LogLevel inheritance/merging for VirtualHost in 2.4.x (Re: SSL_CTX_get_{first,next}_certificate (Re: svn commit: r1562500 - /httpd/httpd/branches/2.4.x/STATUS))

[Kaspar Brand <ht...@velox.ch>]

On 22.02.2014 19:17, Falco Schwarz wrote:
> Kaspar, I switched back to your version and realized, that the directive SSLCertificateChainFile was always used in a VirtualHost.
> 
> If the directive is in server scope, the warning is written correctly. 		 	   		  

Yes, that's the underlying issue which changing cmd->server to NULL in
the ap_log_error actually uncovers: it's a somewhat (at least IMO)
unfortunate side effect of how the LogLevel for a new VirtualHost is
inherited/merged from the global LogLevel directive, or more
specifically, the order in which it happens.

If you insert "LogLevel warn" (or higher) in the VirtualHost block
*before* any SSLCertificateChainFile directive, then you'll see the
vhost-scope warnings on stderr (or in the log on reloads) as well.

One potential fix could consist of the attached patch for
server/config.c, though I'm not sure if it doesn't have unwanted side
effects, either (cf. r1024427 as to why it was last changed into the
opposite direction). I guess sf is the expert on this, so I'm hoping for
his views on this. Note that config.c:ap_merge_log_config() is only part
of 2.4.x, i.e. with 2.2.x, the situation is different.

Kaspar

Re: LogLevel inheritance/merging for VirtualHost in 2.4.x (Re: SSL_CTX_get_{first,next}_certificate (Re: svn commit: r1562500 - /httpd/httpd/branches/2.4.x/STATUS))

[Kaspar Brand <ht...@velox.ch>]

On 23.02.2014 09:03, Kaspar Brand wrote:
> On 22.02.2014 19:17, Falco Schwarz wrote:
>> Kaspar, I switched back to your version and realized, that the directive SSLCertificateChainFile was always used in a VirtualHost.
>>
>> If the directive is in server scope, the warning is written correctly. 		 	   		  
> 
> Yes, that's the underlying issue which changing cmd->server to NULL in
> the ap_log_error actually uncovers: it's a somewhat (at least IMO)
> unfortunate side effect of how the LogLevel for a new VirtualHost is
> inherited/merged from the global LogLevel directive, or more
> specifically, the order in which it happens.

For the record: I have now committed your suggested change (switching
from cmd->server to NULL) in r1676085, as it turned out to be the most
appropriate fix for this specific case - and does not have unwanted side
effects either. Proposed for backport to 2.4.x in r1676086.

Kaspar

Re: LogLevel inheritance/merging for VirtualHost in 2.4.x

[Kaspar Brand <ht...@velox.ch>]

On 23.02.2014 09:03, Kaspar Brand wrote:
> Yes, that's the underlying issue which changing cmd->server to NULL in
> the ap_log_error actually uncovers: it's a somewhat (at least IMO)
> unfortunate side effect of how the LogLevel for a new VirtualHost is
> inherited/merged from the global LogLevel directive, or more
> specifically, the order in which it happens.
> 
> If you insert "LogLevel warn" (or higher) in the VirtualHost block
> *before* any SSLCertificateChainFile directive, then you'll see the
> vhost-scope warnings on stderr (or in the log on reloads) as well.
> 
> One potential fix could consist of the attached patch for
> server/config.c, though I'm not sure if it doesn't have unwanted side
> effects, either (cf. r1024427 as to why it was last changed into the
> opposite direction).

After another look at this, an better solution might be the attached
patch - any opinions/insights from people who are more familiar with the
logging stuff than me?

Kaspar