Merge pull request #9945 from Icinga/2139backport

Al2Klimov · web-flow · commit 600e631a4dbe · 2023-12-20T12:14:30.000+01:00
Disable TLS renegotiation, bump Windows deps and fix Icinga DB crashes
diff --git a/doc/21-development.md b/doc/21-development.md
@@ -477,18 +477,18 @@ File Type: EXECUTABLE IMAGE
 
   Image has the following dependencies:
 
-    boost_coroutine-vc142-mt-gd-x64-1_82.dll
-    boost_date_time-vc142-mt-gd-x64-1_82.dll
-    boost_filesystem-vc142-mt-gd-x64-1_82.dll
-    boost_thread-vc142-mt-gd-x64-1_82.dll
-    boost_regex-vc142-mt-gd-x64-1_82.dll
+    boost_coroutine-vc142-mt-gd-x64-1_83.dll
+    boost_date_time-vc142-mt-gd-x64-1_83.dll
+    boost_filesystem-vc142-mt-gd-x64-1_83.dll
+    boost_thread-vc142-mt-gd-x64-1_83.dll
+    boost_regex-vc142-mt-gd-x64-1_83.dll
     libssl-3_0-x64.dll
     libcrypto-3_0-x64.dll
     WS2_32.dll
     dbghelp.dll
     SHLWAPI.dll
     msi.dll
-    boost_unit_test_framework-vc142-mt-gd-x64-1_82.dll
+    boost_unit_test_framework-vc142-mt-gd-x64-1_83.dll
     KERNEL32.dll
     SHELL32.dll
     ADVAPI32.dll
@@ -1763,7 +1763,7 @@ mkdir build
 cd .\build\
 
 & "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE\CommonExtensions\Microsoft\CMake\CMake\bin\cmake.exe" `
-  -DICINGA2_UNITY_BUILD=OFF -DBoost_INCLUDE_DIR=C:\local\boost_1_82_0-Win64 `
+  -DICINGA2_UNITY_BUILD=OFF -DBoost_INCLUDE_DIR=C:\local\boost_1_83_0-Win64 `
   -DBISON_EXECUTABLE=C:\ProgramData\chocolatey\lib\winflexbison3\tools\win_bison.exe `
   -DFLEX_EXECUTABLE=C:\ProgramData\chocolatey\lib\winflexbison3\tools\win_flex.exe `
   -DICINGA2_WITH_MYSQL=OFF -DICINGA2_WITH_PGSQL=OFF ..
@@ -1936,29 +1936,29 @@ Download the [boost-binaries](https://sourceforge.net/projects/boost/files/boost
 - 64 for 64 bit builds
 
 ```
-https://sourceforge.net/projects/boost/files/boost-binaries/1.82.0/boost_1_82_0-msvc-14.2-64.exe/download
+https://sourceforge.net/projects/boost/files/boost-binaries/1.82.0/boost_1_83_0-msvc-14.2-64.exe/download
 ```
 
-Run the installer and leave the default installation path in `C:\local\boost_1_82_0`.
+Run the installer and leave the default installation path in `C:\local\boost_1_83_0`.
 
 
 ##### Source & Compile
 
 In order to use the boost development header and library files you need to [download](https://www.boost.org/users/download/)
-Boost and then extract it to e.g. `C:\local\boost_1_82_0`.
+Boost and then extract it to e.g. `C:\local\boost_1_83_0`.
 
 > **Note**
 >
 > Just use `C:\local`, the zip file already contains the sub folder. Extraction takes a while,
 > the archive contains more than 70k files.
 
 In order to integrate Boost into Visual Studio, open the `Developer Command Prompt` from the start menu,
-and navigate to `C:\local\boost_1_82_0`.
+and navigate to `C:\local\boost_1_83_0`.
 
 Execute `bootstrap.bat` first.
 
 ```
-cd C:\local\boost_1_82_0
+cd C:\local\boost_1_83_0
 bootstrap.bat
 ```
 
@@ -2041,8 +2041,8 @@ You need to specify the previously installed component paths.
 
 Variable              | Value                                                                | Description
 ----------------------|----------------------------------------------------------------------|-------------------------------------------------------
-`BOOST_ROOT`          | `C:\local\boost_1_82_0`                                                    | Root path where you've extracted and compiled Boost.
-`BOOST_LIBRARYDIR`    | Binary: `C:\local\boost_1_82_0\lib64-msvc-14.2`, Source: `C:\local\boost_1_82_0\stage` | Path to the static compiled Boost libraries, directory must contain `lib`.
+`BOOST_ROOT`          | `C:\local\boost_1_83_0`                                                    | Root path where you've extracted and compiled Boost.
+`BOOST_LIBRARYDIR`    | Binary: `C:\local\boost_1_83_0\lib64-msvc-14.2`, Source: `C:\local\boost_1_83_0\stage` | Path to the static compiled Boost libraries, directory must contain `lib`.
 `BISON_EXECUTABLE`    | `C:\ProgramData\chocolatey\lib\winflexbison\tools\win_bison.exe`     | Path to the Bison executable.
 `FLEX_EXECUTABLE`     | `C:\ProgramData\chocolatey\lib\winflexbison\tools\win_flex.exe`      | Path to the Flex executable.
 `ICINGA2_WITH_MYSQL`  | OFF                                                                  | Requires extra setup for MySQL if set to `ON`. Not supported for client setups.
@@ -2079,8 +2079,8 @@ $env:ICINGA2_INSTALLPATH = 'C:\Program Files\Icinga2-debug'
 $env:ICINGA2_BUILDPATH='debug'
 $env:CMAKE_BUILD_TYPE='Debug'
 $env:OPENSSL_ROOT_DIR='C:\OpenSSL-Win64'
-$env:BOOST_ROOT='C:\local\boost_1_82_0'
-$env:BOOST_LIBRARYDIR='C:\local\boost_1_82_0\lib64-msvc-14.2'
+$env:BOOST_ROOT='C:\local\boost_1_83_0'
+$env:BOOST_LIBRARYDIR='C:\local\boost_1_83_0\lib64-msvc-14.2'
 ```
 
 #### Icinga 2 in Visual Studio
diff --git a/doc/win-dev.ps1 b/doc/win-dev.ps1
@@ -13,8 +13,8 @@ function ThrowOnNativeFailure {
 
 $VsVersion = 2019
 $MsvcVersion = '14.2'
-$BoostVersion = @(1, 82, 0)
-$OpensslVersion = '3_0_9'
+$BoostVersion = @(1, 83, 0)
+$OpensslVersion = '3_0_12'
 
 switch ($Env:BITS) {
 	32 { }
diff --git a/lib/base/tlsutility.cpp b/lib/base/tlsutility.cpp
@@ -11,6 +11,8 @@
 #include <boost/asio/ssl/context.hpp>
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
+#include <openssl/ssl.h>
+#include <openssl/ssl3.h>
 #include <fstream>
 
 namespace icinga
@@ -91,6 +93,16 @@ static void InitSslContext(const Shared<boost::asio::ssl::context>::Ptr& context
 
 	flags |= SSL_OP_CIPHER_SERVER_PREFERENCE;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	SSL_CTX_set_info_callback(sslContext, [](const SSL* ssl, int where, int) {
+		if (where & SSL_CB_HANDSHAKE_DONE) {
+			ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+		}
+	});
+#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+	flags |= SSL_OP_NO_RENEGOTIATION;
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
 	SSL_CTX_set_options(sslContext, flags);
 
 	SSL_CTX_set_mode(sslContext, SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
diff --git a/lib/icingadb/icingadb-objects.cpp b/lib/icingadb/icingadb-objects.cpp
@@ -1570,6 +1570,9 @@ IcingaDB::CreateConfigUpdate(const ConfigObject::Ptr& object, const String typeN
 
 void IcingaDB::SendConfigDelete(const ConfigObject::Ptr& object)
 {
+	if (!m_Rcon || !m_Rcon->IsConnected())
+		return;
+
 	Type::Ptr type = object->GetReflectionType();
 	String typeName = type->GetName().ToLower();
 	String objectKey = GetObjectIdentifier(object);
@@ -1853,6 +1856,7 @@ void IcingaDB::SendStartedDowntime(const Downtime::Ptr& downtime)
 		"scheduled_end_time", Convert::ToString(TimestampToMilliseconds(downtime->GetEndTime())),
 		"has_been_cancelled", Convert::ToString((unsigned short)downtime->GetWasCancelled()),
 		"trigger_time", Convert::ToString(TimestampToMilliseconds(downtime->GetTriggerTime())),
+		"cancel_time", Convert::ToString(TimestampToMilliseconds(downtime->GetRemoveTime())),
 		"event_id", CalcEventID("downtime_start", downtime),
 		"event_type", "downtime_start"
 	});
diff --git a/tools/win32/configure-dev.ps1 b/tools/win32/configure-dev.ps1
@@ -31,10 +31,10 @@ if (-not (Test-Path env:OPENSSL_ROOT_DIR)) {
   $env:OPENSSL_ROOT_DIR = 'c:\local\OpenSSL-Win64'
 }
 if (-not (Test-Path env:BOOST_ROOT)) {
-  $env:BOOST_ROOT = 'c:\local\boost_1_82_0'
+  $env:BOOST_ROOT = 'c:\local\boost_1_83_0'
 }
 if (-not (Test-Path env:BOOST_LIBRARYDIR)) {
-  $env:BOOST_LIBRARYDIR = 'c:\local\boost_1_82_0\lib64-msvc-14.2'
+  $env:BOOST_LIBRARYDIR = 'c:\local\boost_1_83_0\lib64-msvc-14.2'
 }
 if (-not (Test-Path env:FLEX_BINARY)) {
   $env:FLEX_BINARY = 'C:\ProgramData\chocolatey\bin\win_flex.exe'
diff --git a/tools/win32/configure.ps1 b/tools/win32/configure.ps1
@@ -30,13 +30,13 @@ if (-not (Test-Path env:CMAKE_GENERATOR_PLATFORM)) {
   }
 }
 if (-not (Test-Path env:OPENSSL_ROOT_DIR)) {
-  $env:OPENSSL_ROOT_DIR = "c:\local\OpenSSL_3_0_9-Win${env:BITS}"
+  $env:OPENSSL_ROOT_DIR = "c:\local\OpenSSL_3_0_12-Win${env:BITS}"
 }
 if (-not (Test-Path env:BOOST_ROOT)) {
-  $env:BOOST_ROOT = "c:\local\boost_1_82_0-Win${env:BITS}"
+  $env:BOOST_ROOT = "c:\local\boost_1_83_0-Win${env:BITS}"
 }
 if (-not (Test-Path env:BOOST_LIBRARYDIR)) {
-  $env:BOOST_LIBRARYDIR = "c:\local\boost_1_82_0-Win${env:BITS}\lib${env:BITS}-msvc-14.2"
+  $env:BOOST_LIBRARYDIR = "c:\local\boost_1_83_0-Win${env:BITS}\lib${env:BITS}-msvc-14.2"
 }
 if (-not (Test-Path env:FLEX_BINARY)) {
   $env:FLEX_BINARY = 'C:\ProgramData\chocolatey\bin\win_flex.exe'

Original file line number	Diff line number	Diff line change
`@@ -31,10 +31,10 @@ if (-not (Test-Path env:OPENSSL_ROOT_DIR)) {`
`31`	`31`	`$env:OPENSSL_ROOT_DIR = 'c:\local\OpenSSL-Win64'`
`32`	`32`	`}`
`33`	`33`	`if (-not (Test-Path env:BOOST_ROOT)) {`
`34`		`- $env:BOOST_ROOT = 'c:\local\boost_1_82_0'`
	`34`	`+ $env:BOOST_ROOT = 'c:\local\boost_1_83_0'`
`35`	`35`	`}`
`36`	`36`	`if (-not (Test-Path env:BOOST_LIBRARYDIR)) {`
`37`		`- $env:BOOST_LIBRARYDIR = 'c:\local\boost_1_82_0\lib64-msvc-14.2'`
	`37`	`+ $env:BOOST_LIBRARYDIR = 'c:\local\boost_1_83_0\lib64-msvc-14.2'`
`38`	`38`	`}`
`39`	`39`	`if (-not (Test-Path env:FLEX_BINARY)) {`
`40`	`40`	`$env:FLEX_BINARY = 'C:\ProgramData\chocolatey\bin\win_flex.exe'`
Original file line number	Diff line number	Diff line change
`@@ -30,13 +30,13 @@ if (-not (Test-Path env:CMAKE_GENERATOR_PLATFORM)) {`
`30`	`30`	`}`
`31`	`31`	`}`
`32`	`32`	`if (-not (Test-Path env:OPENSSL_ROOT_DIR)) {`
`33`		`- $env:OPENSSL_ROOT_DIR = "c:\local\OpenSSL_3_0_9-Win${env:BITS}"`
	`33`	`+ $env:OPENSSL_ROOT_DIR = "c:\local\OpenSSL_3_0_12-Win${env:BITS}"`
`34`	`34`	`}`
`35`	`35`	`if (-not (Test-Path env:BOOST_ROOT)) {`
`36`		`- $env:BOOST_ROOT = "c:\local\boost_1_82_0-Win${env:BITS}"`
	`36`	`+ $env:BOOST_ROOT = "c:\local\boost_1_83_0-Win${env:BITS}"`
`37`	`37`	`}`
`38`	`38`	`if (-not (Test-Path env:BOOST_LIBRARYDIR)) {`
`39`		`- $env:BOOST_LIBRARYDIR = "c:\local\boost_1_82_0-Win${env:BITS}\lib${env:BITS}-msvc-14.2"`
	`39`	`+ $env:BOOST_LIBRARYDIR = "c:\local\boost_1_83_0-Win${env:BITS}\lib${env:BITS}-msvc-14.2"`
`40`	`40`	`}`
`41`	`41`	`if (-not (Test-Path env:FLEX_BINARY)) {`
`42`	`42`	`$env:FLEX_BINARY = 'C:\ProgramData\chocolatey\bin\win_flex.exe'`