"Use the server's cipher ordering preference")
SSL_CMD_ALL(UserName, TAKE1,
"Set user name to SSL variable value")
+ SSL_CMD_SRV(LogLevelDebugDump, TAKE1,
+ "Include I/O Dump when LogLevel is set to Debug "
+ "([ None (default) | IO (not bytes) | Bytes ])")
/*
* Proxy configuration for remote SSL connections
sc->vhost_id_len = 0; /* set during module init */
sc->session_cache_timeout = UNSET;
sc->cipher_server_pref = UNSET;
+ sc->ssl_log_level = SSL_LOG_UNSET;
modssl_ctx_init_proxy(sc, p);
cfgMergeBool(proxy_enabled);
cfgMergeInt(session_cache_timeout);
cfgMergeBool(cipher_server_pref);
+ cfgMerge(ssl_log_level, SSL_LOG_UNSET);
modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
return NULL;
}
+const char *ssl_cmd_SSLLogLevelDebugDump(cmd_parms *cmd,
+ void *dcfg,
+ const char *arg)
+{
+ SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+
+ if (strcEQ(arg, "none") || strcEQ(arg, "off")) {
+ sc->ssl_log_level = SSL_LOG_NONE;
+ }
+ else if (strcEQ(arg, "io") || strcEQ(arg, "i/o")) {
+ sc->ssl_log_level = SSL_LOG_IO;
+ }
+ else if (strcEQ(arg, "bytes") || strcEQ(arg, "on")) {
+ sc->ssl_log_level = SSL_LOG_BYTES;
+ }
+ else {
+ return apr_pstrcat(cmd->temp_pool, cmd->cmd->name,
+ ": Invalid argument '", arg, "'",
+ NULL);
+ }
+
+ return NULL;
+}
+
const char *ssl_cmd_SSLOptions(cmd_parms *cmd,
void *dcfg,
const char *arg)
void ssl_io_filter_init(conn_rec *c, SSL *ssl)
{
ssl_filter_ctx_t *filter_ctx;
+ server_rec *s = c->base_server;
+ SSLSrvConfigRec *sc = mySrvConfig(s);
filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t));
apr_pool_cleanup_register(c->pool, (void*)filter_ctx,
ssl_io_filter_cleanup, apr_pool_cleanup_null);
- if (c->base_server->loglevel >= APLOG_DEBUG) {
+ if ((s->loglevel >= APLOG_DEBUG)
+ && (sc->ssl_log_level >= SSL_LOG_IO)) {
BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
}
SSL *ssl;
conn_rec *c;
server_rec *s;
+ SSLSrvConfigRec *sc;
if ((ssl = (SSL *)BIO_get_callback_arg(bio)) == NULL)
return rc;
if ((c = (conn_rec *)SSL_get_app_data(ssl)) == NULL)
return rc;
s = c->base_server;
+ sc = mySrvConfig(s);
if ( cmd == (BIO_CB_WRITE|BIO_CB_RETURN)
|| cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"),
bio, argp,
(argp != NULL ? "(BIO dump follows)" : "(Oops, no memory buffer?)"));
- if (argp != NULL)
+ if ((argp != NULL) && (sc->ssl_log_level >= SSL_LOG_BYTES))
ssl_io_data_dump(s, argp, rc);
}
else {
#define SSL_SESSION_CACHE_TIMEOUT 300
#endif
+/**
+ * Define the per-server SSLLogLevel constants which provide
+ * finer-than-debug resolution to decide if logs are to be
+ * assulted with tens of thousands of characters per request.
+ */
+typedef enum {
+ SSL_LOG_UNSET = UNSET,
+ SSL_LOG_NONE = 0,
+ SSL_LOG_IO = 6,
+ SSL_LOG_BYTES = 7
+} ssl_log_level_e;
+
/**
* Support for MM library
*/
SSL_PPTYPE_UNSET = UNSET,
SSL_PPTYPE_BUILTIN = 0,
SSL_PPTYPE_FILTER = 1,
- SSL_PPTYPE_PIPE = 2
+ SSL_PPTYPE_PIPE = 2
} ssl_pphrase_t;
/**
SSL_ENABLED_UNSET = UNSET,
SSL_ENABLED_FALSE = 0,
SSL_ENABLED_TRUE = 1,
- SSL_ENABLED_OPTIONAL = 3
+ SSL_ENABLED_OPTIONAL = 3
} ssl_enabled_t;
/**
BOOL cipher_server_pref;
modssl_ctx_t *server;
modssl_ctx_t *proxy;
+ ssl_log_level_e ssl_log_level;
};
/**
const char *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
const char *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLUserName(cmd_parms *, void *, const char *);
+const char *ssl_cmd_SSLLogLevelDebugDump(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
const char *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
projects / thirdparty / apache / httpd.git / commitdiff
