ssl_engine_log.c

Checkout Tools
  • last updated 8 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
* modules/ssl/ssl_engine_log.c (ssl_log_cert_error): Use string

length returned by apr_vsnprintf. No functional change.

mod_ssl namespacing: SSL_X509_NAME_to_string -> modssl_X509_NAME_to_string

  1. … 4 more files in changeset.
Address a todo listed in

https://mail-archives.apache.org/mod_mbox/httpd-dev/200205.mbox/%3CPine.LNX.4.33.0205292300380.27841-100000%40mako.covalent.net%3E

"init functions should return status code rather than ssl_die()"

For diagnostic purposes, ssl_die() is still there, but instead

of abruptly exit(1)ing, it will return APR_EGENERAL to the

ssl_init_* callers in ssl_engine_init.c, and these will propagate

the status back to ssl_init_Module.

  1. … 7 more files in changeset.
abort if BIO_new fails due to lack of memory

Pass the server_rec to ssl_die() and use it to log a message to the main error

log, pointing to the appropriate virtual host error log

  1. … 8 more files in changeset.
Various fixes for log message tags:

- Remove tags in ssl_log_ssl_error() and ssl_log_cert_error()

- Instead add tags to various ssl_log_xerror, ssl_log_cxerror

calls (ssl_log_rxerror is unused).

- likewise for modssl_proxy_info_log()

- Fix spelling of APLOG_NOERRNO in coccinelle script

- add support for ssl_log_*error and ap_log_cserror

- add some more tags missing due to APLOG_NOERRNO spelling error

- Remove tags from example modules (we don't want people to blindly copy

those)

  1. … 10 more files in changeset.
Add lots of unique tags to error log messages

  1. … 172 more files in changeset.
Cleanup effort in prep for GA push:

Trim trailing whitespace... no func change

  1. … 118 more files in changeset.
Add ssl_log_xerror() and ssl_log_rxerror(), modeled after ssl_log_cxerror().

Add SSL_X509_NAME_to_string(), which converts an X509 distinguished name

to an RFC 2253 formatted string.

Adapt ssl_log_*error() to make use of SSL_X509_NAME_to_string().

  1. … 3 more files in changeset.
we might also see GeneralizedTimes in certs nowadays

Improve ssl_log_cxerror():

Fix logic of APLOG_IS_LEVEL check.

Use X509_NAME_print_ex() instead of deprecated X509_NAME_oneline().

Use i2a_ASN1_INTEGER for printing the serial number.

Add notBefore and notAfter dates to log line.

Check for null cert argument (addresses PR 47408).

  1. … 1 more file in changeset.
Remove the ssl_toolkit_compat layer, which is no longer needed

after support for non-OpenSSL toolkits has been dropped.

Replace macros by their value proper where feasible, and keep

those definitions in ssl_private.h which depend on specific

OpenSSL versions.

  1. … 12 more files in changeset.
Fix some modules to make them compile with per-module loglevels.

  1. … 5 more files in changeset.
* Store the correct server_rec in the connection record configuration and

adjust the remaining part of mod_ssl to use this server_rec instead of

c->base_server.

modules/ssl/ssl_private.h:

- server_rec member to SSLConnRec struct

- Add macros to extract data from connection_rec

mySrvFromConn(c)

mySrvConfigFromConn(c)

myModConfigFromConn(c)

modules/ssl/ssl_engine_io.c

modules/ssl/ssl_util_ocsp.c

modules/ssl/ssl_engine_kernel.c

modules/ssl/mod_ssl.c

modules/ssl/ssl_engine_log.c

- Use the new macros to extract data fron connection_rec

and use the server_rec stored in SSLConnRec instead of

c->base_server whereever appropriate.

  1. … 5 more files in changeset.
* modules/ssl/ssl_engine_log.c (ssl_log_cxerror): Drop 'peer' from the

log message since the passed-in cert may be e.g. the peer's issuer.

* modules/ssl/ssl_private.h (ssl_log_cxerror): Don't mention the word

peer here either.

  1. … 1 more file in changeset.
* modules/ssl/ssl_engine_log.c (ssl_log_cxerror): Log the certificate

serial number along with the subject and issuer names.

* modules/ssl/ssl_engine_log.c (ssl_log_cxerror): New function,

factored out from ssl_callback_SSLVerify.

* modules/ssl/ssl_private: Add prototype.

* modules/ssl/ssl_engine_kernel.c (ssl_callback_SSLVerify): Use it.

  1. … 2 more files in changeset.
* modules/ssl/ssl_engine_log.c (ssl_log_ssl_error): Improve SSL error

log messages: retrieve and log the "data" string where available,

drop the redundant error number (always included in the error string

anyway), and clearly delineate both the "data" and "annotation" from

the error string itself.

PR: 43889

Submitted by: Dr Stephen Henson <steve openssl.org>, jorton

update license header text
  1. … 316 more files in changeset.
Update the copyright year in all .c, .h and .xml files

  1. … 497 more files in changeset.
No functional Change: Removing trailing whitespace. This also

means that "blank" lines consisting of just spaces or

tabs are now really blank lines

  1. … 180 more files in changeset.
Update copyright year to 2005 and standardize on current copyright owner line.

  1. … 522 more files in changeset.
general property cleanup

  1. … 712 more files in changeset.
* modules/ssl/ssl_engine_log.c (ssl_log_annotation): const-ify more.

* modules/ssl/ssl_engine_log.c (ssl_log_annotate, ssl_log_annotation,

ssl_log_ssl_error): const-ify annotation strings and simplify

ssl_log_annotation.

* modules/ssl/ssl_engine_log.c (ssl_log_ssl_error): Use %lu to print

an unsigned long.

Move mod_ssl-internal interfaces into ssl_private.h; allow mod_ssl.h

to be included even when mod_ssl is not enabled.

* Makefile.in (install-include): Only install mod_ssl.h.

* modules/ssl/ssl_private.h: New file.

* modules/ssl/mod_ssl.h: Move everything apart from than the optional

hook definitions into ssl_private.h.

* modules/ssl/*.c: Include ssl_private.h not mod_ssl.h

* modules/ssl/config.m4: Always add the mod_ssl directory to the

include path so other modules can find mod_ssl.h.

* modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional

hook definitions rather than copy'n'pasting them.

  1. … 28 more files in changeset.
fix name of The Apache Software Foundation

  1. … 361 more files in changeset.
fix copyright dates according to the first check in

  1. … 24 more files in changeset.
apply Apache License, Version 2.0

  1. … 262 more files in changeset.