Add some more log message tags

Add some more mod_ssl macros that confuse coccinelle. Remove restriction
on format string because it causes coccinelle to not consider multi line format
strings.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1210284 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/log-message-tags/find-messages.cocci b/docs/log-message-tags/find-messages.cocci
index f959bbbde4161c51c52035c552ee146cf13eedff..36db95a9ab483a9cd4d2cca838ae41f28c10ada1 100644 (file)
--- a/docs/log-message-tags/find-messages.cocci
+++ b/docs/log-message-tags/find-messages.cocci
@@ -1,6 +1,6 @@
 @r@
 expression rv, s;
-constant char [] format !~ "APLOGNO";
+constant char [] format;
 identifier level =~ "^APLOG_(EMERG|ALERT|CRIT|ERR|WARNING|NOTICE|INFO|STARTUP|DEBUG)$";
 identifier fn =~ "^ap_log_(|r|c|p)error$";
 

diff --git a/docs/log-message-tags/macros.h b/docs/log-message-tags/macros.h
index 98e4dd6a744d1fd097be4c43e51b40dfe2b70786..de1ebde470302da061fc400784b3dbd4c40e0cb8 100644 (file)
--- a/docs/log-message-tags/macros.h
+++ b/docs/log-message-tags/macros.h
@@ -22,5 +22,11 @@
 
 #define AP_DECLARE_MODULE(foo)  module foo##_module
 
-#define BOOL                     int
-#define STACK_OF(x)              x
+#define BOOL                              int
+#define STACK_OF(x)                       x
+#define MODSSL_D2I_SSL_SESSION_CONST
+#define MODSSL_D2I_ASN1_type_bytes_CONST
+#define MODSSL_D2I_PrivateKey_CONST
+#define MODSSL_D2I_X509_CONST
+#define MODSSL_SSL_CIPHER_CONST
+#define MODSSL_SSL_METHOD_CONST

diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number
index 150b7eab65e7a9418a9258018ab59b99a5ab9400..7c81a98af8d9f01945c3a58b02089d22a3325f92 100644 (file)
--- a/docs/log-message-tags/next-number
+++ b/docs/log-message-tags/next-number
@@ -1 +1 @@
-2231
+2270

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 37f416fcaf38f773771fcbc6674d2c377720e1e8..79b683cce8ce8a2a29718b697c357aed530d18e1 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -493,7 +493,7 @@ static void ssl_init_ctx_protocol(server_rec *s,
      *  Create the new per-server SSL context
      */
     if (protocol == SSL_PROTOCOL_NONE) {
-        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02231)
                 "No SSL protocols available [hint: SSLProtocol]");
         ssl_die();
     }
@@ -881,19 +881,19 @@ static int ssl_server_import_cert(server_rec *s,
         return FALSE;
     }
 
-    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02232)
                  "Configuring %s server certificate", type);
 
     ptr = asn1->cpData;
     if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) {
-        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02233)
                 "Unable to import %s server certificate", type);
         ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
         ssl_die();
     }
 
     if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) {
-        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02234)
                 "Unable to configure %s server certificate", type);
         ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
         ssl_die();
@@ -902,7 +902,7 @@ static int ssl_server_import_cert(server_rec *s,
 #ifdef HAVE_OCSP_STAPLING
     if ((mctx->pkp == FALSE) && (mctx->stapling_enabled == TRUE)) {
         if (!ssl_stapling_init_cert(s, mctx, cert)) {
-            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02235)
                          "Unable to configure server certificate for stapling");
         }
     }
@@ -936,20 +936,20 @@ static int ssl_server_import_key(server_rec *s,
         return FALSE;
     }
 
-    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02236)
                  "Configuring %s server private key", type);
 
     ptr = asn1->cpData;
     if (!(pkey = d2i_PrivateKey(pkey_type, NULL, &ptr, asn1->nData)))
     {
-        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02237)
                 "Unable to import %s server private key", type);
         ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
         ssl_die();
     }
 
     if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) {
-        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02238)
                 "Unable to configure %s server private key", type);
         ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
         ssl_die();
@@ -964,7 +964,7 @@ static int ssl_server_import_key(server_rec *s,
 
         if (pubkey && EVP_PKEY_missing_parameters(pubkey)) {
             EVP_PKEY_copy_parameters(pubkey, pkey);
-            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02239)
                     "Copying DSA parameters from private key to certificate");
             ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             EVP_PKEY_free(pubkey);
@@ -1216,7 +1216,7 @@ static void ssl_init_proxy_certs(server_rec *s,
 
         if (!inf->x509 || !inf->x_pkey) {
             sk_X509_INFO_free(sk);
-            ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s,
+            ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, APLOGNO(02252)
                          "incomplete client cert configured for SSL proxy "
                          "(missing or encrypted private key?)");
             ssl_die();

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index e2272018773a0c73adcc499167b7c3bef37dbcd2..cc3321f8705378b0080ab8de260f576bedfa3d1e 100644 (file)
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -410,7 +410,7 @@ int ssl_hook_Access(request_rec *r)
             !SSL_set_cipher_list(ssl, dc->szCipherSuite ?
                                       dc->szCipherSuite :
                                       sc->server->auth.cipher_suite)) {
-            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
+            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02253)
                           "Unable to reconfigure (per-directory) "
                           "permitted SSL ciphers");
             ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
@@ -507,7 +507,7 @@ int ssl_hook_Access(request_rec *r)
                             dc->nVerifyDepth : sc->server->auth.verify_depth;
     if (sslconn->verify_depth < n) {
         renegotiate = TRUE;
-        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02254)
                      "Reduced client verification depth will force "
                      "renegotiation");
     }
@@ -571,7 +571,7 @@ int ssl_hook_Access(request_rec *r)
                     X509_free(peercert);
                 }
 
-                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02255)
                               "Changed client verification type will force "
                               "%srenegotiation",
                               renegotiate_quick ? "quick " : "");
@@ -601,7 +601,7 @@ int ssl_hook_Access(request_rec *r)
             if (MODSSL_CFG_CA_NE(ca_cert_file, sc, hssc) ||
                 MODSSL_CFG_CA_NE(ca_cert_path, sc, hssc)) {
                 if (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
-                    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
+                    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02256)
                          "Non-default virtual host with SSLVerify set to "
                          "'require' and VirtualHost-specific CA certificate "
                          "list is only available to clients with TLS server "
@@ -651,7 +651,7 @@ int ssl_hook_Access(request_rec *r)
         }
 
         if (rv) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02257)
                           "could not buffer message body to allow "
                           "SSL renegotiation to proceed");
             return rv;
@@ -680,7 +680,7 @@ int ssl_hook_Access(request_rec *r)
             STACK_OF(X509) *cert_stack;
 
             /* perform just a manual re-verification of the peer */
-            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02258)
                          "Performing quick renegotiation: "
                          "just re-verifying the peer");
 
@@ -756,7 +756,7 @@ int ssl_hook_Access(request_rec *r)
              * discarded.  Legimately pipelined HTTP requests will be
              * retried anyway with this approach. */
             if (has_buffered_data(r)) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02259)
                               "insecure SSL re-negotiation required, but "
                               "a pipelined request is present; keepalive "
                               "disabled");
@@ -764,7 +764,7 @@ int ssl_hook_Access(request_rec *r)
             }
 
             /* Perform a full renegotiation. */
-            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+            ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02260)
                           "Performing full renegotiation: complete handshake "
                           "protocol (%s support secure renegotiation)",
 #if defined(SSL_get_secure_renegotiation_support)
@@ -808,7 +808,7 @@ int ssl_hook_Access(request_rec *r)
             sslconn->reneg_state = RENEG_REJECT;
 
             if (SSL_get_state(ssl) != SSL_ST_OK) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02261)
                               "Re-negotiation handshake failed: "
                               "Not accepted by client!?");
 
@@ -837,7 +837,7 @@ int ssl_hook_Access(request_rec *r)
                               (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE));
 
             if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02262)
                               "Re-negotiation handshake failed: "
                               "Client verification failed");
 
@@ -846,7 +846,7 @@ int ssl_hook_Access(request_rec *r)
 
             if (do_verify) {
                 if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {
-                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02263)
                                   "Re-negotiation handshake failed: "
                                   "Client certificate missing");
 
@@ -863,7 +863,7 @@ int ssl_hook_Access(request_rec *r)
         if (cipher_list) {
             cipher = SSL_get_current_cipher(ssl);
             if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) {
-                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02264)
                              "SSL cipher suite not renegotiated: "
                              "access to %s denied using cipher %s",
                               r->filename,
@@ -902,7 +902,7 @@ int ssl_hook_Access(request_rec *r)
         ok = ap_expr_exec(r, req->mpExpr, &errstring);
 
         if (ok < 0) {
-            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02265)
                           "access to %s failed, reason: Failed to execute "
                           "SSL requirement expression: %s",
                           r->filename, errstring);
@@ -914,7 +914,7 @@ int ssl_hook_Access(request_rec *r)
         }
 
         if (ok != 1) {
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
+            ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02266)
                           "Access to %s denied for %s "
                           "(requirement expression not fulfilled)",
                           r->filename, r->client_ip);
@@ -1596,12 +1596,12 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
     STACK_OF(X509) **ca_cert_chains;
     int i, j, k;
 
-    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02267)
                  SSLPROXY_CERT_CB_LOG_FMT "entered",
                  sc->vhost_id);
 
     if (!certs || (sk_X509_INFO_num(certs) <= 0)) {
-        ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
+        ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(02268)
                      SSLPROXY_CERT_CB_LOG_FMT
                      "downstream server wanted client certificate "
                      "but none are configured", sc->vhost_id);
@@ -1663,7 +1663,7 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
         } /* end loop through available certs */
     }
 
-    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02269)
                  SSLPROXY_CERT_CB_LOG_FMT
                  "no client certificate found!?", sc->vhost_id);
 

diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c
index b9173fac6956aa509335e5e2c5c1909d0d640b69..b12cdacd7be09fcb458c4ee7032b8e61d4667a73 100644 (file)
--- a/modules/ssl/ssl_engine_pphrase.c
+++ b/modules/ssl/ssl_engine_pphrase.c
@@ -192,7 +192,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
          */
         if (sc->server->pks->cert_files[0] == NULL
             && sc->server->pkcs7 == NULL) {
-            ap_log_error(APLOG_MARK, APLOG_EMERG, 0, pServ,
+            ap_log_error(APLOG_MARK, APLOG_EMERG, 0, pServ, APLOGNO(02240)
                          "Server should be SSL-aware but has no certificate "
                          "configured [Hint: SSLCertificateFile] (%s:%d)",
                          pServ->defn_name, pServ->defn_line_number);
@@ -228,7 +228,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                     ssl_die();
                 }
                 if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
-                    ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+                    ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02241)
                                  "Init: Unable to read server certificate from"
                                  " file %s", szPath);
                     ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
@@ -245,7 +245,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
             at = ssl_util_algotypeof(pX509Cert, NULL);
             an = ssl_util_algotypestr(at);
             if (algoCert & at) {
-                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02242)
                              "Init: Multiple %s server certificates not "
                              "allowed", an);
                 ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
@@ -325,7 +325,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                  */
                 if ((rv = exists_and_readable(szPath, p,
                                               &pkey_mtime)) != APR_SUCCESS ) {
-                     ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
+                     ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, APLOGNO(02243)
                                   "Init: Can't open server private key file "
                                   "%s",szPath);
                      ssl_die();
@@ -357,7 +357,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
 
                     if (asn1 && (asn1->source_mtime == pkey_mtime)) {
                         ap_log_error(APLOG_MARK, APLOG_INFO,
-                                     0, pServ,
+                                     0, pServ, APLOGNO(02244)
                                      "%s reusing existing "
                                      "%s private key on restart",
                                      cpVHostID, ssl_asn1_keystr(i));
@@ -421,7 +421,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                 }
 #ifdef WIN32
                 if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN) {
-                    ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+                    ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02245)
                                  "Init: SSLPassPhraseDialog builtin is not "
                                  "supported on Win32 (key file "
                                  "%s)", szPath);
@@ -437,7 +437,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                         !isatty(fileno(stdout))) /* XXX: apr_isatty() */
                     {
                         ap_log_error(APLOG_MARK, APLOG_ERR, 0,
-                                     pServ,
+                                     pServ, APLOGNO(02246)
                                      "Init: Unable to read pass phrase "
                                      "[Hint: key introduced or changed "
                                      "before restart?]");
@@ -474,7 +474,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                 continue;
 
             if (pPrivateKey == NULL) {
-                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02247)
                             "Init: Unable to read server private key from "
                             "file %s [Hint: Perhaps it is in a separate file? "
                             "  See SSLCertificateKeyFile]", szPath);
@@ -489,7 +489,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
             at = ssl_util_algotypeof(NULL, pPrivateKey);
             an = ssl_util_algotypestr(at);
             if (algoKey & at) {
-                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
+                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02248)
                              "Init: Multiple %s server private keys not "
                              "allowed", an);
                 ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
@@ -501,20 +501,20 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
              * Log the type of reading
              */
             if (nPassPhraseDialogCur == 0) {
-                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ,
+                ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ, APLOGNO(02249)
                              "unencrypted %s private key - pass phrase not "
                              "required", an);
             }
             else {
                 if (cpPassPhraseCur != NULL) {
                     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
-                                 pServ,
+                                 pServ, APLOGNO(02250)
                                  "encrypted %s private key - pass phrase "
                                  "requested", an);
                 }
                 else {
                     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
-                                 pServ,
+                                 pServ, APLOGNO(02251)
                                  "encrypted %s private key - pass phrase"
                                  " reused", an);
                 }