Support TLSv1.3 PHA in POST requests with cert authentication

[Impact]
Apache is lacking proper support for post-handshake-auth in TLSv1.3 POST requests using certificate authentication. This is used by freeipa, but any client doing a TLSv1.3 POST with certificate authentication is impacted and would need to downgrade the protocol to TLSv1.2.

This was fixed in debian[1] via patches from upstream[2]. There is an upstream bug report[3] requesting the backport of these patches from trunk.

It's also being shipped in Fedora[4] already.

[Test Case]
$ lxc launch ubuntu-daily:focal ubuntu

Enter the container as root:
$ lxc exec ubuntu bash

Verify hostname is "ubuntu":
# hostname
ubuntu

Install apache2:
apt update && apt install apache2

Download the following files from this other bug report and place them in /etc/apache2:
cd /etc/apache2
wget https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274492/+files/cacert.pem https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274493/+files/ubuntu.pem https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274494/+files/ubuntu.key

These certs are luckily still valid until june 2020, so they can be used for this bug as well.

Adjust permissions of the key file:
chmod 0640 /etc/apache2/ubuntu.key
chgrp www-data /etc/apache2/ubuntu.key

Download the client certificate and key files and place them in /root:
cd /root
wget https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274495/+files/client-auth.pem https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1833039/+attachment/5274496/+files/client-auth.key

Create this vhost file (caution, lines may wrap, in particular LogFormat: it should be one long line):
cat > /etc/apache2/sites-available/cert-auth-test.conf <<EOF
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        LogLevel info ssl:warn
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" protocol=%{SSL_PROTOCOL}x commonName=%{SSL_CLIENT_S_DN_CN}x" combined-ssl
        ErrorLog \${APACHE_LOG_DIR}/error.log
        CustomLog \${APACHE_LOG_DIR}/access.log combined-ssl
        SSLEngine on
        SSLCertificateFile /etc/apache2/ubuntu.pem
        SSLCertificateKeyFile /etc/apache2/ubuntu.key
        SSLCACertificateFile /etc/apache2/cacert.pem
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars
        </Directory>
        <Location />
                SSLRenegBufferSize 1024
                SSLVerifyClient require
                Require ssl-verify-client
        </Location>
    </VirtualHost>
</IfModule>
EOF

Enable the ssl module and this new vhost we just created:
a2enmod ssl && a2ensite cert-auth-test.conf

Restart apache2:
systemctl restart apache2

Verify that cert authentication is required:
root@ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --tlsv1.3 -f -H "Expect:"
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
  0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (56) OpenSSL SSL_read: error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required, errno 0

Verify that a GET request with the client certificate works:
root@ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -H "Expect:"
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 10918 100 10918 0 0 969k 0 --:--:-- --:--:-- --:--:-- 969k

Verify that POST request with the client certificate fails:
root@ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -F bug=true -H "Expect:"
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 142 0 0 100 142 0 12909 --:--:-- --:--:-- --:--:-- 14200
curl: (22) The requested URL returned error: 403 Forbidden

Server logs for the above:
==> /var/log/apache2/error.log <==
[Mon Apr 13 14:49:03.357183 2020] [ssl:error] [pid 12248:tid 139782462109440] [client 10.0.100.38:41002] AH02263: Re-negotiation handshake failed: Client certificate missing

==> /var/log/apache2/access.log <==
10.0.100.38 - - [13/Apr/2020:14:49:03 +0000] "POST / HTTP/1.1" 403 3798 "-" "curl/7.68.0" protocol=TLSv1.3 commonName=-

With the fixed packages, the POST request works:
root@ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -F bug=true -H "Expect:"
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 11060 100 10918 100 142 101k 1352 --:--:-- --:--:-- --:--:-- 102k

And the server log confirms it was a POST request, using certificates, and TLSv1.3:
==> /var/log/apache2/access.log <==
10.0.100.38 - - [13/Apr/2020:14:52:26 +0000] "POST / HTTP/1.1" 200 17118 "-" "curl/7.68.0" protocol=TLSv1.3 commonName=client-auth

To test the error message changed by tlsv13-add-logno.diff, submit a slightly bigger POST request:
root@ubuntu:~# curl --output index.html https://ubuntu/ --cacert /etc/apache2/cacert.pem --cert client-auth.pem --key client-auth.key --tlsv1.3 -f -H "Expect:" -F file=@/bin/ls
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 139k 0 0 100 139k 0 27.1M --:--:-- --:--:-- --:--:-- 27.1M
curl: (22) The requested URL returned error: 413 Request Entity Too Large

And in the server log:
==> /var/log/apache2/error.log <==
[Mon Apr 13 15:00:37.446562 2020] [ssl:error] [pid 13415:tid 140391466624768] [client 10.0.100.38:41272] AH02018: request body exceeds maximum size (1024) for SSL buffer
[Mon Apr 13 15:00:37.446620 2020] [ssl:error] [pid 13415:tid 140391466624768] [client 10.0.100.38:41272] AH10228: could not buffer message body to allow TLS Post-Handshake Authentication to proceed

==> /var/log/apache2/access.log <==
10.0.100.38 - - [13/Apr/2020:15:00:37 +0000] "POST / HTTP/1.1" 413 3721 "-" "curl/7.68.0" protocol=TLSv1.3 commonName=-

[Regression Potential]
TLSv1.3 has introduced changes that generated bugs in the past. The PHA change in particular is still to this day impacting many clients. Clients who claim to support TLSv1.3, negotiate this version of the protocol, but don't implement it fully and lack PHA.
Regressions can happen, but we should be able to back this change out in that case. It also gives some comfort knowing that this change is already applied upstream (but not backported to 2.4), and in other distributions (debian and fedora). It's also good that we have a simple test case.

[Other Info]
If this can't make it into focal prior to release, it can become an SRU, but the versioning might have to be changed then (i.e., become 2.4.41-4ubuntu2.1 instead of 2.4.41-4ubuntu3).

1. https://bugs.debian.org/955348 and https://salsa.debian.org/apache-team/apache2/-/commit/86b49fbd189484353d8462f2eb694cd6c9a53342
2. https://svn.apache.org/viewvc?view=revision&revision=1870095 and https://svn.apache.org/viewvc?view=revision&revision=1870097
3. https://bz.apache.org/bugzilla/show_bug.cgi?id=64242
4. https://bugzilla.redhat.com/show_bug.cgi?id=1775146