You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by kb...@apache.org on 2011/09/14 14:25:31 UTC
svn commit: r1170567 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
Author: kbrand
Date: Wed Sep 14 12:25:31 2011
New Revision: 1170567
URL: http://svn.apache.org/viewvc?rev=1170567&view=rev
Log:
ssl_callback_proxy_cert(): take advantage of ssl_log_cxerror()
when logging proxy client cert information
Modified:
httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1170567&r1=1170566&r2=1170567&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Wed Sep 14 12:25:31 2011
@@ -1562,25 +1562,13 @@ int ssl_callback_SSLVerify(int ok, X509_
#define SSLPROXY_CERT_CB_LOG_FMT \
"Proxy client certificate callback: (%s) "
-static void modssl_proxy_info_log(server_rec *s,
+static void modssl_proxy_info_log(conn_rec *c,
X509_INFO *info,
const char *msg)
{
- SSLSrvConfigRec *sc = mySrvConfig(s);
- char name_buf[256];
- X509_NAME *name;
- char *dn;
-
- if (!APLOGdebug(s)) {
- return;
- }
-
- name = X509_get_subject_name(info->x509);
- dn = X509_NAME_oneline(name, name_buf, sizeof(name_buf));
-
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
- SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s",
- sc->vhost_id, msg, dn ? dn : "-uknown-");
+ ssl_log_cxerror(SSLLOG_MARK, APLOG_DEBUG, 0, c, info->x509,
+ SSLPROXY_CERT_CB_LOG_FMT "%s, sending",
+ (mySrvConfigFromConn(c))->vhost_id, msg);
}
/*
@@ -1628,7 +1616,7 @@ int ssl_callback_proxy_cert(SSL *ssl, X5
*/
info = sk_X509_INFO_value(certs, 0);
- modssl_proxy_info_log(s, info, "no acceptable CA list");
+ modssl_proxy_info_log(c, info, "no acceptable CA list");
modssl_set_cert_info(info, x509, pkey);
@@ -1645,7 +1633,7 @@ int ssl_callback_proxy_cert(SSL *ssl, X5
/* Search certs (by issuer name) one by one*/
if (X509_NAME_cmp(issuer, ca_name) == 0) {
- modssl_proxy_info_log(s, info, "found acceptable cert");
+ modssl_proxy_info_log(c, info, "found acceptable cert");
modssl_set_cert_info(info, x509, pkey);
@@ -1663,7 +1651,7 @@ int ssl_callback_proxy_cert(SSL *ssl, X5
ca_issuer = X509_get_issuer_name(ca_info->x509);
if(X509_NAME_cmp(ca_issuer, ca_name) == 0 ) {
- modssl_proxy_info_log(s, info, "found acceptable cert by intermediary");
+ modssl_proxy_info_log(c, info, "found acceptable cert by intermediary");
modssl_set_cert_info(info, x509, pkey);