You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by je...@apache.org on 2002/05/16 07:17:11 UTC
cvs commit: httpd-2.0/modules/ssl mod_ssl.c ssl_engine_init.c ssl_engine_io.c ssl_engine_kernel.c ssl_engine_mutex.c ssl_engine_pphrase.c ssl_engine_rand.c ssl_scache.c ssl_scache_dbm.c ssl_scache_shmcb.c ssl_scache_shmht.c
jerenkrantz 02/05/15 22:17:11
Modified: modules/ssl mod_ssl.c ssl_engine_init.c ssl_engine_io.c
ssl_engine_kernel.c ssl_engine_mutex.c
ssl_engine_pphrase.c ssl_engine_rand.c ssl_scache.c
ssl_scache_dbm.c ssl_scache_shmcb.c
ssl_scache_shmht.c
Log:
Change mod_ssl from using ssl_log() to ap_log_error().
The issue is that ssl_log doesn't handle apr_status_t result codes. This
leads to a number of places (esp. with mutexes) where the error codes get
lost. Rather than extending ssl_log further, since mod_ssl is part of
our core, migrate to ap_log_error. This means that mod_ssl no longer
does its own logging.
Most uses of SSL_ADD_ERRNO are now mapped correctly to apr_status_t values
(mainly because the APIs that used to return errnos are now APRized and
have apr_status_t codes available).
SSL_LOG_TRACE and SSL_LOG_DEBUG were mapped to the APLOG_DEBUG values.
mod_ssl prints out a LOT of debugging information, so mod_ssl with LogLevel
Debug may not be a good idea - perhaps mod_ssl should be less chatty.
Numerous printf type collisions were also resolved.
(The ssl logging code itself will be removed in a subsequent commit.)
This has been discussed on dev@httpd, but the fact that there isn't
much to review besides the mindless changes, I'm going to commit now
and rely on CTR if I screwed up anything on the translation.
Revision Changes Path
1.66 +44 -38 httpd-2.0/modules/ssl/mod_ssl.c
Index: mod_ssl.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- mod_ssl.c 15 May 2002 23:10:33 -0000 1.65
+++ mod_ssl.c 16 May 2002 05:17:10 -0000 1.66
@@ -244,9 +244,9 @@
SSLConnRec *sslconn = ssl_init_connection_ctx(c);
if (!sc->proxy_enabled) {
- ssl_log(c->base_server, SSL_LOG_ERROR,
- "SSL Proxy requested for %s but not enabled "
- "[Hint: SSLProxyEngine]", sc->vhost_id);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server,
+ "SSL Proxy requested for %s but not enabled "
+ "[Hint: SSLProxyEngine]", sc->vhost_id);
return 0;
}
@@ -309,10 +309,10 @@
* later access inside callback functions
*/
- ssl_log(c->base_server, SSL_LOG_INFO,
- "Connection to child %d established "
- "(server %s, client %s)", c->id, sc->vhost_id,
- c->remote_ip ? c->remote_ip : "unknown");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, c->base_server,
+ "Connection to child %ld established "
+ "(server %s, client %s)", c->id, sc->vhost_id,
+ c->remote_ip ? c->remote_ip : "unknown");
/*
* Seed the Pseudo Random Number Generator (PRNG)
@@ -327,8 +327,9 @@
* so we can detach later.
*/
if (!(ssl = SSL_new(mctx->ssl_ctx))) {
- ssl_log(c->base_server, SSL_LOG_ERROR,
- "Unable to create a new SSL connection from the SSL context");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server,
+ "Unable to create a new SSL connection from the SSL "
+ "context");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
c->aborted = 1;
@@ -341,8 +342,8 @@
if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5,
MD5_DIGESTSIZE*2))
{
- ssl_log(c->base_server, SSL_LOG_ERROR,
- "Unable to set session id context to `%s'", vhost_md5);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server,
+ "Unable to set session id context to `%s'", vhost_md5);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
c->aborted = 1;
@@ -409,9 +410,9 @@
if (!SSL_is_init_finished(filter->pssl)) {
if (sslconn->is_proxy) {
if ((n = SSL_connect(filter->pssl)) <= 0) {
- ssl_log(c->base_server,
- SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "SSL Proxy connect failed");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ c->base_server,
+ "SSL Proxy connect failed");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
return ssl_abort(filter, c);
}
@@ -428,8 +429,9 @@
* was transferred. That's not a real error and can occur
* sporadically with some clients.
*/
- ssl_log(c->base_server, SSL_LOG_INFO,
- "SSL handshake stopped: connection was closed");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0,
+ c->base_server,
+ "SSL handshake stopped: connection was closed");
}
else if (err == SSL_ERROR_WANT_READ) {
/*
@@ -452,17 +454,18 @@
(errno != EINTR))
{
if (errno > 0) {
- ssl_log(c->base_server,
- SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "SSL handshake interrupted by system "
- "[Hint: Stop button pressed in browser?!]");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ c->base_server,
+ "SSL handshake interrupted by system "
+ "[Hint: Stop button pressed in browser?!]");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
}
else {
- ssl_log(c->base_server,
- SSL_LOG_INFO|SSL_ADD_ERRNO,
- "Spurious SSL handshake interrupt [Hint: "
- "Usually just one of those OpenSSL confusions!?]");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ c->base_server,
+ "Spurious SSL handshake interrupt [Hint: "
+ "Usually just one of those OpenSSL "
+ "confusions!?]");
ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
}
}
@@ -470,11 +473,11 @@
/*
* Ok, anything else is a fatal error
*/
- ssl_log(c->base_server,
- SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "SSL handshake failed (server %s, client %s)",
- ssl_util_vhostid(c->pool, c->base_server),
- c->remote_ip ? c->remote_ip : "unknown");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ c->base_server,
+ "SSL handshake failed (server %s, client %s)",
+ ssl_util_vhostid(c->pool, c->base_server),
+ c->remote_ip ? c->remote_ip : "unknown");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
}
@@ -500,10 +503,12 @@
* optional_no_ca doesn't appear to work as advertised
* in 1.x
*/
- ssl_log(c->base_server, SSL_LOG_ERROR,
- "SSL client authentication failed, "
- "accepting certificate based on "
- "\"SSLVerifyClient optional_no_ca\" configuration");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ c->base_server,
+ "SSL client authentication failed, "
+ "accepting certificate based on "
+ "\"SSLVerifyClient optional_no_ca\" "
+ "configuration");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
}
else {
@@ -511,9 +516,10 @@
sslconn->verify_error :
X509_verify_cert_error_string(verify_result);
- ssl_log(c->base_server, SSL_LOG_ERROR,
- "SSL client authentication failed: %s",
- error ? error : "unknown");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ c->base_server,
+ "SSL client authentication failed: %s",
+ error ? error : "unknown");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
return ssl_abort(filter, c);
@@ -535,8 +541,8 @@
if ((sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE) &&
!sslconn->client_cert)
{
- ssl_log(c->base_server, SSL_LOG_ERROR,
- "No acceptable peer certificate available");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server,
+ "No acceptable peer certificate available");
return ssl_abort(filter, c);
}
1.96 +119 -115 httpd-2.0/modules/ssl/ssl_engine_init.c
Index: ssl_engine_init.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_init.c,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -r1.95 -r1.96
--- ssl_engine_init.c 15 May 2002 23:10:33 -0000 1.95
+++ ssl_engine_init.c 16 May 2002 05:17:10 -0000 1.96
@@ -98,11 +98,11 @@
version_components[i]);
}
- ssl_log(s, SSL_LOG_INFO,
- "Server: %s, Interface: %s, Library: %s",
- AP_SERVER_BASEVERSION,
- vals[1], /* SSL_VERSION_INTERFACE */
- vals[2]); /* SSL_VERSION_LIBRARY */
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Server: %s, Interface: %s, Library: %s",
+ AP_SERVER_BASEVERSION,
+ vals[1], /* SSL_VERSION_INTERFACE */
+ vals[2]); /* SSL_VERSION_LIBRARY */
}
@@ -111,8 +111,8 @@
*/
static void ssl_init_SSLLibrary(server_rec *s)
{
- ssl_log(s, SSL_LOG_INFO,
- "Init: Initializing %s library", SSL_LIBRARY_NAME);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Initializing %s library", SSL_LIBRARY_NAME);
CRYPTO_malloc_init();
SSL_load_error_strings();
@@ -149,9 +149,9 @@
if (!(mc->pTmpKeys[idx] =
RSA_generate_key(bits, RSA_F4, NULL, NULL)))
{
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to generate temporary "
- "%d bit RSA private key", bits);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Failed to generate temporary "
+ "%d bit RSA private key", bits);
ssl_die();
}
@@ -165,9 +165,9 @@
if (!(mc->pTmpKeys[idx] =
ssl_dh_GetTmpParam(bits)))
{
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to generate temporary "
- "%d bit DH parameters", bits);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Failed to generate temporary "
+ "%d bit DH parameters", bits);
ssl_die();
}
}
@@ -180,14 +180,14 @@
static void ssl_tmp_keys_init(server_rec *s)
{
- ssl_log(s, SSL_LOG_INFO,
- "Init: Generating temporary RSA private keys (512/1024 bits)");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Generating temporary RSA private keys (512/1024 bits)");
MODSSL_TMP_KEY_INIT_RSA(s, 512);
MODSSL_TMP_KEY_INIT_RSA(s, 1024);
- ssl_log(s, SSL_LOG_INFO,
- "Init: Generating temporary DH parameters (512/1024 bits)");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Generating temporary DH parameters (512/1024 bits)");
MODSSL_TMP_KEY_INIT_DH(s, 512);
MODSSL_TMP_KEY_INIT_DH(s, 1024);
@@ -304,8 +304,8 @@
/*
* initialize servers
*/
- ssl_log(base_server, SSL_LOG_INFO,
- "Init: Initializing (virtual) servers for SSL");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, base_server,
+ "Init: Initializing (virtual) servers for SSL");
for (s = base_server; s; s = s->next) {
sc = mySrvConfig(s);
@@ -349,9 +349,9 @@
if (mc->szCryptoDevice) {
if (!(e = ENGINE_by_id(mc->szCryptoDevice))) {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to load Crypto Device API `%s'",
- mc->szCryptoDevice);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Failed to load Crypto Device API `%s'",
+ mc->szCryptoDevice);
ssl_die();
}
@@ -360,9 +360,9 @@
}
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to enable Crypto Device API `%s'",
- mc->szCryptoDevice);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Failed to enable Crypto Device API `%s'",
+ mc->szCryptoDevice);
ssl_die();
}
@@ -381,7 +381,7 @@
* possibility that the user forgot to set them.
*/
if (!mctx->pks->cert_files[0]) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"No SSL Certificate set [hint: SSLCertificateFile]");
ssl_die();
}
@@ -392,7 +392,7 @@
if (mctx->pks->certs[SSL_AIDX_RSA] ||
mctx->pks->certs[SSL_AIDX_DSA])
{
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Illegal attempt to re-initialise SSL for server "
"(theoretically shouldn't happen!)");
ssl_die();
@@ -413,7 +413,7 @@
* Create the new per-server SSL context
*/
if (protocol == SSL_PROTOCOL_NONE) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"No SSL protocols available [hint: SSLProtocol]");
ssl_die();
}
@@ -425,8 +425,8 @@
NULL);
cp[strlen(cp)-2] = NUL;
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "Creating new SSL context (protocols: %s)", cp);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Creating new SSL context (protocols: %s)", cp);
if (protocol == SSL_PROTOCOL_SSLV2) {
method = mctx->pkp ?
@@ -542,14 +542,14 @@
* Configure Client Authentication details
*/
if (mctx->auth.ca_cert_file || mctx->auth.ca_cert_path) {
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "Configuring client authentication");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Configuring client authentication");
if (!SSL_CTX_load_verify_locations(ctx,
mctx->auth.ca_cert_file,
mctx->auth.ca_cert_path))
{
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to configure verify locations "
"for client authentication");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
@@ -560,7 +560,7 @@
mctx->auth.ca_cert_file,
mctx->auth.ca_cert_path);
if (!ca_list) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to determine list of available "
"CA certificates for client authentication");
ssl_die();
@@ -577,10 +577,10 @@
ca_list = (STACK_OF(X509_NAME) *)SSL_CTX_get_client_CA_list(ctx);
if (sk_X509_NAME_num(ca_list) == 0) {
- ssl_log(s, SSL_LOG_WARN,
- "Init: Oops, you want to request client authentication, "
- "but no CAs are known for verification!? "
- "[Hint: SSLCACertificate*]");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "Init: Oops, you want to request client "
+ "authentication, but no CAs are known for "
+ "verification!? [Hint: SSLCACertificate*]");
}
}
}
@@ -600,12 +600,12 @@
return;
}
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "Configuring permitted SSL ciphers [%s]",
- suite);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Configuring permitted SSL ciphers [%s]",
+ suite);
if (!SSL_CTX_set_cipher_list(ctx, suite)) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to configure permitted SSL ciphers");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
@@ -625,15 +625,15 @@
return;
}
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "Configuring certificate revocation facility");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Configuring certificate revocation facility");
mctx->crl =
SSL_X509_STORE_create((char *)mctx->crl_file,
(char *)mctx->crl_path);
if (!mctx->crl) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to configure X.509 CRL storage "
"for certificate revocation");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
@@ -679,15 +679,15 @@
(char *)chain,
skip_first, NULL);
if (n < 0) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Failed to configure CA certificate chain!");
ssl_die();
}
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "Configuring server certificate chain "
- "(%d CA certificate%s)",
- n, n == 1 ? "" : "s");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Configuring server certificate chain "
+ "(%d CA certificate%s)",
+ n, n == 1 ? "" : "s");
}
static void ssl_init_ctx(server_rec *s,
@@ -728,19 +728,19 @@
return FALSE;
}
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "Configuring %s server certificate", type);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Configuring %s server certificate", type);
ptr = asn1->cpData;
if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to import %s server certificate", type);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to configure %s server certificate", type);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
@@ -767,20 +767,20 @@
return FALSE;
}
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "Configuring %s server private key", type);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Configuring %s server private key", type);
ptr = asn1->cpData;
if (!(pkey = d2i_PrivateKey(pkey_type, NULL, &ptr, asn1->nData)))
{
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to import %s server private key", type);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to configure %s server private key", type);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
@@ -795,7 +795,7 @@
if (pubkey && EVP_PKEY_missing_parameters(pubkey)) {
EVP_PKEY_copy_parameters(pubkey, pkey);
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Copying DSA parameters from private key to certificate");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
}
@@ -823,25 +823,25 @@
*/
if (SSL_X509_isSGC(cert)) {
- ssl_log(s, SSL_LOG_INFO|SSL_INIT,
- "%s server certificate enables "
- "Server Gated Cryptography (SGC)",
- ssl_asn1_keystr(type));
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "%s server certificate enables "
+ "Server Gated Cryptography (SGC)",
+ ssl_asn1_keystr(type));
}
if (SSL_X509_getBC(cert, &is_ca, &pathlen)) {
if (is_ca) {
- ssl_log(s, SSL_LOG_WARN|SSL_INIT,
- "%s server certificate is a CA certificate "
- "(BasicConstraints: CA == TRUE !?)",
- ssl_asn1_keystr(type));
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "%s server certificate is a CA certificate "
+ "(BasicConstraints: CA == TRUE !?)",
+ ssl_asn1_keystr(type));
}
if (pathlen > 0) {
- ssl_log(s, SSL_LOG_WARN|SSL_INIT,
- "%s server certificate is not a leaf certificate "
- "(BasicConstraints: pathlen == %d > 0 !?)",
- ssl_asn1_keystr(type), pathlen);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "%s server certificate is not a leaf certificate "
+ "(BasicConstraints: pathlen == %d > 0 !?)",
+ ssl_asn1_keystr(type), pathlen);
}
}
@@ -852,16 +852,16 @@
(apr_fnmatch(cn, s->server_hostname,
fnm_flags) == FNM_NOMATCH))
{
- ssl_log(s, SSL_LOG_WARN|SSL_INIT,
- "%s server certificate wildcard CommonName (CN) `%s' "
- "does NOT match server name!?",
- ssl_asn1_keystr(type), cn);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "%s server certificate wildcard CommonName (CN) `%s' "
+ "does NOT match server name!?",
+ ssl_asn1_keystr(type), cn);
}
else if (strNE(s->server_hostname, cn)) {
- ssl_log(s, SSL_LOG_WARN|SSL_INIT,
- "%s server certificate CommonName (CN) `%s' "
- "does NOT match server name!?",
- ssl_asn1_keystr(type), cn);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "%s server certificate CommonName (CN) `%s' "
+ "does NOT match server name!?",
+ ssl_asn1_keystr(type), cn);
}
}
}
@@ -883,7 +883,7 @@
have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
if (!(have_rsa || have_dsa)) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Oops, no RSA or DSA server certificate found?!");
ssl_die();
}
@@ -896,7 +896,7 @@
have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
if (!(have_rsa || have_dsa)) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Oops, no RSA or DSA server private key found?!");
ssl_die();
}
@@ -929,15 +929,15 @@
}
if ((ncerts = sk_X509_INFO_num(sk)) > 0) {
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "loaded %d client certs for SSL proxy",
- ncerts);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "loaded %d client certs for SSL proxy",
+ ncerts);
pkp->certs = sk;
}
else {
- ssl_log(s, SSL_LOG_WARN|SSL_INIT,
- "no client certs found for SSL proxy");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "no client certs found for SSL proxy");
sk_X509_INFO_free(sk);
}
}
@@ -973,8 +973,8 @@
SSLSrvConfigRec *sc)
{
if (sc->enabled) {
- ssl_log(s, SSL_LOG_INFO|SSL_INIT,
- "Configuring server for SSL protocol");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Configuring server for SSL protocol");
ssl_init_server_ctx(s, p, ptemp, sc);
}
@@ -1001,19 +1001,21 @@
sc = mySrvConfig(s);
if (sc->enabled && (s->port == DEFAULT_HTTP_PORT)) {
- ssl_log(base_server, SSL_LOG_WARN,
- "Init: (%s) You configured HTTPS(%d) "
- "on the standard HTTP(%d) port!",
- ssl_util_vhostid(p, s),
- DEFAULT_HTTPS_PORT, DEFAULT_HTTP_PORT);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0,
+ base_server,
+ "Init: (%s) You configured HTTPS(%d) "
+ "on the standard HTTP(%d) port!",
+ ssl_util_vhostid(p, s),
+ DEFAULT_HTTPS_PORT, DEFAULT_HTTP_PORT);
}
if (!sc->enabled && (s->port == DEFAULT_HTTPS_PORT)) {
- ssl_log(base_server, SSL_LOG_WARN,
- "Init: (%s) You configured HTTP(%d) "
- "on the standard HTTPS(%d) port!",
- ssl_util_vhostid(p, s),
- DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0,
+ base_server,
+ "Init: (%s) You configured HTTP(%d) "
+ "on the standard HTTPS(%d) port!",
+ ssl_util_vhostid(p, s),
+ DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT);
}
}
@@ -1037,15 +1039,16 @@
klen = strlen(key);
if ((ps = (server_rec *)apr_hash_get(table, key, klen))) {
- ssl_log(base_server, SSL_LOG_WARN,
- "Init: SSL server IP/port conflict: "
- "%s (%s:%d) vs. %s (%s:%d)",
- ssl_util_vhostid(p, s),
- (s->defn_name ? s->defn_name : "unknown"),
- s->defn_line_number,
- ssl_util_vhostid(p, ps),
- (ps->defn_name ? ps->defn_name : "unknown"),
- ps->defn_line_number);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0,
+ base_server,
+ "Init: SSL server IP/port conflict: "
+ "%s (%s:%d) vs. %s (%s:%d)",
+ ssl_util_vhostid(p, s),
+ (s->defn_name ? s->defn_name : "unknown"),
+ s->defn_line_number,
+ ssl_util_vhostid(p, ps),
+ (ps->defn_name ? ps->defn_name : "unknown"),
+ ps->defn_line_number);
conflict = TRUE;
continue;
}
@@ -1054,9 +1057,9 @@
}
if (conflict) {
- ssl_log(base_server, SSL_LOG_WARN,
- "Init: You should not use name-based "
- "virtual hosts in conjunction with SSL!!");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, base_server,
+ "Init: You should not use name-based "
+ "virtual hosts in conjunction with SSL!!");
}
}
@@ -1081,9 +1084,9 @@
char name_buf[256];
X509_NAME *name = sk_X509_NAME_value(sk, n);
- ssl_log(s, SSL_LOG_TRACE,
- "CA certificate: %s",
- X509_NAME_oneline(name, name_buf, sizeof(name_buf)));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "CA certificate: %s",
+ X509_NAME_oneline(name, name_buf, sizeof(name_buf)));
/*
* note that SSL_load_client_CA_file() checks for duplicates,
@@ -1131,9 +1134,10 @@
apr_dir_t *dir;
apr_finfo_t direntry;
apr_int32_t finfo_flags = APR_FINFO_MIN|APR_FINFO_NAME;
+ apr_status_t rv;
- if (apr_dir_open(&dir, ca_path, ptemp) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO|SSL_INIT,
+ if ((rv = apr_dir_open(&dir, ca_path, ptemp)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"Failed to open SSLCACertificatePath `%s'",
ca_path);
ssl_die();
1.75 +17 -15 httpd-2.0/modules/ssl/ssl_engine_io.c
Index: ssl_engine_io.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
retrieving revision 1.74
retrieving revision 1.75
diff -u -r1.74 -r1.75
--- ssl_engine_io.c 15 May 2002 23:10:33 -0000 1.74
+++ ssl_engine_io.c 16 May 2002 05:17:10 -0000 1.75
@@ -502,7 +502,7 @@
* Log SSL errors
*/
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
- ssl_log(c->base_server, SSL_LOG_ERROR,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server,
"SSL error on reading data");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
}
@@ -535,7 +535,7 @@
* Log SSL errors
*/
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
- ssl_log(c->base_server, SSL_LOG_ERROR,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server,
"SSL error on writing data");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
}
@@ -567,7 +567,7 @@
reason = "likely due to failed renegotiation";
}
- ssl_log(c->base_server, SSL_LOG_ERROR,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server,
"failed to write %d of %d bytes (%s)",
n > 0 ? len - n : len, len, reason);
@@ -765,9 +765,10 @@
switch (status) {
case HTTP_BAD_REQUEST:
/* log the situation */
- ssl_log(f->c->base_server, SSL_LOG_ERROR,
- "SSL handshake failed: HTTP spoken on HTTPS port; "
- "trying to send HTML error page");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ f->c->base_server,
+ "SSL handshake failed: HTTP spoken on HTTPS port; "
+ "trying to send HTML error page");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, f->c->base_server);
/* fake the request line */
@@ -959,7 +960,7 @@
rows = (len / DUMP_WIDTH);
if ((rows * DUMP_WIDTH) < len)
rows++;
- ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr,
"+-------------------------------------------------------------------------+");
for(i = 0 ; i< rows; i++) {
apr_snprintf(tmp, sizeof(tmp), "| %04x: ", i * DUMP_WIDTH);
@@ -984,12 +985,13 @@
}
}
apr_cpystrn(buf+strlen(buf), " |", sizeof(buf)-strlen(buf));
- ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID, "%s", buf);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr,
+ "%s", buf);
}
if (trunc > 0)
- ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
- "| %04x - <SPACES/NULS>", len + trunc);
- ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr,
+ "| %04ld - <SPACES/NULS>", len + trunc);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr,
"+-------------------------------------------------------------------------+");
return;
}
@@ -1011,8 +1013,8 @@
if ( cmd == (BIO_CB_WRITE|BIO_CB_RETURN)
|| cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
if (rc >= 0) {
- ssl_log(s, SSL_LOG_DEBUG,
- "%s: %s %ld/%d bytes %s BIO#%08X [mem: %08lX] %s",
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: %s %ld/%d bytes %s BIO#%p [mem: %p] %s",
SSL_LIBRARY_NAME,
(cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"),
@@ -1022,8 +1024,8 @@
ssl_io_data_dump(s, argp, rc);
}
else {
- ssl_log(s, SSL_LOG_DEBUG,
- "%s: I/O error, %d bytes expected to %s on BIO#%08X [mem: %08lX]",
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: I/O error, %d bytes expected to %s on BIO#%p [mem: %p]",
SSL_LIBRARY_NAME, argi,
(cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
bio, argp);
1.69 +159 -146 httpd-2.0/modules/ssl/ssl_engine_kernel.c
Index: ssl_engine_kernel.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_kernel.c,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -r1.68 -r1.69
--- ssl_engine_kernel.c 15 May 2002 23:10:33 -0000 1.68
+++ ssl_engine_kernel.c 16 May 2002 05:17:10 -0000 1.69
@@ -146,12 +146,12 @@
/* and finally log the fact that we've closed the connection */
if (SSLConnLogApplies(sslconn, SSL_LOG_INFO)) {
- ssl_log(conn->base_server, SSL_LOG_INFO,
- "Connection to child %d closed with %s shutdown"
- "(server %s, client %s)",
- conn->id, type,
- ssl_util_vhostid(conn->pool, conn->base_server),
- conn->remote_ip ? conn->remote_ip : "unknown");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, conn->base_server,
+ "Connection to child %ld closed with %s shutdown"
+ "(server %s, client %s)",
+ conn->id, type,
+ ssl_util_vhostid(conn->pool, conn->base_server),
+ conn->remote_ip ? conn->remote_ip : "unknown");
}
/* deallocate the SSL connection */
@@ -244,14 +244,14 @@
* Log information about incoming HTTPS requests
*/
if (SSLConnLogApplies(sslconn, SSL_LOG_INFO) && ap_is_initial_req(r)) {
- ssl_log(r->server, SSL_LOG_INFO,
- "%s HTTPS request received for child %d (server %s)",
- (r->connection->keepalives <= 0 ?
- "Initial (No.1)" :
- apr_psprintf(r->pool, "Subsequent (No.%d)",
- r->connection->keepalives+1)),
- r->connection->id,
- ssl_util_vhostid(r->pool, r->server));
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server,
+ "%s HTTPS request received for child %ld (server %s)",
+ (r->connection->keepalives <= 0 ?
+ "Initial (No.1)" :
+ apr_psprintf(r->pool, "Subsequent (No.%d)",
+ r->connection->keepalives+1)),
+ r->connection->id,
+ ssl_util_vhostid(r->pool, r->server));
}
/* SetEnvIf ssl-*-shutdown flags can only be per-server,
@@ -411,9 +411,10 @@
/* configure new state */
if (!modssl_set_cipher_list(ssl, dc->szCipherSuite)) {
- ssl_log(r->server, SSL_LOG_WARN,
- "Unable to reconfigure (per-directory) "
- "permitted SSL ciphers");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0,
+ r->server,
+ "Unable to reconfigure (per-directory) "
+ "permitted SSL ciphers");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
if (cipher_list_old) {
@@ -478,8 +479,8 @@
/* tracing */
if (renegotiate) {
- ssl_log(r->server, SSL_LOG_TRACE,
- "Reconfigured cipher suite will force renegotiation");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
+ "Reconfigured cipher suite will force renegotiation");
}
}
@@ -504,9 +505,9 @@
/* determine whether a renegotiation has to be forced */
if (dc->nVerifyDepth < n) {
renegotiate = TRUE;
- ssl_log(r->server, SSL_LOG_TRACE,
- "Reduced client verification depth "
- "will force renegotiation");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
+ "Reduced client verification depth will force "
+ "renegotiation");
}
}
@@ -564,10 +565,11 @@
renegotiate_quick = TRUE;
}
- ssl_log(r->server, SSL_LOG_TRACE,
- "Changed client verification type "
- "will force %srenegotiation",
- renegotiate_quick ? "quick " : "");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
+ r->server,
+ "Changed client verification type will force "
+ "%srenegotiation",
+ renegotiate_quick ? "quick " : "");
}
}
}
@@ -601,9 +603,9 @@
cert_store = X509_STORE_new();
if (!X509_STORE_load_locations(cert_store, ca_file, ca_path)) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "Unable to reconfigure verify locations "
- "for client authentication");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Unable to reconfigure verify locations "
+ "for client authentication");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
X509_STORE_free(cert_store);
@@ -617,9 +619,9 @@
if (!(ca_list = ssl_init_FindCAList(r->server, r->pool,
ca_file, ca_path)))
{
- ssl_log(r->server, SSL_LOG_ERROR,
- "Unable to determine list of available "
- "CA certificates for client authentication");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Unable to determine list of available "
+ "CA certificates for client authentication");
return HTTP_FORBIDDEN;
}
@@ -627,9 +629,9 @@
SSL_set_client_CA_list(ssl, ca_list);
renegotiate = TRUE;
- ssl_log(r->server, SSL_LOG_TRACE,
- "Changed client verification locations "
- "will force renegotiation");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
+ "Changed client verification locations will force "
+ "renegotiation");
}
#endif /* HAVE_SSL_SET_CERT_STORE */
@@ -694,9 +696,9 @@
* !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !!
*/
if (renegotiate && (r->method_number == M_POST)) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "SSL Re-negotiation in conjunction "
- "with POST method not supported!");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "SSL Re-negotiation in conjunction "
+ "with POST method not supported!");
return HTTP_METHOD_NOT_ALLOWED;
}
@@ -716,22 +718,22 @@
* here because it resets too much of the connection. So we set the
* state explicitly and continue the handshake manually.
*/
- ssl_log(r->server, SSL_LOG_INFO,
- "Requesting connection re-negotiation");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server,
+ "Requesting connection re-negotiation");
if (renegotiate_quick) {
STACK_OF(X509) *cert_stack;
/* perform just a manual re-verification of the peer */
- ssl_log(r->server, SSL_LOG_TRACE,
- "Performing quick renegotiation: "
- "just re-verifying the peer");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
+ "Performing quick renegotiation: "
+ "just re-verifying the peer");
cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl);
if (!cert_stack || (sk_X509_num(cert_stack) == 0)) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "Cannot find peer certificate chain");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Cannot find peer certificate chain");
return HTTP_FORBIDDEN;
}
@@ -739,8 +741,8 @@
if (!(cert_store ||
(cert_store = SSL_CTX_get_cert_store(ctx))))
{
- ssl_log(r->server, SSL_LOG_ERROR,
- "Cannot find certificate storage");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Cannot find certificate storage");
return HTTP_FORBIDDEN;
}
@@ -758,8 +760,8 @@
(char *)ssl);
if (!modssl_X509_verify_cert(&cert_store_ctx)) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "Re-negotiation verification step failed");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Re-negotiation verification step failed");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
}
@@ -770,9 +772,9 @@
request_rec *id = r->main ? r->main : r;
/* do a full renegotiation */
- ssl_log(r->server, SSL_LOG_TRACE,
- "Performing full renegotiation: "
- "complete handshake protocol");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
+ "Performing full renegotiation: "
+ "complete handshake protocol");
SSL_set_session_id_context(ssl,
(unsigned char *)&id,
@@ -782,21 +784,21 @@
SSL_do_handshake(ssl);
if (SSL_get_state(ssl) != SSL_ST_OK) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "Re-negotiation request failed");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Re-negotiation request failed");
return HTTP_FORBIDDEN;
}
- ssl_log(r->server, SSL_LOG_INFO,
- "Awaiting re-negotiation handshake");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server,
+ "Awaiting re-negotiation handshake");
SSL_set_state(ssl, SSL_ST_ACCEPT);
SSL_do_handshake(ssl);
if (SSL_get_state(ssl) != SSL_ST_OK) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "Re-negotiation handshake failed: "
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Re-negotiation handshake failed: "
"Not accepted by client!?");
return HTTP_FORBIDDEN;
@@ -818,17 +820,17 @@
BOOL do_verify = (dc->nVerifyClient == SSL_CVERIFY_REQUIRE);
if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "Re-negotiation handshake failed: "
- "Client verification failed");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Re-negotiation handshake failed: "
+ "Client verification failed");
return HTTP_FORBIDDEN;
}
if (do_verify && !SSL_get_peer_certificate(ssl)) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "Re-negotiation handshake failed: "
- "Client certificate missing");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Re-negotiation handshake failed: "
+ "Client certificate missing");
return HTTP_FORBIDDEN;
}
@@ -862,13 +864,13 @@
}
if (ok != 1) {
- ssl_log(r->server, SSL_LOG_INFO,
- "Access to %s denied for %s "
- "(requirement expression not fulfilled)",
- r->filename, r->connection->remote_ip);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server,
+ "Access to %s denied for %s "
+ "(requirement expression not fulfilled)",
+ r->filename, r->connection->remote_ip);
- ssl_log(r->server, SSL_LOG_INFO,
- "Failed expression: %s", req->cpExpr);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server,
+ "Failed expression: %s", req->cpExpr);
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"access to %s failed, reason: %s",
@@ -982,8 +984,8 @@
apr_snprintf(buf1, sizeof(buf1), "Basic %s", buf2);
apr_table_set(r->headers_in, "Authorization", buf1);
- ssl_log(r->server, SSL_LOG_INFO,
- "Faking HTTP Basic Auth header: \"Authorization: %s\"", buf1);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server,
+ "Faking HTTP Basic Auth header: \"Authorization: %s\"", buf1);
return DECLINED;
}
@@ -1205,8 +1207,8 @@
SSLModConfigRec *mc = myModConfig(c->base_server);
int idx;
- ssl_log(c->base_server, SSL_LOG_TRACE,
- "handing out temporary %d bit RSA key", keylen);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, c->base_server,
+ "handing out temporary %d bit RSA key", keylen);
/* doesn't matter if export flag is on,
* we won't be asked for keylen > 512 in that case.
@@ -1237,8 +1239,8 @@
SSLModConfigRec *mc = myModConfig(c->base_server);
int idx;
- ssl_log(c->base_server, SSL_LOG_TRACE,
- "handing out temporary %d bit DH key", keylen);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, c->base_server,
+ "handing out temporary %d bit DH key", keylen);
switch (keylen) {
case 512:
@@ -1283,11 +1285,12 @@
char *sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
char *iname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
- ssl_log(s, SSL_LOG_TRACE,
- "Certificate Verification: depth: %d, subject: %s, issuer: %s",
- errdepth,
- sname ? sname : "-unknown-",
- iname ? iname : "-unknown-");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Certificate Verification: "
+ "depth: %d, subject: %s, issuer: %s",
+ errdepth,
+ sname ? sname : "-unknown-",
+ iname ? iname : "-unknown-");
if (sname) {
free(sname);
@@ -1320,9 +1323,10 @@
if (ssl_verify_error_is_optional(errnum) &&
(verify == SSL_CVERIFY_OPTIONAL_NO_CA))
{
- ssl_log(s, SSL_LOG_TRACE,
- "Certificate Verification: Verifiable Issuer is configured as "
- "optional, therefore we're accepting the certificate");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Certificate Verification: Verifiable Issuer is "
+ "configured as optional, therefore we're accepting "
+ "the certificate");
sslconn->verify_info = "GENEROUS";
ok = TRUE;
@@ -1341,9 +1345,9 @@
* If we already know it's not ok, log the real reason
*/
if (!ok) {
- ssl_log(s, SSL_LOG_ERROR,
- "Certificate Verification: Error (%d): %s",
- errnum, X509_verify_cert_error_string(errnum));
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Certificate Verification: Error (%d): %s",
+ errnum, X509_verify_cert_error_string(errnum));
sslconn->client_dn = NULL;
sslconn->client_cert = NULL;
@@ -1361,10 +1365,11 @@
}
if (errdepth > depth) {
- ssl_log(s, SSL_LOG_ERROR,
- "Certificate Verification: Certificate Chain too long "
- "(chain has %d certificates, but maximum allowed are only %d)",
- errdepth, depth);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Certificate Verification: Certificate Chain too long "
+ "(chain has %d certificates, but maximum allowed are "
+ "only %d)",
+ errdepth, depth);
errnum = X509_V_ERR_CERT_CHAIN_TOO_LONG;
sslconn->verify_error = X509_verify_cert_error_string(errnum);
@@ -1468,14 +1473,15 @@
BIO_free(bio);
- ssl_log(s, SSL_LOG_TRACE, buff);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, buff);
}
/*
* Verify the signature on this CRL
*/
if (X509_CRL_verify(crl, X509_get_pubkey(cert)) <= 0) {
- ssl_log(s, SSL_LOG_WARN, "Invalid signature on CRL");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "Invalid signature on CRL");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
X509_OBJECT_free_contents(&obj);
@@ -1489,8 +1495,8 @@
i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
if (i == 0) {
- ssl_log(s, SSL_LOG_WARN,
- "Found CRL has invalid nextUpdate field");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "Found CRL has invalid nextUpdate field");
X509_STORE_CTX_set_error(ctx,
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
@@ -1500,9 +1506,9 @@
}
if (i < 0) {
- ssl_log(s, SSL_LOG_WARN,
- "Found CRL is expired - "
- "revoking all certificates until you get updated CRL");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "Found CRL is expired - "
+ "revoking all certificates until you get updated CRL");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
X509_OBJECT_free_contents(&obj);
@@ -1539,10 +1545,10 @@
char *cp = X509_NAME_oneline(issuer, NULL, 0);
long serial = ASN1_INTEGER_get(sn);
- ssl_log(s, SSL_LOG_INFO,
- "Certificate with serial %ld (0x%lX) "
- "revoked per CRL from issuer %s",
- serial, serial, cp);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Certificate with serial %ld (0x%lX) "
+ "revoked per CRL from issuer %s",
+ serial, serial, cp);
free(cp);
}
@@ -1578,9 +1584,9 @@
name = X509_get_subject_name(info->x509);
dn = X509_NAME_oneline(name, name_buf, sizeof(name_buf));
- ssl_log(s, SSL_LOG_TRACE,
- SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s",
- sc->vhost_id, msg, dn ? dn : "-uknown-");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s",
+ sc->vhost_id, msg, dn ? dn : "-uknown-");
}
/*
@@ -1605,15 +1611,15 @@
STACK_OF(X509_INFO) *certs = sc->proxy->pkp->certs;
int i, j;
- ssl_log(s, SSL_LOG_TRACE,
- SSLPROXY_CERT_CB_LOG_FMT "entered",
- sc->vhost_id);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ SSLPROXY_CERT_CB_LOG_FMT "entered",
+ sc->vhost_id);
if (!certs || (sk_X509_INFO_num(certs) <= 0)) {
- ssl_log(s, SSL_LOG_WARN,
- SSLPROXY_CERT_CB_LOG_FMT
- "downstream server wanted client certificate "
- "but none are configured", sc->vhost_id);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ SSLPROXY_CERT_CB_LOG_FMT
+ "downstream server wanted client certificate "
+ "but none are configured", sc->vhost_id);
return FALSE;
}
@@ -1650,9 +1656,9 @@
}
}
- ssl_log(s, SSL_LOG_TRACE,
- SSLPROXY_CERT_CB_LOG_FMT
- "no client certificate found!?", sc->vhost_id);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ SSLPROXY_CERT_CB_LOG_FMT
+ "no client certificate found!?", sc->vhost_id);
return FALSE;
}
@@ -1678,11 +1684,12 @@
"timeout=%lds ", (timeout - time(NULL)));
}
- ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
- "request=%s status=%s id=%s %s(session %s)",
- request, status,
- SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
- timeout_str, result);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Inter-Process Session Cache: "
+ "request=%s status=%s id=%s %s(session %s)",
+ request, status,
+ SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
+ timeout_str, result);
}
/*
@@ -1831,40 +1838,46 @@
*/
if (sc->log_level >= SSL_LOG_TRACE) {
if (where & SSL_CB_HANDSHAKE_START) {
- ssl_log(s, SSL_LOG_TRACE,
- "%s: Handshake: start", SSL_LIBRARY_NAME);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Handshake: start", SSL_LIBRARY_NAME);
}
else if (where & SSL_CB_HANDSHAKE_DONE) {
- ssl_log(s, SSL_LOG_TRACE,
- "%s: Handshake: done", SSL_LIBRARY_NAME);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Handshake: done", SSL_LIBRARY_NAME);
}
else if (where & SSL_CB_LOOP) {
- ssl_log(s, SSL_LOG_TRACE, "%s: Loop: %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Loop: %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_READ) {
- ssl_log(s, SSL_LOG_TRACE, "%s: Read: %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Read: %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_WRITE) {
- ssl_log(s, SSL_LOG_TRACE, "%s: Write: %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Write: %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_ALERT) {
char *str = (where & SSL_CB_READ) ? "read" : "write";
- ssl_log(s, SSL_LOG_TRACE, "%s: Alert: %s:%s:%s\n",
- SSL_LIBRARY_NAME, str,
- SSL_alert_type_string_long(rc),
- SSL_alert_desc_string_long(rc));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Alert: %s:%s:%s\n",
+ SSL_LIBRARY_NAME, str,
+ SSL_alert_type_string_long(rc),
+ SSL_alert_desc_string_long(rc));
}
else if (where & SSL_CB_EXIT) {
if (rc == 0) {
- ssl_log(s, SSL_LOG_TRACE, "%s: Exit: failed in %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Exit: failed in %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (rc < 0) {
- ssl_log(s, SSL_LOG_TRACE, "%s: Exit: error in %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Exit: error in %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
}
}
@@ -1875,14 +1888,14 @@
* right after a finished handshake.
*/
if (where & SSL_CB_HANDSHAKE_DONE) {
- ssl_log(s, SSL_LOG_INFO,
- "Connection: Client IP: %s, Protocol: %s, "
- "Cipher: %s (%s/%s bits)",
- ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"),
- ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"),
- ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"),
- ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"),
- ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE"));
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Connection: Client IP: %s, Protocol: %s, "
+ "Cipher: %s (%s/%s bits)",
+ ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"),
+ ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"),
+ ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"),
+ ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"),
+ ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE"));
}
}
1.16 +16 -13 httpd-2.0/modules/ssl/ssl_engine_mutex.c
Index: ssl_engine_mutex.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_mutex.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- ssl_engine_mutex.c 13 May 2002 07:49:30 -0000 1.15
+++ ssl_engine_mutex.c 16 May 2002 05:17:10 -0000 1.16
@@ -68,26 +68,25 @@
int ssl_mutex_init(server_rec *s, apr_pool_t *p)
{
SSLModConfigRec *mc = myModConfig(s);
-#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
apr_status_t rv;
-#endif
if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
return TRUE;
- if (apr_global_mutex_create(&mc->pMutex, mc->szMutexFile,
- APR_LOCK_DEFAULT, p) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR,
- "Cannot create SSLMutex file `%s'",
- mc->szMutexFile);
+ if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile,
+ APR_LOCK_DEFAULT, p)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot create SSLMutex file `%s'",
+ mc->szMutexFile);
return FALSE;
}
#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
rv = unixd_set_global_mutex_perms(mc->pMutex);
if (rv != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR, "Could not set permissions on "
- "ssl_mutex; check User and Group directives");
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Could not set permissions on ssl_mutex; check User "
+ "and Group directives");
return FALSE;
}
#endif
@@ -110,11 +109,13 @@
int ssl_mutex_on(server_rec *s)
{
SSLModConfigRec *mc = myModConfig(s);
+ apr_status_t rv;
if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
return TRUE;
- if (apr_global_mutex_lock(mc->pMutex) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_WARN, "Failed to acquire global mutex lock");
+ if ((rv = apr_global_mutex_lock(mc->pMutex)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s,
+ "Failed to acquire global mutex lock");
return FALSE;
}
return TRUE;
@@ -123,11 +124,13 @@
int ssl_mutex_off(server_rec *s)
{
SSLModConfigRec *mc = myModConfig(s);
+ apr_status_t rv;
if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
return TRUE;
- if (apr_global_mutex_unlock(mc->pMutex) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_WARN, "Failed to release global mutex lock");
+ if ((rv = apr_global_mutex_unlock(mc->pMutex)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s,
+ "Failed to release global mutex lock");
return FALSE;
}
return TRUE;
1.38 +71 -53 httpd-2.0/modules/ssl/ssl_engine_pphrase.c
Index: ssl_engine_pphrase.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_pphrase.c,v
retrieving revision 1.37
retrieving revision 1.38
diff -u -r1.37 -r1.38
--- ssl_engine_pphrase.c 15 May 2002 23:10:33 -0000 1.37
+++ ssl_engine_pphrase.c 16 May 2002 05:17:10 -0000 1.38
@@ -189,6 +189,7 @@
char *cp;
apr_time_t pkey_mtime = 0;
int isterm = 1;
+ apr_status_t rv;
/*
* Start with a fresh pass phrase array
*/
@@ -206,17 +207,17 @@
continue;
cpVHostID = ssl_util_vhostid(p, pServ);
- ssl_log(pServ, SSL_LOG_INFO|SSL_INIT,
- "Loading certificate & private key of SSL-aware server");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, pServ,
+ "Loading certificate & private key of SSL-aware server");
/*
* Read in server certificate(s): This is the easy part
* because this file isn't encrypted in any way.
*/
if (sc->server->pks->cert_files[0] == NULL) {
- ssl_log(pServ, SSL_LOG_ERROR|SSL_INIT,
- "Server should be SSL-aware but has no certificate configured "
- "[Hint: SSLCertificateFile]");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, pServ,
+ "Server should be SSL-aware but has no certificate "
+ "configured [Hint: SSLCertificateFile]");
ssl_die();
}
algoCert = SSL_ALGO_UNKNOWN;
@@ -224,13 +225,14 @@
for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->server->pks->cert_files[i] != NULL; i++) {
apr_cpystrn(szPath, sc->server->pks->cert_files[i], sizeof(szPath));
- if ( exists_and_readable(szPath, p, NULL) != APR_SUCCESS ) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Init: Can't open server certificate file %s", szPath);
+ if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Init: Can't open server certificate file %s",
+ szPath);
ssl_die();
}
if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
- ssl_log(s, SSL_LOG_ERROR,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Init: Unable to read server certificate from file %s", szPath);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
@@ -243,8 +245,9 @@
at = ssl_util_algotypeof(pX509Cert, NULL);
an = ssl_util_algotypestr(at);
if (algoCert & at) {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Multiple %s server certificates not allowed", an);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Multiple %s server certificates not "
+ "allowed", an);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
@@ -316,9 +319,11 @@
* the callback function which serves the pass
* phrases to OpenSSL
*/
- if ( exists_and_readable(szPath, p, &pkey_mtime) != APR_SUCCESS ) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Init: Can't open server private key file %s",szPath);
+ if ((rv = exists_and_readable(szPath, p,
+ &pkey_mtime)) != APR_SUCCESS ) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Init: Can't open server private key file "
+ "%s",szPath);
ssl_die();
}
@@ -352,10 +357,11 @@
ssl_asn1_table_get(mc->tPrivateKey, key_id);
if (asn1 && (asn1->source_mtime == pkey_mtime)) {
- ssl_log(pServ, SSL_LOG_INFO,
- "%s reusing existing "
- "%s private key on restart",
- cpVHostID, ssl_asn1_keystr(i));
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO,
+ 0, pServ,
+ "%s reusing existing "
+ "%s private key on restart",
+ cpVHostID, ssl_asn1_keystr(i));
return;
}
}
@@ -411,8 +417,10 @@
}
#ifdef WIN32
if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN) {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: PassPhraseDialog BuiltIn not supported in server private key from file %s", szPath);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: PassPhraseDialog BuiltIn not "
+ "supported in server private key from file "
+ "%s", szPath);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
@@ -425,13 +433,16 @@
if (nPassPhraseDialogCur && pkey_mtime &&
!(isterm = isatty(fileno(stdout)))) /* XXX: apr_isatty() */
{
- ssl_log(pServ, SSL_LOG_ERROR,
- "Init: Unable read passphrase "
- "[Hint: key introduced or changed before restart?]");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ pServ,
+ "Init: Unable read passphrase "
+ "[Hint: key introduced or changed "
+ "before restart?]");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
}
else {
- ssl_log(pServ, SSL_LOG_ERROR, "Init: Private key not found");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ pServ, "Init: Private key not found");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
}
if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN
@@ -441,7 +452,8 @@
}
}
else {
- ssl_log(pServ, SSL_LOG_ERROR, "Init: Pass phrase incorrect");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ pServ, "Init: Pass phrase incorrect");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN
@@ -454,8 +466,10 @@
}
if (pPrivateKey == NULL) {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Unable to read server private key from file %s [Hint: Perhaps it is in a separate file? See SSLCertificateKeyFile]", szPath);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Unable to read server private key from "
+ "file %s [Hint: Perhaps it is in a separate file? "
+ " See SSLCertificateKeyFile]", szPath);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
@@ -467,8 +481,9 @@
at = ssl_util_algotypeof(NULL, pPrivateKey);
an = ssl_util_algotypestr(at);
if (algoKey & at) {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Multiple %s server private keys not allowed", an);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Multiple %s server private keys not "
+ "allowed", an);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
@@ -478,20 +493,22 @@
* Log the type of reading
*/
if (nPassPhraseDialogCur == 0) {
- ssl_log(pServ, SSL_LOG_TRACE|SSL_INIT,
- "unencrypted %s private key - pass phrase not required",
- an);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, pServ,
+ "unencrypted %s private key - pass phrase not "
+ "required", an);
}
else {
if (cpPassPhraseCur != NULL) {
- ssl_log(pServ, SSL_LOG_TRACE|SSL_INIT,
- "encrypted %s private key - pass phrase requested",
- an);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
+ pServ,
+ "encrypted %s private key - pass phrase "
+ "requested", an);
}
else {
- ssl_log(pServ, SSL_LOG_TRACE|SSL_INIT,
- "encrypted %s private key - pass phrase reused",
- an);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
+ pServ,
+ "encrypted %s private key - pass phrase"
+ " reused", an);
}
}
@@ -546,8 +563,8 @@
*/
if (aPassPhrase->nelts) {
pphrase_array_clear(aPassPhrase);
- ssl_log(s, SSL_LOG_INFO,
- "Init: Wiped out the queried pass phrases from memory");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Wiped out the queried pass phrases from memory");
}
/* Close the pipes if they were opened
@@ -683,21 +700,21 @@
if (sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) {
if (!readtty) {
- ssl_log(s, SSL_LOG_INFO,
- "Init: Creating pass phrase dialog pipe child '%s'",
- sc->server->pphrase_dialog_path);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Creating pass phrase dialog pipe child "
+ "'%s'", sc->server->pphrase_dialog_path);
if (ssl_pipe_child_create(p, sc->server->pphrase_dialog_path)
!= APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to create pass phrase pipe '%s'",
- sc->server->pphrase_dialog_path);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Failed to create pass phrase pipe '%s'",
+ sc->server->pphrase_dialog_path);
PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
memset(buf, 0, (unsigned int)bufsize);
return (-1);
}
}
- ssl_log(s, SSL_LOG_INFO,
- "Init: Requesting pass phrase via piped dialog");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Requesting pass phrase via piped dialog");
}
else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */
#ifdef WIN32
@@ -713,8 +730,9 @@
*/
apr_file_open_stdout(&writetty, p);
- ssl_log(s, SSL_LOG_INFO,
- "Init: Requesting pass phrase via builtin terminal dialog");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Requesting pass phrase via builtin terminal "
+ "dialog");
#endif
}
@@ -771,9 +789,9 @@
const char **argv = apr_palloc(p, sizeof(char *) * 4);
char *result;
- ssl_log(s, SSL_LOG_INFO,
- "Init: Requesting pass phrase from dialog filter program (%s)",
- cmd);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Requesting pass phrase from dialog filter "
+ "program (%s)", cmd);
argv[0] = cmd;
argv[1] = cpVHostID;
1.18 +4 -2 httpd-2.0/modules/ssl/ssl_engine_rand.c
Index: ssl_engine_rand.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_rand.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- ssl_engine_rand.c 27 Mar 2002 03:33:57 -0000 1.17
+++ ssl_engine_rand.c 16 May 2002 05:17:10 -0000 1.18
@@ -157,10 +157,12 @@
}
}
}
- ssl_log(s, SSL_LOG_INFO, "%sSeeding PRNG with %d bytes of entropy", prefix, nDone);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "%sSeeding PRNG with %d bytes of entropy", prefix, nDone);
if (RAND_status() == 0)
- ssl_log(s, SSL_LOG_WARN, "%sPRNG still contains not sufficient entropy!", prefix);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "%sPRNG still contains not sufficient entropy!", prefix);
return nDone;
}
1.12 +3 -3 httpd-2.0/modules/ssl/ssl_scache.c
Index: ssl_scache.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- ssl_scache.c 27 Mar 2002 23:25:58 -0000 1.11
+++ ssl_scache.c 16 May 2002 05:17:10 -0000 1.12
@@ -78,9 +78,9 @@
* But we can operate without it, of course.
*/
if (mc->nSessionCacheMode == SSL_SCMODE_UNSET) {
- ssl_log(s, SSL_LOG_WARN,
- "Init: Session Cache is not configured "
- "[hint: SSLSessionCache]");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "Init: Session Cache is not configured "
+ "[hint: SSLSessionCache]");
mc->nSessionCacheMode = SSL_SCMODE_NONE;
return;
}
1.15 +56 -40 httpd-2.0/modules/ssl/ssl_scache_dbm.c
Index: ssl_scache_dbm.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache_dbm.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- ssl_scache_dbm.c 28 Mar 2002 17:11:12 -0000 1.14
+++ ssl_scache_dbm.c 16 May 2002 05:17:11 -0000 1.15
@@ -63,20 +63,22 @@
{
SSLModConfigRec *mc = myModConfig(s);
apr_dbm_t *dbm;
+ apr_status_t rv;
/* for the DBM we need the data file */
if (mc->szSessionCacheDataFile == NULL) {
- ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "SSLSessionCache required");
ssl_die();
}
/* open it once to create it and to make sure it _can_ be created */
ssl_mutex_on(s);
- if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot create SSLSessionCache DBM file `%s'",
- mc->szSessionCacheDataFile);
+ if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
+ APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot create SSLSessionCache DBM file `%s'",
+ mc->szSessionCacheDataFile);
ssl_mutex_off(s);
return;
}
@@ -140,6 +142,7 @@
UCHAR ucaData[SSL_SESSION_MAX_DER];
int nData;
UCHAR *ucp;
+ apr_status_t rv;
/* streamline session data */
if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData))
@@ -170,19 +173,20 @@
/* and store it to the DBM file */
ssl_mutex_on(s);
- if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot open SSLSessionCache DBM file `%s' for writing (store)",
- mc->szSessionCacheDataFile);
+ if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
+ APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot open SSLSessionCache DBM file `%s' for writing "
+ "(store)",
+ mc->szSessionCacheDataFile);
ssl_mutex_off(s);
free(dbmval.dptr);
return FALSE;
}
- if (apr_dbm_store(dbm, dbmkey, dbmval) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot store SSL session to DBM file `%s'",
- mc->szSessionCacheDataFile);
+ if ((rv = apr_dbm_store(dbm, dbmkey, dbmval)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot store SSL session to DBM file `%s'",
+ mc->szSessionCacheDataFile);
apr_dbm_close(dbm);
ssl_mutex_off(s);
free(dbmval.dptr);
@@ -224,11 +228,12 @@
* XXX: Should we open the dbm against r->pool so the cleanup will
* do the apr_dbm_close? This would make the code a bit cleaner.
*/
- if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot open SSLSessionCache DBM file `%s' for reading (fetch)",
- mc->szSessionCacheDataFile);
+ if ((rc = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
+ APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rc, s,
+ "Cannot open SSLSessionCache DBM file `%s' for reading "
+ "(fetch)",
+ mc->szSessionCacheDataFile);
return NULL;
}
rc = apr_dbm_fetch(dbm, dbmkey, &dbmval);
@@ -271,6 +276,7 @@
SSLModConfigRec *mc = myModConfig(s);
apr_dbm_t *dbm;
apr_datum_t dbmkey;
+ apr_status_t rv;
/* create DBM key and values */
dbmkey.dptr = (char *)id;
@@ -278,11 +284,12 @@
/* and delete it from the DBM file */
ssl_mutex_on(s);
- if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot open SSLSessionCache DBM file `%s' for writing (delete)",
- mc->szSessionCacheDataFile);
+ if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
+ APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot open SSLSessionCache DBM file `%s' for writing "
+ "(delete)",
+ mc->szSessionCacheDataFile);
ssl_mutex_off(s);
return;
}
@@ -310,6 +317,7 @@
int keyidx;
int i;
time_t tNow;
+ apr_status_t rv;
/*
* make sure the expiration for still not-accessed session
@@ -346,11 +354,13 @@
/* pass 1: scan DBM database */
keyidx = 0;
- if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE,SSL_DBM_FILE_MODE, p) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot open SSLSessionCache DBM file `%s' for scanning",
- mc->szSessionCacheDataFile);
+ if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
+ APR_DBM_RWCREATE,SSL_DBM_FILE_MODE,
+ p)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot open SSLSessionCache DBM file `%s' for "
+ "scanning",
+ mc->szSessionCacheDataFile);
apr_pool_destroy(p);
break;
}
@@ -382,9 +392,10 @@
/* pass 2: delete expired elements */
if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
APR_DBM_RWCREATE,SSL_DBM_FILE_MODE, p) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot re-open SSLSessionCache DBM file `%s' for expiring",
- mc->szSessionCacheDataFile);
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot re-open SSLSessionCache DBM file `%s' for "
+ "expiring",
+ mc->szSessionCacheDataFile);
apr_pool_destroy(p);
break;
}
@@ -402,8 +413,10 @@
}
ssl_mutex_off(s);
- ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache (DBM) Expiry: "
- "old: %d, new: %d, removed: %d", nElements, nElements-nDeleted, nDeleted);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Inter-Process Session Cache (DBM) Expiry: "
+ "old: %d, new: %d, removed: %d",
+ nElements, nElements-nDeleted, nDeleted);
return;
}
@@ -416,6 +429,7 @@
int nElem;
int nSize;
int nAverage;
+ apr_status_t rv;
nElem = 0;
nSize = 0;
@@ -423,11 +437,13 @@
/*
* XXX - Check what pool is to be used - TBD
*/
- if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot open SSLSessionCache DBM file `%s' for status retrival",
- mc->szSessionCacheDataFile);
+ if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
+ APR_DBM_RWCREATE, SSL_DBM_FILE_MODE,
+ mc->pPool)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot open SSLSessionCache DBM file `%s' for status "
+ "retrival",
+ mc->szSessionCacheDataFile);
ssl_mutex_off(s);
return;
}
1.13 +167 -105 httpd-2.0/modules/ssl/ssl_scache_shmcb.c
Index: ssl_scache_shmcb.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache_shmcb.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- ssl_scache_shmcb.c 30 Apr 2002 06:48:45 -0000 1.12
+++ ssl_scache_shmcb.c 16 May 2002 05:17:11 -0000 1.13
@@ -368,7 +368,8 @@
* Create shared memory segment
*/
if (mc->szSessionCacheDataFile == NULL) {
- ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "SSLSessionCache required");
ssl_die();
}
@@ -377,22 +378,24 @@
mc->szSessionCacheDataFile,
mc->pPool)) != APR_SUCCESS) {
char buf[100];
- ssl_log(s, SSL_LOG_ERROR,
- "Cannot allocate shared memory: (%d)%s", rv,
- apr_strerror(rv, buf, sizeof(buf)));
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Cannot allocate shared memory: (%d)%s", rv,
+ apr_strerror(rv, buf, sizeof(buf)));
ssl_die();
}
shm_segment = apr_shm_baseaddr_get(mc->pSessionCacheDataMM);
shm_segsize = apr_shm_size_get(mc->pSessionCacheDataMM);
- ssl_log(s, SSL_LOG_TRACE, "shmcb_init allocated %u bytes of shared "
- "memory", shm_segsize);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "shmcb_init allocated %u bytes of shared memory",
+ shm_segsize);
if (!shmcb_init_memory(s, shm_segment, shm_segsize)) {
- ssl_log(s, SSL_LOG_ERROR,
- "Failure initialising 'shmcb' shared memory");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Failure initialising 'shmcb' shared memory");
ssl_die();
}
- ssl_log(s, SSL_LOG_INFO, "Shared memory session cache initialised");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Shared memory session cache initialised");
/*
* Success ... we hack the memory block into place by cheating for
@@ -426,10 +429,12 @@
ssl_mutex_on(s);
if (!shmcb_store_session(s, shm_segment, id, idlen, pSession, timeout))
/* in this cache engine, "stores" should never fail. */
- ssl_log(s, SSL_LOG_ERROR, "'shmcb' code was unable to store a "
- "session in the cache.");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "'shmcb' code was unable to store a "
+ "session in the cache.");
else {
- ssl_log(s, SSL_LOG_TRACE, "shmcb_store successful");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "shmcb_store successful");
to_return = TRUE;
}
ssl_mutex_off(s);
@@ -448,11 +453,14 @@
pSession = shmcb_retrieve_session(s, shm_segment, id, idlen);
ssl_mutex_off(s);
if (pSession)
- ssl_log(s, SSL_LOG_TRACE, "shmcb_retrieve had a hit");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "shmcb_retrieve had a hit");
else {
- ssl_log(s, SSL_LOG_TRACE, "shmcb_retrieve had a miss");
- ssl_log(s, SSL_LOG_INFO, "Client requested a 'session-resume' but "
- "we have no such session.");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "shmcb_retrieve had a miss");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Client requested a 'session-resume' but "
+ "we have no such session.");
}
return pSession;
}
@@ -489,7 +497,8 @@
double expiry_total;
time_t average_expiry, now, max_expiry, min_expiry, idxexpiry;
- ssl_log(s, SSL_LOG_TRACE, "inside ssl_scache_shmcb_status");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "inside ssl_scache_shmcb_status");
/* We've kludged our pointer into the other cache's member variable. */
shm_segment = (void *) mc->tSessionCacheDataTable;
@@ -559,7 +568,8 @@
func(apr_psprintf(p, "total removes since starting: <b>%lu</b> hit, "
"<b>%lu</b> miss<br>", header->num_removes_hit,
header->num_removes_miss), arg);
- ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_status");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving shmcb_status");
return;
}
@@ -578,14 +588,16 @@
SHMCBCache cache;
unsigned int temp, loop, granularity;
- ssl_log(s, SSL_LOG_TRACE, "entered shmcb_init_memory()");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "entered shmcb_init_memory()");
/* Calculate some sizes... */
temp = sizeof(SHMCBHeader);
/* If the segment is ridiculously too small, bail out */
if (shm_mem_size < (2*temp)) {
- ssl_log(s, SSL_LOG_ERROR, "shared memory segment too small");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shared memory segment too small");
return FALSE;
}
@@ -598,8 +610,9 @@
* the cache is full, which is a lot less stupid than having
* having not enough index space to utilise the whole cache!. */
temp /= 120;
- ssl_log(s, SSL_LOG_TRACE, "for %u bytes, recommending %u indexes",
- shm_mem_size, temp);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "for %u bytes, recommending %u indexes",
+ shm_mem_size, temp);
/* We should divide these indexes evenly amongst the queues. Try
* to get it so that there are roughly half the number of divisions
@@ -614,7 +627,8 @@
/* Too small? Bail ... */
if (temp < 5) {
- ssl_log(s, SSL_LOG_ERROR, "shared memory segment too small");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shared memory segment too small");
return FALSE;
}
@@ -639,28 +653,39 @@
header->queue_size - header->cache_data_offset;
/* Output trace info */
- ssl_log(s, SSL_LOG_TRACE, "shmcb_init_memory choices follow");
- ssl_log(s, SSL_LOG_TRACE, "division_mask = 0x%02X", header->division_mask);
- ssl_log(s, SSL_LOG_TRACE, "division_offset = %u", header->division_offset);
- ssl_log(s, SSL_LOG_TRACE, "division_size = %u", header->division_size);
- ssl_log(s, SSL_LOG_TRACE, "queue_size = %u", header->queue_size);
- ssl_log(s, SSL_LOG_TRACE, "index_num = %u", header->index_num);
- ssl_log(s, SSL_LOG_TRACE, "index_offset = %u", header->index_offset);
- ssl_log(s, SSL_LOG_TRACE, "index_size = %u", header->index_size);
- ssl_log(s, SSL_LOG_TRACE, "cache_data_offset = %u", header->cache_data_offset);
- ssl_log(s, SSL_LOG_TRACE, "cache_data_size = %u", header->cache_data_size);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "shmcb_init_memory choices follow");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "division_mask = 0x%02X", header->division_mask);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "division_offset = %u", header->division_offset);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "division_size = %u", header->division_size);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "queue_size = %u", header->queue_size);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "index_num = %u", header->index_num);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "index_offset = %u", header->index_offset);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "index_size = %u", header->index_size);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "cache_data_offset = %u", header->cache_data_offset);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "cache_data_size = %u", header->cache_data_size);
/* The header is done, make the caches empty */
for (loop = 0; loop < granularity; loop++) {
if (!shmcb_get_division(header, &queue, &cache, loop))
- ssl_log(s, SSL_LOG_ERROR, "shmcb_init_memory, " "internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "shmcb_init_memory, " "internal error");
shmcb_set_safe_uint(cache.first_pos, 0);
shmcb_set_safe_uint(cache.pos_count, 0);
shmcb_set_safe_uint(queue.first_pos, 0);
shmcb_set_safe_uint(queue.pos_count, 0);
}
- ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_init_memory()");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving shmcb_init_memory()");
return TRUE;
}
@@ -679,15 +704,18 @@
time_t expiry_time;
unsigned char *session_id = SSL_SESSION_get_session_id(pSession);
- ssl_log(s, SSL_LOG_TRACE, "inside shmcb_store_session");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "inside shmcb_store_session");
/* Get the header structure, which division this session will fall into etc. */
shmcb_get_header(shm_segment, &header);
masked_index = session_id[0] & header->division_mask;
- ssl_log(s, SSL_LOG_TRACE, "session_id[0]=%u, masked index=%u",
- session_id[0], masked_index);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "session_id[0]=%u, masked index=%u",
+ session_id[0], masked_index);
if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) {
- ssl_log(s, SSL_LOG_ERROR, "shmcb_store_session, " "internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shmcb_store_session internal error");
return FALSE;
}
@@ -696,8 +724,8 @@
* or we find some assurance that it will never be necessary. */
len_encoded = i2d_SSL_SESSION(pSession, NULL);
if (len_encoded > SSL_SESSION_MAX_DER) {
- ssl_log(s, SSL_LOG_ERROR, "session is too big (%u bytes)",
- len_encoded);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "session is too big (%u bytes)", len_encoded);
return FALSE;
}
ptr_encoded = encoded;
@@ -706,10 +734,12 @@
if (!shmcb_insert_encoded_session(s, &queue, &cache, encoded,
len_encoded, session_id,
expiry_time)) {
- ssl_log(s, SSL_LOG_ERROR, "can't store a session!");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "can't store a session!");
return FALSE;
}
- ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_store successfully");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving shmcb_store successfully");
header->num_stores++;
return TRUE;
}
@@ -724,9 +754,10 @@
unsigned char masked_index;
SSL_SESSION *pSession;
- ssl_log(s, SSL_LOG_TRACE, "inside shmcb_retrieve_session");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "inside shmcb_retrieve_session");
if (idlen < 2) {
- ssl_log(s, SSL_LOG_ERROR, "unusably short session_id provided "
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "unusably short session_id provided "
"(%u bytes)", idlen);
return FALSE;
}
@@ -735,10 +766,11 @@
* will come from etc. */
shmcb_get_header(shm_segment, &header);
masked_index = id[0] & header->division_mask;
- ssl_log(s, SSL_LOG_TRACE, "id[0]=%u, masked index=%u", id[0],
- masked_index);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "id[0]=%u, masked index=%u", id[0], masked_index);
if (!shmcb_get_division(header, &queue, &cache, (unsigned int) masked_index)) {
- ssl_log(s, SSL_LOG_ERROR, "shmcb_retrieve_session, " "internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shmcb_retrieve_session internal error");
header->num_retrieves_miss++;
return FALSE;
}
@@ -750,7 +782,8 @@
header->num_retrieves_hit++;
else
header->num_retrieves_miss++;
- ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_retrieve_session");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving shmcb_retrieve_session");
return pSession;
}
@@ -764,9 +797,10 @@
unsigned char masked_index;
BOOL res;
- ssl_log(s, SSL_LOG_TRACE, "inside shmcb_remove_session");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "inside shmcb_remove_session");
if (id == NULL) {
- ssl_log(s, SSL_LOG_ERROR, "remove called with NULL session_id!");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "remove called with NULL session_id!");
return FALSE;
}
@@ -774,10 +808,10 @@
* will happen in etc. */
shmcb_get_header(shm_segment, &header);
masked_index = id[0] & header->division_mask;
- ssl_log(s, SSL_LOG_TRACE, "id[0]=%u, masked index=%u",
- id[0], masked_index);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "id[0]=%u, masked index=%u", id[0], masked_index);
if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) {
- ssl_log(s, SSL_LOG_ERROR, "shmcb_remove_session, internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "shmcb_remove_session, internal error");
header->num_removes_miss++;
return FALSE;
}
@@ -786,7 +820,8 @@
header->num_removes_hit++;
else
header->num_removes_miss++;
- ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_remove_session");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving shmcb_remove_session");
return res;
}
@@ -974,7 +1009,8 @@
unsigned int loop, index_num, pos_count, new_pos;
SHMCBHeader *header;
- ssl_log(s, SSL_LOG_TRACE, "entering shmcb_expire_division");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "entering shmcb_expire_division");
/* We must calculate num and space ourselves based on expiry times. */
now = time(NULL);
@@ -997,7 +1033,8 @@
/* Find the new_offset and make the expiries happen. */
if (loop > 0) {
- ssl_log(s, SSL_LOG_TRACE, "will be expiring %u sessions", loop);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "will be expiring %u sessions", loop);
/* We calculate the new_offset by "peeking" (or in the
* case it's the last entry, "sneaking" ;-). */
if (loop == pos_count) {
@@ -1021,8 +1058,9 @@
shmcb_get_safe_uint(&(idx->offset))));
shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset)));
}
- ssl_log(s, SSL_LOG_TRACE, "we now have %u sessions",
- shmcb_get_safe_uint(queue->pos_count));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "we now have %u sessions",
+ shmcb_get_safe_uint(queue->pos_count));
}
header->num_expiries += loop;
return loop;
@@ -1047,8 +1085,10 @@
unsigned int gap, new_pos, loop, new_offset;
int need;
- ssl_log(s, SSL_LOG_TRACE, "entering shmcb_insert_encoded_session, "
- "*queue->pos_count = %u", shmcb_get_safe_uint(queue->pos_count));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "entering shmcb_insert_encoded_session, "
+ "*queue->pos_count = %u",
+ shmcb_get_safe_uint(queue->pos_count));
/* If there's entries to expire, ditch them first thing. */
shmcb_expire_division(s, queue, cache);
@@ -1068,8 +1108,9 @@
shmcb_get_safe_uint(&(idx->offset)));
}
if (loop > 0) {
- ssl_log(s, SSL_LOG_TRACE, "about to scroll %u sessions from %u",
- loop, shmcb_get_safe_uint(queue->pos_count));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "about to scroll %u sessions from %u",
+ loop, shmcb_get_safe_uint(queue->pos_count));
/* We are removing "loop" items from the cache. */
shmcb_set_safe_uint(cache->pos_count,
shmcb_get_safe_uint(cache->pos_count) -
@@ -1079,8 +1120,9 @@
shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset)));
shmcb_set_safe_uint(queue->pos_count, shmcb_get_safe_uint(queue->pos_count) - loop);
shmcb_set_safe_uint(queue->first_pos, new_pos);
- ssl_log(s, SSL_LOG_TRACE, "now only have %u sessions",
- shmcb_get_safe_uint(queue->pos_count));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "now only have %u sessions",
+ shmcb_get_safe_uint(queue->pos_count));
/* Update the stats!!! */
header->num_scrolled += loop;
}
@@ -1090,19 +1132,20 @@
* is verified. */
if (shmcb_get_safe_uint(cache->pos_count) + encoded_len >
header->cache_data_size) {
- ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, "
- "internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shmcb_insert_encoded_session internal error");
return FALSE;
}
if (shmcb_get_safe_uint(queue->pos_count) == header->index_num) {
- ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, "
- "internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shmcb_insert_encoded_session internal error");
return FALSE;
}
- ssl_log(s, SSL_LOG_TRACE, "we have %u bytes and %u indexes free - "
- "enough", header->cache_data_size -
- shmcb_get_safe_uint(cache->pos_count), header->index_num -
- shmcb_get_safe_uint(queue->pos_count));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "we have %u bytes and %u indexes free - enough",
+ header->cache_data_size -
+ shmcb_get_safe_uint(cache->pos_count), header->index_num -
+ shmcb_get_safe_uint(queue->pos_count));
/* HERE WE ASSUME THAT THE NEW SESSION SHOULD GO ON THE END! I'M NOT
@@ -1127,12 +1170,13 @@
new_pos = shmcb_cyclic_increment(header->index_num,
shmcb_get_safe_uint(queue->first_pos),
shmcb_get_safe_uint(queue->pos_count));
- ssl_log(s, SSL_LOG_TRACE, "storing in index %u, at offset %u", new_pos,
- new_offset);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "storing in index %u, at offset %u",
+ new_pos, new_offset);
idx = shmcb_get_index(queue, new_pos);
if (idx == NULL) {
- ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, "
- "internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shmcb_insert_encoded_session internal error");
return FALSE;
}
shmcb_safe_clear(idx, sizeof(SHMCBIndex));
@@ -1141,8 +1185,9 @@
/* idx->removed = (unsigned char)0; */ /* Not needed given the memset above. */
idx->s_id2 = session_id[1];
- ssl_log(s, SSL_LOG_TRACE, "session_id[0]=%u, idx->s_id2=%u",
- session_id[0], session_id[1]);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "session_id[0]=%u, idx->s_id2=%u",
+ session_id[0], session_id[1]);
/* All that remains is to adjust the cache's and queue's "pos_count"s. */
shmcb_set_safe_uint(cache->pos_count,
@@ -1151,10 +1196,12 @@
shmcb_get_safe_uint(queue->pos_count) + 1);
/* And just for good debugging measure ... */
- ssl_log(s, SSL_LOG_TRACE, "leaving now with %u bytes in the cache and "
- "%u indexes", shmcb_get_safe_uint(cache->pos_count),
- shmcb_get_safe_uint(queue->pos_count));
- ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_insert_encoded_session");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving now with %u bytes in the cache and %u indexes",
+ shmcb_get_safe_uint(cache->pos_count),
+ shmcb_get_safe_uint(queue->pos_count));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving shmcb_insert_encoded_session");
return TRUE;
}
@@ -1174,7 +1221,8 @@
unsigned char *ptr;
time_t now;
- ssl_log(s, SSL_LOG_TRACE, "entering shmcb_lookup_session_id");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "entering shmcb_lookup_session_id");
/* If there are entries to expire, ditch them first thing. */
shmcb_expire_division(s, queue, cache);
@@ -1183,10 +1231,12 @@
count = shmcb_get_safe_uint(queue->pos_count);
header = queue->header;
for (loop = 0; loop < count; loop++) {
- ssl_log(s, SSL_LOG_TRACE, "loop=%u, count=%u, curr_pos=%u",
- loop, count, curr_pos);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "loop=%u, count=%u, curr_pos=%u",
+ loop, count, curr_pos);
idx = shmcb_get_index(queue, curr_pos);
- ssl_log(s, SSL_LOG_TRACE, "idx->s_id2=%u, id[1]=%u, offset=%u",
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "idx->s_id2=%u, id[1]=%u, offset=%u",
idx->s_id2, id[1], shmcb_get_safe_uint(&(idx->offset)));
/* Only look into the session further if;
* (a) the second byte of the session_id matches,
@@ -1202,8 +1252,9 @@
unsigned int session_id_length;
unsigned char *session_id;
- ssl_log(s, SSL_LOG_TRACE, "at index %u, found possible "
- "session match", curr_pos);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "at index %u, found possible session match",
+ curr_pos);
shmcb_cyclic_cton_memcpy(header->cache_data_size,
tempasn, cache->data,
shmcb_get_safe_uint(&(idx->offset)),
@@ -1214,22 +1265,25 @@
session_id = SSL_SESSION_get_session_id(pSession);
if (pSession == NULL) {
- ssl_log(s, SSL_LOG_ERROR, "scach2_lookup_"
- "session_id, internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "scach2_lookup_session_id internal error");
return NULL;
}
if ((session_id_length == idlen) &&
(memcmp(session_id, id, idlen) == 0)) {
- ssl_log(s, SSL_LOG_TRACE, "a match!");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "a match!");
return pSession;
}
- ssl_log(s, SSL_LOG_TRACE, "not a match");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "not a match");
SSL_SESSION_free(pSession);
pSession = NULL;
}
curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1);
}
- ssl_log(s, SSL_LOG_TRACE, "no matching sessions were found");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "no matching sessions were found");
return NULL;
}
@@ -1245,7 +1299,8 @@
unsigned char *ptr;
BOOL to_return = FALSE;
- ssl_log(s, SSL_LOG_TRACE, "entering shmcb_remove_session_id");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "entering shmcb_remove_session_id");
/* If there's entries to expire, ditch them first thing. */
/* shmcb_expire_division(s, queue, cache); */
@@ -1263,10 +1318,12 @@
count = shmcb_get_safe_uint(queue->pos_count);
header = cache->header;
for (loop = 0; loop < count; loop++) {
- ssl_log(s, SSL_LOG_TRACE, "loop=%u, count=%u, curr_pos=%u",
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "loop=%u, count=%u, curr_pos=%u",
loop, count, curr_pos);
idx = shmcb_get_index(queue, curr_pos);
- ssl_log(s, SSL_LOG_TRACE, "idx->s_id2=%u, id[1]=%u", idx->s_id2,
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "idx->s_id2=%u, id[1]=%u", idx->s_id2,
id[1]);
/* Only look into the session further if the second byte of the
* session_id matches. */
@@ -1274,8 +1331,9 @@
unsigned int session_id_length;
unsigned char *session_id;
- ssl_log(s, SSL_LOG_TRACE, "at index %u, found possible "
- "session match", curr_pos);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "at index %u, found possible "
+ "session match", curr_pos);
shmcb_cyclic_cton_memcpy(header->cache_data_size,
tempasn, cache->data,
shmcb_get_safe_uint(&(idx->offset)),
@@ -1283,8 +1341,8 @@
ptr = tempasn;
pSession = d2i_SSL_SESSION(NULL, &ptr, SSL_SESSION_MAX_DER);
if (pSession == NULL) {
- ssl_log(s, SSL_LOG_ERROR, "shmcb_remove_session_id, "
- "internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shmcb_remove_session_id, internal error");
goto end;
}
session_id_length = SSL_SESSION_get_session_id_length(pSession);
@@ -1292,24 +1350,28 @@
if ((session_id_length == idlen)
&& (memcmp(id, session_id, idlen) == 0)) {
- ssl_log(s, SSL_LOG_TRACE, "a match!");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "a match!");
/* Scrub out this session "quietly" */
idx->removed = (unsigned char) 1;
SSL_SESSION_free(pSession);
to_return = TRUE;
goto end;
}
- ssl_log(s, SSL_LOG_TRACE, "not a match");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "not a match");
SSL_SESSION_free(pSession);
pSession = NULL;
}
curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1);
}
- ssl_log(s, SSL_LOG_TRACE, "no matching sessions were found");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "no matching sessions were found");
/* If there's entries to expire, ditch them now. */
shmcb_expire_division(s, queue, cache);
end:
- ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_remove_session_id");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving shmcb_remove_session_id");
return to_return;
}
1.9 +20 -16 httpd-2.0/modules/ssl/ssl_scache_shmht.c
Index: ssl_scache_shmht.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_scache_shmht.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- ssl_scache_shmht.c 28 Mar 2002 17:11:12 -0000 1.8
+++ ssl_scache_shmht.c 16 May 2002 05:17:11 -0000 1.9
@@ -117,27 +117,29 @@
* Create shared memory segment
*/
if (mc->szSessionCacheDataFile == NULL) {
- ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "SSLSessionCache required");
ssl_die();
}
if ((rv = apr_shm_create(&(mc->pSessionCacheDataMM),
mc->nSessionCacheDataSize,
mc->szSessionCacheDataFile, mc->pPool)) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR,
- "Cannot allocate shared memory: %d", rv);
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot allocate shared memory");
ssl_die();
}
if ((rv = apr_rmm_init(&(mc->pSessionCacheDataRMM), NULL,
apr_shm_baseaddr_get(mc->pSessionCacheDataMM),
mc->nSessionCacheDataSize, mc->pPool)) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR,
- "Cannot initialize rmm: %d", rv);
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot initialize rmm");
ssl_die();
}
-ssl_log(s, SSL_LOG_ERROR, "initialize MM %ld RMM %ld",
- mc->pSessionCacheDataMM, mc->pSessionCacheDataRMM);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "initialize MM %p RMM %p",
+ mc->pSessionCacheDataMM, mc->pSessionCacheDataRMM);
/*
* Create hash table in shared memory segment
@@ -155,9 +157,9 @@
ssl_scache_shmht_calloc,
ssl_scache_shmht_realloc,
ssl_scache_shmht_free, s )) == NULL) {
- ssl_log(s, SSL_LOG_ERROR,
- "Cannot allocate hash table in shared memory: %s",
- table_strerror(ta_errno));
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Cannot allocate hash table in shared memory: %s",
+ table_strerror(ta_errno));
ssl_die();
}
@@ -169,9 +171,10 @@
/*
* Log the done work
*/
- ssl_log(s, SSL_LOG_INFO,
- "Init: Created hash-table (%d buckets) "
- "in shared memory (%d bytes) for SSL session cache", n, avail);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Created hash-table (%d buckets) "
+ "in shared memory (%d bytes) for SSL session cache",
+ n, avail);
return;
}
@@ -337,9 +340,10 @@
/* (vpKeyThis != vpKey) && (nKeyThis != nKey) */
}
ssl_mutex_off(s);
- ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache (SHMHT) Expiry: "
- "old: %d, new: %d, removed: %d",
- nElements, nElements-nDeleted, nDeleted);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Inter-Process Session Cache (SHMHT) Expiry: "
+ "old: %d, new: %d, removed: %d",
+ nElements, nElements-nDeleted, nDeleted);
return;
}
Re: cvs commit: httpd-2.0/modules/ssl mod_ssl.c
ssl_engine_init.c ssl_engine_io.c ssl_engine_kernel.c
ssl_engine_mutex.c ssl_engine_pphrase.c ssl_engine_rand.c ssl_scache.c
ssl_scache_dbm.c ssl_scache_shmcb.c ssl_scache_shmht.c
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
At 04:17 AM 5/16/2002, Greg Stein wrote:
>On Thu, May 16, 2002 at 05:17:11AM -0000, jerenkrantz@apache.org wrote:
> >...
> > SSL_LOG_TRACE and SSL_LOG_DEBUG were mapped to the APLOG_DEBUG values.
> > mod_ssl prints out a LOT of debugging information, so mod_ssl with
> LogLevel
> > Debug may not be a good idea - perhaps mod_ssl should be less chatty.
>
>If you're trying to debug the thing, then you really *do* want it to be
>chatty. Most users won't be bothered by that because they don't run in debug
>mode.
Well debug is debug, end of story... there is terrific info at the ssl
debug level, and if
they ask for debug info, they should get any and all of it.
HOWEVER, trace output is absolutely not debug level info. I have two
suggestions,
but one of the two is really required...
Add an DEBUG_SSL_TRACE flag [default undefined] that would log TRACE info at
loglevel debug.
Add a global directive SSLTrace [on|off] (default of off) to do the same,
log debug info
at the trace level.
Tracing detail is FAR to detailed and wordy to ever include at this resolution.
BTW - if you hadn't noticed from stressing your patch; there was a reason
for ssl_log.
Notice now that your log will output
[child 1] Something bad happened, ssl error follows;
[child 2] Something bad happened, ssl error follows;
[child 3] Something totally irrelevant happened.
[child 2] Another cryptic SSL error;
[child 1] Some cryptic SSL error;
This is not a good thing, as [child #] isn't in the error log stream.
Re: cvs commit: httpd-2.0/modules/ssl mod_ssl.c ssl_engine_init.c ssl_engine_io.c ssl_engine_kernel.c ssl_engine_mutex.c ssl_engine_pphrase.c ssl_engine_rand.c ssl_scache.c ssl_scache_dbm.c ssl_scache_shmcb.c ssl_scache_shmht.c
Posted by Greg Stein <gs...@lyra.org>.
On Thu, May 16, 2002 at 05:17:11AM -0000, jerenkrantz@apache.org wrote:
>...
> SSL_LOG_TRACE and SSL_LOG_DEBUG were mapped to the APLOG_DEBUG values.
> mod_ssl prints out a LOT of debugging information, so mod_ssl with LogLevel
> Debug may not be a good idea - perhaps mod_ssl should be less chatty.
If you're trying to debug the thing, then you really *do* want it to be
chatty. Most users won't be bothered by that because they don't run in debug
mode.
-0 on any reduction in debug chattiness.
Cheers,
-g
--
Greg Stein, http://www.lyra.org/