {
    839 		if (dom->tls_ctx == NULL) {
    840 			kore_log(LOG_NOTICE,
    841 			    "TLS configuration for %s not complete",
    842 			    dom->domain);
    843 			return (SSL_TLSEXT_ERR_NOACK);
    844 		}
    845 
    846 		SSL_set_SSL_CTX(ssl, dom->tls_ctx);
    847 
    848 		if (dom->cafile != NULL) {
    849 			SSL_set_verify(ssl, SSL_VERIFY_PEER |
    850 			    SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
    851 			c->flags |= CONN_LOG_TLS_FAILURE;
    852 		} else {
    853 			SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
    854 		}
    855 
    856 #if defined(KORE_USE_ACME)
    857 		/*
    858 		 * If ALPN callback was called before SNI was parsed we
    859 		 * must make sure we swap to the correct certificate now.
    860 		 */
    861 		if (c->flags & CONN_TLS_ALPN_ACME_SEEN)
    862 			tls_acme_challenge_set_cert(ssl, dom);
    863 
    864 		c->flags |= CONN_TLS_SNI_SEEN;
    865 #endif
    866 		return (SSL_TLSEXT_ERR_OK);
    867 	}
    868 
    869 	return (SSL_TLSEXT_ERR_NOACK);
    870 }
    871 
    872 static int
    873 tls_keymgr_rsa_init(RSA *rsa)
    874 {
    875 	if (rsa != NULL) {
    876 		RSA_set_flags(rsa, RSA_flags(rsa) |
    877 		    RSA_FLAG_EXT_PKEY | RSA_METHOD_FLAG_NO_CHECK);
    878 		return (1);
    879 	}
    880 
    881 	return (0);
    882 }
    883 
    884 static int
    885 tls_keymgr_rsa_privenc(int flen, const unsigned char *from, unsigned char *to,
    886     RSA *rsa, int padding)
    887 {
    888 	int			ret;
    889 	size_t			len;
    890 	struct kore_keyreq	*req;
    891 	struct kore_domain	*dom;
    892 
    893 	len = sizeof(*req) + flen;
    894 	if (len > sizeof(keymgr_buf))
    895 		fatal("keymgr_buf too small");
    896 
    897 	if ((dom = RSA_get_app_data(rsa)) == NULL)
    898 		fatal("RSA key has no domain attached");
    899 
    900 	memset(keymgr_buf, 0, sizeof(keymgr_buf));
    901 
    902 	req = (struct kore_keyreq *)keymgr_buf;
    903 
    904 	if (kore_strlcpy(req->domain, dom->domain, sizeof(req->domain)) >=
    905 	    sizeof(req->domain))
    906 		fatal("%s: domain truncated", __func__);
    907 
    908 	req->data_len = flen;
    909 	req->padding = padding;
    910 	memcpy(&req->data[0], from, req->data_len);
    911 
    912 	kore_msg_send(KORE_WORKER_KEYMGR, KORE_MSG_KEYMGR_REQ, keymgr_buf, len);
    913 	tls_keymgr_await_data();
    914 
    915 	ret = -1;
    916 	if (keymgr_response) {
    917 		if (keymgr_buflen < INT_MAX &&
    918 		    (int)keymgr_buflen == RSA_size(rsa)) {
    919 			ret = RSA_size(rsa);
    920 			memcpy(to, keymgr_buf, RSA_size(rsa));
    921 		}
    922 	}
    923 
    924 	keymgr_buflen = 0;
    925 	keymgr_response = 0;
    926 	kore_platform_event_all(worker->msg[1]->fd, worker->msg[1]);
    927 
    928 	return (ret);
    929 }
    930 
    931 static int
    932 tls_keymgr_rsa_finish(RSA *rsa)
    933 {
    934 	return (1);
    935 }
    936 
    937 static ECDSA_SIG *
    938 tls_keymgr_ecdsa_sign(const unsigned char *dgst, int dgst_len,
    939     const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
    940 {
    941 	size_t				len;
    942 	ECDSA_SIG			*sig;
    943 	const u_int8_t			*ptr;
    944 	struct kore_domain		*dom;
    945 	struct kore_keyreq		*req;
    946 
    947 	if (in_kinv != NULL || in_r != NULL)
    948 		return (NULL);
    949 
    950 	len = sizeof(*req) + dgst_len;
    951 	if (len > sizeof(keymgr_buf))
    952 		fatal("keymgr_buf too small");
    953 
    954 	if ((dom = EC_KEY_get_ex_data(eckey, 0)) == NULL)
    955 		fatal("EC_KEY has no domain");
    956 
    957 	memset(keymgr_buf, 0, sizeof(keymgr_buf));
    958 	req = (struct kore_keyreq *)keymgr_buf;
    959 
    960 	if (kore_strlcpy(req->domain, dom->domain, sizeof(req->domain)) >=
    961 	    sizeof(req->domain))
    962 		fatal("%s: domain truncated", __func__);
    963 
    964 	req->data_len = dgst_len;
    965 	memcpy(&req->data[0], dgst, req->data_len);
    966 
    967 	kore_msg_send(KORE_WORKER_KEYMGR, KORE_MSG_KEYMGR_REQ, keymgr_buf, len);
    968 	tls_keymgr_await_data();
    969 
    970 	if (keymgr_response) {
    971 		ptr = keymgr_buf;
    972 		sig = d2i_ECDSA_SIG(NULL, &ptr, keymgr_buflen);
    973 	} else {
    974 		sig = NULL;
    975 	}
    976 
    977 	keymgr_buflen = 0;
    978 	keymgr_response = 0;
    979 	kore_platform_event_all(worker->msg[1]->fd, worker->msg[1]);
    980 
    981 	return (sig);
    982 }
    983 
    984 static void
    985 tls_keymgr_await_data(void)
    986 {
    987 	int			ret;
    988 	struct pollfd		pfd[1];
    989 	u_int64_t		start, cur;
    990 #if !defined(KORE_NO_HTTP)
    991 	int			process_requests;
    992 #endif
    993 
    994 	/*
    995 	 * We need to wait until the keymgr responds to us, so keep doing
    996 	 * net_recv_flush() until our callback for KORE_MSG_KEYMGR_RESP
    997 	 * tells us that we have obtained the response.
    998 	 *
    999 	 * This means other internal messages can still be delivered by
   1000 	 * this worker process to the appropriate callbacks but we do not
   1001 	 * drop out until we've either received an answer from the keymgr
   1002 	 * or until the timeout has been reached (1 second currently).
   1003 	 *
   1004 	 * If we end up waiting for the keymgr process we will call
   1005 	 * http_process (if not built with NOHTTP=1) to further existing
   1006 	 * requests so those do not block too much.
   1007 	 *
   1008 	 * This means that all incoming data will stop being processed
   1009 	 * while existing requests will get processed until we return
   1010 	 * from this call.
   1011 	 */
   1012 	start = kore_time_ms();
   1013 	kore_platform_disable_read(worker->msg[1]->fd);
   1014 
   1015 	keymgr_response = 0;
   1016 	memset(keymgr_buf, 0, sizeof(keymgr_buf));
   1017 
   1018 #if !defined(KORE_NO_HTTP)
   1019 	process_requests = 0;
   1020 #endif
   1021 
   1022 	for (;;) {
   1023 #if !defined(KORE_NO_HTTP)
   1024 		if (process_requests) {
   1025 			http_process();
   1026 			process_requests = 0;
   1027 		}
   1028 #endif
   1029 		pfd[0].fd = worker->msg[1]->fd;
   1030 		pfd[0].events = POLLIN;
   1031 		pfd[0].revents = 0;
   1032 
   1033 		ret = poll(pfd, 1, 100);
   1034 		if (ret == -1) {
   1035 			if (errno == EINTR)
   1036 				continue;
   1037 			fatal("poll: %s", errno_s);
   1038 		}
   1039 
   1040 		cur = kore_time_ms();
   1041 		if ((cur - start) > 1000)
   1042 			break;
   1043 		if (ret == 0) {
   1044 #if !defined(KORE_NO_HTTP)
   1045 			/* No activity on channel, process HTTP requests. */
   1046 			process_requests = 1;
   1047 #endif
   1048 			continue;
   1049 		}
   1050 
   1051 		if (pfd[0].revents & (POLLERR | POLLHUP))
   1052 			break;
   1053 		if (!(pfd[0].revents & POLLIN))
   1054 			break;
   1055 
   1056 		worker->msg[1]->evt.flags |= KORE_EVENT_READ;
   1057 		if (!net_recv_flush(worker->msg[1]))
   1058 			break;
   1059 
   1060 		if (keymgr_response)
   1061 			break;
   1062 
   1063 #if !defined(KORE_NO_HTTP)
   1064 		/* If we've spent 100ms already, process HTTP requests. */
   1065 		if ((cur - start) > 100) {
   1066 			process_requests = 1;
   1067 		}
   1068 #endif
   1069 	}
   1070 }
   1071 
   1072 static void
   1073 tls_keymgr_msg_response(struct kore_msg *msg, const void *data)
   1074 {
   1075 	keymgr_response = 1;
   1076 	keymgr_buflen = msg->length;
   1077 
   1078 	if (keymgr_buflen > sizeof(keymgr_buf))
   1079 		return;
   1080 
   1081 	memcpy(keymgr_buf, data, keymgr_buflen);
   1082 }
   1083 
   1084 static int
   1085 tls_domain_x509_verify(int ok, X509_STORE_CTX *ctx)
   1086 {
   1087 	struct connection	*c;
   1088 	SSL			*tls;
   1089 	X509			*cert;
   1090 	const char		*text;
   1091 	int			error, depth;
   1092 
   1093 	if ((tls = X509_STORE_CTX_get_ex_data(ctx,
   1094 	    SSL_get_ex_data_X509_STORE_CTX_idx())) == NULL)
   1095 		fatal("X509_STORE_CTX_get_ex_data: no data");
   1096 
   1097 	if ((c = SSL_get_ex_data(tls, 0)) == NULL)
   1098 		fatal("no connection data in %s", __func__);
   1099 
   1100 	error = X509_STORE_CTX_get_error(ctx);
   1101 	cert = X509_STORE_CTX_get_current_cert(ctx);
   1102 
   1103 	if (ok == 0 && cert != NULL) {
   1104 		text = X509_verify_cert_error_string(error);
   1105 		depth = X509_STORE_CTX_get_error_depth(ctx);
   1106 
   1107 		kore_connection_log(c,
   1108 		    "X509 verification error depth:%d - %s", depth, text);
   1109 
   1110 		/* Continue on CRL validity errors. */
   1111 		switch (error) {
   1112 		case X509_V_ERR_CRL_HAS_EXPIRED:
   1113 		case X509_V_ERR_CRL_NOT_YET_VALID:
   1114 		case X509_V_ERR_UNABLE_TO_GET_CRL:
   1115 			ok = 1;
   1116 			break;
   1117 		}
   1118 	}
   1119 
   1120 	return (ok);
   1121 }
   1122 
   1123 /*
   1124  * What follows is basically a reimplementation of
   1125  * SSL_CTX_use_certificate_chain_file() from OpenSSL but with our
   1126  * BIO set to the pem data that we received.
   1127  */
   1128 static X509 *
   1129 tls_domain_load_certificate_chain(SSL_CTX *ctx, const void *data, size_t len)
   1130 {
   1131 	unsigned long	err;
   1132 	BIO		*in;
   1133 	X509		*x, *ca;
   1134 
   1135 	ERR_clear_error();
   1136 	in = BIO_new_mem_buf(data, len);
   1137 
   1138 	if ((x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL)) == NULL)
   1139 		return (NULL);
   1140 
   1141 	/* refcount for x509 will go up one. */
   1142 	if (SSL_CTX_use_certificate(ctx, x) == 0)
   1143 		return (NULL);
   1144 
   1145 	SSL_CTX_clear_chain_certs(ctx);
   1146 
   1147 	ERR_clear_error();
   1148 	while ((ca = PEM_read_bio_X509(in, NULL, NULL, NULL)) != NULL) {
   1149 		/* ca its reference count won't be increased. */
   1150 		if (SSL_CTX_add0_chain_cert(ctx, ca) == 0)
   1151 			return (NULL);
   1152 	}
   1153 
   1154 	err = ERR_peek_last_error();
   1155 
   1156 	if (ERR_GET_LIB(err) != ERR_LIB_PEM ||
   1157 	    ERR_GET_REASON(err) != PEM_R_NO_START_LINE)
   1158 		return (NULL);
   1159 
   1160 	BIO_free(in);
   1161 
   1162 	return (x);
   1163 }
   1164 
   1165 #if defined(KORE_USE_ACME)
   1166 static int
   1167 tls_acme_alpn(SSL *ssl, const unsigned char **out, unsigned char *outlen,
   1168     const unsigned char *in, unsigned int inlen, void *udata)
   1169 {
   1170 	struct connection	*c;
   1171 
   1172 	if ((c = SSL_get_ex_data(ssl, 0)) == NULL)
   1173 		fatal("%s: no connection data present", __func__);
   1174 
   1175 	if (inlen != sizeof(acme_alpn_name))
   1176 		return (SSL_TLSEXT_ERR_NOACK);
   1177 
   1178 	if (memcmp(acme_alpn_name, in, sizeof(acme_alpn_name)))
   1179 		return (SSL_TLSEXT_ERR_NOACK);
   1180 
   1181 	*out = in + 1;
   1182 	*outlen = inlen - 1;
   1183 
   1184 	c->flags |= CONN_TLS_ALPN_ACME_SEEN;
   1185 
   1186 	/*
   1187 	 * If SNI was already done, we can continue, otherwise we mark
   1188 	 * that we saw the right ALPN negotiation on this connection
   1189 	 * and wait for the SNI extension to be parsed.
   1190 	 */
   1191 	if (c->flags & CONN_TLS_SNI_SEEN) {
   1192 		/* SNI was seen, we are on the right domain. */
   1193 		tls_acme_challenge_set_cert(ssl, udata);
   1194 	}
   1195 
   1196 	return (SSL_TLSEXT_ERR_OK);
   1197 }
   1198 
   1199 static void
   1200 tls_acme_challenge_set_cert(SSL *ssl, struct kore_domain *dom)
   1201 {
   1202 	struct connection	*c;
   1203 	const unsigned char	*ptr;
   1204 	X509			*x509;
   1205 
   1206 	if (dom->acme == 0) {
   1207 		kore_log(LOG_NOTICE, "[%s] ACME not active", dom->domain);
   1208 		return;
   1209 	}
   1210 
   1211 	if (dom->acme_challenge == 0) {
   1212 		kore_log(LOG_NOTICE,
   1213 		    "[%s] ACME auth challenge not active", dom->domain);
   1214 		return;
   1215 	}
   1216 
   1217 	kore_log(LOG_INFO, "[%s] acme-tls/1 challenge requested",
   1218 	    dom->domain);
   1219 
   1220 	if ((c = SSL_get_ex_data(ssl, 0)) == NULL)
   1221 		fatal("%s: no connection data present", __func__);
   1222 
   1223 	ptr = dom->acme_cert;
   1224 	if ((x509 = d2i_X509(NULL, &ptr, dom->acme_cert_len)) == NULL)
   1225 		fatal("d2i_X509: %s", ssl_errno_s);
   1226 
   1227 	if (SSL_use_certificate(ssl, x509) == 0)
   1228 		fatal("SSL_use_certificate: %s", ssl_errno_s);
   1229 
   1230 	SSL_clear_chain_certs(ssl);
   1231 	SSL_set_verify(ssl, SSL_VERIFY_NONE, NULL);
   1232 
   1233 	c->proto = CONN_PROTO_ACME_ALPN;
   1234 }
   1235 #endif /* KORE_USE_ACME */