SSLConnRec *sslconn = ssl_init_connection_ctx(c);
if (!sc->proxy_enabled) {
- ssl_log(c->base_server, SSL_LOG_ERROR,
- "SSL Proxy requested for %s but not enabled "
- "[Hint: SSLProxyEngine]", sc->vhost_id);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server,
+ "SSL Proxy requested for %s but not enabled "
+ "[Hint: SSLProxyEngine]", sc->vhost_id);
return 0;
}
* later access inside callback functions
*/
- ssl_log(c->base_server, SSL_LOG_INFO,
- "Connection to child %d established "
- "(server %s, client %s)", c->id, sc->vhost_id,
- c->remote_ip ? c->remote_ip : "unknown");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, c->base_server,
+ "Connection to child %ld established "
+ "(server %s, client %s)", c->id, sc->vhost_id,
+ c->remote_ip ? c->remote_ip : "unknown");
/*
* Seed the Pseudo Random Number Generator (PRNG)
* so we can detach later.
*/
if (!(ssl = SSL_new(mctx->ssl_ctx))) {
- ssl_log(c->base_server, SSL_LOG_ERROR,
- "Unable to create a new SSL connection from the SSL context");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server,
+ "Unable to create a new SSL connection from the SSL "
+ "context");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
c->aborted = 1;
if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5,
MD5_DIGESTSIZE*2))
{
- ssl_log(c->base_server, SSL_LOG_ERROR,
- "Unable to set session id context to `%s'", vhost_md5);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server,
+ "Unable to set session id context to `%s'", vhost_md5);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
c->aborted = 1;
if (!SSL_is_init_finished(filter->pssl)) {
if (sslconn->is_proxy) {
if ((n = SSL_connect(filter->pssl)) <= 0) {
- ssl_log(c->base_server,
- SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "SSL Proxy connect failed");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ c->base_server,
+ "SSL Proxy connect failed");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
return ssl_abort(filter, c);
}
* was transferred. That's not a real error and can occur
* sporadically with some clients.
*/
- ssl_log(c->base_server, SSL_LOG_INFO,
- "SSL handshake stopped: connection was closed");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0,
+ c->base_server,
+ "SSL handshake stopped: connection was closed");
}
else if (err == SSL_ERROR_WANT_READ) {
/*
(errno != EINTR))
{
if (errno > 0) {
- ssl_log(c->base_server,
- SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "SSL handshake interrupted by system "
- "[Hint: Stop button pressed in browser?!]");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ c->base_server,
+ "SSL handshake interrupted by system "
+ "[Hint: Stop button pressed in browser?!]");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
}
else {
- ssl_log(c->base_server,
- SSL_LOG_INFO|SSL_ADD_ERRNO,
- "Spurious SSL handshake interrupt [Hint: "
- "Usually just one of those OpenSSL confusions!?]");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ c->base_server,
+ "Spurious SSL handshake interrupt [Hint: "
+ "Usually just one of those OpenSSL "
+ "confusions!?]");
ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server);
}
}
/*
* Ok, anything else is a fatal error
*/
- ssl_log(c->base_server,
- SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "SSL handshake failed (server %s, client %s)",
- ssl_util_vhostid(c->pool, c->base_server),
- c->remote_ip ? c->remote_ip : "unknown");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ c->base_server,
+ "SSL handshake failed (server %s, client %s)",
+ ssl_util_vhostid(c->pool, c->base_server),
+ c->remote_ip ? c->remote_ip : "unknown");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
}
* optional_no_ca doesn't appear to work as advertised
* in 1.x
*/
- ssl_log(c->base_server, SSL_LOG_ERROR,
- "SSL client authentication failed, "
- "accepting certificate based on "
- "\"SSLVerifyClient optional_no_ca\" configuration");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ c->base_server,
+ "SSL client authentication failed, "
+ "accepting certificate based on "
+ "\"SSLVerifyClient optional_no_ca\" "
+ "configuration");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
}
else {
sslconn->verify_error :
X509_verify_cert_error_string(verify_result);
- ssl_log(c->base_server, SSL_LOG_ERROR,
- "SSL client authentication failed: %s",
- error ? error : "unknown");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ c->base_server,
+ "SSL client authentication failed: %s",
+ error ? error : "unknown");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
return ssl_abort(filter, c);
if ((sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE) &&
!sslconn->client_cert)
{
- ssl_log(c->base_server, SSL_LOG_ERROR,
- "No acceptable peer certificate available");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server,
+ "No acceptable peer certificate available");
return ssl_abort(filter, c);
}
version_components[i]);
}
- ssl_log(s, SSL_LOG_INFO,
- "Server: %s, Interface: %s, Library: %s",
- AP_SERVER_BASEVERSION,
- vals[1], /* SSL_VERSION_INTERFACE */
- vals[2]); /* SSL_VERSION_LIBRARY */
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Server: %s, Interface: %s, Library: %s",
+ AP_SERVER_BASEVERSION,
+ vals[1], /* SSL_VERSION_INTERFACE */
+ vals[2]); /* SSL_VERSION_LIBRARY */
}
*/
static void ssl_init_SSLLibrary(server_rec *s)
{
- ssl_log(s, SSL_LOG_INFO,
- "Init: Initializing %s library", SSL_LIBRARY_NAME);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Initializing %s library", SSL_LIBRARY_NAME);
CRYPTO_malloc_init();
SSL_load_error_strings();
if (!(mc->pTmpKeys[idx] =
RSA_generate_key(bits, RSA_F4, NULL, NULL)))
{
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to generate temporary "
- "%d bit RSA private key", bits);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Failed to generate temporary "
+ "%d bit RSA private key", bits);
ssl_die();
}
if (!(mc->pTmpKeys[idx] =
ssl_dh_GetTmpParam(bits)))
{
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to generate temporary "
- "%d bit DH parameters", bits);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Failed to generate temporary "
+ "%d bit DH parameters", bits);
ssl_die();
}
}
static void ssl_tmp_keys_init(server_rec *s)
{
- ssl_log(s, SSL_LOG_INFO,
- "Init: Generating temporary RSA private keys (512/1024 bits)");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Generating temporary RSA private keys (512/1024 bits)");
MODSSL_TMP_KEY_INIT_RSA(s, 512);
MODSSL_TMP_KEY_INIT_RSA(s, 1024);
- ssl_log(s, SSL_LOG_INFO,
- "Init: Generating temporary DH parameters (512/1024 bits)");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Generating temporary DH parameters (512/1024 bits)");
MODSSL_TMP_KEY_INIT_DH(s, 512);
MODSSL_TMP_KEY_INIT_DH(s, 1024);
/*
* initialize servers
*/
- ssl_log(base_server, SSL_LOG_INFO,
- "Init: Initializing (virtual) servers for SSL");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, base_server,
+ "Init: Initializing (virtual) servers for SSL");
for (s = base_server; s; s = s->next) {
sc = mySrvConfig(s);
if (mc->szCryptoDevice) {
if (!(e = ENGINE_by_id(mc->szCryptoDevice))) {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to load Crypto Device API `%s'",
- mc->szCryptoDevice);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Failed to load Crypto Device API `%s'",
+ mc->szCryptoDevice);
ssl_die();
}
}
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to enable Crypto Device API `%s'",
- mc->szCryptoDevice);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Failed to enable Crypto Device API `%s'",
+ mc->szCryptoDevice);
ssl_die();
}
* possibility that the user forgot to set them.
*/
if (!mctx->pks->cert_files[0]) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"No SSL Certificate set [hint: SSLCertificateFile]");
ssl_die();
}
if (mctx->pks->certs[SSL_AIDX_RSA] ||
mctx->pks->certs[SSL_AIDX_DSA])
{
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Illegal attempt to re-initialise SSL for server "
"(theoretically shouldn't happen!)");
ssl_die();
* Create the new per-server SSL context
*/
if (protocol == SSL_PROTOCOL_NONE) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"No SSL protocols available [hint: SSLProtocol]");
ssl_die();
}
NULL);
cp[strlen(cp)-2] = NUL;
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "Creating new SSL context (protocols: %s)", cp);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Creating new SSL context (protocols: %s)", cp);
if (protocol == SSL_PROTOCOL_SSLV2) {
method = mctx->pkp ?
* Configure Client Authentication details
*/
if (mctx->auth.ca_cert_file || mctx->auth.ca_cert_path) {
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "Configuring client authentication");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Configuring client authentication");
if (!SSL_CTX_load_verify_locations(ctx,
mctx->auth.ca_cert_file,
mctx->auth.ca_cert_path))
{
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to configure verify locations "
"for client authentication");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
mctx->auth.ca_cert_file,
mctx->auth.ca_cert_path);
if (!ca_list) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to determine list of available "
"CA certificates for client authentication");
ssl_die();
ca_list = (STACK_OF(X509_NAME) *)SSL_CTX_get_client_CA_list(ctx);
if (sk_X509_NAME_num(ca_list) == 0) {
- ssl_log(s, SSL_LOG_WARN,
- "Init: Oops, you want to request client authentication, "
- "but no CAs are known for verification!? "
- "[Hint: SSLCACertificate*]");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "Init: Oops, you want to request client "
+ "authentication, but no CAs are known for "
+ "verification!? [Hint: SSLCACertificate*]");
}
}
}
return;
}
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "Configuring permitted SSL ciphers [%s]",
- suite);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Configuring permitted SSL ciphers [%s]",
+ suite);
if (!SSL_CTX_set_cipher_list(ctx, suite)) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to configure permitted SSL ciphers");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
return;
}
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "Configuring certificate revocation facility");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Configuring certificate revocation facility");
mctx->crl =
SSL_X509_STORE_create((char *)mctx->crl_file,
(char *)mctx->crl_path);
if (!mctx->crl) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to configure X.509 CRL storage "
"for certificate revocation");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
(char *)chain,
skip_first, NULL);
if (n < 0) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Failed to configure CA certificate chain!");
ssl_die();
}
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "Configuring server certificate chain "
- "(%d CA certificate%s)",
- n, n == 1 ? "" : "s");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Configuring server certificate chain "
+ "(%d CA certificate%s)",
+ n, n == 1 ? "" : "s");
}
static void ssl_init_ctx(server_rec *s,
return FALSE;
}
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "Configuring %s server certificate", type);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Configuring %s server certificate", type);
ptr = asn1->cpData;
if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to import %s server certificate", type);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to configure %s server certificate", type);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
return FALSE;
}
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "Configuring %s server private key", type);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Configuring %s server private key", type);
ptr = asn1->cpData;
if (!(pkey = d2i_PrivateKey(pkey_type, NULL, &ptr, asn1->nData)))
{
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to import %s server private key", type);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Unable to configure %s server private key", type);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
if (pubkey && EVP_PKEY_missing_parameters(pubkey)) {
EVP_PKEY_copy_parameters(pubkey, pkey);
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Copying DSA parameters from private key to certificate");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
}
*/
if (SSL_X509_isSGC(cert)) {
- ssl_log(s, SSL_LOG_INFO|SSL_INIT,
- "%s server certificate enables "
- "Server Gated Cryptography (SGC)",
- ssl_asn1_keystr(type));
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "%s server certificate enables "
+ "Server Gated Cryptography (SGC)",
+ ssl_asn1_keystr(type));
}
if (SSL_X509_getBC(cert, &is_ca, &pathlen)) {
if (is_ca) {
- ssl_log(s, SSL_LOG_WARN|SSL_INIT,
- "%s server certificate is a CA certificate "
- "(BasicConstraints: CA == TRUE !?)",
- ssl_asn1_keystr(type));
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "%s server certificate is a CA certificate "
+ "(BasicConstraints: CA == TRUE !?)",
+ ssl_asn1_keystr(type));
}
if (pathlen > 0) {
- ssl_log(s, SSL_LOG_WARN|SSL_INIT,
- "%s server certificate is not a leaf certificate "
- "(BasicConstraints: pathlen == %d > 0 !?)",
- ssl_asn1_keystr(type), pathlen);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "%s server certificate is not a leaf certificate "
+ "(BasicConstraints: pathlen == %d > 0 !?)",
+ ssl_asn1_keystr(type), pathlen);
}
}
(apr_fnmatch(cn, s->server_hostname,
fnm_flags) == FNM_NOMATCH))
{
- ssl_log(s, SSL_LOG_WARN|SSL_INIT,
- "%s server certificate wildcard CommonName (CN) `%s' "
- "does NOT match server name!?",
- ssl_asn1_keystr(type), cn);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "%s server certificate wildcard CommonName (CN) `%s' "
+ "does NOT match server name!?",
+ ssl_asn1_keystr(type), cn);
}
else if (strNE(s->server_hostname, cn)) {
- ssl_log(s, SSL_LOG_WARN|SSL_INIT,
- "%s server certificate CommonName (CN) `%s' "
- "does NOT match server name!?",
- ssl_asn1_keystr(type), cn);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "%s server certificate CommonName (CN) `%s' "
+ "does NOT match server name!?",
+ ssl_asn1_keystr(type), cn);
}
}
}
have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
if (!(have_rsa || have_dsa)) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Oops, no RSA or DSA server certificate found?!");
ssl_die();
}
have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
if (!(have_rsa || have_dsa)) {
- ssl_log(s, SSL_LOG_ERROR|SSL_INIT,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Oops, no RSA or DSA server private key found?!");
ssl_die();
}
}
if ((ncerts = sk_X509_INFO_num(sk)) > 0) {
- ssl_log(s, SSL_LOG_TRACE|SSL_INIT,
- "loaded %d client certs for SSL proxy",
- ncerts);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "loaded %d client certs for SSL proxy",
+ ncerts);
pkp->certs = sk;
}
else {
- ssl_log(s, SSL_LOG_WARN|SSL_INIT,
- "no client certs found for SSL proxy");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "no client certs found for SSL proxy");
sk_X509_INFO_free(sk);
}
}
SSLSrvConfigRec *sc)
{
if (sc->enabled) {
- ssl_log(s, SSL_LOG_INFO|SSL_INIT,
- "Configuring server for SSL protocol");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Configuring server for SSL protocol");
ssl_init_server_ctx(s, p, ptemp, sc);
}
sc = mySrvConfig(s);
if (sc->enabled && (s->port == DEFAULT_HTTP_PORT)) {
- ssl_log(base_server, SSL_LOG_WARN,
- "Init: (%s) You configured HTTPS(%d) "
- "on the standard HTTP(%d) port!",
- ssl_util_vhostid(p, s),
- DEFAULT_HTTPS_PORT, DEFAULT_HTTP_PORT);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0,
+ base_server,
+ "Init: (%s) You configured HTTPS(%d) "
+ "on the standard HTTP(%d) port!",
+ ssl_util_vhostid(p, s),
+ DEFAULT_HTTPS_PORT, DEFAULT_HTTP_PORT);
}
if (!sc->enabled && (s->port == DEFAULT_HTTPS_PORT)) {
- ssl_log(base_server, SSL_LOG_WARN,
- "Init: (%s) You configured HTTP(%d) "
- "on the standard HTTPS(%d) port!",
- ssl_util_vhostid(p, s),
- DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0,
+ base_server,
+ "Init: (%s) You configured HTTP(%d) "
+ "on the standard HTTPS(%d) port!",
+ ssl_util_vhostid(p, s),
+ DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT);
}
}
klen = strlen(key);
if ((ps = (server_rec *)apr_hash_get(table, key, klen))) {
- ssl_log(base_server, SSL_LOG_WARN,
- "Init: SSL server IP/port conflict: "
- "%s (%s:%d) vs. %s (%s:%d)",
- ssl_util_vhostid(p, s),
- (s->defn_name ? s->defn_name : "unknown"),
- s->defn_line_number,
- ssl_util_vhostid(p, ps),
- (ps->defn_name ? ps->defn_name : "unknown"),
- ps->defn_line_number);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0,
+ base_server,
+ "Init: SSL server IP/port conflict: "
+ "%s (%s:%d) vs. %s (%s:%d)",
+ ssl_util_vhostid(p, s),
+ (s->defn_name ? s->defn_name : "unknown"),
+ s->defn_line_number,
+ ssl_util_vhostid(p, ps),
+ (ps->defn_name ? ps->defn_name : "unknown"),
+ ps->defn_line_number);
conflict = TRUE;
continue;
}
}
if (conflict) {
- ssl_log(base_server, SSL_LOG_WARN,
- "Init: You should not use name-based "
- "virtual hosts in conjunction with SSL!!");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, base_server,
+ "Init: You should not use name-based "
+ "virtual hosts in conjunction with SSL!!");
}
}
char name_buf[256];
X509_NAME *name = sk_X509_NAME_value(sk, n);
- ssl_log(s, SSL_LOG_TRACE,
- "CA certificate: %s",
- X509_NAME_oneline(name, name_buf, sizeof(name_buf)));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "CA certificate: %s",
+ X509_NAME_oneline(name, name_buf, sizeof(name_buf)));
/*
* note that SSL_load_client_CA_file() checks for duplicates,
apr_dir_t *dir;
apr_finfo_t direntry;
apr_int32_t finfo_flags = APR_FINFO_MIN|APR_FINFO_NAME;
+ apr_status_t rv;
- if (apr_dir_open(&dir, ca_path, ptemp) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO|SSL_INIT,
+ if ((rv = apr_dir_open(&dir, ca_path, ptemp)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
"Failed to open SSLCACertificatePath `%s'",
ca_path);
ssl_die();
* Log SSL errors
*/
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
- ssl_log(c->base_server, SSL_LOG_ERROR,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server,
"SSL error on reading data");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
}
* Log SSL errors
*/
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
- ssl_log(c->base_server, SSL_LOG_ERROR,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server,
"SSL error on writing data");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
}
reason = "likely due to failed renegotiation";
}
- ssl_log(c->base_server, SSL_LOG_ERROR,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server,
"failed to write %d of %d bytes (%s)",
n > 0 ? len - n : len, len, reason);
switch (status) {
case HTTP_BAD_REQUEST:
/* log the situation */
- ssl_log(f->c->base_server, SSL_LOG_ERROR,
- "SSL handshake failed: HTTP spoken on HTTPS port; "
- "trying to send HTML error page");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ f->c->base_server,
+ "SSL handshake failed: HTTP spoken on HTTPS port; "
+ "trying to send HTML error page");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, f->c->base_server);
/* fake the request line */
rows = (len / DUMP_WIDTH);
if ((rows * DUMP_WIDTH) < len)
rows++;
- ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr,
"+-------------------------------------------------------------------------+");
for(i = 0 ; i< rows; i++) {
apr_snprintf(tmp, sizeof(tmp), "| %04x: ", i * DUMP_WIDTH);
}
}
apr_cpystrn(buf+strlen(buf), " |", sizeof(buf)-strlen(buf));
- ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID, "%s", buf);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr,
+ "%s", buf);
}
if (trunc > 0)
- ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
- "| %04x - <SPACES/NULS>", len + trunc);
- ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID,
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr,
+ "| %04ld - <SPACES/NULS>", len + trunc);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr,
"+-------------------------------------------------------------------------+");
return;
}
if ( cmd == (BIO_CB_WRITE|BIO_CB_RETURN)
|| cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
if (rc >= 0) {
- ssl_log(s, SSL_LOG_DEBUG,
- "%s: %s %ld/%d bytes %s BIO#%08X [mem: %08lX] %s",
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: %s %ld/%d bytes %s BIO#%p [mem: %p] %s",
SSL_LIBRARY_NAME,
(cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"),
ssl_io_data_dump(s, argp, rc);
}
else {
- ssl_log(s, SSL_LOG_DEBUG,
- "%s: I/O error, %d bytes expected to %s on BIO#%08X [mem: %08lX]",
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: I/O error, %d bytes expected to %s on BIO#%p [mem: %p]",
SSL_LIBRARY_NAME, argi,
(cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
bio, argp);
/* and finally log the fact that we've closed the connection */
if (SSLConnLogApplies(sslconn, SSL_LOG_INFO)) {
- ssl_log(conn->base_server, SSL_LOG_INFO,
- "Connection to child %d closed with %s shutdown"
- "(server %s, client %s)",
- conn->id, type,
- ssl_util_vhostid(conn->pool, conn->base_server),
- conn->remote_ip ? conn->remote_ip : "unknown");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, conn->base_server,
+ "Connection to child %ld closed with %s shutdown"
+ "(server %s, client %s)",
+ conn->id, type,
+ ssl_util_vhostid(conn->pool, conn->base_server),
+ conn->remote_ip ? conn->remote_ip : "unknown");
}
/* deallocate the SSL connection */
* Log information about incoming HTTPS requests
*/
if (SSLConnLogApplies(sslconn, SSL_LOG_INFO) && ap_is_initial_req(r)) {
- ssl_log(r->server, SSL_LOG_INFO,
- "%s HTTPS request received for child %d (server %s)",
- (r->connection->keepalives <= 0 ?
- "Initial (No.1)" :
- apr_psprintf(r->pool, "Subsequent (No.%d)",
- r->connection->keepalives+1)),
- r->connection->id,
- ssl_util_vhostid(r->pool, r->server));
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server,
+ "%s HTTPS request received for child %ld (server %s)",
+ (r->connection->keepalives <= 0 ?
+ "Initial (No.1)" :
+ apr_psprintf(r->pool, "Subsequent (No.%d)",
+ r->connection->keepalives+1)),
+ r->connection->id,
+ ssl_util_vhostid(r->pool, r->server));
}
/* SetEnvIf ssl-*-shutdown flags can only be per-server,
/* configure new state */
if (!modssl_set_cipher_list(ssl, dc->szCipherSuite)) {
- ssl_log(r->server, SSL_LOG_WARN,
- "Unable to reconfigure (per-directory) "
- "permitted SSL ciphers");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0,
+ r->server,
+ "Unable to reconfigure (per-directory) "
+ "permitted SSL ciphers");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
if (cipher_list_old) {
/* tracing */
if (renegotiate) {
- ssl_log(r->server, SSL_LOG_TRACE,
- "Reconfigured cipher suite will force renegotiation");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
+ "Reconfigured cipher suite will force renegotiation");
}
}
/* determine whether a renegotiation has to be forced */
if (dc->nVerifyDepth < n) {
renegotiate = TRUE;
- ssl_log(r->server, SSL_LOG_TRACE,
- "Reduced client verification depth "
- "will force renegotiation");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
+ "Reduced client verification depth will force "
+ "renegotiation");
}
}
renegotiate_quick = TRUE;
}
- ssl_log(r->server, SSL_LOG_TRACE,
- "Changed client verification type "
- "will force %srenegotiation",
- renegotiate_quick ? "quick " : "");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
+ r->server,
+ "Changed client verification type will force "
+ "%srenegotiation",
+ renegotiate_quick ? "quick " : "");
}
}
}
cert_store = X509_STORE_new();
if (!X509_STORE_load_locations(cert_store, ca_file, ca_path)) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "Unable to reconfigure verify locations "
- "for client authentication");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Unable to reconfigure verify locations "
+ "for client authentication");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
X509_STORE_free(cert_store);
if (!(ca_list = ssl_init_FindCAList(r->server, r->pool,
ca_file, ca_path)))
{
- ssl_log(r->server, SSL_LOG_ERROR,
- "Unable to determine list of available "
- "CA certificates for client authentication");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Unable to determine list of available "
+ "CA certificates for client authentication");
return HTTP_FORBIDDEN;
}
SSL_set_client_CA_list(ssl, ca_list);
renegotiate = TRUE;
- ssl_log(r->server, SSL_LOG_TRACE,
- "Changed client verification locations "
- "will force renegotiation");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
+ "Changed client verification locations will force "
+ "renegotiation");
}
#endif /* HAVE_SSL_SET_CERT_STORE */
* !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !!
*/
if (renegotiate && (r->method_number == M_POST)) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "SSL Re-negotiation in conjunction "
- "with POST method not supported!");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "SSL Re-negotiation in conjunction "
+ "with POST method not supported!");
return HTTP_METHOD_NOT_ALLOWED;
}
* here because it resets too much of the connection. So we set the
* state explicitly and continue the handshake manually.
*/
- ssl_log(r->server, SSL_LOG_INFO,
- "Requesting connection re-negotiation");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server,
+ "Requesting connection re-negotiation");
if (renegotiate_quick) {
STACK_OF(X509) *cert_stack;
/* perform just a manual re-verification of the peer */
- ssl_log(r->server, SSL_LOG_TRACE,
- "Performing quick renegotiation: "
- "just re-verifying the peer");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
+ "Performing quick renegotiation: "
+ "just re-verifying the peer");
cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl);
if (!cert_stack || (sk_X509_num(cert_stack) == 0)) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "Cannot find peer certificate chain");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Cannot find peer certificate chain");
return HTTP_FORBIDDEN;
}
if (!(cert_store ||
(cert_store = SSL_CTX_get_cert_store(ctx))))
{
- ssl_log(r->server, SSL_LOG_ERROR,
- "Cannot find certificate storage");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Cannot find certificate storage");
return HTTP_FORBIDDEN;
}
(char *)ssl);
if (!modssl_X509_verify_cert(&cert_store_ctx)) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "Re-negotiation verification step failed");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Re-negotiation verification step failed");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
}
request_rec *id = r->main ? r->main : r;
/* do a full renegotiation */
- ssl_log(r->server, SSL_LOG_TRACE,
- "Performing full renegotiation: "
- "complete handshake protocol");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server,
+ "Performing full renegotiation: "
+ "complete handshake protocol");
SSL_set_session_id_context(ssl,
(unsigned char *)&id,
SSL_do_handshake(ssl);
if (SSL_get_state(ssl) != SSL_ST_OK) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "Re-negotiation request failed");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Re-negotiation request failed");
return HTTP_FORBIDDEN;
}
- ssl_log(r->server, SSL_LOG_INFO,
- "Awaiting re-negotiation handshake");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server,
+ "Awaiting re-negotiation handshake");
SSL_set_state(ssl, SSL_ST_ACCEPT);
SSL_do_handshake(ssl);
if (SSL_get_state(ssl) != SSL_ST_OK) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "Re-negotiation handshake failed: "
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Re-negotiation handshake failed: "
"Not accepted by client!?");
return HTTP_FORBIDDEN;
BOOL do_verify = (dc->nVerifyClient == SSL_CVERIFY_REQUIRE);
if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "Re-negotiation handshake failed: "
- "Client verification failed");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Re-negotiation handshake failed: "
+ "Client verification failed");
return HTTP_FORBIDDEN;
}
if (do_verify && !SSL_get_peer_certificate(ssl)) {
- ssl_log(r->server, SSL_LOG_ERROR,
- "Re-negotiation handshake failed: "
- "Client certificate missing");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server,
+ "Re-negotiation handshake failed: "
+ "Client certificate missing");
return HTTP_FORBIDDEN;
}
}
if (ok != 1) {
- ssl_log(r->server, SSL_LOG_INFO,
- "Access to %s denied for %s "
- "(requirement expression not fulfilled)",
- r->filename, r->connection->remote_ip);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server,
+ "Access to %s denied for %s "
+ "(requirement expression not fulfilled)",
+ r->filename, r->connection->remote_ip);
- ssl_log(r->server, SSL_LOG_INFO,
- "Failed expression: %s", req->cpExpr);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server,
+ "Failed expression: %s", req->cpExpr);
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"access to %s failed, reason: %s",
apr_snprintf(buf1, sizeof(buf1), "Basic %s", buf2);
apr_table_set(r->headers_in, "Authorization", buf1);
- ssl_log(r->server, SSL_LOG_INFO,
- "Faking HTTP Basic Auth header: \"Authorization: %s\"", buf1);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server,
+ "Faking HTTP Basic Auth header: \"Authorization: %s\"", buf1);
return DECLINED;
}
SSLModConfigRec *mc = myModConfig(c->base_server);
int idx;
- ssl_log(c->base_server, SSL_LOG_TRACE,
- "handing out temporary %d bit RSA key", keylen);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, c->base_server,
+ "handing out temporary %d bit RSA key", keylen);
/* doesn't matter if export flag is on,
* we won't be asked for keylen > 512 in that case.
SSLModConfigRec *mc = myModConfig(c->base_server);
int idx;
- ssl_log(c->base_server, SSL_LOG_TRACE,
- "handing out temporary %d bit DH key", keylen);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, c->base_server,
+ "handing out temporary %d bit DH key", keylen);
switch (keylen) {
case 512:
char *sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
char *iname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
- ssl_log(s, SSL_LOG_TRACE,
- "Certificate Verification: depth: %d, subject: %s, issuer: %s",
- errdepth,
- sname ? sname : "-unknown-",
- iname ? iname : "-unknown-");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Certificate Verification: "
+ "depth: %d, subject: %s, issuer: %s",
+ errdepth,
+ sname ? sname : "-unknown-",
+ iname ? iname : "-unknown-");
if (sname) {
free(sname);
if (ssl_verify_error_is_optional(errnum) &&
(verify == SSL_CVERIFY_OPTIONAL_NO_CA))
{
- ssl_log(s, SSL_LOG_TRACE,
- "Certificate Verification: Verifiable Issuer is configured as "
- "optional, therefore we're accepting the certificate");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Certificate Verification: Verifiable Issuer is "
+ "configured as optional, therefore we're accepting "
+ "the certificate");
sslconn->verify_info = "GENEROUS";
ok = TRUE;
* If we already know it's not ok, log the real reason
*/
if (!ok) {
- ssl_log(s, SSL_LOG_ERROR,
- "Certificate Verification: Error (%d): %s",
- errnum, X509_verify_cert_error_string(errnum));
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Certificate Verification: Error (%d): %s",
+ errnum, X509_verify_cert_error_string(errnum));
sslconn->client_dn = NULL;
sslconn->client_cert = NULL;
}
if (errdepth > depth) {
- ssl_log(s, SSL_LOG_ERROR,
- "Certificate Verification: Certificate Chain too long "
- "(chain has %d certificates, but maximum allowed are only %d)",
- errdepth, depth);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Certificate Verification: Certificate Chain too long "
+ "(chain has %d certificates, but maximum allowed are "
+ "only %d)",
+ errdepth, depth);
errnum = X509_V_ERR_CERT_CHAIN_TOO_LONG;
sslconn->verify_error = X509_verify_cert_error_string(errnum);
BIO_free(bio);
- ssl_log(s, SSL_LOG_TRACE, buff);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, buff);
}
/*
* Verify the signature on this CRL
*/
if (X509_CRL_verify(crl, X509_get_pubkey(cert)) <= 0) {
- ssl_log(s, SSL_LOG_WARN, "Invalid signature on CRL");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "Invalid signature on CRL");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
X509_OBJECT_free_contents(&obj);
i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
if (i == 0) {
- ssl_log(s, SSL_LOG_WARN,
- "Found CRL has invalid nextUpdate field");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "Found CRL has invalid nextUpdate field");
X509_STORE_CTX_set_error(ctx,
X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
}
if (i < 0) {
- ssl_log(s, SSL_LOG_WARN,
- "Found CRL is expired - "
- "revoking all certificates until you get updated CRL");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "Found CRL is expired - "
+ "revoking all certificates until you get updated CRL");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
X509_OBJECT_free_contents(&obj);
char *cp = X509_NAME_oneline(issuer, NULL, 0);
long serial = ASN1_INTEGER_get(sn);
- ssl_log(s, SSL_LOG_INFO,
- "Certificate with serial %ld (0x%lX) "
- "revoked per CRL from issuer %s",
- serial, serial, cp);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Certificate with serial %ld (0x%lX) "
+ "revoked per CRL from issuer %s",
+ serial, serial, cp);
free(cp);
}
name = X509_get_subject_name(info->x509);
dn = X509_NAME_oneline(name, name_buf, sizeof(name_buf));
- ssl_log(s, SSL_LOG_TRACE,
- SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s",
- sc->vhost_id, msg, dn ? dn : "-uknown-");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s",
+ sc->vhost_id, msg, dn ? dn : "-uknown-");
}
/*
STACK_OF(X509_INFO) *certs = sc->proxy->pkp->certs;
int i, j;
- ssl_log(s, SSL_LOG_TRACE,
- SSLPROXY_CERT_CB_LOG_FMT "entered",
- sc->vhost_id);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ SSLPROXY_CERT_CB_LOG_FMT "entered",
+ sc->vhost_id);
if (!certs || (sk_X509_INFO_num(certs) <= 0)) {
- ssl_log(s, SSL_LOG_WARN,
- SSLPROXY_CERT_CB_LOG_FMT
- "downstream server wanted client certificate "
- "but none are configured", sc->vhost_id);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ SSLPROXY_CERT_CB_LOG_FMT
+ "downstream server wanted client certificate "
+ "but none are configured", sc->vhost_id);
return FALSE;
}
}
}
- ssl_log(s, SSL_LOG_TRACE,
- SSLPROXY_CERT_CB_LOG_FMT
- "no client certificate found!?", sc->vhost_id);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ SSLPROXY_CERT_CB_LOG_FMT
+ "no client certificate found!?", sc->vhost_id);
return FALSE;
}
"timeout=%lds ", (timeout - time(NULL)));
}
- ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: "
- "request=%s status=%s id=%s %s(session %s)",
- request, status,
- SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
- timeout_str, result);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Inter-Process Session Cache: "
+ "request=%s status=%s id=%s %s(session %s)",
+ request, status,
+ SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)),
+ timeout_str, result);
}
/*
*/
if (sc->log_level >= SSL_LOG_TRACE) {
if (where & SSL_CB_HANDSHAKE_START) {
- ssl_log(s, SSL_LOG_TRACE,
- "%s: Handshake: start", SSL_LIBRARY_NAME);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Handshake: start", SSL_LIBRARY_NAME);
}
else if (where & SSL_CB_HANDSHAKE_DONE) {
- ssl_log(s, SSL_LOG_TRACE,
- "%s: Handshake: done", SSL_LIBRARY_NAME);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Handshake: done", SSL_LIBRARY_NAME);
}
else if (where & SSL_CB_LOOP) {
- ssl_log(s, SSL_LOG_TRACE, "%s: Loop: %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Loop: %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_READ) {
- ssl_log(s, SSL_LOG_TRACE, "%s: Read: %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Read: %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_WRITE) {
- ssl_log(s, SSL_LOG_TRACE, "%s: Write: %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Write: %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (where & SSL_CB_ALERT) {
char *str = (where & SSL_CB_READ) ? "read" : "write";
- ssl_log(s, SSL_LOG_TRACE, "%s: Alert: %s:%s:%s\n",
- SSL_LIBRARY_NAME, str,
- SSL_alert_type_string_long(rc),
- SSL_alert_desc_string_long(rc));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Alert: %s:%s:%s\n",
+ SSL_LIBRARY_NAME, str,
+ SSL_alert_type_string_long(rc),
+ SSL_alert_desc_string_long(rc));
}
else if (where & SSL_CB_EXIT) {
if (rc == 0) {
- ssl_log(s, SSL_LOG_TRACE, "%s: Exit: failed in %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Exit: failed in %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
else if (rc < 0) {
- ssl_log(s, SSL_LOG_TRACE, "%s: Exit: error in %s",
- SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "%s: Exit: error in %s",
+ SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
}
}
}
* right after a finished handshake.
*/
if (where & SSL_CB_HANDSHAKE_DONE) {
- ssl_log(s, SSL_LOG_INFO,
- "Connection: Client IP: %s, Protocol: %s, "
- "Cipher: %s (%s/%s bits)",
- ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"),
- ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"),
- ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"),
- ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"),
- ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE"));
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Connection: Client IP: %s, Protocol: %s, "
+ "Cipher: %s (%s/%s bits)",
+ ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"),
+ ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"),
+ ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"),
+ ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"),
+ ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE"));
}
}
int ssl_mutex_init(server_rec *s, apr_pool_t *p)
{
SSLModConfigRec *mc = myModConfig(s);
-#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
apr_status_t rv;
-#endif
if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
return TRUE;
- if (apr_global_mutex_create(&mc->pMutex, mc->szMutexFile,
- APR_LOCK_DEFAULT, p) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR,
- "Cannot create SSLMutex file `%s'",
- mc->szMutexFile);
+ if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile,
+ APR_LOCK_DEFAULT, p)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot create SSLMutex file `%s'",
+ mc->szMutexFile);
return FALSE;
}
#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE)
rv = unixd_set_global_mutex_perms(mc->pMutex);
if (rv != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR, "Could not set permissions on "
- "ssl_mutex; check User and Group directives");
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Could not set permissions on ssl_mutex; check User "
+ "and Group directives");
return FALSE;
}
#endif
int ssl_mutex_on(server_rec *s)
{
SSLModConfigRec *mc = myModConfig(s);
+ apr_status_t rv;
if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
return TRUE;
- if (apr_global_mutex_lock(mc->pMutex) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_WARN, "Failed to acquire global mutex lock");
+ if ((rv = apr_global_mutex_lock(mc->pMutex)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s,
+ "Failed to acquire global mutex lock");
return FALSE;
}
return TRUE;
int ssl_mutex_off(server_rec *s)
{
SSLModConfigRec *mc = myModConfig(s);
+ apr_status_t rv;
if (mc->nMutexMode == SSL_MUTEXMODE_NONE)
return TRUE;
- if (apr_global_mutex_unlock(mc->pMutex) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_WARN, "Failed to release global mutex lock");
+ if ((rv = apr_global_mutex_unlock(mc->pMutex)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s,
+ "Failed to release global mutex lock");
return FALSE;
}
return TRUE;
char *cp;
apr_time_t pkey_mtime = 0;
int isterm = 1;
+ apr_status_t rv;
/*
* Start with a fresh pass phrase array
*/
continue;
cpVHostID = ssl_util_vhostid(p, pServ);
- ssl_log(pServ, SSL_LOG_INFO|SSL_INIT,
- "Loading certificate & private key of SSL-aware server");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, pServ,
+ "Loading certificate & private key of SSL-aware server");
/*
* Read in server certificate(s): This is the easy part
* because this file isn't encrypted in any way.
*/
if (sc->server->pks->cert_files[0] == NULL) {
- ssl_log(pServ, SSL_LOG_ERROR|SSL_INIT,
- "Server should be SSL-aware but has no certificate configured "
- "[Hint: SSLCertificateFile]");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, pServ,
+ "Server should be SSL-aware but has no certificate "
+ "configured [Hint: SSLCertificateFile]");
ssl_die();
}
algoCert = SSL_ALGO_UNKNOWN;
for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->server->pks->cert_files[i] != NULL; i++) {
apr_cpystrn(szPath, sc->server->pks->cert_files[i], sizeof(szPath));
- if ( exists_and_readable(szPath, p, NULL) != APR_SUCCESS ) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Init: Can't open server certificate file %s", szPath);
+ if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Init: Can't open server certificate file %s",
+ szPath);
ssl_die();
}
if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
- ssl_log(s, SSL_LOG_ERROR,
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Init: Unable to read server certificate from file %s", szPath);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
at = ssl_util_algotypeof(pX509Cert, NULL);
an = ssl_util_algotypestr(at);
if (algoCert & at) {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Multiple %s server certificates not allowed", an);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Multiple %s server certificates not "
+ "allowed", an);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
* the callback function which serves the pass
* phrases to OpenSSL
*/
- if ( exists_and_readable(szPath, p, &pkey_mtime) != APR_SUCCESS ) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Init: Can't open server private key file %s",szPath);
+ if ((rv = exists_and_readable(szPath, p,
+ &pkey_mtime)) != APR_SUCCESS ) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Init: Can't open server private key file "
+ "%s",szPath);
ssl_die();
}
ssl_asn1_table_get(mc->tPrivateKey, key_id);
if (asn1 && (asn1->source_mtime == pkey_mtime)) {
- ssl_log(pServ, SSL_LOG_INFO,
- "%s reusing existing "
- "%s private key on restart",
- cpVHostID, ssl_asn1_keystr(i));
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO,
+ 0, pServ,
+ "%s reusing existing "
+ "%s private key on restart",
+ cpVHostID, ssl_asn1_keystr(i));
return;
}
}
}
#ifdef WIN32
if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN) {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: PassPhraseDialog BuiltIn not supported in server private key from file %s", szPath);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: PassPhraseDialog BuiltIn not "
+ "supported in server private key from file "
+ "%s", szPath);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
if (nPassPhraseDialogCur && pkey_mtime &&
!(isterm = isatty(fileno(stdout)))) /* XXX: apr_isatty() */
{
- ssl_log(pServ, SSL_LOG_ERROR,
- "Init: Unable read passphrase "
- "[Hint: key introduced or changed before restart?]");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ pServ,
+ "Init: Unable read passphrase "
+ "[Hint: key introduced or changed "
+ "before restart?]");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
}
else {
- ssl_log(pServ, SSL_LOG_ERROR, "Init: Private key not found");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ pServ, "Init: Private key not found");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
}
if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN
}
}
else {
- ssl_log(pServ, SSL_LOG_ERROR, "Init: Pass phrase incorrect");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0,
+ pServ, "Init: Pass phrase incorrect");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN
}
if (pPrivateKey == NULL) {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Unable to read server private key from file %s [Hint: Perhaps it is in a separate file? See SSLCertificateKeyFile]", szPath);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Unable to read server private key from "
+ "file %s [Hint: Perhaps it is in a separate file? "
+ " See SSLCertificateKeyFile]", szPath);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
at = ssl_util_algotypeof(NULL, pPrivateKey);
an = ssl_util_algotypestr(at);
if (algoKey & at) {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Multiple %s server private keys not allowed", an);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Multiple %s server private keys not "
+ "allowed", an);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die();
}
* Log the type of reading
*/
if (nPassPhraseDialogCur == 0) {
- ssl_log(pServ, SSL_LOG_TRACE|SSL_INIT,
- "unencrypted %s private key - pass phrase not required",
- an);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, pServ,
+ "unencrypted %s private key - pass phrase not "
+ "required", an);
}
else {
if (cpPassPhraseCur != NULL) {
- ssl_log(pServ, SSL_LOG_TRACE|SSL_INIT,
- "encrypted %s private key - pass phrase requested",
- an);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
+ pServ,
+ "encrypted %s private key - pass phrase "
+ "requested", an);
}
else {
- ssl_log(pServ, SSL_LOG_TRACE|SSL_INIT,
- "encrypted %s private key - pass phrase reused",
- an);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0,
+ pServ,
+ "encrypted %s private key - pass phrase"
+ " reused", an);
}
}
*/
if (aPassPhrase->nelts) {
pphrase_array_clear(aPassPhrase);
- ssl_log(s, SSL_LOG_INFO,
- "Init: Wiped out the queried pass phrases from memory");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Wiped out the queried pass phrases from memory");
}
/* Close the pipes if they were opened
if (sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) {
if (!readtty) {
- ssl_log(s, SSL_LOG_INFO,
- "Init: Creating pass phrase dialog pipe child '%s'",
- sc->server->pphrase_dialog_path);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Creating pass phrase dialog pipe child "
+ "'%s'", sc->server->pphrase_dialog_path);
if (ssl_pipe_child_create(p, sc->server->pphrase_dialog_path)
!= APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR,
- "Init: Failed to create pass phrase pipe '%s'",
- sc->server->pphrase_dialog_path);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Init: Failed to create pass phrase pipe '%s'",
+ sc->server->pphrase_dialog_path);
PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
memset(buf, 0, (unsigned int)bufsize);
return (-1);
}
}
- ssl_log(s, SSL_LOG_INFO,
- "Init: Requesting pass phrase via piped dialog");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Requesting pass phrase via piped dialog");
}
else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */
#ifdef WIN32
*/
apr_file_open_stdout(&writetty, p);
- ssl_log(s, SSL_LOG_INFO,
- "Init: Requesting pass phrase via builtin terminal dialog");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Requesting pass phrase via builtin terminal "
+ "dialog");
#endif
}
const char **argv = apr_palloc(p, sizeof(char *) * 4);
char *result;
- ssl_log(s, SSL_LOG_INFO,
- "Init: Requesting pass phrase from dialog filter program (%s)",
- cmd);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Requesting pass phrase from dialog filter "
+ "program (%s)", cmd);
argv[0] = cmd;
argv[1] = cpVHostID;
}
}
}
- ssl_log(s, SSL_LOG_INFO, "%sSeeding PRNG with %d bytes of entropy", prefix, nDone);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "%sSeeding PRNG with %d bytes of entropy", prefix, nDone);
if (RAND_status() == 0)
- ssl_log(s, SSL_LOG_WARN, "%sPRNG still contains not sufficient entropy!", prefix);
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "%sPRNG still contains not sufficient entropy!", prefix);
return nDone;
}
* But we can operate without it, of course.
*/
if (mc->nSessionCacheMode == SSL_SCMODE_UNSET) {
- ssl_log(s, SSL_LOG_WARN,
- "Init: Session Cache is not configured "
- "[hint: SSLSessionCache]");
+ ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s,
+ "Init: Session Cache is not configured "
+ "[hint: SSLSessionCache]");
mc->nSessionCacheMode = SSL_SCMODE_NONE;
return;
}
{
SSLModConfigRec *mc = myModConfig(s);
apr_dbm_t *dbm;
+ apr_status_t rv;
/* for the DBM we need the data file */
if (mc->szSessionCacheDataFile == NULL) {
- ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "SSLSessionCache required");
ssl_die();
}
/* open it once to create it and to make sure it _can_ be created */
ssl_mutex_on(s);
- if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot create SSLSessionCache DBM file `%s'",
- mc->szSessionCacheDataFile);
+ if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
+ APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot create SSLSessionCache DBM file `%s'",
+ mc->szSessionCacheDataFile);
ssl_mutex_off(s);
return;
}
UCHAR ucaData[SSL_SESSION_MAX_DER];
int nData;
UCHAR *ucp;
+ apr_status_t rv;
/* streamline session data */
if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData))
/* and store it to the DBM file */
ssl_mutex_on(s);
- if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot open SSLSessionCache DBM file `%s' for writing (store)",
- mc->szSessionCacheDataFile);
+ if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
+ APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot open SSLSessionCache DBM file `%s' for writing "
+ "(store)",
+ mc->szSessionCacheDataFile);
ssl_mutex_off(s);
free(dbmval.dptr);
return FALSE;
}
- if (apr_dbm_store(dbm, dbmkey, dbmval) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot store SSL session to DBM file `%s'",
- mc->szSessionCacheDataFile);
+ if ((rv = apr_dbm_store(dbm, dbmkey, dbmval)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot store SSL session to DBM file `%s'",
+ mc->szSessionCacheDataFile);
apr_dbm_close(dbm);
ssl_mutex_off(s);
free(dbmval.dptr);
* XXX: Should we open the dbm against r->pool so the cleanup will
* do the apr_dbm_close? This would make the code a bit cleaner.
*/
- if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot open SSLSessionCache DBM file `%s' for reading (fetch)",
- mc->szSessionCacheDataFile);
+ if ((rc = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
+ APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rc, s,
+ "Cannot open SSLSessionCache DBM file `%s' for reading "
+ "(fetch)",
+ mc->szSessionCacheDataFile);
return NULL;
}
rc = apr_dbm_fetch(dbm, dbmkey, &dbmval);
SSLModConfigRec *mc = myModConfig(s);
apr_dbm_t *dbm;
apr_datum_t dbmkey;
+ apr_status_t rv;
/* create DBM key and values */
dbmkey.dptr = (char *)id;
/* and delete it from the DBM file */
ssl_mutex_on(s);
- if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot open SSLSessionCache DBM file `%s' for writing (delete)",
- mc->szSessionCacheDataFile);
+ if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
+ APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot open SSLSessionCache DBM file `%s' for writing "
+ "(delete)",
+ mc->szSessionCacheDataFile);
ssl_mutex_off(s);
return;
}
int keyidx;
int i;
time_t tNow;
+ apr_status_t rv;
/*
* make sure the expiration for still not-accessed session
/* pass 1: scan DBM database */
keyidx = 0;
- if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE,SSL_DBM_FILE_MODE, p) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot open SSLSessionCache DBM file `%s' for scanning",
- mc->szSessionCacheDataFile);
+ if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
+ APR_DBM_RWCREATE,SSL_DBM_FILE_MODE,
+ p)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot open SSLSessionCache DBM file `%s' for "
+ "scanning",
+ mc->szSessionCacheDataFile);
apr_pool_destroy(p);
break;
}
/* pass 2: delete expired elements */
if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
APR_DBM_RWCREATE,SSL_DBM_FILE_MODE, p) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot re-open SSLSessionCache DBM file `%s' for expiring",
- mc->szSessionCacheDataFile);
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot re-open SSLSessionCache DBM file `%s' for "
+ "expiring",
+ mc->szSessionCacheDataFile);
apr_pool_destroy(p);
break;
}
}
ssl_mutex_off(s);
- ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache (DBM) Expiry: "
- "old: %d, new: %d, removed: %d", nElements, nElements-nDeleted, nDeleted);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Inter-Process Session Cache (DBM) Expiry: "
+ "old: %d, new: %d, removed: %d",
+ nElements, nElements-nDeleted, nDeleted);
return;
}
int nElem;
int nSize;
int nAverage;
+ apr_status_t rv;
nElem = 0;
nSize = 0;
/*
* XXX - Check what pool is to be used - TBD
*/
- if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
- APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot open SSLSessionCache DBM file `%s' for status retrival",
- mc->szSessionCacheDataFile);
+ if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile,
+ APR_DBM_RWCREATE, SSL_DBM_FILE_MODE,
+ mc->pPool)) != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot open SSLSessionCache DBM file `%s' for status "
+ "retrival",
+ mc->szSessionCacheDataFile);
ssl_mutex_off(s);
return;
}
* Create shared memory segment
*/
if (mc->szSessionCacheDataFile == NULL) {
- ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "SSLSessionCache required");
ssl_die();
}
mc->szSessionCacheDataFile,
mc->pPool)) != APR_SUCCESS) {
char buf[100];
- ssl_log(s, SSL_LOG_ERROR,
- "Cannot allocate shared memory: (%d)%s", rv,
- apr_strerror(rv, buf, sizeof(buf)));
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Cannot allocate shared memory: (%d)%s", rv,
+ apr_strerror(rv, buf, sizeof(buf)));
ssl_die();
}
shm_segment = apr_shm_baseaddr_get(mc->pSessionCacheDataMM);
shm_segsize = apr_shm_size_get(mc->pSessionCacheDataMM);
- ssl_log(s, SSL_LOG_TRACE, "shmcb_init allocated %u bytes of shared "
- "memory", shm_segsize);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "shmcb_init allocated %u bytes of shared memory",
+ shm_segsize);
if (!shmcb_init_memory(s, shm_segment, shm_segsize)) {
- ssl_log(s, SSL_LOG_ERROR,
- "Failure initialising 'shmcb' shared memory");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Failure initialising 'shmcb' shared memory");
ssl_die();
}
- ssl_log(s, SSL_LOG_INFO, "Shared memory session cache initialised");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Shared memory session cache initialised");
/*
* Success ... we hack the memory block into place by cheating for
ssl_mutex_on(s);
if (!shmcb_store_session(s, shm_segment, id, idlen, pSession, timeout))
/* in this cache engine, "stores" should never fail. */
- ssl_log(s, SSL_LOG_ERROR, "'shmcb' code was unable to store a "
- "session in the cache.");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "'shmcb' code was unable to store a "
+ "session in the cache.");
else {
- ssl_log(s, SSL_LOG_TRACE, "shmcb_store successful");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "shmcb_store successful");
to_return = TRUE;
}
ssl_mutex_off(s);
pSession = shmcb_retrieve_session(s, shm_segment, id, idlen);
ssl_mutex_off(s);
if (pSession)
- ssl_log(s, SSL_LOG_TRACE, "shmcb_retrieve had a hit");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "shmcb_retrieve had a hit");
else {
- ssl_log(s, SSL_LOG_TRACE, "shmcb_retrieve had a miss");
- ssl_log(s, SSL_LOG_INFO, "Client requested a 'session-resume' but "
- "we have no such session.");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "shmcb_retrieve had a miss");
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Client requested a 'session-resume' but "
+ "we have no such session.");
}
return pSession;
}
double expiry_total;
time_t average_expiry, now, max_expiry, min_expiry, idxexpiry;
- ssl_log(s, SSL_LOG_TRACE, "inside ssl_scache_shmcb_status");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "inside ssl_scache_shmcb_status");
/* We've kludged our pointer into the other cache's member variable. */
shm_segment = (void *) mc->tSessionCacheDataTable;
func(apr_psprintf(p, "total removes since starting: <b>%lu</b> hit, "
"<b>%lu</b> miss<br>", header->num_removes_hit,
header->num_removes_miss), arg);
- ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_status");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving shmcb_status");
return;
}
SHMCBCache cache;
unsigned int temp, loop, granularity;
- ssl_log(s, SSL_LOG_TRACE, "entered shmcb_init_memory()");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "entered shmcb_init_memory()");
/* Calculate some sizes... */
temp = sizeof(SHMCBHeader);
/* If the segment is ridiculously too small, bail out */
if (shm_mem_size < (2*temp)) {
- ssl_log(s, SSL_LOG_ERROR, "shared memory segment too small");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shared memory segment too small");
return FALSE;
}
* the cache is full, which is a lot less stupid than having
* having not enough index space to utilise the whole cache!. */
temp /= 120;
- ssl_log(s, SSL_LOG_TRACE, "for %u bytes, recommending %u indexes",
- shm_mem_size, temp);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "for %u bytes, recommending %u indexes",
+ shm_mem_size, temp);
/* We should divide these indexes evenly amongst the queues. Try
* to get it so that there are roughly half the number of divisions
/* Too small? Bail ... */
if (temp < 5) {
- ssl_log(s, SSL_LOG_ERROR, "shared memory segment too small");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shared memory segment too small");
return FALSE;
}
header->queue_size - header->cache_data_offset;
/* Output trace info */
- ssl_log(s, SSL_LOG_TRACE, "shmcb_init_memory choices follow");
- ssl_log(s, SSL_LOG_TRACE, "division_mask = 0x%02X", header->division_mask);
- ssl_log(s, SSL_LOG_TRACE, "division_offset = %u", header->division_offset);
- ssl_log(s, SSL_LOG_TRACE, "division_size = %u", header->division_size);
- ssl_log(s, SSL_LOG_TRACE, "queue_size = %u", header->queue_size);
- ssl_log(s, SSL_LOG_TRACE, "index_num = %u", header->index_num);
- ssl_log(s, SSL_LOG_TRACE, "index_offset = %u", header->index_offset);
- ssl_log(s, SSL_LOG_TRACE, "index_size = %u", header->index_size);
- ssl_log(s, SSL_LOG_TRACE, "cache_data_offset = %u", header->cache_data_offset);
- ssl_log(s, SSL_LOG_TRACE, "cache_data_size = %u", header->cache_data_size);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "shmcb_init_memory choices follow");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "division_mask = 0x%02X", header->division_mask);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "division_offset = %u", header->division_offset);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "division_size = %u", header->division_size);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "queue_size = %u", header->queue_size);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "index_num = %u", header->index_num);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "index_offset = %u", header->index_offset);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "index_size = %u", header->index_size);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "cache_data_offset = %u", header->cache_data_offset);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "cache_data_size = %u", header->cache_data_size);
/* The header is done, make the caches empty */
for (loop = 0; loop < granularity; loop++) {
if (!shmcb_get_division(header, &queue, &cache, loop))
- ssl_log(s, SSL_LOG_ERROR, "shmcb_init_memory, " "internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "shmcb_init_memory, " "internal error");
shmcb_set_safe_uint(cache.first_pos, 0);
shmcb_set_safe_uint(cache.pos_count, 0);
shmcb_set_safe_uint(queue.first_pos, 0);
shmcb_set_safe_uint(queue.pos_count, 0);
}
- ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_init_memory()");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving shmcb_init_memory()");
return TRUE;
}
time_t expiry_time;
unsigned char *session_id = SSL_SESSION_get_session_id(pSession);
- ssl_log(s, SSL_LOG_TRACE, "inside shmcb_store_session");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "inside shmcb_store_session");
/* Get the header structure, which division this session will fall into etc. */
shmcb_get_header(shm_segment, &header);
masked_index = session_id[0] & header->division_mask;
- ssl_log(s, SSL_LOG_TRACE, "session_id[0]=%u, masked index=%u",
- session_id[0], masked_index);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "session_id[0]=%u, masked index=%u",
+ session_id[0], masked_index);
if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) {
- ssl_log(s, SSL_LOG_ERROR, "shmcb_store_session, " "internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shmcb_store_session internal error");
return FALSE;
}
* or we find some assurance that it will never be necessary. */
len_encoded = i2d_SSL_SESSION(pSession, NULL);
if (len_encoded > SSL_SESSION_MAX_DER) {
- ssl_log(s, SSL_LOG_ERROR, "session is too big (%u bytes)",
- len_encoded);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "session is too big (%u bytes)", len_encoded);
return FALSE;
}
ptr_encoded = encoded;
if (!shmcb_insert_encoded_session(s, &queue, &cache, encoded,
len_encoded, session_id,
expiry_time)) {
- ssl_log(s, SSL_LOG_ERROR, "can't store a session!");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "can't store a session!");
return FALSE;
}
- ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_store successfully");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving shmcb_store successfully");
header->num_stores++;
return TRUE;
}
unsigned char masked_index;
SSL_SESSION *pSession;
- ssl_log(s, SSL_LOG_TRACE, "inside shmcb_retrieve_session");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "inside shmcb_retrieve_session");
if (idlen < 2) {
- ssl_log(s, SSL_LOG_ERROR, "unusably short session_id provided "
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "unusably short session_id provided "
"(%u bytes)", idlen);
return FALSE;
}
* will come from etc. */
shmcb_get_header(shm_segment, &header);
masked_index = id[0] & header->division_mask;
- ssl_log(s, SSL_LOG_TRACE, "id[0]=%u, masked index=%u", id[0],
- masked_index);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "id[0]=%u, masked index=%u", id[0], masked_index);
if (!shmcb_get_division(header, &queue, &cache, (unsigned int) masked_index)) {
- ssl_log(s, SSL_LOG_ERROR, "shmcb_retrieve_session, " "internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shmcb_retrieve_session internal error");
header->num_retrieves_miss++;
return FALSE;
}
header->num_retrieves_hit++;
else
header->num_retrieves_miss++;
- ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_retrieve_session");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving shmcb_retrieve_session");
return pSession;
}
unsigned char masked_index;
BOOL res;
- ssl_log(s, SSL_LOG_TRACE, "inside shmcb_remove_session");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "inside shmcb_remove_session");
if (id == NULL) {
- ssl_log(s, SSL_LOG_ERROR, "remove called with NULL session_id!");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "remove called with NULL session_id!");
return FALSE;
}
* will happen in etc. */
shmcb_get_header(shm_segment, &header);
masked_index = id[0] & header->division_mask;
- ssl_log(s, SSL_LOG_TRACE, "id[0]=%u, masked index=%u",
- id[0], masked_index);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "id[0]=%u, masked index=%u", id[0], masked_index);
if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) {
- ssl_log(s, SSL_LOG_ERROR, "shmcb_remove_session, internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "shmcb_remove_session, internal error");
header->num_removes_miss++;
return FALSE;
}
header->num_removes_hit++;
else
header->num_removes_miss++;
- ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_remove_session");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving shmcb_remove_session");
return res;
}
unsigned int loop, index_num, pos_count, new_pos;
SHMCBHeader *header;
- ssl_log(s, SSL_LOG_TRACE, "entering shmcb_expire_division");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "entering shmcb_expire_division");
/* We must calculate num and space ourselves based on expiry times. */
now = time(NULL);
/* Find the new_offset and make the expiries happen. */
if (loop > 0) {
- ssl_log(s, SSL_LOG_TRACE, "will be expiring %u sessions", loop);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "will be expiring %u sessions", loop);
/* We calculate the new_offset by "peeking" (or in the
* case it's the last entry, "sneaking" ;-). */
if (loop == pos_count) {
shmcb_get_safe_uint(&(idx->offset))));
shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset)));
}
- ssl_log(s, SSL_LOG_TRACE, "we now have %u sessions",
- shmcb_get_safe_uint(queue->pos_count));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "we now have %u sessions",
+ shmcb_get_safe_uint(queue->pos_count));
}
header->num_expiries += loop;
return loop;
unsigned int gap, new_pos, loop, new_offset;
int need;
- ssl_log(s, SSL_LOG_TRACE, "entering shmcb_insert_encoded_session, "
- "*queue->pos_count = %u", shmcb_get_safe_uint(queue->pos_count));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "entering shmcb_insert_encoded_session, "
+ "*queue->pos_count = %u",
+ shmcb_get_safe_uint(queue->pos_count));
/* If there's entries to expire, ditch them first thing. */
shmcb_expire_division(s, queue, cache);
shmcb_get_safe_uint(&(idx->offset)));
}
if (loop > 0) {
- ssl_log(s, SSL_LOG_TRACE, "about to scroll %u sessions from %u",
- loop, shmcb_get_safe_uint(queue->pos_count));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "about to scroll %u sessions from %u",
+ loop, shmcb_get_safe_uint(queue->pos_count));
/* We are removing "loop" items from the cache. */
shmcb_set_safe_uint(cache->pos_count,
shmcb_get_safe_uint(cache->pos_count) -
shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset)));
shmcb_set_safe_uint(queue->pos_count, shmcb_get_safe_uint(queue->pos_count) - loop);
shmcb_set_safe_uint(queue->first_pos, new_pos);
- ssl_log(s, SSL_LOG_TRACE, "now only have %u sessions",
- shmcb_get_safe_uint(queue->pos_count));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "now only have %u sessions",
+ shmcb_get_safe_uint(queue->pos_count));
/* Update the stats!!! */
header->num_scrolled += loop;
}
* is verified. */
if (shmcb_get_safe_uint(cache->pos_count) + encoded_len >
header->cache_data_size) {
- ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, "
- "internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shmcb_insert_encoded_session internal error");
return FALSE;
}
if (shmcb_get_safe_uint(queue->pos_count) == header->index_num) {
- ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, "
- "internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shmcb_insert_encoded_session internal error");
return FALSE;
}
- ssl_log(s, SSL_LOG_TRACE, "we have %u bytes and %u indexes free - "
- "enough", header->cache_data_size -
- shmcb_get_safe_uint(cache->pos_count), header->index_num -
- shmcb_get_safe_uint(queue->pos_count));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "we have %u bytes and %u indexes free - enough",
+ header->cache_data_size -
+ shmcb_get_safe_uint(cache->pos_count), header->index_num -
+ shmcb_get_safe_uint(queue->pos_count));
/* HERE WE ASSUME THAT THE NEW SESSION SHOULD GO ON THE END! I'M NOT
new_pos = shmcb_cyclic_increment(header->index_num,
shmcb_get_safe_uint(queue->first_pos),
shmcb_get_safe_uint(queue->pos_count));
- ssl_log(s, SSL_LOG_TRACE, "storing in index %u, at offset %u", new_pos,
- new_offset);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "storing in index %u, at offset %u",
+ new_pos, new_offset);
idx = shmcb_get_index(queue, new_pos);
if (idx == NULL) {
- ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, "
- "internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shmcb_insert_encoded_session internal error");
return FALSE;
}
shmcb_safe_clear(idx, sizeof(SHMCBIndex));
/* idx->removed = (unsigned char)0; */ /* Not needed given the memset above. */
idx->s_id2 = session_id[1];
- ssl_log(s, SSL_LOG_TRACE, "session_id[0]=%u, idx->s_id2=%u",
- session_id[0], session_id[1]);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "session_id[0]=%u, idx->s_id2=%u",
+ session_id[0], session_id[1]);
/* All that remains is to adjust the cache's and queue's "pos_count"s. */
shmcb_set_safe_uint(cache->pos_count,
shmcb_get_safe_uint(queue->pos_count) + 1);
/* And just for good debugging measure ... */
- ssl_log(s, SSL_LOG_TRACE, "leaving now with %u bytes in the cache and "
- "%u indexes", shmcb_get_safe_uint(cache->pos_count),
- shmcb_get_safe_uint(queue->pos_count));
- ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_insert_encoded_session");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving now with %u bytes in the cache and %u indexes",
+ shmcb_get_safe_uint(cache->pos_count),
+ shmcb_get_safe_uint(queue->pos_count));
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving shmcb_insert_encoded_session");
return TRUE;
}
unsigned char *ptr;
time_t now;
- ssl_log(s, SSL_LOG_TRACE, "entering shmcb_lookup_session_id");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "entering shmcb_lookup_session_id");
/* If there are entries to expire, ditch them first thing. */
shmcb_expire_division(s, queue, cache);
count = shmcb_get_safe_uint(queue->pos_count);
header = queue->header;
for (loop = 0; loop < count; loop++) {
- ssl_log(s, SSL_LOG_TRACE, "loop=%u, count=%u, curr_pos=%u",
- loop, count, curr_pos);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "loop=%u, count=%u, curr_pos=%u",
+ loop, count, curr_pos);
idx = shmcb_get_index(queue, curr_pos);
- ssl_log(s, SSL_LOG_TRACE, "idx->s_id2=%u, id[1]=%u, offset=%u",
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "idx->s_id2=%u, id[1]=%u, offset=%u",
idx->s_id2, id[1], shmcb_get_safe_uint(&(idx->offset)));
/* Only look into the session further if;
* (a) the second byte of the session_id matches,
unsigned int session_id_length;
unsigned char *session_id;
- ssl_log(s, SSL_LOG_TRACE, "at index %u, found possible "
- "session match", curr_pos);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "at index %u, found possible session match",
+ curr_pos);
shmcb_cyclic_cton_memcpy(header->cache_data_size,
tempasn, cache->data,
shmcb_get_safe_uint(&(idx->offset)),
session_id = SSL_SESSION_get_session_id(pSession);
if (pSession == NULL) {
- ssl_log(s, SSL_LOG_ERROR, "scach2_lookup_"
- "session_id, internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "scach2_lookup_session_id internal error");
return NULL;
}
if ((session_id_length == idlen) &&
(memcmp(session_id, id, idlen) == 0)) {
- ssl_log(s, SSL_LOG_TRACE, "a match!");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "a match!");
return pSession;
}
- ssl_log(s, SSL_LOG_TRACE, "not a match");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "not a match");
SSL_SESSION_free(pSession);
pSession = NULL;
}
curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1);
}
- ssl_log(s, SSL_LOG_TRACE, "no matching sessions were found");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "no matching sessions were found");
return NULL;
}
unsigned char *ptr;
BOOL to_return = FALSE;
- ssl_log(s, SSL_LOG_TRACE, "entering shmcb_remove_session_id");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "entering shmcb_remove_session_id");
/* If there's entries to expire, ditch them first thing. */
/* shmcb_expire_division(s, queue, cache); */
count = shmcb_get_safe_uint(queue->pos_count);
header = cache->header;
for (loop = 0; loop < count; loop++) {
- ssl_log(s, SSL_LOG_TRACE, "loop=%u, count=%u, curr_pos=%u",
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "loop=%u, count=%u, curr_pos=%u",
loop, count, curr_pos);
idx = shmcb_get_index(queue, curr_pos);
- ssl_log(s, SSL_LOG_TRACE, "idx->s_id2=%u, id[1]=%u", idx->s_id2,
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "idx->s_id2=%u, id[1]=%u", idx->s_id2,
id[1]);
/* Only look into the session further if the second byte of the
* session_id matches. */
unsigned int session_id_length;
unsigned char *session_id;
- ssl_log(s, SSL_LOG_TRACE, "at index %u, found possible "
- "session match", curr_pos);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "at index %u, found possible "
+ "session match", curr_pos);
shmcb_cyclic_cton_memcpy(header->cache_data_size,
tempasn, cache->data,
shmcb_get_safe_uint(&(idx->offset)),
ptr = tempasn;
pSession = d2i_SSL_SESSION(NULL, &ptr, SSL_SESSION_MAX_DER);
if (pSession == NULL) {
- ssl_log(s, SSL_LOG_ERROR, "shmcb_remove_session_id, "
- "internal error");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "shmcb_remove_session_id, internal error");
goto end;
}
session_id_length = SSL_SESSION_get_session_id_length(pSession);
if ((session_id_length == idlen)
&& (memcmp(id, session_id, idlen) == 0)) {
- ssl_log(s, SSL_LOG_TRACE, "a match!");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "a match!");
/* Scrub out this session "quietly" */
idx->removed = (unsigned char) 1;
SSL_SESSION_free(pSession);
to_return = TRUE;
goto end;
}
- ssl_log(s, SSL_LOG_TRACE, "not a match");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "not a match");
SSL_SESSION_free(pSession);
pSession = NULL;
}
curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1);
}
- ssl_log(s, SSL_LOG_TRACE, "no matching sessions were found");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "no matching sessions were found");
/* If there's entries to expire, ditch them now. */
shmcb_expire_division(s, queue, cache);
end:
- ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_remove_session_id");
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "leaving shmcb_remove_session_id");
return to_return;
}
* Create shared memory segment
*/
if (mc->szSessionCacheDataFile == NULL) {
- ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required");
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "SSLSessionCache required");
ssl_die();
}
if ((rv = apr_shm_create(&(mc->pSessionCacheDataMM),
mc->nSessionCacheDataSize,
mc->szSessionCacheDataFile, mc->pPool)) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR,
- "Cannot allocate shared memory: %d", rv);
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot allocate shared memory");
ssl_die();
}
if ((rv = apr_rmm_init(&(mc->pSessionCacheDataRMM), NULL,
apr_shm_baseaddr_get(mc->pSessionCacheDataMM),
mc->nSessionCacheDataSize, mc->pPool)) != APR_SUCCESS) {
- ssl_log(s, SSL_LOG_ERROR,
- "Cannot initialize rmm: %d", rv);
+ ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ "Cannot initialize rmm");
ssl_die();
}
-ssl_log(s, SSL_LOG_ERROR, "initialize MM %ld RMM %ld",
- mc->pSessionCacheDataMM, mc->pSessionCacheDataRMM);
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "initialize MM %p RMM %p",
+ mc->pSessionCacheDataMM, mc->pSessionCacheDataRMM);
/*
* Create hash table in shared memory segment
ssl_scache_shmht_calloc,
ssl_scache_shmht_realloc,
ssl_scache_shmht_free, s )) == NULL) {
- ssl_log(s, SSL_LOG_ERROR,
- "Cannot allocate hash table in shared memory: %s",
- table_strerror(ta_errno));
+ ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
+ "Cannot allocate hash table in shared memory: %s",
+ table_strerror(ta_errno));
ssl_die();
}
/*
* Log the done work
*/
- ssl_log(s, SSL_LOG_INFO,
- "Init: Created hash-table (%d buckets) "
- "in shared memory (%d bytes) for SSL session cache", n, avail);
+ ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s,
+ "Init: Created hash-table (%d buckets) "
+ "in shared memory (%d bytes) for SSL session cache",
+ n, avail);
return;
}
/* (vpKeyThis != vpKey) && (nKeyThis != nKey) */
}
ssl_mutex_off(s);
- ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache (SHMHT) Expiry: "
- "old: %d, new: %d, removed: %d",
- nElements, nElements-nDeleted, nDeleted);
+ ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
+ "Inter-Process Session Cache (SHMHT) Expiry: "
+ "old: %d, new: %d, removed: %d",
+ nElements, nElements-nDeleted, nDeleted);
return;
}
projects / thirdparty / apache / httpd.git / commitdiff
