You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mi...@apache.org on 2013/05/23 15:12:45 UTC
svn commit: r1485689 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS
modules/ssl/ssl_engine_init.c
Author: minfrin
Date: Thu May 23 13:12:44 2013
New Revision: 1485689
URL: http://svn.apache.org/r1485689
Log:
mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
in the error log to debug level.
trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1447993
2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-quiet-fips.patch
Submitted by: wrowe
Reviewed by: druggeri, kbrand
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1485689&r1=1485688&r2=1485689&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Thu May 23 13:12:44 2013
@@ -6,6 +6,9 @@ Changes with Apache 2.2.25
escaped to prevent terminal escape sequences from entering the
log file. [Joe Orton]
+ *) mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
+ in the error log to debug level. [William Rowe]
+
*) htdigest: Fix buffer overflow when reading digest password file
with very long lines. PR 54893. [Rainer Jung]
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1485689&r1=1485688&r2=1485689&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Thu May 23 13:12:44 2013
@@ -96,13 +96,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
- in the error log to debug level. [William Rowe]
- trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1447993
- 2.4.x patch: trunk patch applies.
- 2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-quiet-fips.patch
- +1: wrowe, druggeri, kbrand
-
* mod_authnz_ldap: Allow using exec: callouts like SSLPassphraseDialog
for AuthLDAPBindPassword.
trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1433478
Modified: httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c?rev=1485689&r1=1485688&r2=1485689&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.2.x/modules/ssl/ssl_engine_init.c Thu May 23 13:12:44 2013
@@ -83,7 +83,7 @@ static int ssl_tmp_key_init_rsa(server_r
if (FIPS_mode() && bits < 1024) {
mc->pTmpKeys[idx] = NULL;
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Init: Skipping generating temporary "
"%d bit RSA private key in FIPS mode", bits);
return OK;
@@ -113,7 +113,7 @@ static int ssl_tmp_key_init_dh(server_re
if (FIPS_mode() && bits < 1024) {
mc->pTmpKeys[idx] = NULL;
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Init: Skipping generating temporary "
"%d bit DH parameters in FIPS mode", bits);
return OK;
@@ -276,7 +276,7 @@ int ssl_init_Module(apr_pool_t *p, apr_p
}
}
else {
- ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"SSL FIPS mode disabled");
}
#endif