You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by je...@apache.org on 2002/05/16 08:09:14 UTC
cvs commit: httpd-2.0/modules/ssl mod_ssl.c mod_ssl.h ssl_engine_config.c ssl_engine_init.c ssl_engine_io.c ssl_engine_kernel.c ssl_engine_log.c
jerenkrantz 02/05/15 23:09:14
Modified: . CHANGES
docs/conf ssl-std.conf
docs/manual/mod mod_ssl.xml
modules/ssl mod_ssl.c mod_ssl.h ssl_engine_config.c
ssl_engine_init.c ssl_engine_io.c
ssl_engine_kernel.c ssl_engine_log.c
Log:
Remove SSLLog and SSLLogLevel directives in favor of having mod_ssl use the
standard ErrorLog directives.
Revision Changes Path
1.774 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.773
retrieving revision 1.774
diff -u -r1.773 -r1.774
--- CHANGES 15 May 2002 17:47:39 -0000 1.773
+++ CHANGES 16 May 2002 06:09:12 -0000 1.774
@@ -1,5 +1,8 @@
Changes with Apache 2.0.37
+ *) Remove SSLLog and SSLLogLevel directives in favor of having
+ mod_ssl use the standard ErrorLog directives. [Justin Erenkrantz]
+
*) OS/390: LIBPATH no longer has to be manually uncommented in
envvars to get apachectl to set up httpd properly. [Jeff Trawick]
1.8 +0 -10 httpd-2.0/docs/conf/ssl-std.conf
Index: ssl-std.conf
===================================================================
RCS file: /home/cvs/httpd-2.0/docs/conf/ssl-std.conf,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
--- ssl-std.conf 7 Nov 2001 22:16:09 -0000 1.7
+++ ssl-std.conf 16 May 2002 06:09:13 -0000 1.8
@@ -82,16 +82,6 @@
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
-# Logging:
-# The home of the dedicated SSL protocol logfile. Errors are
-# additionally duplicated in the general error log file. Put
-# this somewhere where it cannot be used for symlink attacks on
-# a real server (i.e. somewhere where only root can write).
-# Log levels are (ascending order: higher ones include lower ones):
-# none, error, warn, info, trace, debug.
-SSLLog logs/ssl_engine_log
-SSLLogLevel info
-
##
## SSL Virtual Host Context
##
1.3 +0 -72 httpd-2.0/docs/manual/mod/mod_ssl.xml
Index: mod_ssl.xml
===================================================================
RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_ssl.xml,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- mod_ssl.xml 6 May 2002 11:56:42 -0000 1.2
+++ mod_ssl.xml 16 May 2002 06:09:13 -0000 1.3
@@ -902,78 +902,6 @@
</directivesynopsis>
<directivesynopsis>
-<name>SSLLog</name>
-<description>Where to write the dedicated SSL engine logfile</description>
-<syntax>SSLLog <em>file-path</em></syntax>
-<contextlist><context>server config</context>
-<context>virtual host</context></contextlist>
-
-<usage>
-<p>
-This directive sets the name of the dedicated SSL protocol engine logfile.
-Error type messages are additionally duplicated to the general Apache error
-log file (directive <code>ErrorLog</code>). Put this somewhere where it cannot
-be used for symlink attacks on a real server (i.e. somewhere where only root
-can write). If the <em>file-path</em> does not begin with a slash
-('<code>/</code>') then it is assumed to be relative to the <em>Server
-Root</em>. If <em>file-path</em> begins with a bar ('<code>|</code>') then the
-following string is assumed to be a path to an executable program to which a
-reliable pipe can be established. The directive should occur only once per
-virtual server config.</p>
-<example><title>Example</title>
-SSLLog /usr/local/apache/logs/ssl_engine_log
-</example>
-</usage>
-</directivesynopsis>
-
-<directivesynopsis>
-<name>SSLLogLevel</name>
-<description>Logging level for the dedicated SSL engine
-logfile</description>
-<syntax>SSLLogLevel <em>level</em></syntax>
-<default>SSLLogLevel none</default>
-<contextlist><context>server config</context>
-<context>virtual host</context></contextlist>
-
-<usage>
-<p>
-This directive sets the verbosity degree of the dedicated SSL protocol engine
-logfile. The <em>level</em> is one of the following (in ascending order where
-higher levels include lower levels):</p>
-<ul>
-<li><code>none</code><br />
- no dedicated SSL logging is done, but messages of level
- ``<code>error</code>'' are still written to the general Apache error
- logfile.
-</li>
-<li><code>error</code><br />
- log messages of error type only, i.e. messages which show fatal situations
- (processing is stopped). Those messages are also duplicated to the
- general Apache error logfile.
-</li>
-<li><code>warn</code><br />
- log also warning messages, i.e. messages which show non-fatal problems
- (processing is continued).
-</li>
-<li><code>info</code><br />
- log also informational messages, i.e. messages which show major
- processing steps.
-</li>
-<li><code>trace</code><br />
- log also trace messages, i.e. messages which show minor processing steps.
-</li>
-<li><code>debug</code><br />
- log also debugging messages, i.e. messages which show development and
- low-level I/O information.
-</li>
-</ul>
-<example><title>Example</title>
-SSLLogLevel warn
-</example>
-</usage>
-</directivesynopsis>
-
-<directivesynopsis>
<name>SSLOptions</name>
<description>Configure various SSL engine run-time options</description>
<syntax>SSLOptions [+|-]<em>option</em> ...</syntax>
1.67 +6 -8 httpd-2.0/modules/ssl/mod_ssl.c
Index: mod_ssl.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- mod_ssl.c 16 May 2002 05:17:10 -0000 1.66
+++ mod_ssl.c 16 May 2002 06:09:13 -0000 1.67
@@ -141,12 +141,6 @@
SSL_CMD_SRV(SessionCacheTimeout, TAKE1,
"SSL Session Cache object lifetime "
"(`N' - number of seconds)")
- SSL_CMD_SRV(Log, TAKE1,
- "SSL logfile for SSL-related messages "
- "(`/path/to/file', `|/path/to/program')")
- SSL_CMD_SRV(LogLevel, TAKE1,
- "SSL logfile verbosity level "
- "(`none', `error', `warn', `info', `debug')")
SSL_CMD_SRV(Protocol, RAW_ARGS,
"Enable or disable various SSL protocols"
"(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
@@ -201,6 +195,12 @@
"Require a boolean expression to evaluate to true for granting access"
"(arbitrary complex boolean expression - see manual)")
+ /* Deprecated directives. */
+ AP_INIT_RAW_ARGS("SSLLog", ap_set_deprecated, NULL, OR_ALL,
+ "SSLLog directive is no longer supported - use ErrorLog."),
+ AP_INIT_RAW_ARGS("SSLLogLevel", ap_set_deprecated, NULL, OR_ALL,
+ "SSLLogLevel directive is no longer supported - use LogLevel."),
+
AP_END_CMD
};
@@ -301,8 +301,6 @@
if (sslconn->disabled) {
return DECLINED;
}
-
- sslconn->log_level = sc->log_level;
/*
* Remember the connection information for
1.117 +0 -29 httpd-2.0/modules/ssl/mod_ssl.h
Index: mod_ssl.h
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
retrieving revision 1.116
retrieving revision 1.117
diff -u -r1.116 -r1.117
--- mod_ssl.h 15 May 2002 23:10:33 -0000 1.116
+++ mod_ssl.h 16 May 2002 06:09:13 -0000 1.117
@@ -204,25 +204,6 @@
#define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num)
/*
- * SSL Logging
- */
-#define SSL_LOG_NONE (1<<0)
-#define SSL_LOG_ERROR (1<<1)
-#define SSL_LOG_WARN (1<<2)
-#define SSL_LOG_INFO (1<<3)
-#define SSL_LOG_TRACE (1<<4)
-#define SSL_LOG_DEBUG (1<<5)
-#define SSL_LOG_MASK (SSL_LOG_ERROR|SSL_LOG_WARN|SSL_LOG_INFO|SSL_LOG_TRACE|SSL_LOG_DEBUG)
-
-#define SSL_ADD_NONE (1<<8)
-#define SSL_ADD_ERRNO (1<<9)
-#define SSL_ADD_SSLERR (1<<10)
-#define SSL_NO_TIMESTAMP (1<<11)
-#define SSL_NO_LEVELID (1<<12)
-#define SSL_NO_NEWLINE (1<<13)
-#define SSL_INIT (1<<14)
-
-/*
* Defaults for the configuration
*/
#ifndef SSL_SESSION_CACHE_TIMEOUT
@@ -431,13 +412,10 @@
const char *verify_info;
const char *verify_error;
int verify_depth;
- int log_level; /* for avoiding expensive logging */
int is_proxy;
int disabled;
} SSLConnRec;
-#define SSLConnLogApplies(sslconn, level) (sslconn->log_level >= level)
-
typedef struct {
pid_t pid;
apr_pool_t *pPool;
@@ -528,9 +506,6 @@
BOOL proxy_enabled;
const char *vhost_id;
int vhost_id_len;
- const char *log_file_name;
- apr_file_t *log_file;
- int log_level;
int session_cache_timeout;
modssl_ctx_t *server;
modssl_ctx_t *proxy;
@@ -586,8 +561,6 @@
const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLLog(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLLogLevel(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
@@ -704,8 +677,6 @@
int ssl_mutex_off(server_rec *);
/* Logfile Support */
-void ssl_log_open(server_rec *, server_rec *, apr_pool_t *);
-void ssl_log(server_rec *, int, const char *, ...);
void ssl_die(void);
void ssl_log_ssl_error(const char *, int, int, server_rec *);
1.67 +0 -60 httpd-2.0/modules/ssl/ssl_engine_config.c
Index: ssl_engine_config.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_config.c,v
retrieving revision 1.66
retrieving revision 1.67
diff -u -r1.66 -r1.67
--- ssl_engine_config.c 2 Apr 2002 21:56:12 -0000 1.66
+++ ssl_engine_config.c 16 May 2002 06:09:13 -0000 1.67
@@ -209,9 +209,6 @@
sc->proxy_enabled = UNSET;
sc->vhost_id = NULL; /* set during module init */
sc->vhost_id_len = 0; /* set during module init */
- sc->log_file_name = NULL;
- sc->log_file = NULL; /* set during module init */
- sc->log_level = SSL_LOG_NONE;
sc->session_cache_timeout = UNSET;
modssl_ctx_init_proxy(sc, p);
@@ -296,8 +293,6 @@
cfgMerge(mc, NULL);
cfgMergeBool(enabled);
cfgMergeBool(proxy_enabled);
- cfgMergeString(log_file_name);
- cfgMerge(log_level, SSL_LOG_NONE);
cfgMergeInt(session_cache_timeout);
modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
@@ -1047,61 +1042,6 @@
if (sc->session_cache_timeout < 0) {
return "SSLSessionCacheTimeout: Invalid argument";
- }
-
- return NULL;
-}
-
-#define SSL_FLAGS_LOG_CONTEXT \
- (NOT_IN_LIMIT|NOT_IN_DIRECTORY|NOT_IN_LOCATION|NOT_IN_FILES)
-
-const char *ssl_cmd_SSLLog(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- const char *err;
-
- if ((err = ap_check_cmd_context(cmd, SSL_FLAGS_LOG_CONTEXT))) {
- return err;
- }
-
- sc->log_file_name = arg;
-
- return NULL;
-}
-
-const char *ssl_cmd_SSLLogLevel(cmd_parms *cmd,
- void *dcfg,
- const char *level)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
- const char *err;
-
- if ((err = ap_check_cmd_context(cmd, SSL_FLAGS_LOG_CONTEXT))) {
- return err;
- }
-
- if (strcEQ(level, "none")) {
- sc->log_level = SSL_LOG_NONE;
- }
- else if (strcEQ(level, "error")) {
- sc->log_level = SSL_LOG_ERROR;
- }
- else if (strcEQ(level, "warn")) {
- sc->log_level = SSL_LOG_WARN;
- }
- else if (strcEQ(level, "info")) {
- sc->log_level = SSL_LOG_INFO;
- }
- else if (strcEQ(level, "trace")) {
- sc->log_level = SSL_LOG_TRACE;
- }
- else if (strcEQ(level, "debug")) {
- sc->log_level = SSL_LOG_DEBUG;
- }
- else {
- return "SSLLogLevel: Invalid argument";
}
return NULL;
1.97 +2 -4 httpd-2.0/modules/ssl/ssl_engine_init.c
Index: ssl_engine_init.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- ssl_engine_init.c 16 May 2002 05:17:10 -0000 1.96
+++ ssl_engine_init.c 16 May 2002 06:09:13 -0000 1.97
@@ -255,8 +255,6 @@
sc->server->pphrase_dialog_type = SSL_PPTYPE_BUILTIN;
}
- /* Open the dedicated SSL logfile */
- ssl_log_open(base_server, s, p);
}
ssl_init_SSLLibrary(base_server);
@@ -499,8 +497,8 @@
SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH);
- if (mctx->sc->log_level >= SSL_LOG_INFO) {
- /* this callback only logs if SSLLogLevel >= info */
+ if (s->loglevel >= APLOG_DEBUG) {
+ /* this callback only logs if LogLevel >= info */
SSL_CTX_set_info_callback(ctx, ssl_callback_LogTracingState);
}
}
1.76 +1 -2 httpd-2.0/modules/ssl/ssl_engine_io.c
Index: ssl_engine_io.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
retrieving revision 1.75
retrieving revision 1.76
diff -u -r1.75 -r1.76
--- ssl_engine_io.c 16 May 2002 05:17:10 -0000 1.75
+++ ssl_engine_io.c 16 May 2002 06:09:13 -0000 1.76
@@ -903,7 +903,6 @@
void ssl_io_filter_init(conn_rec *c, SSL *ssl)
{
- SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
SSLFilterRec *filter;
filter = apr_palloc(c->pool, sizeof(SSLFilterRec));
@@ -922,7 +921,7 @@
apr_pool_cleanup_register(c->pool, (void*)filter,
ssl_io_filter_cleanup, apr_pool_cleanup_null);
- if (sc->log_level >= SSL_LOG_DEBUG) {
+ if (c->base_server->loglevel >= APLOG_DEBUG) {
BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
}
1.70 +8 -9 httpd-2.0/modules/ssl/ssl_engine_kernel.c
Index: ssl_engine_kernel.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -r1.69 -r1.70
--- ssl_engine_kernel.c 16 May 2002 05:17:10 -0000 1.69
+++ ssl_engine_kernel.c 16 May 2002 06:09:13 -0000 1.70
@@ -145,7 +145,7 @@
SSL_smart_shutdown(ssl);
/* and finally log the fact that we've closed the connection */
- if (SSLConnLogApplies(sslconn, SSL_LOG_INFO)) {
+ if (conn->base_server->loglevel >= APLOG_INFO) {
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, conn->base_server,
"Connection to child %ld closed with %s shutdown"
"(server %s, client %s)",
@@ -243,7 +243,7 @@
/*
* Log information about incoming HTTPS requests
*/
- if (SSLConnLogApplies(sslconn, SSL_LOG_INFO) && ap_is_initial_req(r)) {
+ if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server,
"%s HTTPS request received for child %ld (server %s)",
(r->connection->keepalives <= 0 ?
@@ -1280,7 +1280,7 @@
/*
* Log verification information
*/
- if (sc->log_level >= SSL_LOG_TRACE) {
+ if (s->loglevel >= APLOG_DEBUG) {
X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
char *sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
char *iname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
@@ -1455,7 +1455,7 @@
* Log information about CRL
* (A little bit complicated because of ASN.1 and BIOs...)
*/
- if (sc->log_level >= SSL_LOG_TRACE) {
+ if (s->loglevel >= APLOG_DEBUG) {
char buff[512]; /* should be plenty */
BIO *bio = BIO_new(BIO_s_mem());
@@ -1541,7 +1541,7 @@
ASN1_INTEGER *sn = X509_REVOKED_get_serialNumber(revoked);
if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(cert))) {
- if (sc->log_level >= SSL_LOG_INFO) {
+ if (s->loglevel >= APLOG_DEBUG) {
char *cp = X509_NAME_oneline(issuer, NULL, 0);
long serial = ASN1_INTEGER_get(sn);
@@ -1577,7 +1577,7 @@
X509_NAME *name;
const char *dn;
- if (sc->log_level < SSL_LOG_TRACE) {
+ if (s->loglevel < APLOG_DEBUG) {
return;
}
@@ -1671,11 +1671,10 @@
const char *result,
long timeout)
{
- SSLSrvConfigRec *sc = mySrvConfig(s);
char buf[SSL_SESSION_ID_STRING_LEN];
char timeout_str[56] = {'\0'};
- if (sc->log_level < SSL_LOG_TRACE) {
+ if (s->loglevel < APLOG_DEBUG) {
return;
}
@@ -1836,7 +1835,7 @@
/*
* create the various trace messages
*/
- if (sc->log_level >= SSL_LOG_TRACE) {
+ if (s->loglevel >= APLOG_DEBUG) {
if (where & SSL_CB_HANDSHAKE_START) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
"%s: Handshake: start", SSL_LIBRARY_NAME);
1.20 +0 -211 httpd-2.0/modules/ssl/ssl_engine_log.c
Index: ssl_engine_log.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_log.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- ssl_engine_log.c 15 May 2002 23:10:33 -0000 1.19
+++ ssl_engine_log.c 16 May 2002 06:09:13 -0000 1.20
@@ -68,75 +68,6 @@
** _________________________________________________________________
*/
-/*
- * Open the SSL logfile
- */
-void ssl_log_open(server_rec *s_main, server_rec *s, apr_pool_t *p)
-{
- const char *szLogFile;
- SSLSrvConfigRec *sc_main = mySrvConfig(s_main);
- SSLSrvConfigRec *sc = mySrvConfig(s);
- piped_log *pl;
-
- /*
- * Short-circuit for inherited logfiles in order to save
- * filedescriptors in mass-vhost situation. Be careful, this works
- * fine because the close happens implicitly by the pool facility.
- */
- if ((s != s_main) &&
- (sc_main->log_file != NULL) &&
- ((sc->log_file_name == NULL) ||
- ((sc->log_file_name != NULL) &&
- (sc_main->log_file_name != NULL) &&
- strEQ(sc->log_file_name, sc_main->log_file_name))))
- {
- sc->log_file = sc_main->log_file;
- }
- else if (sc->log_file_name != NULL) {
- if (strEQ(sc->log_file_name, "/dev/null"))
- return;
- else if (sc->log_file_name[0] == '|') {
- szLogFile = sc->log_file_name + 1;
- while (*szLogFile == ' ' || *szLogFile == '\t')
- szLogFile++;
- if ((pl = ap_open_piped_log(p, szLogFile)) == NULL) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot open reliable pipe to SSL logfile filter %s", szLogFile);
- ssl_die();
- }
- sc->log_file = ap_piped_log_write_fd(pl);
- }
- else {
- szLogFile = ap_server_root_relative(p, sc->log_file_name);
- if (!szLogFile) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Invalid SSL logfile path %s", sc->log_file_name);
- ssl_die();
- }
- if ((apr_file_open(&(sc->log_file), szLogFile,
- APR_WRITE|APR_APPEND|APR_CREATE, APR_OS_DEFAULT, p))
- != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot open SSL logfile %s", szLogFile);
- ssl_die();
- }
- }
- }
- return;
-}
-
-static struct {
- int nLevel;
- char *szLevel;
-} ssl_log_level2string[] = {
- { SSL_LOG_ERROR, "error" },
- { SSL_LOG_WARN, "warn" },
- { SSL_LOG_INFO, "info" },
- { SSL_LOG_TRACE, "trace" },
- { SSL_LOG_DEBUG, "debug" },
- { 0, NULL }
-};
-
static struct {
char *cpPattern;
char *cpAnnotation;
@@ -167,148 +98,6 @@
}
}
return errstr;
-}
-
-void ssl_log(server_rec *s, int level, const char *msg, ...)
-{
- char tstr[80];
- char lstr[256];
- char vstr[1024];
- char str[1024];
- char *nstr;
- apr_size_t len;
- apr_time_exp_t t;
- va_list ap;
- int add;
- int i;
- char *astr;
- int safe_errno;
- unsigned long e;
- SSLSrvConfigRec *sc;
- char *cpE;
- char *cpA;
-
- /* initialization */
- safe_errno = errno;
- sc = mySrvConfig(s);
-
- /* strip out additional flags */
- add = (level & ~SSL_LOG_MASK);
- level = (level & SSL_LOG_MASK);
-
- /* reduce flags when not reasonable in context */
- if (add & SSL_ADD_ERRNO && errno == 0)
- add &= ~SSL_ADD_ERRNO;
- if (add & SSL_ADD_SSLERR && ERR_peek_error() == 0)
- add &= ~SSL_ADD_SSLERR;
-
- /* we log only levels below, except for errors */
- if ( sc->log_file == NULL
- && !(level & SSL_LOG_ERROR))
- return;
- if ( level > sc->log_level
- && !(level & SSL_LOG_ERROR))
- return;
-
- /* determine the time entry string */
- if (add & SSL_NO_TIMESTAMP)
- tstr[0] = NUL;
- else {
- apr_time_exp_lt(&t, apr_time_now());
- apr_strftime(tstr, &len, 80, "[%d/%b/%Y %H:%M:%S", &t);
- apr_snprintf(tstr + strlen(tstr), 80 - strlen(tstr), " %05d] ",
- (unsigned int)getpid());
- }
-
- /* determine whether newline should be written */
- if (add & SSL_NO_NEWLINE)
- nstr = "";
- else {
- nstr = APR_EOL_STR;
- }
-
- /* determine level name */
- lstr[0] = NUL;
- if (!(add & SSL_NO_LEVELID)) {
- for (i = 0; ssl_log_level2string[i].nLevel != 0; i++) {
- if (ssl_log_level2string[i].nLevel == level) {
- apr_snprintf(lstr, sizeof(lstr), "[%s]", ssl_log_level2string[i].szLevel);
- break;
- }
- }
- for (i = strlen(lstr); i <= 7; i++)
- lstr[i] = ' ';
- lstr[i] = NUL;
- }
-
- if (add & SSL_INIT) {
- len = strlen(lstr);
- apr_snprintf(&lstr[len], sizeof(lstr) - len,
- "Init: (%s) ", sc->vhost_id);
- }
-
- /* create custom message */
- va_start(ap, msg);
- apr_vsnprintf(vstr, sizeof(vstr), msg, ap);
- va_end(ap);
-
- /* write out SSLog message */
- if ((add & SSL_ADD_ERRNO) && (add & SSL_ADD_SSLERR))
- astr = " (System and " SSL_LIBRARY_NAME " library errors follow)";
- else if (add & SSL_ADD_ERRNO)
- astr = " (System error follows)";
- else if (add & SSL_ADD_SSLERR)
- astr = " (" SSL_LIBRARY_NAME " library error follows)";
- else
- astr = "";
- if (level <= sc->log_level && sc->log_file != NULL) {
- apr_snprintf(str, sizeof(str), "%s%s%s%s%s",
- tstr, lstr, vstr, astr, nstr);
- apr_file_printf(sc->log_file, "%s", str);
- }
- if (level & SSL_LOG_ERROR)
- ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
- "mod_ssl: %s%s", vstr, astr);
-
- /* write out additional attachment messages */
- if (add & SSL_ADD_ERRNO) {
- if (level <= sc->log_level && sc->log_file != NULL) {
- apr_snprintf(str, sizeof(str), "%s%sSystem: %s (errno: %d)%s",
- tstr, lstr, strerror(safe_errno), safe_errno, nstr);
- apr_file_printf(sc->log_file, "%s", str);
- }
- if (level & SSL_LOG_ERROR)
- ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
- "System: %s (errno: %d)",
- strerror(safe_errno), safe_errno);
- }
- if (add & SSL_ADD_SSLERR) {
- while ((e = ERR_get_error())) {
- cpE = ERR_error_string(e, NULL);
- cpA = ssl_log_annotation(cpE);
- if (level <= sc->log_level && sc->log_file != NULL) {
- apr_snprintf(str, sizeof(str), "%s%s%s: %s%s%s%s%s",
- tstr, lstr, SSL_LIBRARY_NAME, cpE,
- cpA != NULL ? " [Hint: " : "",
- cpA != NULL ? cpA : "", cpA != NULL ? "]" : "",
- nstr);
- apr_file_printf(sc->log_file, "%s", str);
- }
- if (level & SSL_LOG_ERROR)
- ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
- "%s: %s%s%s%s", SSL_LIBRARY_NAME, cpE,
- cpA != NULL ? " [Hint: " : "",
- cpA != NULL ? cpA : "", cpA != NULL ? "]" : "");
- }
- }
- /* make sure the next log starts from a clean base */
- /* ERR_clear_error(); */
-
- /* cleanup and return */
- if (sc->log_file != NULL)
- apr_file_flush(sc->log_file);
- errno = safe_errno;
- return;
}
void ssl_die(void)
Re: cvs commit: httpd-2.0/modules/ssl mod_ssl.c mod_ssl.h ssl_engine_config.c ssl_engine_init.c ssl_engine_io.c ssl_engine_kernel.c ssl_engine_log.c
Posted by Aaron Bannert <aa...@clove.org>.
On Wed, May 15, 2002 at 11:19:50PM -0700, Aaron Bannert wrote:
> On Wed, May 15, 2002 at 11:14:01PM -0700, Justin Erenkrantz wrote:
> > The only thing I wonder is whether SSLLog and SSLLogLevel should be
> > marked as deprecated (via ap_set_deprecated) or whether we should
> > silently ignore these directives. Thoughts? -- justin
>
> I would be strongly opposed to silently ignoring any deprecated directives
> during the 2.0 cycle. Admins may still be using these directives, and
> it will confuse the heck out of them if we don't provide some feedback
> that they are no longer in use.
Oops, forgot to mention that I'm all in favor of using ap_set_deprecated.
-aaron
Re: cvs commit: httpd-2.0/modules/ssl mod_ssl.c mod_ssl.h ssl_engine_config.c ssl_engine_init.c ssl_engine_io.c ssl_engine_kernel.c ssl_engine_log.c
Posted by Aaron Bannert <aa...@clove.org>.
On Wed, May 15, 2002 at 11:14:01PM -0700, Justin Erenkrantz wrote:
> The only thing I wonder is whether SSLLog and SSLLogLevel should be
> marked as deprecated (via ap_set_deprecated) or whether we should
> silently ignore these directives. Thoughts? -- justin
I would be strongly opposed to silently ignoring any deprecated directives
during the 2.0 cycle. Admins may still be using these directives, and
it will confuse the heck out of them if we don't provide some feedback
that they are no longer in use.
-aaron
Re: cvs commit: httpd-2.0/modules/ssl mod_ssl.c mod_ssl.h ssl_engine_config.c ssl_engine_init.c ssl_engine_io.c ssl_engine_kernel.c ssl_engine_log.c
Posted by Justin Erenkrantz <je...@apache.org>.
On Thu, May 16, 2002 at 06:09:14AM -0000, jerenkrantz@apache.org wrote:
> jerenkrantz 02/05/15 23:09:14
>
> Modified: . CHANGES
> docs/conf ssl-std.conf
> docs/manual/mod mod_ssl.xml
> modules/ssl mod_ssl.c mod_ssl.h ssl_engine_config.c
> ssl_engine_init.c ssl_engine_io.c
> ssl_engine_kernel.c ssl_engine_log.c
> Log:
> Remove SSLLog and SSLLogLevel directives in favor of having mod_ssl use the
> standard ErrorLog directives.
This commit completes the SSLLog and SSLLogLevel directive removal.
This brings mod_ssl in line with the rest of the server and uses
the standard logging calls.
The only thing I wonder is whether SSLLog and SSLLogLevel should be
marked as deprecated (via ap_set_deprecated) or whether we should
silently ignore these directives. Thoughts? -- justin