From: Graham Leggett <minfrin@apache.org>
Date: Thu, 23 May 2013 13:12:44 +0000 (+0000)
Subject: mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
X-Git-Tag: 2.2.25~56
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6ecd7cc66c38f99372de9ae44988d198652eaad;p=thirdparty%2Fapache%2Fhttpd.git

mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
in the error log to debug level.

trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1447993
2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-quiet-fips.patch

Submitted by: wrowe
Reviewed by: druggeri, kbrand


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1485689 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 8a50c66e850..2668c4b65c4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,9 @@ Changes with Apache 2.2.25
      escaped to prevent terminal escape sequences from entering the
      log file.  [Joe Orton]
 
+  *) mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
+     in the error log to debug level.  [William Rowe]
+
   *) htdigest: Fix buffer overflow when reading digest password file
      with very long lines. PR 54893. [Rainer Jung]
 
diff --git a/STATUS b/STATUS
index f2c4067de9b..33799f66a4e 100644
--- a/STATUS
+++ b/STATUS
@@ -96,13 +96,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
   
   
-  * mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits
-    in the error log to debug level.  [William Rowe]
-    trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1447993
-    2.4.x patch: trunk patch applies.
-    2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-quiet-fips.patch
-    +1: wrowe, druggeri, kbrand
-
    * mod_authnz_ldap: Allow using exec: callouts like SSLPassphraseDialog
      for AuthLDAPBindPassword.
      trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1433478
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index f5cd8f09159..96a12ab81dd 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -83,7 +83,7 @@ static int ssl_tmp_key_init_rsa(server_rec *s,
 
     if (FIPS_mode() && bits < 1024) {
         mc->pTmpKeys[idx] = NULL;
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                      "Init: Skipping generating temporary "
                      "%d bit RSA private key in FIPS mode", bits);
         return OK;
@@ -113,7 +113,7 @@ static int ssl_tmp_key_init_dh(server_rec *s,
 
     if (FIPS_mode() && bits < 1024) {
         mc->pTmpKeys[idx] = NULL;
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                      "Init: Skipping generating temporary "
                      "%d bit DH parameters in FIPS mode", bits);
         return OK;
@@ -276,7 +276,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
         }
     }
     else {
-        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
                      "SSL FIPS mode disabled");
     }
 #endif