You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by kb...@apache.org on 2011/09/14 14:25:31 UTC

svn commit: r1170567 - /httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Author: kbrand
Date: Wed Sep 14 12:25:31 2011
New Revision: 1170567

URL: http://svn.apache.org/viewvc?rev=1170567&view=rev
Log:
ssl_callback_proxy_cert(): take advantage of ssl_log_cxerror()
when logging proxy client cert information

Modified:
    httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c?rev=1170567&r1=1170566&r2=1170567&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c Wed Sep 14 12:25:31 2011
@@ -1562,25 +1562,13 @@ int ssl_callback_SSLVerify(int ok, X509_
 #define SSLPROXY_CERT_CB_LOG_FMT \
    "Proxy client certificate callback: (%s) "
 
-static void modssl_proxy_info_log(server_rec *s,
+static void modssl_proxy_info_log(conn_rec *c,
                                   X509_INFO *info,
                                   const char *msg)
 {
-    SSLSrvConfigRec *sc = mySrvConfig(s);
-    char name_buf[256];
-    X509_NAME *name;
-    char *dn;
-
-    if (!APLOGdebug(s)) {
-        return;
-    }
-
-    name = X509_get_subject_name(info->x509);
-    dn = X509_NAME_oneline(name, name_buf, sizeof(name_buf));
-
-    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
-                 SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s",
-                 sc->vhost_id, msg, dn ? dn : "-uknown-");
+    ssl_log_cxerror(SSLLOG_MARK, APLOG_DEBUG, 0, c, info->x509,
+                    SSLPROXY_CERT_CB_LOG_FMT "%s, sending",
+                    (mySrvConfigFromConn(c))->vhost_id, msg);
 }
 
 /*
@@ -1628,7 +1616,7 @@ int ssl_callback_proxy_cert(SSL *ssl, X5
          */
         info = sk_X509_INFO_value(certs, 0);
 
-        modssl_proxy_info_log(s, info, "no acceptable CA list");
+        modssl_proxy_info_log(c, info, "no acceptable CA list");
 
         modssl_set_cert_info(info, x509, pkey);
 
@@ -1645,7 +1633,7 @@ int ssl_callback_proxy_cert(SSL *ssl, X5
 
             /* Search certs (by issuer name) one by one*/
             if (X509_NAME_cmp(issuer, ca_name) == 0) {
-                modssl_proxy_info_log(s, info, "found acceptable cert");
+                modssl_proxy_info_log(c, info, "found acceptable cert");
 
                 modssl_set_cert_info(info, x509, pkey);
 
@@ -1663,7 +1651,7 @@ int ssl_callback_proxy_cert(SSL *ssl, X5
                     ca_issuer = X509_get_issuer_name(ca_info->x509);
 
                     if(X509_NAME_cmp(ca_issuer, ca_name) == 0 ) {
-                        modssl_proxy_info_log(s, info, "found acceptable cert by intermediary");
+                        modssl_proxy_info_log(c, info, "found acceptable cert by intermediary");
 
                         modssl_set_cert_info(info, x509, pkey);