]>
git.ipfire.org Git - thirdparty/apache/httpd.git/log
Doug MacEachern [Wed, 27 Mar 2002 02:28:15 +0000 (02:28 +0000)]
moving OpenSSL+sslc compat foo to ssl_toolkit_compat.h
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94199
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 01:58:15 +0000 (01:58 +0000)]
3rd arg of BIO callbacks in 'const char' in OpenSSL and 'char' in sslc,
make both happy.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94198
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 01:50:43 +0000 (01:50 +0000)]
OpenSSL uses void * for callback data, sslc uses char *,
cast to void * to make both happy.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94197
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 01:28:20 +0000 (01:28 +0000)]
add modssl_session_get_time() function to give mod_ssl what it needs
from SSL_SESSION_get_time() if using OpenSSL or sslc.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94195
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 00:46:07 +0000 (00:46 +0000)]
another step towards compatiblity with rsa sslc:
define the STACK_OF macro if not already defined.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94194
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 27 Mar 2002 00:32:07 +0000 (00:32 +0000)]
configure already checks OpenSSL version so dont bother here
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94193
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 26 Mar 2002 17:29:36 +0000 (17:29 +0000)]
note about the temporary DH keys
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94181
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 26 Mar 2002 17:17:27 +0000 (17:17 +0000)]
a few updates
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94180
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 26 Mar 2002 16:57:49 +0000 (16:57 +0000)]
per-dir SSLCACertificate{File,Path} cannot use SSL_CTX_set_cert_store
as the 1.x based module does, since the function is not thread-safe.
a patch has been submitted to OpenSSL to support SSL_set_cert_store
which is thread safe. this feature is enabled by default in the
current 1.x based module, we only enable it if the SSL_set_cert_store
function is available.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94179
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 26 Mar 2002 15:49:37 +0000 (15:49 +0000)]
constificationization of some char * config items
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94177
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 26 Mar 2002 15:42:21 +0000 (15:42 +0000)]
performance enhancement: mod_ssl config directives that can have both
a per-server and per-dir context were configuring the per-dir context
for per-server commands. this triggered ssl_hook_Access to always
compare the per-server context against per-dir configs that were
exactly the same.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94176
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 26 Mar 2002 00:49:37 +0000 (00:49 +0000)]
correct comment in previous change
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94171
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 26 Mar 2002 00:30:47 +0000 (00:30 +0000)]
PR:
Obtained from:
Submitted by:
Reviewed by:
fix bug seen on win32 with netscape client where output filter is run
triggered by lingering_close after ssl_hook_CloseConnection has been called
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94170
13f79535 -47bb-0310-9956-
ffa450edef68
Jeff Trawick [Fri, 22 Mar 2002 00:59:23 +0000 (00:59 +0000)]
the mod_ssl provided with Apache >= 2.0 no longer has an independent
version number
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@94111
13f79535 -47bb-0310-9956-
ffa450edef68
Cliff Woolley [Mon, 18 Mar 2002 03:19:30 +0000 (03:19 +0000)]
Fix a possibly-uninitialized warning and a boolean logic bug
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93992
13f79535 -47bb-0310-9956-
ffa450edef68
Cliff Woolley [Mon, 18 Mar 2002 03:18:47 +0000 (03:18 +0000)]
Fix some possibly-uninitialized warnings and some incorrect format strings
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93991
13f79535 -47bb-0310-9956-
ffa450edef68
William A. Rowe Jr [Sun, 17 Mar 2002 17:32:24 +0000 (17:32 +0000)]
Clear up a const warning, and recognize some arrays by changing the
variable names to the plural [rather than aszFoo, which I hope continues
to be cleaned up as folks have time.]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93982
13f79535 -47bb-0310-9956-
ffa450edef68
William A. Rowe Jr [Sun, 17 Mar 2002 17:31:34 +0000 (17:31 +0000)]
Fix a signedness emit based on session_id_length [unsigned]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93981
13f79535 -47bb-0310-9956-
ffa450edef68
William A. Rowe Jr [Sat, 16 Mar 2002 19:45:45 +0000 (19:45 +0000)]
Lost the prior log message ... [this is an empty commit]
Prior revision fixes the last ap_server_root_relative() NULL return
code potential segfaults. It also quits trying to server_root_relative
a logging pipe, since log pipes generally take arguments. However, it
ignores the PassPhraseDialog exec: since the argument to that shell
mechanism is the server name itself.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93972
13f79535 -47bb-0310-9956-
ffa450edef68
William A. Rowe Jr [Sat, 16 Mar 2002 19:34:33 +0000 (19:34 +0000)]
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93971
13f79535 -47bb-0310-9956-
ffa450edef68
William A. Rowe Jr [Sat, 16 Mar 2002 17:55:07 +0000 (17:55 +0000)]
Silly module, we don't need compat.h :)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93964
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 15 Mar 2002 01:46:47 +0000 (01:46 +0000)]
get rid of some -Wall warnings
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93947
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 15 Mar 2002 01:44:14 +0000 (01:44 +0000)]
remove stray log message (from madhu)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93946
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 14 Mar 2002 23:31:23 +0000 (23:31 +0000)]
PR:
Obtained from:
Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by: dougm
implement SSLSessionCache shmht and shmcb based on apr_rmm and apr_shm
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93942
13f79535 -47bb-0310-9956-
ffa450edef68
Jeff Trawick [Thu, 14 Mar 2002 22:19:14 +0000 (22:19 +0000)]
deal with the rename of kill_after_timeout to APR_KILL_AFTER_TIMEOUT
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93940
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 14 Mar 2002 07:21:10 +0000 (07:21 +0000)]
fix comment
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93932
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 14 Mar 2002 07:04:10 +0000 (07:04 +0000)]
PR:
Obtained from:
Submitted by:
Reviewed by:
fix bug in ssl_io_input_getline():
in most cases we get all the headers on the first SSL_read.
however, in certain cases SSL_read will only get a partial
chunk of the headers, so we now try to read until LF is seen.
bug seen with netscape client (running both on linux and win32) and
server running on win32.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93931
13f79535 -47bb-0310-9956-
ffa450edef68
Roy T. Fielding [Wed, 13 Mar 2002 20:48:07 +0000 (20:48 +0000)]
Update our copyright for this year.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93918
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 18:59:56 +0000 (18:59 +0000)]
use ssl_asn1_keystr
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93913
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 18:56:07 +0000 (18:56 +0000)]
add ssl_asn1_keystr() util function that returns string representation
(RSA or DSA) of the key index.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93912
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 18:51:35 +0000 (18:51 +0000)]
use ssl_asn1_table_keyfmt() function and only format each (rsa,dsa)
lookup key once, rather than twice.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93911
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 18:50:17 +0000 (18:50 +0000)]
use ssl_asn1_table_keyfmt() function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93910
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 18:42:05 +0000 (18:42 +0000)]
add ssl_asn1_table_keyfmt() function for clarity
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93909
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 17:09:51 +0000 (17:09 +0000)]
PR:
Obtained from:
Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by: dougm
adjust to SSL_SESSION_id2sz() prototype change
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93907
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 17:02:45 +0000 (17:02 +0000)]
generalize session logging into ssl_session_log() function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93906
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 06:41:46 +0000 (06:41 +0000)]
SSL_SESSION_id2sz() was NOT THREAD SAFE. it returned a pointer to a
static variable. fixed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93899
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 06:12:24 +0000 (06:12 +0000)]
SSL_SESSION_id2sz() is somewhat expensive, make sure we only call it
if SSLLogLevel >= info
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93898
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 05:30:43 +0000 (05:30 +0000)]
cleanup logging of CRL, includes ridding of some malloc/frees
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93897
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 05:05:51 +0000 (05:05 +0000)]
couple o minor style/log fixos
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93896
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 04:59:19 +0000 (04:59 +0000)]
use ptemp in ssl_init_FindCAList() rather than creating a subpool.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93895
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 04:49:23 +0000 (04:49 +0000)]
switch to ptemp pool for ssl_pphrase_Handle
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93894
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 04:38:35 +0000 (04:38 +0000)]
only call: ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
once at startup. if there is value in calling it more than once at
startup, it should be done explicitly rather than hidden in
ssl_tmp_keys_init().
switch to ptemp pool when calling ssl_rand_seed() at startup.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93893
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 04:16:11 +0000 (04:16 +0000)]
remove ssl_engine_ds.c
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93892
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 04:14:43 +0000 (04:14 +0000)]
remove obsolete ssl_ds_{table,array} api
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93891
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 03:59:43 +0000 (03:59 +0000)]
replace ssl_ds_array usage with apr_array_header_t
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93890
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 01:15:14 +0000 (01:15 +0000)]
minor ssl_init_CheckServers() enhancements:
- pass the ptemp (temporary pool) so we don't need to create a subpool
and destroy it ourselves.
- change ssl_ds_table usage to apr_hash_t
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93887
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Wed, 13 Mar 2002 00:50:13 +0000 (00:50 +0000)]
folding more duplication in ssl_tmp_keys_init
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93886
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 23:42:53 +0000 (23:42 +0000)]
cleanup tmp key callbacks. each had assigned the same (1024 bit) value
in 3 different places. the old code did nothing special in the case
of the export flag either.
add an ssl_log in each to trace when keys are being handed out.
add some XXX comments.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93885
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 23:05:33 +0000 (23:05 +0000)]
for the sake of readablity,
change: SSL_TKPIDX_{DH,RSA}{512,1024}
to: SSL_TMP_KEY_{DH,RSA}_{512,1024}
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93883
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 22:50:38 +0000 (22:50 +0000)]
split ssl_init_TmpKeysHandle function to init/free functions,
and make them static to ssl_engine_init.c
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93882
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 22:34:31 +0000 (22:34 +0000)]
it is not required that temporary keys survive restarts, since they
are generated and destroyed on every restart.
so get rid of SSLModConfigRec.tTmpKeys table and mess that was
managing it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93881
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 22:11:51 +0000 (22:11 +0000)]
remove version checks for using EGD
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93879
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 22:08:23 +0000 (22:08 +0000)]
remove call to legacy X509V3_add_standard_extensions() function,
not needed with OpenSSL 0.9.6+
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93878
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 22:07:12 +0000 (22:07 +0000)]
we require OpenSSL 0.9.6+
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93877
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 21:54:27 +0000 (21:54 +0000)]
removing unused ssl_init_ChildKill
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93875
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 21:53:44 +0000 (21:53 +0000)]
making ssl_init_SSLLibrary() static
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93874
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 21:48:48 +0000 (21:48 +0000)]
cleanup version component construction.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93873
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 21:12:49 +0000 (21:12 +0000)]
fold duplication of SSL{Proxy}VerifyDepth directives into
ssl_cmd_verify_depth_parse function.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93872
13f79535 -47bb-0310-9956-
ffa450edef68
Bradley Nicholes [Tue, 12 Mar 2002 21:10:18 +0000 (21:10 +0000)]
Fixed a type mismatch
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93871
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 21:06:17 +0000 (21:06 +0000)]
moving SSLVerifyClient directive parsing into ssl_cmd_verify_parse
function, which can also be used for SSLProxyVerify directive.
dropping support for undocumented integer form of levels (0..3)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93870
13f79535 -47bb-0310-9956-
ffa450edef68
Bradley Nicholes [Tue, 12 Mar 2002 21:05:37 +0000 (21:05 +0000)]
Added NetWare to the ifdef list
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93869
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 19:47:16 +0000 (19:47 +0000)]
fold duplication of SSL{Proxy}Protocol directives into
ssl_cmd_protocol_parse function.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93865
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 19:02:22 +0000 (19:02 +0000)]
fold some duplication of server certs/keys directive checking into
ssl_cmd_check_aidx_max function.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93864
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 18:34:19 +0000 (18:34 +0000)]
folding some command handler duplication into two generic functions:
ssl_cmd_check_file and ssl_cmd_check_dir.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93863
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 17:27:40 +0000 (17:27 +0000)]
get rid of some warnings for currently unused/unprototyped functions.
(we can actually compile mod_ssl with -Werror if -Wstrict-prototypes
is taken out)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93862
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 16:55:56 +0000 (16:55 +0000)]
minor performance enhancement: no need to use md5 of VHostID for the
session id, just use the VHostID itself.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93861
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 16:50:44 +0000 (16:50 +0000)]
dropping hungarian notation
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93860
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 16:44:18 +0000 (16:44 +0000)]
minor style changes
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93859
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 04:41:57 +0000 (04:41 +0000)]
dropping hungarian notation
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93851
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 01:40:02 +0000 (01:40 +0000)]
various style fixups / general changes to make code more readable.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93848
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 01:04:16 +0000 (01:04 +0000)]
various style fixups / general changes to make code more readable.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93847
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 00:06:06 +0000 (00:06 +0000)]
add SSL_VERIFY_PEER_STRICT shortcut for often used flags
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93846
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Tue, 12 Mar 2002 00:05:18 +0000 (00:05 +0000)]
various style fixups / general changes to make code more readable.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93845
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sun, 10 Mar 2002 00:29:49 +0000 (00:29 +0000)]
no need to call SSL_clear() after SSL_new()
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93824
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sun, 10 Mar 2002 00:22:07 +0000 (00:22 +0000)]
don't allocate SSLConnRec unless ssl is enabled on this vhost.
also provides a shorter shortcut for mod_ssl hooks to decline if ssl
is not enabled.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93823
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 8 Mar 2002 18:16:41 +0000 (18:16 +0000)]
support reuse of encrypted DSA keys on restart
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93799
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 8 Mar 2002 00:03:50 +0000 (00:03 +0000)]
remove unused ap_server_ctx member from SSLSrvConfigRec
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93785
13f79535 -47bb-0310-9956-
ffa450edef68
Ian Holsman [Wed, 6 Mar 2002 17:55:38 +0000 (17:55 +0000)]
apr-utils rename apr_ansi_time_to_apr_time and
apr_exploded_time_t.
PR:
Obtained from:
Submitted by: Thom May <thom@planetarytramp.net>
Reviewed by: Ian Holsman
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93733
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Sun, 3 Mar 2002 00:46:07 +0000 (00:46 +0000)]
reuse existing private key if possible for all SSLPassPhraseDialog
types, not just builtin. on win32 for example, a pipe dialog might
allocate a wintty for prompting, which results in 4 prompts at
startup, 2 for each child and 2 within each when httpd "restarts
itself".
update comments on this and wrap them a bit.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93679
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Fri, 1 Mar 2002 05:24:06 +0000 (05:24 +0000)]
s/const void/const char/g in ssl_asn1_table api
pointed out by gstein
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93653
13f79535 -47bb-0310-9956-
ffa450edef68
Cliff Woolley [Fri, 1 Mar 2002 04:35:17 +0000 (04:35 +0000)]
Consensus is that we should not use the scoreboard as a source of entropy.
Reviewed by: OtherBill, Justin, Madhu
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93652
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 19:11:31 +0000 (19:11 +0000)]
plug leak in newish ssl_asn1_table_set() function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93648
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 05:58:49 +0000 (05:58 +0000)]
remove an XXX: we already do CRYPTO_set_locking_callback() in ssl_util_thread_setup()
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93637
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 05:28:43 +0000 (05:28 +0000)]
remove #ifdef SHARED_MODULE around ssl library cleanup calls.
SHARED_MODULE is no longer defined, so we were leaking.
plus we always do a full startup/teardown regardless of being a dso or
static.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93636
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 05:22:56 +0000 (05:22 +0000)]
move SSL_load_client_CA_file() comment to where we moved the call to it
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93635
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 05:17:03 +0000 (05:17 +0000)]
various SSLCACertificatePath fixes:
- return value from apr_dir_read() was checking != APR_SUCCESS rather
than == APR_SUCCESS, so no certs were ever loaded.
- wasn't checking return value of apr_dir_open(), now log an error and
ssl_die() on failure.
- don't bother trying to load directories
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93634
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 04:59:07 +0000 (04:59 +0000)]
plug leak in ssl_init_FindCAList() where return value of
X509_NAME_oneline() used for trace logging was not freed.
now passes in a static buffer so no buffer is malloced.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93633
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 04:35:29 +0000 (04:35 +0000)]
fold some duplication within ssl_init_FindCAList() into generic
ssl_init_PushCAList() function.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93632
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 04:00:51 +0000 (04:00 +0000)]
need to free X509_NAME duplicates already found in the stack built by
ssl_init_FindCAList().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93626
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 03:48:26 +0000 (03:48 +0000)]
need to free the stacks returned by calls to SSL_load_client_CA_file()
in ssl_init_FindCAList(). values are pushed into another stack which
gets freed when SSL context is destroyed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93625
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 03:21:51 +0000 (03:21 +0000)]
contrary to what comments say, DH* returned from ssl_dh_GetTmpParam()
is _not_ static and needs to be freed via DH_free().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93624
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 03:12:11 +0000 (03:12 +0000)]
need to free sc->pRevocationStore at shutdown
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93623
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 01:47:26 +0000 (01:47 +0000)]
always reusing existing private key for given vhost on restarts if key
is encrypted and mtime stamp has not changed. this prevents getting
prompted twice for passphrase on windows and elsewhere when server is
started with -DNO_DETACH.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93620
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 01:41:42 +0000 (01:41 +0000)]
s/asn1->mtime/asn1->source_mtime/
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93619
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 01:36:04 +0000 (01:36 +0000)]
initialize ssl_asn1_t.mtime to 0
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93617
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 01:30:18 +0000 (01:30 +0000)]
reuse vhost keys for asn1 tables where keys are allocated out
of s->process->pool to prevent "leaking" each time we format
a vhost key.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93616
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 00:28:05 +0000 (00:28 +0000)]
switch SSLModConfigRec.tPublicCert to ssl_asn1_table api to prevent
leakage on restarts.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93615
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 00:23:32 +0000 (00:23 +0000)]
switch SSLModConfigRec.tPrivateKey to ssl_asn1_table api to prevent
leakage on restarts.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93614
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 00:10:52 +0000 (00:10 +0000)]
add ssl_asn1_table_get() wrapper and change ssl_init_TmpKeysHandle()
to use it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93613
13f79535 -47bb-0310-9956-
ffa450edef68
Doug MacEachern [Thu, 28 Feb 2002 00:01:57 +0000 (00:01 +0000)]
mod_ssl was "leaking" on restart since mc->tTmpKeys table entries
were allocated using apr_palloc out of s->process->pool and pushed
into an apr_array_header_t.
solve the problem by moving from apr_array_header_t's to an apr_hash_t.
also add ssl_asn1_table_{set,unset} wrappers to use malloc/free so we
do not "leak" from s->process->pool.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93612
13f79535 -47bb-0310-9956-
ffa450edef68