From: Stefan Fritsch Date: Sun, 4 Dec 2011 23:57:02 +0000 (+0000) Subject: Add some more log message tags X-Git-Tag: 2.5.0-alpha~7716 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9701a5af4fce6fb6216e66c94173b41b84fa0485;p=thirdparty%2Fapache%2Fhttpd.git Add some more log message tags Add some more mod_ssl macros that confuse coccinelle. Remove restriction on format string because it causes coccinelle to not consider multi line format strings. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1210284 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/log-message-tags/find-messages.cocci b/docs/log-message-tags/find-messages.cocci index f959bbbde41..36db95a9ab4 100644 --- a/docs/log-message-tags/find-messages.cocci +++ b/docs/log-message-tags/find-messages.cocci @@ -1,6 +1,6 @@ @r@ expression rv, s; -constant char [] format !~ "APLOGNO"; +constant char [] format; identifier level =~ "^APLOG_(EMERG|ALERT|CRIT|ERR|WARNING|NOTICE|INFO|STARTUP|DEBUG)$"; identifier fn =~ "^ap_log_(|r|c|p)error$"; diff --git a/docs/log-message-tags/macros.h b/docs/log-message-tags/macros.h index 98e4dd6a744..de1ebde4703 100644 --- a/docs/log-message-tags/macros.h +++ b/docs/log-message-tags/macros.h @@ -22,5 +22,11 @@ #define AP_DECLARE_MODULE(foo) module foo##_module -#define BOOL int -#define STACK_OF(x) x +#define BOOL int +#define STACK_OF(x) x +#define MODSSL_D2I_SSL_SESSION_CONST +#define MODSSL_D2I_ASN1_type_bytes_CONST +#define MODSSL_D2I_PrivateKey_CONST +#define MODSSL_D2I_X509_CONST +#define MODSSL_SSL_CIPHER_CONST +#define MODSSL_SSL_METHOD_CONST diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number index 150b7eab65e..7c81a98af8d 100644 --- a/docs/log-message-tags/next-number +++ b/docs/log-message-tags/next-number @@ -1 +1 @@ -2231 +2270 diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 37f416fcaf3..79b683cce8c 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -493,7 +493,7 @@ static void ssl_init_ctx_protocol(server_rec *s, * Create the new per-server SSL context */ if (protocol == SSL_PROTOCOL_NONE) { - ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02231) "No SSL protocols available [hint: SSLProtocol]"); ssl_die(); } @@ -881,19 +881,19 @@ static int ssl_server_import_cert(server_rec *s, return FALSE; } - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02232) "Configuring %s server certificate", type); ptr = asn1->cpData; if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) { - ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02233) "Unable to import %s server certificate", type); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) { - ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02234) "Unable to configure %s server certificate", type); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); @@ -902,7 +902,7 @@ static int ssl_server_import_cert(server_rec *s, #ifdef HAVE_OCSP_STAPLING if ((mctx->pkp == FALSE) && (mctx->stapling_enabled == TRUE)) { if (!ssl_stapling_init_cert(s, mctx, cert)) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02235) "Unable to configure server certificate for stapling"); } } @@ -936,20 +936,20 @@ static int ssl_server_import_key(server_rec *s, return FALSE; } - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02236) "Configuring %s server private key", type); ptr = asn1->cpData; if (!(pkey = d2i_PrivateKey(pkey_type, NULL, &ptr, asn1->nData))) { - ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02237) "Unable to import %s server private key", type); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) { - ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02238) "Unable to configure %s server private key", type); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); @@ -964,7 +964,7 @@ static int ssl_server_import_key(server_rec *s, if (pubkey && EVP_PKEY_missing_parameters(pubkey)) { EVP_PKEY_copy_parameters(pubkey, pkey); - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02239) "Copying DSA parameters from private key to certificate"); ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); EVP_PKEY_free(pubkey); @@ -1216,7 +1216,7 @@ static void ssl_init_proxy_certs(server_rec *s, if (!inf->x509 || !inf->x_pkey) { sk_X509_INFO_free(sk); - ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, + ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, APLOGNO(02252) "incomplete client cert configured for SSL proxy " "(missing or encrypted private key?)"); ssl_die(); diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index e2272018773..cc3321f8705 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -410,7 +410,7 @@ int ssl_hook_Access(request_rec *r) !SSL_set_cipher_list(ssl, dc->szCipherSuite ? dc->szCipherSuite : sc->server->auth.cipher_suite)) { - ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02253) "Unable to reconfigure (per-directory) " "permitted SSL ciphers"); ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server); @@ -507,7 +507,7 @@ int ssl_hook_Access(request_rec *r) dc->nVerifyDepth : sc->server->auth.verify_depth; if (sslconn->verify_depth < n) { renegotiate = TRUE; - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02254) "Reduced client verification depth will force " "renegotiation"); } @@ -571,7 +571,7 @@ int ssl_hook_Access(request_rec *r) X509_free(peercert); } - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02255) "Changed client verification type will force " "%srenegotiation", renegotiate_quick ? "quick " : ""); @@ -601,7 +601,7 @@ int ssl_hook_Access(request_rec *r) if (MODSSL_CFG_CA_NE(ca_cert_file, sc, hssc) || MODSSL_CFG_CA_NE(ca_cert_path, sc, hssc)) { if (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02256) "Non-default virtual host with SSLVerify set to " "'require' and VirtualHost-specific CA certificate " "list is only available to clients with TLS server " @@ -651,7 +651,7 @@ int ssl_hook_Access(request_rec *r) } if (rv) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02257) "could not buffer message body to allow " "SSL renegotiation to proceed"); return rv; @@ -680,7 +680,7 @@ int ssl_hook_Access(request_rec *r) STACK_OF(X509) *cert_stack; /* perform just a manual re-verification of the peer */ - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02258) "Performing quick renegotiation: " "just re-verifying the peer"); @@ -756,7 +756,7 @@ int ssl_hook_Access(request_rec *r) * discarded. Legimately pipelined HTTP requests will be * retried anyway with this approach. */ if (has_buffered_data(r)) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02259) "insecure SSL re-negotiation required, but " "a pipelined request is present; keepalive " "disabled"); @@ -764,7 +764,7 @@ int ssl_hook_Access(request_rec *r) } /* Perform a full renegotiation. */ - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02260) "Performing full renegotiation: complete handshake " "protocol (%s support secure renegotiation)", #if defined(SSL_get_secure_renegotiation_support) @@ -808,7 +808,7 @@ int ssl_hook_Access(request_rec *r) sslconn->reneg_state = RENEG_REJECT; if (SSL_get_state(ssl) != SSL_ST_OK) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02261) "Re-negotiation handshake failed: " "Not accepted by client!?"); @@ -837,7 +837,7 @@ int ssl_hook_Access(request_rec *r) (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE)); if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02262) "Re-negotiation handshake failed: " "Client verification failed"); @@ -846,7 +846,7 @@ int ssl_hook_Access(request_rec *r) if (do_verify) { if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02263) "Re-negotiation handshake failed: " "Client certificate missing"); @@ -863,7 +863,7 @@ int ssl_hook_Access(request_rec *r) if (cipher_list) { cipher = SSL_get_current_cipher(ssl); if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02264) "SSL cipher suite not renegotiated: " "access to %s denied using cipher %s", r->filename, @@ -902,7 +902,7 @@ int ssl_hook_Access(request_rec *r) ok = ap_expr_exec(r, req->mpExpr, &errstring); if (ok < 0) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02265) "access to %s failed, reason: Failed to execute " "SSL requirement expression: %s", r->filename, errstring); @@ -914,7 +914,7 @@ int ssl_hook_Access(request_rec *r) } if (ok != 1) { - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02266) "Access to %s denied for %s " "(requirement expression not fulfilled)", r->filename, r->client_ip); @@ -1596,12 +1596,12 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey) STACK_OF(X509) **ca_cert_chains; int i, j, k; - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02267) SSLPROXY_CERT_CB_LOG_FMT "entered", sc->vhost_id); if (!certs || (sk_X509_INFO_num(certs) <= 0)) { - ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(02268) SSLPROXY_CERT_CB_LOG_FMT "downstream server wanted client certificate " "but none are configured", sc->vhost_id); @@ -1663,7 +1663,7 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey) } /* end loop through available certs */ } - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02269) SSLPROXY_CERT_CB_LOG_FMT "no client certificate found!?", sc->vhost_id); diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c index b9173fac695..b12cdacd7be 100644 --- a/modules/ssl/ssl_engine_pphrase.c +++ b/modules/ssl/ssl_engine_pphrase.c @@ -192,7 +192,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) */ if (sc->server->pks->cert_files[0] == NULL && sc->server->pkcs7 == NULL) { - ap_log_error(APLOG_MARK, APLOG_EMERG, 0, pServ, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, pServ, APLOGNO(02240) "Server should be SSL-aware but has no certificate " "configured [Hint: SSLCertificateFile] (%s:%d)", pServ->defn_name, pServ->defn_line_number); @@ -228,7 +228,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) ssl_die(); } if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) { - ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02241) "Init: Unable to read server certificate from" " file %s", szPath); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); @@ -245,7 +245,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) at = ssl_util_algotypeof(pX509Cert, NULL); an = ssl_util_algotypestr(at); if (algoCert & at) { - ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02242) "Init: Multiple %s server certificates not " "allowed", an); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); @@ -325,7 +325,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) */ if ((rv = exists_and_readable(szPath, p, &pkey_mtime)) != APR_SUCCESS ) { - ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, APLOGNO(02243) "Init: Can't open server private key file " "%s",szPath); ssl_die(); @@ -357,7 +357,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) if (asn1 && (asn1->source_mtime == pkey_mtime)) { ap_log_error(APLOG_MARK, APLOG_INFO, - 0, pServ, + 0, pServ, APLOGNO(02244) "%s reusing existing " "%s private key on restart", cpVHostID, ssl_asn1_keystr(i)); @@ -421,7 +421,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) } #ifdef WIN32 if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN) { - ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02245) "Init: SSLPassPhraseDialog builtin is not " "supported on Win32 (key file " "%s)", szPath); @@ -437,7 +437,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) !isatty(fileno(stdout))) /* XXX: apr_isatty() */ { ap_log_error(APLOG_MARK, APLOG_ERR, 0, - pServ, + pServ, APLOGNO(02246) "Init: Unable to read pass phrase " "[Hint: key introduced or changed " "before restart?]"); @@ -474,7 +474,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) continue; if (pPrivateKey == NULL) { - ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02247) "Init: Unable to read server private key from " "file %s [Hint: Perhaps it is in a separate file? " " See SSLCertificateKeyFile]", szPath); @@ -489,7 +489,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) at = ssl_util_algotypeof(NULL, pPrivateKey); an = ssl_util_algotypestr(at); if (algoKey & at) { - ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02248) "Init: Multiple %s server private keys not " "allowed", an); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); @@ -501,20 +501,20 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) * Log the type of reading */ if (nPassPhraseDialogCur == 0) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ, + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ, APLOGNO(02249) "unencrypted %s private key - pass phrase not " "required", an); } else { if (cpPassPhraseCur != NULL) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, - pServ, + pServ, APLOGNO(02250) "encrypted %s private key - pass phrase " "requested", an); } else { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, - pServ, + pServ, APLOGNO(02251) "encrypted %s private key - pass phrase" " reused", an); }