git.ipfire.org Git - thirdparty/apache/httpd.git/log

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify_CRL): Fix
off-by-one.

PR: 35081
Submitted by: Marc Stern <mstern csc.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@179781 13f79535-47bb-0310-9956-ffa450edef68

  Reintroduce stack frame construction with /Oy- (removal was implied by /O2).
  This makes binaries far easier to debug, during operation and for post-crash
  .dmp analysis.  Do not alter /Gs optimizations per brane.

Reviewed by: stoddard, brane

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@170253 13f79535-47bb-0310-9956-ffa450edef68

* httpd/modules/ssl/NWGNUmakefile

svn:eol-style = native

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@164428 13f79535-47bb-0310-9956-ffa450edef68

Fix issue where mod_ssl does not pick up the ssl-unclean-shutdown
setting when configured e.g. as a reverse proxy:

* modules/ssl/ssl_private.h: Remove ssl_hook_Translate.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): Merge in
ssl_hook_Translate. (ssl_hook_Translate): Remove.

* modules/ssl/mod_ssl.c (ssl_register_hooks): Ensure that _ReadReq
hook runs after mod_setenvif.c; don't register translate_name hook.

PR: 34452

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@161958 13f79535-47bb-0310-9956-ffa450edef68

Build mod_ssl for the NetWare platform

Submitted by: Guenter Knauf <fuankg@apache.org>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@161813 13f79535-47bb-0310-9956-ffa450edef68

Second fat-fingered typo in 24 hrs. Balance parens, this now compiles.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@157947 13f79535-47bb-0310-9956-ffa450edef68

Clean up emit for size truncation. Division here ensures we fit nicely.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@157946 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/mod_ssl.h: Add ssl_ext_lookup optional hook declaration.

* modules/ssl/ssl_engine_vars.c (ssl_ext_lookup): New function.
(ssl_var_register): Register optional function.

* modules/ssl/ssl_private.h (ssl_ext_lookup): Add prototype.

Submitted by: David Reid, Joe Orton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@153933 13f79535-47bb-0310-9956-ffa450edef68

Move the POSIX reg* implementations into the ap_* namespace;
internalise the ap_reg*<->PCRE wrapper:

* configure.in: Add srclib/pcre to the include path.

* include/ap_regex.h: Renamed from include/pcreposix.h.  Prefix all
constants with AP_; prefix all functions and types with ap_.  Define
AP_DECLARE to nothing if necessary.  Remove regcomp error codes.

* include/httpd.h: Include ap_regex.h not pcreposix.h.
(ap_pregcomp, ap_regexec, ap_regfree): s/regex_t/ap_regex_t/.
(ap_regexec, ap_regerror): Prototypes moved to ap_regex.h.

* server/util.c (regex_cleanup, ap_pregcomp, ap_pregsub, ap_pregfree):
Adjust for ap_ prefixed types.  (ap_regexec, ap_regerror): Removed.

* server/Makefile.in: Build util_pcre.c.

* server/util_pcre.c: Copied from srclib/pcre/pcreposix.c; remove use
of PCRE-internals to do error mapping; rename types to add AP_/ap_
prefixes as above.  Use APR includes.  (ap_regerror): Use apr_snprintf.

* srclib/pcre/Makefile.in: Don't build pcreposix.c into libpcre.la.

* modules/*: Update to use new type and constant names.

PR: 27750 (part one)
Submitted by: Andres Salomon <dilinger voxel.net>, Joe Orton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@153384 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Move the
SSLUsername-controlled assignment of r->user above the SSLRequire
checks so that the "username" gets logged if SSLRequire denies access.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@153280 13f79535-47bb-0310-9956-ffa450edef68

Remove formatting characters from ap_log_error() calls. These
were escaped as fallout from CAN-2003-0020.

Submitted by: Eric Covener <ecovener gmail.com>
Reviewed by: Jeff Trawick

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@153105 13f79535-47bb-0310-9956-ffa450edef68

Change where we set r->user if we're setting it from a
client certificate.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@151493 13f79535-47bb-0310-9956-ffa450edef68

Update copyright year to 2005 and standardize on current copyright owner line.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@151408 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (bio_filter_out_flush): Fail if the
connection was reset.

PR: 32699

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@125166 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/mod_ssl.c: Declare new config directives
SSLCADNRequestFile and SSLCADNRequestPath.

* modules/ssl/ssl_private.h (modssl_pk_server_t): Add ca_name_path,
ca_name_file fields.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_verify): If either of
SSLCADNRequestFile or SSLCADNRequestPath are configured, load the CA
DN list sent in the CertificateRequest from those certificates.

* modules/ssl/ssl_engine_config.c (modssl_ctx_init_server): Use
pcalloc to zero-initialize the entire modssl_pk_server_t structure.
(ssl_config_server_new): Merge the ca_name_* fields.
(ssl_cmd_SSLCADNRequestPath, ssl_cmd_SSLCADNRequestFile): New
functions.

PR: 32848
Submitted by: Tim Taylor <tim.taylor dfas.mil>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@125165 13f79535-47bb-0310-9956-ffa450edef68

  It's perferable to use a debug build of ssleay32/libeay32, but offer
  a fallback if they are built as release libraries for creating
  mod_ssl in debug mode.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@124284 13f79535-47bb-0310-9956-ffa450edef68

  FINALLY Correct ap_http_method()!  It is NOT a method, it's a SCHEME!

  Bumped mmn, and ap module cookie, for this function rename.

  It's not a deprecation, as ap_http_method would be a lovely function
  name sometime in the future: to determine what the function name implies.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@123882 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (bio_filter_out_flush): Revert the
passed-brigade-reuse "fix" which is currently unnecessary.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@111962 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_cleanup): Fix segfaults
from using ap_log_cerror from a c->pool cleanup; the debug message
triggers too often anyway so just remove it.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@111959 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Use
X509_STORE_CTX_get_ex_data() and SSL_get_ex_data_X509_STORE_CTX_idx()
to use the correct ex_data index from the context in pathological
cases where SSL_get_ex_data_X509_STORE_CTX_idx() does not return 0.

PR: 32529

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@111241 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_Upgrade): Simplify the
Upgrade header check; allow upgrades on any method; don't drop the
ap_pass_brigade return value.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@111159 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_Upgrade): Remove the
unnecessary check of the Connection request header.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@109499 13f79535-47bb-0310-9956-ffa450edef68

Use a case insensitive compare when looking for 'Upgrade'.
The first client I tested was sending 'upgrade'.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@109447 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_mutex.c (ssl_mutex_on, ssl_mutex_off):
Improve error messages.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@106573 13f79535-47bb-0310-9956-ffa450edef68

general property cleanup

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@106103 13f79535-47bb-0310-9956-ffa450edef68

Remove the .cvsignore files.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105796 13f79535-47bb-0310-9956-ffa450edef68

Fix handling of non-blocking reads in mod_ssl (triggered by recent
change to mod_proxy_http):

* modules/ssl/ssl_engine_io.c (bio_filter_in_read): Return an error if
the read would block so that the SSL_read() caller checks for
SSL_ERROR_WANT_READ, rather than 0, which is treated like EOF.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105768 13f79535-47bb-0310-9956-ffa450edef68

Add -t -DDUMP_CERTS option to mod_ssl which dumps the filenames of all
configured SSL certificates to stdout, useful for cron-ing through a
"do I need to renew any of my certificates this week" tool:

* modules/ssl/ssl_engine_config.c (ssl_hook_ConfigTest): New function.

* modules/ssl/mod_ssl.c (ssl_register_hooks): ...register it as a
test_config hook.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105741 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/config.m4: Use libtool's -export-symbols-regex flag to
hide all global symbols defined by mod_ssl other than the module
structure (where possible).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105740 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c, modules/ssl/ssl_engine_kernel.c,
modules/mod_ssl.c: Switch to using ap_log_cerror() in place of
ap_log_error() everywhere that the conn_rec * is available.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105739 13f79535-47bb-0310-9956-ffa450edef68

Remove bogus comment: for SSLPassPhraseDialog exec:..., argv is
defined and documented and can't be changed.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105683 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix possible
NULL pointer dereference in some configurations.

PR: 31848

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105663 13f79535-47bb-0310-9956-ffa450edef68

Add a check for SSL_ENABLED_OPTIONAL to the http_method and default_port hook so that they return the correct values for an upgradeable connection.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105426 13f79535-47bb-0310-9956-ffa450edef68

* os/unix/os.h: Define AP_NEED_SET_MUTEX_PERMS.

* modules/mappers/mod_rewrite.c, modules/ssl/ssl_engine_mutex.c: Use
AP_NEED_SET_MUTEX_PERMS to determine whether unixd_set_*_mutex_perms
calls are necessary.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105411 13f79535-47bb-0310-9956-ffa450edef68

Fix CAN-2004-0885:

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Access): Ensure that a
correct cipher suite has been negotiated, else deny access.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): With OpenSSL
0.9.7, prevent session resumption during a renegotiation to force the
client to negotiate a new (and acceptable) cipher suite.

Submitted by: Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105396 13f79535-47bb-0310-9956-ffa450edef68

Use the right length.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105354 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_connect): Return
502 not 501 if SSL_connect() fails for a proxy connection.

PR: 31083

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105252 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_scache_shmcb.c (ssl_scahe_shmcb_init): If anonymous
shm is not supported, always remove the named segment first to cope
with unclean shutdowns.

PR: 21335 (continued)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105249 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c: Map "UID" suffix to the same OID
(2.5.4.45) for old and new versions of OpenSSL.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@105244 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_remain): New
function. (ssl_var_lookup_ssl_cert): Support _V_REMAIN suffix for
SSL_{SERVER,CLIENT} as number of days until certificate expires.

* modules/ssl_engine_kernel.c: Export SSL_CLIENT_V_REMAIN if
+StdEnvVars is configured.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@104700 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_input_read): Fix rollback
handling for AP_MODE_SPECULATIVE.

PR: 30134

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@104687 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify_CRL),
* server/log.c (ap_log_pid),
* server/mpm/prefork/prefork.c (accept_mutex_on, accept_mutex_off),
* support/htdbm.c (htdbm_list):
Fix some non-literal format strings (warnings from gcc -Wformat-security).

PR: 30585
Submitted by: Ulf Harnhammar (SITIC), Joe Orton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@104548 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_input_read): Fix potential
infinite loop in ssl_io_input_getline if connection is aborted without
inctx->rc being set.

PR: 29964

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@104547 13f79535-47bb-0310-9956-ffa450edef68

Tokenize the header while parsing it for the upgrade tokens and once the protocol has been upgraded, allow the request to complete encrypted.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@104273 13f79535-47bb-0310-9956-ffa450edef68

Use the correct Apache-2.x EBCDIC conversion function (not the old apache-1.3 routine)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@104082 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (bio_filter_out_flush): Create a new
brigade for sending output after passing on the current one.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103967 13f79535-47bb-0310-9956-ffa450edef68

Add "SSLUserName" directive to set r->user based on a chosen SSL
environment variable name.

* modules/ssl/ssl_private.h (struct SSLDirConfigRec): Add
szUserName field.

* modules/ssl/ssl_engine_config.c (ssl_config_perdir_create,
ssl_config_perdir_merge): Initialize and merge szUserName field.
(ssl_cmd_SSLUserName): New function.

* modules/ssl/ssl_engine_kernel.c (ssl_hook_Fixup): Set r->user to
the value of the chosen SSL environment variable.

* modules/ssl/mod_ssl.c: Add SSLUserName config directive.

PR: 20957
Submitted by: Martin v. Loewis <martin v.loewis.de>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103834 13f79535-47bb-0310-9956-ffa450edef68

Add "SSLHonorCipherOrder" directive to enable the OpenSSL 0.9.7 flag
which uses the server's cipher preference order rather than the
client's.

* modules/ssl/ssl_private.h (struct SSLSrvConfigRec): Add
cipher_server_pref field.

* modules/ssl/ssl_engine_config.c (ssl_config_server_create,
ssl_config_server_merge): Initialize and merge cipher_server_pref
field.
(ssl_cmd_SSLHonorCipherOrder): New function.

* modules/ssl/ssl_engine_init.c (ssl_init_ctx_protocol): Set the
context option SSL_OP_CIPHER_SERVER_PREFERENCE when required.

PR: 28665
Submitted by: Jim Shneider <jschneid netilla.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103832 13f79535-47bb-0310-9956-ffa450edef68

Drop support for the "CompatEnvVars" argument to SSLOptions, which was
never implemented in 2.0 and never needed to be.

* docs/ssl/ssl-std.conf.in: Remove CompatEnvVars examples.

* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLOptions): Don't allow
the CompatEnvVars argument.

* modules/ssl/ssl_private.h: Remove SSL_OPT_COMPATENVVARS macro.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103829 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_scache.c (ssl_scache_expire): Remove unused function.

* modules/ssl/ssl_scache_dc.c (ssl_scache_dc_expire): Likewise.

* modules/ssl/ssl_scache_shmcb.c (ssl_scache_shmcb_expire): Likewise.

* modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_expire): Make static.

* modules/ssl/ssl_private.h: Remove prototypes.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103793 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_util.c, modules/ssl/ssl_private.h: Remove unused
functions ssl_util_strupper, ssl_util_ptxtstub, and
ssl_util_uuencode*.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103755 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_kernel.c (ssl_hook_UserCheck): Fix buffer
overflow in FakeBasicAuth code if client's subject DN exceeds 6K in
length (CVE CAN-2004-0488); switch to using apr-util base64 encoder
functions.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103754 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_config.c (ssl_config_global_create): Fix gcc
strict-aliasing warning.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103688 13f79535-47bb-0310-9956-ffa450edef68

Fix SEGV in 'shmcb' session cache:
When a 'read' or 'write' to session cache is done, we need to check the size
of the data being 'read' or 'written' to avoid buffer over-run.

PR: 27751
Submitted by: Geoff Thorpe
Reviewed by: Madhusudan Mathihalli

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103669 13f79535-47bb-0310-9956-ffa450edef68

In the newer versions of OpenSSL, the flag SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
just prevents the internal lookup but does not prevent the caching.
OpenSSL 0.9.6h onwards has a new flag 'SSL_SESS_CACHE_NO_INTERNAL' to
prevent OpenSSL from both lookup and caching the sessions internally.

PR: 26562
Reviewed by: Geoff Thorpe, Joe Orton

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103165 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_cleanup): Don't try and
send an SSL shutdown from a pool cleanup.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@103156 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_log.c (ssl_log_annotation): const-ify more.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102943 13f79535-47bb-0310-9956-ffa450edef68

Pick up mod_status.h

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102938 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_log.c (ssl_log_annotate, ssl_log_annotation,
ssl_log_ssl_error): const-ify annotation strings and simplify
ssl_log_annotation.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102927 13f79535-47bb-0310-9956-ffa450edef68

Fix use of mod_ssl as a DSO linked against static SSL libraries; also
stop linking all of support/* against the SSL libraries:

* acinclude.m4 (APACHE_MODULE): Define MOD_FOO_LDADD which each
module .la library will be linked against.
(APACHE_MODPATH_ADD): Link static modules against the provided libraries.
(APACHE_CHECK_SSL_TOOLKIT): Put SSL libraries in SSL_LIBS and export
that to config_vars.mk.

* support/Makefile.in: Link ab against SSL_LIBS.

* modules/ssl/config.m4: Add SSL_LIBS and distcache libraries to
MOD_SSL_LDADD.

PR: 17217

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102870 13f79535-47bb-0310-9956-ffa450edef68

Allow the enabled flag to be set to more than just TRUE or FALSE so that
the OPTIONAL flag can be correctly merged within the
ssl_config_server_merge() function.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102860 13f79535-47bb-0310-9956-ffa450edef68

Allow the enabled flag to be set to more that just TRUE or FALSE so that
the OPTIONAL flag is correctly merged within the
ssl_config_server_merge() function.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102859 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_init.c (ssl_init_Engine): Log the OpenSSL
error stack contents if engine load/init fails.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102857 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_log.c (ssl_log_ssl_error): Use %lu to print
an unsigned long.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102856 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup,
ssl_var_lookup_ssl_cipher): Use apr_itoa instead of psprintf %d.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102855 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars (ssl_var_lookup): const'ify result and
drop a bunch of casts; use apr_table_get directly in place of
ssl_var_lookup_header.
(ssl_var_lookup_header): Remove function.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102854 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars (ssl_var_lookup): Optimise such that
lookup of SSL_* variables (the common case) requires 2 rather than 29
strcasecmp calls before getting to ssl_var_lookup_ssl().

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102851 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/mod_ssl.h: Declare ssl_is_https optional function.

* modules/ssl/ssl_engine_vars (ssl_is_https): New function.
(ssl_var_register): Register it.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102850 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars (ssl_var_lookup): Fix potential
segfaults if called with r=NULL, c!=NULL, spotted by Andr��.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102849 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_disable,
ssl_io_filter_error): Clear the SSL * pointer in the SSLConnRec too.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102819 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): Simplify
to use apr_pstrmemdup.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102815 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert_dn): For a DN
which includes several RDNs with the same OID, allow lookup of any
particular RDN using an "_<n>" suffix on the name.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102813 13f79535-47bb-0310-9956-ffa450edef68

Move mod_ssl-internal interfaces into ssl_private.h; allow mod_ssl.h
to be included even when mod_ssl is not enabled.

* Makefile.in (install-include): Only install mod_ssl.h.

* modules/ssl/ssl_private.h: New file.

* modules/ssl/mod_ssl.h: Move everything apart from than the optional
hook definitions into ssl_private.h.

* modules/ssl/*.c: Include ssl_private.h not mod_ssl.h

* modules/ssl/config.m4: Always add the mod_ssl directory to the
include path so other modules can find mod_ssl.h.

* modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional
hook definitions rather than copy'n'pasting them.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102803 13f79535-47bb-0310-9956-ffa450edef68

Relicense.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102799 13f79535-47bb-0310-9956-ffa450edef68

Send the 'Close Alert' message to the peer upon closing a SSL session. This
required creating a new EOC (End-Of-Connection) bucket type to notify mod_ssl
that the connection is about to be closed.

Reviewed by: Joe Orton, Justin Erenkrantz

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102793 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_disable): Don't leak an
SSL structure for each plain-HTTP-on-SSL-port request.

PR: 27106

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102770 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_pphrase.c (ssl_pphrase_Handle): Wording
tweaks.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102747 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_scache_shmcb.c (ssl_scache_shmcb_init): Use an
anonymous shm segment by default or fall back on name-based shm.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102746 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_pphrase.c: Note that the ERR_clear_error()
call is not merely a cosmetic fix in light of PR 21160.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102628 13f79535-47bb-0310-9956-ffa450edef68

fix name of The Apache Software Foundation

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102618 13f79535-47bb-0310-9956-ffa450edef68

fix copyright dates according to the first check in

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102573 13f79535-47bb-0310-9956-ffa450edef68

apply Apache License, Version 2.0

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102525 13f79535-47bb-0310-9956-ffa450edef68

We need the SSL module dir in our path in order to compile mod_ssl.
Otherwise, we can't find mod_ssl.h.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102515 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_io.c (ssl_io_filter_output): Use non-blocking
bucket reads whilst data remains available; flush when a read returns
EAGAIN. Fixes streaming nph- CGI scripts over SSL.

PR: 21944
Inspired by: Jeff Trawick

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102397 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl): Fix segfault if
SSL_get_session() returns NULL.

PR: 15057
Submitted by: Otmar Lendl (lendl@nic.at)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102281 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_scache_dc.c: Add the Apache Software License.

* modules/ssl/mod_ssl.h: Undo accidental comment change in previous
commit.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102228 13f79535-47bb-0310-9956-ffa450edef68

Add support to mod_ssl for a distributed session cache using
distcache.

* LAYOUT: Update for removal of scache_shmht and addition of scache_dc.

* modules/ssl/config.m4: Check for libdistcache; build ssl_scache_dc.lo.

* modules/ssl/mod_ssl.dsp: Build ssl_scache_dc (with luck).

* modules/ssl/mod_ssl.h: Add SSL_SCMODE_DC and scache_dc_* prototypes.

* modules/ssl/ssl_engine_config.c (ssl_cmd_SSLSessionCache): Allow
use of dc: argument.

* modules/ssl/ssl_scache_dc.c: New file.

* modules/ssl/ssl_scache.c (ssl_scache_init, ssl_scache_kill,
ssl_scache_store, ssl_scache_retrieve, ssl_scache_remove,
ssl_ext_status_hook): Hook into scache_dc.

Submitted by: Geoff Thorpe <geoff@geoffthorpe.net>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102227 13f79535-47bb-0310-9956-ffa450edef68

update license to 2004.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102135 13f79535-47bb-0310-9956-ffa450edef68

We need the error strings loaded as early as possible

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102067 13f79535-47bb-0310-9956-ffa450edef68

get mod_ssl.dsp to load again
(we *x weenies have to be careful :) )

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102062 13f79535-47bb-0310-9956-ffa450edef68

Fix format string warnings from gcc on amd64:

* modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_store):
Print apr_size_t using APR_SIZE_T_FMT.

* modules/ssl/ssl_engine_io.c (ssl_filter_write): Print difference
between sizes using APR_SSIZE_T_FMT, apr_size_t using APR_SIZE_T_FMT.

* modules/proxy/proxy_http.c (ap_proxy_http_request): Print
apr_uint64_t using APR_UINT64_T_HEX_FMT.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@102037 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/mod_ssl.h: Remove prototypes for shmht.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101900 13f79535-47bb-0310-9956-ffa450edef68

Extend mod_status output to include SSL session cache status
information:

* modules/ssl/mod_ssl.c (ssl_hook_pre_config): Call
ssl_scache_status_register.

* modules/ssl/ssl_scache.c (ssl_scache_status): Removed function.
(ssl_ext_status_hook): Renamed from ssl_ext_ms_display: switch to
2.1's mod_status "status_hook" API.
(ssl_scache_status_register): Register optional hook.

* modules/ssl/ssl_scache_dbm.c (ssl_scache_dbm_status): Adjust to use
new API.

* modules/ssl/ssl_scache_shmcb.c (ssl_scache_shmcb_status): Adjust
to use new API.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101889 13f79535-47bb-0310-9956-ffa450edef68

Remove shmht session cache in favour of shmcb; shmht has had
data corruption bugs since being apr_rmm'ified.

* config.m4, mod_ssl.dsp: Don't build ssl_util_table and
ssl_scache_shmht.

* ssl_util_table.h, ssl_util_table.c, ssl_scache_shmht.c: Removed
files.

* mod_ssl.h (SSLModConfigRec): Use a void * pointer for storing
the scache-specific data.

* ssl_engine_config.c (ssl_cmd_SSLSessionCache): Treat shmht: as
shmcb:.

* ssl_scache.c: Remove shmht hooks throughout.

* ssl_scache_shmcb.c: Remove casts to use the table_t * pointer as a
void *.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101888 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_log_handler_x): Fix
unused variable from previous commit.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101881 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup): Only call
ssl_var_lookup_ssl for a real SSL connection; fix lookup of "HTTPS"
for non-SSL connections.
(ssl_var_log_handler_x): Give results for non-SSL connections too;
e.g. %{HTTPS}x does the right thing.

PR: 23956

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101880 13f79535-47bb-0310-9956-ffa450edef68

* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_version):
Determine the library version string at run-time rather than at
compile-time.

Submitted by: Eric Seidel <eseidel@apple.com>
PR: 23956

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@101879 13f79535-47bb-0310-9956-ffa450edef68