From: Rainer Jung Date: Fri, 15 Feb 2013 15:42:12 +0000 (+0000) Subject: mod_ssl: log revoked certificates at level INFO X-Git-Tag: 2.2.24~23 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=78c928c1c658a35f09290295adaf84500ac981f8;p=thirdparty%2Fapache%2Fhttpd.git mod_ssl: log revoked certificates at level INFO instead of DEBUG. PR 52162 Partial backport of r1165056 from trunk/2.4.x. Submitted by: sf Backported by: rjung Reviewed by: wrowe, rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1446637 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 2f113a9f5ac..a7e415d5d32 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.2.24 + *) mod_ssl: log revoked certificates at level INFO + instead of DEBUG. PR 52162. [Stefan Fritsch] + *) mod_proxy_ajp: Support unknown HTTP methods. PR 54416. [Rainer Jung] diff --git a/STATUS b/STATUS index a968bc33795..92889220afc 100644 --- a/STATUS +++ b/STATUS @@ -94,11 +94,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_ssl: PR 52162: log revoked certificates at level INFO instead of DEBUG - trunk/2.4.x: Changed as part of http://svn.apache.org/viewvc?rev=1165056&view=rev - 2.2.x patch: https://issues.apache.org/bugzilla/attachment.cgi?id=27913 - +1: sf, wrowe, rpluem - * mod_ssl: When receiving http on https, send the error response with http 1.0 It is important that we send a proper error status, or search engines may index the error message. diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 315ccafc149..a7bd6e51b36 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1588,7 +1588,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c) ASN1_INTEGER *sn = X509_REVOKED_get_serialNumber(revoked); if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(cert))) { - if (s->loglevel >= APLOG_DEBUG) { + if (s->loglevel >= APLOG_INFO) { char *cp = X509_NAME_oneline(issuer, NULL, 0); long serial = ASN1_INTEGER_get(sn);