You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2010/06/06 19:10:24 UTC
svn commit: r951904 - in /httpd/httpd/trunk: docs/manual/ssl/ssl_howto.xml
modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c
modules/ssl/ssl_engine_io.c modules/ssl/ssl_private.h
Author: sf
Date: Sun Jun 6 17:10:23 2010
New Revision: 951904
URL: http://svn.apache.org/viewvc?rev=951904&view=rev
Log:
Replace LogLevelDebugDump with TRACE log levels
Modified:
httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml
httpd/httpd/trunk/modules/ssl/mod_ssl.c
httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
httpd/httpd/trunk/modules/ssl/ssl_private.h
Modified: httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml?rev=951904&r1=951903&r2=951904&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml (original)
+++ httpd/httpd/trunk/docs/manual/ssl/ssl_howto.xml Sun Jun 6 17:10:23 2010
@@ -301,5 +301,16 @@ Require valid-user
</section>
<!-- /access control -->
+<section id="logging">
+ <title>Logging</title>
+
+ <p><module>mod_ssl</module> can log extremely verbose debugging information
+ to the error log, when its <directive module="core">LogLevel</directive> is
+ set to the higher trace levels. On the other hand, on a very busy server,
+ level <code>info</code> may already be too much. Remember that you can
+ configure the <directive module="core">LogLevel</directive> per module to
+ suite your needs.</p>
+</section>
+
</manualpage>
Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=951904&r1=951903&r2=951904&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Sun Jun 6 17:10:23 2010
@@ -130,9 +130,6 @@ static const command_rec ssl_config_cmds
"Enable support for insecure renegotiation")
SSL_CMD_ALL(UserName, TAKE1,
"Set user name to SSL variable value")
- SSL_CMD_SRV(LogLevelDebugDump, TAKE1,
- "Include I/O Dump when LogLevel is set to Debug "
- "([ None (default) | IO (not bytes) | Bytes ])")
SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
"Strict SNI virtual host checking")
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=951904&r1=951903&r2=951904&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Sun Jun 6 17:10:23 2010
@@ -186,7 +186,6 @@ static SSLSrvConfigRec *ssl_config_serve
sc->session_cache_timeout = UNSET;
sc->cipher_server_pref = UNSET;
sc->insecure_reneg = UNSET;
- sc->ssl_log_level = SSL_LOG_UNSET;
sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET;
sc->proxy_ssl_check_peer_cn = SSL_ENABLED_UNSET;
#ifndef OPENSSL_NO_TLSEXT
@@ -299,7 +298,6 @@ void *ssl_config_server_merge(apr_pool_t
cfgMergeInt(session_cache_timeout);
cfgMergeBool(cipher_server_pref);
cfgMergeBool(insecure_reneg);
- cfgMerge(ssl_log_level, SSL_LOG_UNSET);
cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET);
cfgMerge(proxy_ssl_check_peer_cn, SSL_ENABLED_UNSET);
#ifndef OPENSSL_NO_TLSEXT
@@ -1073,30 +1071,6 @@ const char *ssl_cmd_SSLSessionCacheTimeo
return NULL;
}
-const char *ssl_cmd_SSLLogLevelDebugDump(cmd_parms *cmd,
- void *dcfg,
- const char *arg)
-{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
-
- if (strcEQ(arg, "none") || strcEQ(arg, "off")) {
- sc->ssl_log_level = SSL_LOG_NONE;
- }
- else if (strcEQ(arg, "io") || strcEQ(arg, "i/o")) {
- sc->ssl_log_level = SSL_LOG_IO;
- }
- else if (strcEQ(arg, "bytes") || strcEQ(arg, "on")) {
- sc->ssl_log_level = SSL_LOG_BYTES;
- }
- else {
- return apr_pstrcat(cmd->temp_pool, cmd->cmd->name,
- ": Invalid argument '", arg, "'",
- NULL);
- }
-
- return NULL;
-}
-
const char *ssl_cmd_SSLOptions(cmd_parms *cmd,
void *dcfg,
const char *arg)
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_io.c?rev=951904&r1=951903&r2=951904&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_io.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_io.c Sun Jun 6 17:10:23 2010
@@ -1717,8 +1717,6 @@ static void ssl_io_input_add_filter(ssl_
void ssl_io_filter_init(conn_rec *c, request_rec *r, SSL *ssl)
{
ssl_filter_ctx_t *filter_ctx;
- server_rec *s = c->base_server;
- SSLSrvConfigRec *sc = mySrvConfig(s);
filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t));
@@ -1742,7 +1740,7 @@ void ssl_io_filter_init(conn_rec *c, req
apr_pool_cleanup_register(c->pool, (void*)filter_ctx,
ssl_io_filter_cleanup, apr_pool_cleanup_null);
- if (APLOGcdebug(c) && (sc->ssl_log_level >= SSL_LOG_IO)) {
+ if (APLOGctrace4(c)) {
BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
}
@@ -1783,7 +1781,7 @@ static void ssl_io_data_dump(server_rec
rows = (len / DUMP_WIDTH);
if ((rows * DUMP_WIDTH) < len)
rows++;
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
+ ap_log_error(APLOG_MARK, APLOG_TRACE7, 0, srvr,
"+-------------------------------------------------------------------------+");
for(i = 0 ; i< rows; i++) {
#if APR_CHARSET_EBCDIC
@@ -1822,13 +1820,13 @@ static void ssl_io_data_dump(server_rec
}
}
apr_cpystrn(buf+strlen(buf), " |", sizeof(buf)-strlen(buf));
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
+ ap_log_error(APLOG_MARK, APLOG_TRACE7, 0, srvr,
"%s", buf);
}
if (trunc > 0)
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
+ ap_log_error(APLOG_MARK, APLOG_TRACE7, 0, srvr,
"| %04ld - <SPACES/NULS>", len + trunc);
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
+ ap_log_error(APLOG_MARK, APLOG_TRACE7, 0, srvr,
"+-------------------------------------------------------------------------+");
return;
}
@@ -1852,18 +1850,18 @@ long ssl_io_data_cb(BIO *bio, int cmd,
if ( cmd == (BIO_CB_WRITE|BIO_CB_RETURN)
|| cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
if (rc >= 0) {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_TRACE4, 0, s,
"%s: %s %ld/%d bytes %s BIO#%pp [mem: %pp] %s",
SSL_LIBRARY_NAME,
(cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"),
bio, argp,
(argp != NULL ? "(BIO dump follows)" : "(Oops, no memory buffer?)"));
- if ((argp != NULL) && (sc->ssl_log_level >= SSL_LOG_BYTES))
+ if ((argp != NULL) && APLOGctrace7(c))
ssl_io_data_dump(s, argp, rc);
}
else {
- ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_TRACE4, 0, s,
"%s: I/O error, %d bytes expected to %s on BIO#%pp [mem: %pp]",
SSL_LIBRARY_NAME, argi,
(cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=951904&r1=951903&r2=951904&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Sun Jun 6 17:10:23 2010
@@ -150,18 +150,6 @@ ap_set_module_config(c->conn_config, &ss
#endif
/**
- * Define the per-server SSLLogLevel constants which provide
- * finer-than-debug resolution to decide if logs are to be
- * assulted with tens of thousands of characters per request.
- */
-typedef enum {
- SSL_LOG_UNSET = UNSET,
- SSL_LOG_NONE = 0,
- SSL_LOG_IO = 6,
- SSL_LOG_BYTES = 7
-} ssl_log_level_e;
-
-/**
* Support for MM library
*/
#define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
@@ -512,7 +500,6 @@ struct SSLSrvConfigRec {
BOOL insecure_reneg;
modssl_ctx_t *server;
modssl_ctx_t *proxy;
- ssl_log_level_e ssl_log_level;
ssl_enabled_t proxy_ssl_check_peer_expire;
ssl_enabled_t proxy_ssl_check_peer_cn;
#ifndef OPENSSL_NO_TLSEXT
@@ -583,7 +570,6 @@ const char *ssl_cmd_SSLOptions(cmd_parm
const char *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
const char *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLUserName(cmd_parms *, void *, const char *);
-const char *ssl_cmd_SSLLogLevelDebugDump(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLRenegBufferSize(cmd_parms *cmd, void *dcfg, const char *arg);
const char *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag);
const char *ssl_cmd_SSLInsecureRenegotiation(cmd_parms *cmd, void *dcfg, int flag);