You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2004/11/10 14:35:28 UTC
cvs commit: httpd-2.0/modules/ssl mod_ssl.c ssl_engine_io.c ssl_engine_kernel.c
jorton 2004/11/10 05:35:28
Modified: modules/ssl mod_ssl.c ssl_engine_io.c ssl_engine_kernel.c
Log:
* modules/ssl/ssl_engine_io.c, modules/ssl/ssl_engine_kernel.c,
modules/mod_ssl.c: Switch to using ap_log_cerror() in place of
ap_log_error() everywhere that the conn_rec * is available.
Revision Changes Path
1.101 +11 -12 httpd-2.0/modules/ssl/mod_ssl.c
Index: mod_ssl.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
retrieving revision 1.100
retrieving revision 1.101
diff -d -w -u -r1.100 -r1.101
--- mod_ssl.c 13 Oct 2004 15:26:45 -0000 1.100
+++ mod_ssl.c 10 Nov 2004 13:35:28 -0000 1.101
@@ -298,7 +298,7 @@
SSLConnRec *sslconn = ssl_init_connection_ctx(c);
if (!sc->proxy_enabled) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
"SSL Proxy requested for %s but not enabled "
"[Hint: SSLProxyEngine]", sc->vhost_id);
@@ -353,7 +353,7 @@
* so we can detach later.
*/
if (!(ssl = SSL_new(mctx->ssl_ctx))) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
"Unable to create a new SSL connection from the SSL "
"context");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
@@ -369,7 +369,7 @@
if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5,
APR_MD5_DIGESTSIZE*2))
{
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
"Unable to set session id context to `%s'", vhost_md5);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
@@ -448,10 +448,9 @@
* later access inside callback functions
*/
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c,
"Connection to child %ld established "
- "(server %s, client %s)", c->id, sc->vhost_id,
- c->remote_ip ? c->remote_ip : "unknown");
+ "(server %s)", c->id, sc->vhost_id);
return ssl_init_ssl_connection(c);
}
1.128 +42 -50 httpd-2.0/modules/ssl/ssl_engine_io.c
Index: ssl_engine_io.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
retrieving revision 1.127
retrieving revision 1.128
diff -d -w -u -r1.127 -r1.128
--- ssl_engine_io.c 22 Sep 2004 16:34:20 -0000 1.127
+++ ssl_engine_io.c 10 Nov 2004 13:35:28 -0000 1.128
@@ -680,7 +680,7 @@
continue; /* Blocking and nothing yet? Try again. */
}
else {
- ap_log_error(APLOG_MARK, APLOG_INFO, inctx->rc, c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, inctx->rc, c,
"SSL input filter read failed.");
}
}
@@ -688,7 +688,7 @@
/*
* Log SSL errors and any unexpected conditions.
*/
- ap_log_error(APLOG_MARK, APLOG_INFO, inctx->rc, c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, inctx->rc, c,
"SSL library error %d reading data", ssl_err);
ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
@@ -785,14 +785,14 @@
outctx->rc = APR_EAGAIN;
}
else if (ssl_err == SSL_ERROR_SYSCALL) {
- ap_log_error(APLOG_MARK, APLOG_INFO, outctx->rc, c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, outctx->rc, c,
"SSL output filter write failed.");
}
else /* if (ssl_err == SSL_ERROR_SSL) */ {
/*
* Log SSL errors
*/
- ap_log_error(APLOG_MARK, APLOG_INFO, outctx->rc, c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, outctx->rc, c,
"SSL library error %d writing data", ssl_err);
ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
}
@@ -809,7 +809,7 @@
reason = "likely due to failed renegotiation";
}
- ap_log_error(APLOG_MARK, APLOG_INFO, outctx->rc, c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, outctx->rc, c,
"failed to write %" APR_SSIZE_T_FMT
" of %" APR_SIZE_T_FMT " bytes (%s)",
len - (apr_size_t)res, len, reason);
@@ -853,8 +853,7 @@
switch (status) {
case HTTP_BAD_REQUEST:
/* log the situation */
- ap_log_error(APLOG_MARK, APLOG_INFO, 0,
- f->c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c,
"SSL handshake failed: HTTP spoken on HTTPS port; "
"trying to send HTML error page");
ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, f->c->base_server);
@@ -967,12 +966,10 @@
/* and finally log the fact that we've closed the connection */
if (c->base_server->loglevel >= APLOG_INFO) {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
- "Connection to child %ld closed with %s shutdown"
- "(server %s, client %s)",
- c->id, type,
- ssl_util_vhostid(c->pool, c->base_server),
- c->remote_ip ? c->remote_ip : "unknown");
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c,
+ "Connection closed to child %ld with %s shutdown "
+ "(server %s)",
+ c->id, type, ssl_util_vhostid(c->pool, c->base_server));
}
/* deallocate the SSL connection */
@@ -1000,7 +997,7 @@
conn_rec *c = (conn_rec *)SSL_get_app_data(filter_ctx->pssl);
SSLConnRec *sslconn = myConnConfig(c);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
"SSL connection destroyed without being closed");
SSL_free(filter_ctx->pssl);
@@ -1033,8 +1030,7 @@
if (sslconn->is_proxy) {
if ((n = SSL_connect(filter_ctx->pssl)) <= 0) {
- ap_log_error(APLOG_MARK, APLOG_INFO, 0,
- c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c,
"SSL Proxy connect failed");
ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
/* ensure that the SSL structures etc are freed, etc: */
@@ -1059,8 +1055,7 @@
* was transferred. That's not a real error and can occur
* sporadically with some clients.
*/
- ap_log_error(APLOG_MARK, APLOG_INFO, rc,
- c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, rc, c,
"SSL handshake stopped: connection was closed");
}
else if (ssl_err == SSL_ERROR_WANT_READ) {
@@ -1083,7 +1078,7 @@
return HTTP_BAD_REQUEST;
}
else if (ssl_err == SSL_ERROR_SYSCALL) {
- ap_log_error(APLOG_MARK, APLOG_INFO, rc, c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, rc, c,
"SSL handshake interrupted by system "
"[Hint: Stop button pressed in browser?!]");
}
@@ -1091,11 +1086,10 @@
/*
* Log SSL errors and any unexpected conditions.
*/
- ap_log_error(APLOG_MARK, APLOG_INFO, rc, c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, rc, c,
"SSL library error %d in handshake "
- "(server %s, client %s)", ssl_err,
- ssl_util_vhostid(c->pool, c->base_server),
- c->remote_ip ? c->remote_ip : "unknown");
+ "(server %s)", ssl_err,
+ ssl_util_vhostid(c->pool, c->base_server));
ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
}
@@ -1125,8 +1119,7 @@
* optional_no_ca doesn't appear to work as advertised
* in 1.x
*/
- ap_log_error(APLOG_MARK, APLOG_INFO, 0,
- c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c,
"SSL client authentication failed, "
"accepting certificate based on "
"\"SSLVerifyClient optional_no_ca\" "
@@ -1138,8 +1131,7 @@
sslconn->verify_error :
X509_verify_cert_error_string(verify_result);
- ap_log_error(APLOG_MARK, APLOG_INFO, 0,
- c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c,
"SSL client authentication failed: %s",
error ? error : "unknown");
ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
@@ -1166,7 +1158,7 @@
if ((sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE) &&
!sslconn->client_cert)
{
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c,
"No acceptable peer certificate available");
return ssl_filter_io_shutdown(filter_ctx, c, 1);
@@ -1252,7 +1244,7 @@
ssl_init_ssl_connection(f->c);
- ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Awaiting re-negotiation handshake");
sslconn = myConnConfig(f->c);
@@ -1266,7 +1258,7 @@
SSL_do_handshake(ssl);
if (SSL_get_state(ssl) != SSL_ST_OK) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"TLS Upgrade handshake failed: "
"Not accepted by client!?");
@@ -1435,7 +1427,7 @@
filter_ctx->nobuffer = 1;
status = ssl_filter_io_shutdown(filter_ctx, f->c, 0);
if (status != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_INFO, status, NULL,
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, status, f->c,
"SSL filter error shutting down I/O");
}
if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
1.113 +4 -4 httpd-2.0/modules/ssl/ssl_engine_kernel.c
Index: ssl_engine_kernel.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.112
retrieving revision 1.113
diff -d -w -u -r1.112 -r1.113
--- ssl_engine_kernel.c 1 Nov 2004 22:53:36 -0000 1.112
+++ ssl_engine_kernel.c 10 Nov 2004 13:35:28 -0000 1.113
@@ -1148,7 +1148,7 @@
SSLModConfigRec *mc = myModConfig(c->base_server);
int idx;
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
"handing out temporary %d bit RSA key", keylen);
/* doesn't matter if export flag is on,
@@ -1180,7 +1180,7 @@
SSLModConfigRec *mc = myModConfig(c->base_server);
int idx;
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
+ ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
"handing out temporary %d bit DH key", keylen);
switch (keylen) {