mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits

in the error log to debug level.

trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1447993
2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-quiet-fips.patch

Submitted by: wrowe
Reviewed by: druggeri, kbrand

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1485689 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 8a50c66e8504fbcc1fe5a09a744cc60dc79a09cf..2668c4b65c4fec2a5d544ec360cb114ab57c77d0 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,9 @@ Changes with Apache 2.2.25
      escaped to prevent terminal escape sequences from entering the
      log file.  [Joe Orton]
 
+  *) mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
+     in the error log to debug level.  [William Rowe]
+
   *) htdigest: Fix buffer overflow when reading digest password file
      with very long lines. PR 54893. [Rainer Jung]
 

diff --git a/STATUS b/STATUS
index f2c4067de9b9758047d2fdf7e6aa7fb5fefeac02..33799f66a4e21b0358d3a104c12b33c4c69f018c 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -96,13 +96,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
   
   
-  * mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
-    in the error log to debug level.  [William Rowe]
-    trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1447993
-    2.4.x patch: trunk patch applies.
-    2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-quiet-fips.patch
-    +1: wrowe, druggeri, kbrand
-
    * mod_authnz_ldap: Allow using exec: callouts like SSLPassphraseDialog
      for AuthLDAPBindPassword.
      trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1433478

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index f5cd8f0915962b055f2ee32fab306379de54bbe9..96a12ab81dd41a1aa2eef591bdc409dbf6a991bf 100644 (file)
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -83,7 +83,7 @@ static int ssl_tmp_key_init_rsa(server_rec *s,
 
     if (FIPS_mode() && bits < 1024) {
         mc->pTmpKeys[idx] = NULL;
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                      "Init: Skipping generating temporary "
                      "%d bit RSA private key in FIPS mode", bits);
         return OK;
@@ -113,7 +113,7 @@ static int ssl_tmp_key_init_dh(server_rec *s,
 
     if (FIPS_mode() && bits < 1024) {
         mc->pTmpKeys[idx] = NULL;
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                      "Init: Skipping generating temporary "
                      "%d bit DH parameters in FIPS mode", bits);
         return OK;
@@ -276,7 +276,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
         }
     }
     else {
-        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                      "SSL FIPS mode disabled");
     }
 #endif