www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

stop using APLOG_NOERRNO in calls to ap_log_[pr]error()

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95150 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jeff Trawick
2002-05-17 11:24:17 +00:00
parent c871b41d3c
commit 50bac91072
24 changed files with 349 additions and 349 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/dav/main/mod_dav.h
View File

@@ -97,13 +97,13 @@ extern "C" {
#define DAV_DEBUG 1 #define DAV_DEBUG 1
#define DEBUG_CR "\n" #define DEBUG_CR "\n"
#define DBG0(f) ap_log_error(APLOG_MARK, \ #define DBG0(f) ap_log_error(APLOG_MARK, \
APLOG_ERR|APLOG_NOERRNO, 0, NULL, (f)) APLOG_ERR, 0, NULL, (f))
#define DBG1(f,a1) ap_log_error(APLOG_MARK, \ #define DBG1(f,a1) ap_log_error(APLOG_MARK, \
APLOG_ERR|APLOG_NOERRNO, 0, NULL, f, a1) APLOG_ERR, 0, NULL, f, a1)
#define DBG2(f,a1,a2) ap_log_error(APLOG_MARK, \ #define DBG2(f,a1,a2) ap_log_error(APLOG_MARK, \
APLOG_ERR|APLOG_NOERRNO, 0, NULL, f, a1, a2) APLOG_ERR, 0, NULL, f, a1, a2)
#define DBG3(f,a1,a2,a3) ap_log_error(APLOG_MARK, \ #define DBG3(f,a1,a2,a3) ap_log_error(APLOG_MARK, \
APLOG_ERR|APLOG_NOERRNO, 0, NULL, f, a1, a2, a3) APLOG_ERR, 0, NULL, f, a1, a2, a3)
#else #else
#undef DAV_DEBUG #undef DAV_DEBUG
#define DEBUG_CR "" #define DEBUG_CR ""

2
modules/mappers/mod_actions.c
View File

@@ -207,7 +207,7 @@ static int action_handler(request_rec *r)
action ? action : ap_default_type(r)))) { action ? action : ap_default_type(r)))) {
script = t; script = t;
if (r->finfo.filetype == 0) { if (r->finfo.filetype == 0) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"File does not exist: %s", r->filename); "File does not exist: %s", r->filename);
return HTTP_NOT_FOUND; return HTTP_NOT_FOUND;
} }

4
modules/mappers/mod_alias.c
View File

@@ -443,14 +443,14 @@ static int fixup_redir(request_rec *r)
char *orig_target = ret; char *orig_target = ret;
ret = ap_construct_url(r->pool, ret, r); ret = ap_construct_url(r->pool, ret, r);
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
"incomplete redirection target of '%s' for " "incomplete redirection target of '%s' for "
"URI '%s' modified to '%s'", "URI '%s' modified to '%s'",
orig_target, r->uri, ret); orig_target, r->uri, ret);
} }
if (!ap_is_url(ret)) { if (!ap_is_url(ret)) {
status = HTTP_INTERNAL_SERVER_ERROR; status = HTTP_INTERNAL_SERVER_ERROR;
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"cannot redirect '%s' to '%s'; " "cannot redirect '%s' to '%s'; "
"target is not a valid absoluteURI or abs_path", "target is not a valid absoluteURI or abs_path",
r->uri, ret); r->uri, ret);

6
modules/mappers/mod_imap.c
View File

@@ -420,7 +420,7 @@ static char *imap_url(request_rec *r, const char *base, const char *value)
/* must be a relative URL to be combined with base */ /* must be a relative URL to be combined with base */
if (ap_strchr_c(base, '/') == NULL && (!strncmp(value, "../", 3) if (ap_strchr_c(base, '/') == NULL && (!strncmp(value, "../", 3)
|| !strcmp(value, ".."))) { || !strcmp(value, ".."))) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"invalid base directive in map file: %s", r->uri); "invalid base directive in map file: %s", r->uri);
return NULL; return NULL;
} }
@@ -480,7 +480,7 @@ static char *imap_url(request_rec *r, const char *base, const char *value)
value */ value */
} }
else if (directory) { else if (directory) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"invalid directory name in map file: %s", r->uri); "invalid directory name in map file: %s", r->uri);
return NULL; return NULL;
} }
@@ -887,7 +887,7 @@ static int imap_handler_internal(request_rec *r)
we failed. They lose! */ we failed. They lose! */
need_2_fields: need_2_fields:
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"map file %s, line %d syntax error: requires at " "map file %s, line %d syntax error: requires at "
"least two fields", r->uri, imap->line_number); "least two fields", r->uri, imap->line_number);
/* fall through */ /* fall through */

16
modules/mappers/mod_negotiation.c
View File

@@ -652,7 +652,7 @@ static void parse_negotiate_header(request_rec *r, negotiation_state *neg)
} }
#ifdef NEG_DEBUG #ifdef NEG_DEBUG
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"dont_fiddle_headers=%d use_rvsa=%d ua_supports_trans=%d " "dont_fiddle_headers=%d use_rvsa=%d ua_supports_trans=%d "
"send_alternates=%d, may_choose=%d", "send_alternates=%d, may_choose=%d",
neg->dont_fiddle_headers, neg->use_rvsa, neg->dont_fiddle_headers, neg->use_rvsa,
@@ -877,7 +877,7 @@ static char *lcase_header_name_return_body(char *header, request_rec *r)
} }
if (!*cp) { if (!*cp) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Syntax error in type map, no ':' in %s for header %s", "Syntax error in type map, no ':' in %s for header %s",
r->filename, header); r->filename, header);
return NULL; return NULL;
@@ -888,7 +888,7 @@ static char *lcase_header_name_return_body(char *header, request_rec *r)
} while (*cp && apr_isspace(*cp)); } while (*cp && apr_isspace(*cp));
if (!*cp) { if (!*cp) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Syntax error in type map --- no header body: %s for %s", "Syntax error in type map --- no header body: %s for %s",
r->filename, header); r->filename, header);
return NULL; return NULL;
@@ -977,7 +977,7 @@ static int read_type_map(apr_file_t **map, negotiation_state *neg, request_rec *
while (--eol >= tag && apr_isspace(*eol)) while (--eol >= tag && apr_isspace(*eol))
*eol = '\0'; *eol = '\0';
if ((mime_info.body = get_body(buffer, &len, tag, *map)) < 0) { if ((mime_info.body = get_body(buffer, &len, tag, *map)) < 0) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Syntax error in type map, no end tag '%s'" "Syntax error in type map, no end tag '%s'"
"found in %s for Body: content.", "found in %s for Body: content.",
tag, r->filename); tag, r->filename);
@@ -1232,7 +1232,7 @@ static int read_types_multi(negotiation_state *neg)
* request must die. * request must die.
*/ */
if (anymatch && !neg->avail_vars->nelts) { if (anymatch && !neg->avail_vars->nelts) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Negotiation: discovered file(s) matching request: %s" "Negotiation: discovered file(s) matching request: %s"
" (None could be negotiated).", " (None could be negotiated).",
r->filename); r->filename);
@@ -2004,7 +2004,7 @@ static int is_variant_better_rvsa(negotiation_state *neg, var_rec *variant,
*/ */
#ifdef NEG_DEBUG #ifdef NEG_DEBUG
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"Variant: file=%s type=%s lang=%s sourceq=%1.3f " "Variant: file=%s type=%s lang=%s sourceq=%1.3f "
"mimeq=%1.3f langq=%1.3f charq=%1.3f encq=%1.3f " "mimeq=%1.3f langq=%1.3f charq=%1.3f encq=%1.3f "
"q=%1.5f definite=%d", "q=%1.5f definite=%d",
@@ -2075,7 +2075,7 @@ static int is_variant_better(negotiation_state *neg, var_rec *variant,
*/ */
#ifdef NEG_DEBUG #ifdef NEG_DEBUG
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"Variant: file=%s type=%s lang=%s sourceq=%1.3f " "Variant: file=%s type=%s lang=%s sourceq=%1.3f "
"mimeq=%1.3f langq=%1.3f langidx=%d charq=%1.3f encq=%1.3f ", "mimeq=%1.3f langq=%1.3f langidx=%d charq=%1.3f encq=%1.3f ",
(variant->file_name ? variant->file_name : ""), (variant->file_name ? variant->file_name : ""),
@@ -2731,7 +2731,7 @@ static int do_negotiation(request_rec *r, negotiation_state *neg,
} }
if (!*bestp) { if (!*bestp) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"no acceptable variant: %s", r->filename); "no acceptable variant: %s", r->filename);
return HTTP_NOT_ACCEPTABLE; return HTTP_NOT_ACCEPTABLE;
} }

6
modules/mappers/mod_rewrite.c
View File

@@ -1144,7 +1144,7 @@ static int hook_uri2file(request_rec *r)
* we can actually use it! * we can actually use it!
*/ */
if (!proxy_available) { if (!proxy_available) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"attempt to make remote request from mod_rewrite " "attempt to make remote request from mod_rewrite "
"without proxy enabled: %s", r->filename); "without proxy enabled: %s", r->filename);
return HTTP_FORBIDDEN; return HTTP_FORBIDDEN;
@@ -1387,7 +1387,7 @@ static int hook_fixup(request_rec *r)
*/ */
if (!(ap_allow_options(r) & (OPT_SYM_LINKS | OPT_SYM_OWNER))) { if (!(ap_allow_options(r) & (OPT_SYM_LINKS | OPT_SYM_OWNER))) {
/* FollowSymLinks is mandatory! */ /* FollowSymLinks is mandatory! */
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Options FollowSymLinks or SymLinksIfOwnerMatch is off " "Options FollowSymLinks or SymLinksIfOwnerMatch is off "
"which implies that RewriteRule directive is forbidden: " "which implies that RewriteRule directive is forbidden: "
"%s", r->filename); "%s", r->filename);
@@ -3155,7 +3155,7 @@ static void open_rewritelog(server_rec *s, apr_pool_t *p)
if (*conf->rewritelogfile == '|') { if (*conf->rewritelogfile == '|') {
if ((pl = ap_open_piped_log(p, conf->rewritelogfile+1)) == NULL) { if ((pl = ap_open_piped_log(p, conf->rewritelogfile+1)) == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"mod_rewrite: could not open reliable pipe " "mod_rewrite: could not open reliable pipe "
"to RewriteLog filter %s", conf->rewritelogfile+1); "to RewriteLog filter %s", conf->rewritelogfile+1);
exit(1); exit(1);

10
modules/mappers/mod_so.c
View File

@@ -228,7 +228,7 @@ static const char *load_module(cmd_parms *cmd, void *dummy,
for (i = 0; i < sconf->loaded_modules->nelts; i++) { for (i = 0; i < sconf->loaded_modules->nelts; i++) {
modi = &modie[i]; modi = &modie[i];
if (modi->name != NULL && strcmp(modi->name, modname) == 0) { if (modi->name != NULL && strcmp(modi->name, modname) == 0) {
ap_log_perror(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, ap_log_perror(APLOG_MARK, APLOG_WARNING, 0,
cmd->pool, "module %s is already loaded, skipping", cmd->pool, "module %s is already loaded, skipping",
modname); modname);
return NULL; return NULL;
@@ -287,7 +287,7 @@ static const char *load_module(cmd_parms *cmd, void *dummy,
apr_dso_error(modhandle, my_error, sizeof(my_error)), apr_dso_error(modhandle, my_error, sizeof(my_error)),
NULL); NULL);
} }
ap_log_perror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, cmd->pool, ap_log_perror(APLOG_MARK, APLOG_DEBUG, 0, cmd->pool,
"loaded module %s", modname); "loaded module %s", modname);
/* /*
@@ -363,7 +363,7 @@ static const char *load_file(cmd_parms *cmd, void *dummy, const char *filename)
NULL); NULL);
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,
"loaded file %s", filename); "loaded file %s", filename);
return NULL; return NULL;
@@ -373,7 +373,7 @@ static const char *load_file(cmd_parms *cmd, void *dummy, const char *filename)
static const char *load_file(cmd_parms *cmd, void *dummy, const char *filename) static const char *load_file(cmd_parms *cmd, void *dummy, const char *filename)
{ {
ap_log_perror(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, cmd->pool, ap_log_perror(APLOG_MARK, APLOG_STARTUP, 0, cmd->pool,
"WARNING: LoadFile not supported on this platform"); "WARNING: LoadFile not supported on this platform");
return NULL; return NULL;
} }
@@ -381,7 +381,7 @@ static const char *load_file(cmd_parms *cmd, void *dummy, const char *filename)
static const char *load_module(cmd_parms *cmd, void *dummy, static const char *load_module(cmd_parms *cmd, void *dummy,
const char *modname, const char *filename) const char *modname, const char *filename)
{ {
ap_log_perror(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, cmd->pool, ap_log_perror(APLOG_MARK, APLOG_STARTUP, 0, cmd->pool,
"WARNING: LoadModule not supported on this platform"); "WARNING: LoadModule not supported on this platform");
return NULL; return NULL;
} }

4
modules/mappers/mod_speling.c
View File

@@ -431,7 +431,7 @@ static int check_speling(request_rec *r)
apr_table_setn(r->headers_out, "Location", apr_table_setn(r->headers_out, "Location",
ap_construct_url(r->pool, nuri, r)); ap_construct_url(r->pool, nuri, r));
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_INFO, APR_SUCCESS, ap_log_rerror(APLOG_MARK, APLOG_INFO, APR_SUCCESS,
r, r,
ref ? "Fixed spelling: %s to %s from %s" ref ? "Fixed spelling: %s to %s from %s"
: "Fixed spelling: %s to %s", : "Fixed spelling: %s to %s",
@@ -540,7 +540,7 @@ static int check_speling(request_rec *r)
apr_pool_destroy(sub_pool); apr_pool_destroy(sub_pool);
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO | APLOG_INFO, 0, r, ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
ref ? "Spelling fix: %s: %d candidates from %s" ref ? "Spelling fix: %s: %d candidates from %s"
: "Spelling fix: %s: %d candidates", : "Spelling fix: %s: %d candidates",
r->uri, candidates->nelts, ref); r->uri, candidates->nelts, ref);

18
modules/proxy/mod_proxy.c
View File

@@ -326,7 +326,7 @@ static int proxy_needsdomain(request_rec *r, const char *url, const char *domain
APR_URI_UNP_REVEALPASSWORD); APR_URI_UNP_REVEALPASSWORD);
apr_table_set(r->headers_out, "Location", nuri); apr_table_set(r->headers_out, "Location", nuri);
ap_log_rerror(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r, ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Domain missing: %s sent to %s%s%s", r->uri, "Domain missing: %s sent to %s%s%s", r->uri,
apr_uri_unparse(r->pool, &r->parsed_uri, apr_uri_unparse(r->pool, &r->parsed_uri,
APR_URI_UNP_OMITUSERINFO), APR_URI_UNP_OMITUSERINFO),
@@ -425,7 +425,7 @@ static int proxy_handler(request_rec *r)
direct_connect = list[ii].matcher(&list[ii], r); direct_connect = list[ii].matcher(&list[ii], r);
} }
#if DEBUGGING #if DEBUGGING
ap_log_rerror(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r, ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
(direct_connect) ? "NoProxy for %s" : "UseProxy for %s", (direct_connect) ? "NoProxy for %s" : "UseProxy for %s",
r->uri); r->uri);
#endif #endif
@@ -442,7 +442,7 @@ static int proxy_handler(request_rec *r)
strncasecmp(url, ents[i].scheme, strlen(ents[i].scheme)) == 0)) { strncasecmp(url, ents[i].scheme, strlen(ents[i].scheme)) == 0)) {
/* handle the scheme */ /* handle the scheme */
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Trying to run scheme_handler against proxy"); "Trying to run scheme_handler against proxy");
access_status = proxy_run_scheme_handler(r, conf, url, ents[i].hostname, ents[i].port); access_status = proxy_run_scheme_handler(r, conf, url, ents[i].hostname, ents[i].port);
@@ -461,11 +461,11 @@ static int proxy_handler(request_rec *r)
*/ */
/* handle the scheme */ /* handle the scheme */
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Trying to run scheme_handler"); "Trying to run scheme_handler");
access_status = proxy_run_scheme_handler(r, conf, url, NULL, 0); access_status = proxy_run_scheme_handler(r, conf, url, NULL, 0);
if (DECLINED == access_status) { if (DECLINED == access_status) {
ap_log_error(APLOG_MARK, APLOG_WARNING | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
"proxy: No protocol handler was valid for the URL %s. " "proxy: No protocol handler was valid for the URL %s. "
"If you are using a DSO version of mod_proxy, make sure " "If you are using a DSO version of mod_proxy, make sure "
"the proxy submodules are included in the configuration " "the proxy submodules are included in the configuration "
@@ -762,23 +762,23 @@ static const char *
if (ap_proxy_is_ipaddr(New, parms->pool)) { if (ap_proxy_is_ipaddr(New, parms->pool)) {
#if DEBUGGING #if DEBUGGING
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"Parsed addr %s", inet_ntoa(New->addr)); "Parsed addr %s", inet_ntoa(New->addr));
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"Parsed mask %s", inet_ntoa(New->mask)); "Parsed mask %s", inet_ntoa(New->mask));
#endif #endif
} }
else if (ap_proxy_is_domainname(New, parms->pool)) { else if (ap_proxy_is_domainname(New, parms->pool)) {
ap_str_tolower(New->name); ap_str_tolower(New->name);
#if DEBUGGING #if DEBUGGING
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"Parsed domain %s", New->name); "Parsed domain %s", New->name);
#endif #endif
} }
else if (ap_proxy_is_hostname(New, parms->pool)) { else if (ap_proxy_is_hostname(New, parms->pool)) {
ap_str_tolower(New->name); ap_str_tolower(New->name);
#if DEBUGGING #if DEBUGGING
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"Parsed host %s", New->name); "Parsed host %s", New->name);
#endif #endif
} }

26
modules/proxy/proxy_connect.c
View File

@@ -112,7 +112,7 @@ int ap_proxy_connect_canon(request_rec *r, char *url)
if (r->method_number != M_CONNECT) { if (r->method_number != M_CONNECT) {
return DECLINED; return DECLINED;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: canonicalising URL %s", url); "proxy: CONNECT: canonicalising URL %s", url);
return OK; return OK;
@@ -141,11 +141,11 @@ int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf,
/* is this for us? */ /* is this for us? */
if (r->method_number != M_CONNECT) { if (r->method_number != M_CONNECT) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: declining URL %s", url); "proxy: CONNECT: declining URL %s", url);
return DECLINED; return DECLINED;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: serving URL %s", url); "proxy: CONNECT: serving URL %s", url);
@@ -161,7 +161,7 @@ int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf,
apr_pstrcat(p, "URI cannot be parsed: ", url, NULL)); apr_pstrcat(p, "URI cannot be parsed: ", url, NULL));
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: connecting %s to %s:%d", url, uri.hostname, uri.port); "proxy: CONNECT: connecting %s to %s:%d", url, uri.hostname, uri.port);
/* do a DNS lookup for the destination host */ /* do a DNS lookup for the destination host */
@@ -178,7 +178,7 @@ int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf,
connectport = uri.port; connectport = uri.port;
connect_addr = uri_addr; connect_addr = uri_addr;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: connecting to remote proxy %s on port %d", connectname, connectport); "proxy: CONNECT: connecting to remote proxy %s on port %d", connectname, connectport);
/* check if ProxyBlock directive on this host */ /* check if ProxyBlock directive on this host */
@@ -262,7 +262,7 @@ int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf,
if (proxyport) { if (proxyport) {
/* FIXME: Error checking ignored. /* FIXME: Error checking ignored.
*/ */
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: sending the CONNECT request to the remote proxy"); "proxy: CONNECT: sending the CONNECT request to the remote proxy");
nbytes = apr_snprintf(buffer, sizeof(buffer), nbytes = apr_snprintf(buffer, sizeof(buffer),
"CONNECT %s HTTP/1.0" CRLF, r->uri); "CONNECT %s HTTP/1.0" CRLF, r->uri);
@@ -272,7 +272,7 @@ int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf,
apr_send(sock, buffer, &nbytes); apr_send(sock, buffer, &nbytes);
} }
else { else {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: Returning 200 OK Status"); "proxy: CONNECT: Returning 200 OK Status");
nbytes = apr_snprintf(buffer, sizeof(buffer), nbytes = apr_snprintf(buffer, sizeof(buffer),
"HTTP/1.0 200 Connection Established" CRLF); "HTTP/1.0 200 Connection Established" CRLF);
@@ -293,7 +293,7 @@ int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf,
#endif #endif
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: setting up poll()"); "proxy: CONNECT: setting up poll()");
/* /*
@@ -319,20 +319,20 @@ int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf,
apr_poll_socket_add(pollfd, sock, APR_POLLIN); apr_poll_socket_add(pollfd, sock, APR_POLLIN);
while (1) { /* Infinite loop until error (one side closes the connection) */ while (1) { /* Infinite loop until error (one side closes the connection) */
/* ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, "proxy: CONNECT: going to sleep (poll)");*/ /* ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server, "proxy: CONNECT: going to sleep (poll)");*/
if ((rv = apr_poll(pollfd, &pollcnt, -1)) != APR_SUCCESS) if ((rv = apr_poll(pollfd, &pollcnt, -1)) != APR_SUCCESS)
{ {
apr_socket_close(sock); apr_socket_close(sock);
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "proxy: CONNECT: error apr_poll()"); ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r, "proxy: CONNECT: error apr_poll()");
return HTTP_INTERNAL_SERVER_ERROR; return HTTP_INTERNAL_SERVER_ERROR;
} }
/* ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, /* ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: woke from select(), i=%d", pollcnt);*/ "proxy: CONNECT: woke from select(), i=%d", pollcnt);*/
if (pollcnt) { if (pollcnt) {
apr_poll_revents_get(&pollevent, sock, pollfd); apr_poll_revents_get(&pollevent, sock, pollfd);
if (pollevent & APR_POLLIN) { if (pollevent & APR_POLLIN) {
/* ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, /* ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: sock was set");*/ "proxy: CONNECT: sock was set");*/
nbytes = sizeof(buffer); nbytes = sizeof(buffer);
if (apr_recv(sock, buffer, &nbytes) == APR_SUCCESS) { if (apr_recv(sock, buffer, &nbytes) == APR_SUCCESS) {
@@ -362,7 +362,7 @@ int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf,
apr_poll_revents_get(&pollevent, client_socket, pollfd); apr_poll_revents_get(&pollevent, client_socket, pollfd);
if (pollevent & APR_POLLIN) { if (pollevent & APR_POLLIN) {
/* ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, /* ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: client was set");*/ "proxy: CONNECT: client was set");*/
nbytes = sizeof(buffer); nbytes = sizeof(buffer);
if (apr_recv(client_socket, buffer, &nbytes) == APR_SUCCESS) { if (apr_recv(client_socket, buffer, &nbytes) == APR_SUCCESS) {
@@ -387,7 +387,7 @@ int ap_proxy_connect_handler(request_rec *r, proxy_server_conf *conf,
break; break;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: CONNECT: finished with poll() - cleaning up"); "proxy: CONNECT: finished with poll() - cleaning up");
/* /*

56
modules/proxy/proxy_ftp.c
View File

@@ -190,7 +190,7 @@ int ap_proxy_ftp_canon(request_rec *r, char *url)
} }
def_port = apr_uri_default_port_for_scheme("ftp"); def_port = apr_uri_default_port_for_scheme("ftp");
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: canonicalising URL %s", url); "proxy: FTP: canonicalising URL %s", url);
port = def_port; port = def_port;
@@ -277,7 +277,7 @@ static int ftp_getrc_msg(conn_rec *ftp_ctrl, apr_bucket_brigade *bb, char *msgbu
return -1; return -1;
} }
/* /*
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,
"proxy: <FTP: %s", response); "proxy: <FTP: %s", response);
*/ */
if (!apr_isdigit(response[0]) || !apr_isdigit(response[1]) || if (!apr_isdigit(response[0]) || !apr_isdigit(response[1]) ||
@@ -649,7 +649,7 @@ proxy_ftp_command(const char *cmd, request_rec *r, conn_rec *ftp_ctrl,
*crlf = '\0'; *crlf = '\0';
if (strncmp(message,"PASS ", 5) == 0) if (strncmp(message,"PASS ", 5) == 0)
strcpy(&message[5], "****"); strcpy(&message[5], "****");
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy:>FTP: %s", message); "proxy:>FTP: %s", message);
} }
@@ -659,7 +659,7 @@ proxy_ftp_command(const char *cmd, request_rec *r, conn_rec *ftp_ctrl,
if ((crlf = strchr(message, '\r')) != NULL || if ((crlf = strchr(message, '\r')) != NULL ||
(crlf = strchr(message, '\n')) != NULL) (crlf = strchr(message, '\n')) != NULL)
*crlf = '\0'; *crlf = '\0';
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy:<FTP: %3.3u %s", rc, message); "proxy:<FTP: %3.3u %s", rc, message);
if (pmessage != NULL) if (pmessage != NULL)
@@ -752,7 +752,7 @@ static int ftp_unauthorized(request_rec *r, int log_it)
* guessing attempts) * guessing attempts)
*/ */
if (log_it) if (log_it)
ap_log_rerror(APLOG_MARK, APLOG_INFO | APLOG_NOERRNO, 0, r, ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"proxy: missing or failed auth to %s", "proxy: missing or failed auth to %s",
apr_uri_unparse(r->pool, apr_uri_unparse(r->pool,
&r->parsed_uri, APR_URI_UNP_OMITPATHINFO)); &r->parsed_uri, APR_URI_UNP_OMITPATHINFO));
@@ -811,16 +811,16 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
/* is this for us? */ /* is this for us? */
if (proxyhost) { if (proxyhost) {
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: declining URL %s - proxyhost %s specified:", url, proxyhost); "proxy: FTP: declining URL %s - proxyhost %s specified:", url, proxyhost);
return DECLINED; /* proxy connections are via HTTP */ return DECLINED; /* proxy connections are via HTTP */
} }
if (strncasecmp(url, "ftp:", 4)) { if (strncasecmp(url, "ftp:", 4)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: declining URL %s - not ftp:", url); "proxy: FTP: declining URL %s - not ftp:", url);
return DECLINED; /* only interested in FTP */ return DECLINED; /* only interested in FTP */
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: serving URL %s", url); "proxy: FTP: serving URL %s", url);
/* create space for state information */ /* create space for state information */
@@ -913,7 +913,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
password = "apache-proxy@"; password = "apache-proxy@";
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: connecting %s to %s:%d", url, connectname, connectport); "proxy: FTP: connecting %s to %s:%d", url, connectname, connectport);
/* do a DNS lookup for the destination host */ /* do a DNS lookup for the destination host */
@@ -978,7 +978,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
(int)(r->server->timeout * APR_USEC_PER_SEC)); (int)(r->server->timeout * APR_USEC_PER_SEC));
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: socket has been created"); "proxy: FTP: socket has been created");
@@ -1003,7 +1003,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
* (either do it in this loop, or make at least two attempts * (either do it in this loop, or make at least two attempts
* with the AF_INET and AF_INET6 elements in the list) * with the AF_INET and AF_INET6 elements in the list)
*/ */
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: trying to connect to %pI (%s)...", connect_addr, connectname); "proxy: FTP: trying to connect to %pI (%s)...", connect_addr, connectname);
/* make the connection out of the socket */ /* make the connection out of the socket */
@@ -1038,7 +1038,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
* the peer reset the connection already; ap_run_create_connection() closed * the peer reset the connection already; ap_run_create_connection() closed
* the socket * the socket
*/ */
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: an error occurred creating a new connection to %pI (%s)", connect_addr, connectname); "proxy: FTP: an error occurred creating a new connection to %pI (%s)", connect_addr, connectname);
return HTTP_INTERNAL_SERVER_ERROR; return HTTP_INTERNAL_SERVER_ERROR;
} }
@@ -1051,7 +1051,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
origin_sock = NULL; origin_sock = NULL;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: control connection complete"); "proxy: FTP: control connection complete");
@@ -1281,7 +1281,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
apr_sockaddr_t *epsv_addr; apr_sockaddr_t *epsv_addr;
data_port = atoi(pstr + 3); data_port = atoi(pstr + 3);
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: EPSV contacting remote host on port %d", "proxy: FTP: EPSV contacting remote host on port %d",
data_port); data_port);
@@ -1367,7 +1367,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
apr_sockaddr_t *pasv_addr; apr_sockaddr_t *pasv_addr;
apr_port_t pasvport = (p1 << 8) + p0; apr_port_t pasvport = (p1 << 8) + p0;
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: PASV contacting host %d.%d.%d.%d:%d", "proxy: FTP: PASV contacting host %d.%d.%d.%d:%d",
h3, h2, h1, h0, pasvport); h3, h2, h1, h0, pasvport);
@@ -1537,7 +1537,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
size = ftpmessage; /* already pstrdup'ed: no copy necessary */ size = ftpmessage; /* already pstrdup'ed: no copy necessary */
} }
else if (rc == 550) { /* Not a regular file */ else if (rc == 550) { /* Not a regular file */
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: SIZE shows this is a directory"); "proxy: FTP: SIZE shows this is a directory");
dirlisting = 1; dirlisting = 1;
rc = proxy_ftp_command(apr_pstrcat(p, "CWD ", rc = proxy_ftp_command(apr_pstrcat(p, "CWD ",
@@ -1670,7 +1670,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
"Error reading from remote server"); "Error reading from remote server");
} }
if (rc == 550) { if (rc == 550) {
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: RETR failed, trying LIST instead"); "proxy: FTP: RETR failed, trying LIST instead");
/* Directory Listings should always be fetched in ASCII mode */ /* Directory Listings should always be fetched in ASCII mode */
@@ -1732,7 +1732,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
} }
else { else {
if (r->content_type) { if (r->content_type) {
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: Content-Type set to %s", r->content_type); "proxy: FTP: Content-Type set to %s", r->content_type);
} }
else { else {
@@ -1741,12 +1741,12 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
if (xfer_type != 'A' && size != NULL) { if (xfer_type != 'A' && size != NULL) {
/* We "trust" the ftp server to really serve (size) bytes... */ /* We "trust" the ftp server to really serve (size) bytes... */
apr_table_setn(r->headers_out, "Content-Length", size); apr_table_setn(r->headers_out, "Content-Length", size);
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: Content-Length set to %s", size); "proxy: FTP: Content-Length set to %s", size);
} }
} }
apr_table_setn(r->headers_out, "Content-Type", r->content_type); apr_table_setn(r->headers_out, "Content-Type", r->content_type);
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: Content-Type set to %s", r->content_type); "proxy: FTP: Content-Type set to %s", r->content_type);
#if defined(USE_MDTM) && (defined(HAVE_TIMEGM) || defined(HAVE_GMTOFF)) #if defined(USE_MDTM) && (defined(HAVE_TIMEGM) || defined(HAVE_GMTOFF))
@@ -1754,7 +1754,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
char datestr[APR_RFC822_DATE_LEN]; char datestr[APR_RFC822_DATE_LEN];
apr_rfc822_date(datestr, mtime); apr_rfc822_date(datestr, mtime);
apr_table_set(r->headers_out, "Last-Modified", datestr); apr_table_set(r->headers_out, "Last-Modified", datestr);
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: Last-Modified set to %s", datestr); "proxy: FTP: Last-Modified set to %s", datestr);
} }
#endif /* USE_MDTM */ #endif /* USE_MDTM */
@@ -1768,7 +1768,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
/* set content-encoding (not for dir listings, they are uncompressed)*/ /* set content-encoding (not for dir listings, they are uncompressed)*/
if (r->content_encoding != NULL && r->content_encoding[0] != '\0') { if (r->content_encoding != NULL && r->content_encoding[0] != '\0') {
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: Content-Encoding set to %s", r->content_encoding); "proxy: FTP: Content-Encoding set to %s", r->content_encoding);
apr_table_setn(r->headers_out, "Content-Encoding", r->content_encoding); apr_table_setn(r->headers_out, "Content-Encoding", r->content_encoding);
} }
@@ -1799,7 +1799,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
* the peer reset the connection already; ap_run_create_connection() closed * the peer reset the connection already; ap_run_create_connection() closed
* the socket * the socket
*/ */
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: an error occurred creating the transfer connection"); "proxy: FTP: an error occurred creating the transfer connection");
return HTTP_INTERNAL_SERVER_ERROR; return HTTP_INTERNAL_SERVER_ERROR;
} }
@@ -1826,7 +1826,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
apr_bucket *e; apr_bucket *e;
int finish = FALSE; int finish = FALSE;
ap_log_error(APLOG_MARK, APLOG_DEBUG | APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: start body send"); "proxy: FTP: start body send");
/* read the body, pass it to the output filters */ /* read the body, pass it to the output filters */
@@ -1839,7 +1839,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
{ {
apr_off_t readbytes; apr_off_t readbytes;
apr_brigade_length(bb, 0, &readbytes); apr_brigade_length(bb, 0, &readbytes);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
r->server, "proxy (PID %d): readbytes: %#x", r->server, "proxy (PID %d): readbytes: %#x",
getpid(), readbytes); getpid(), readbytes);
} }
@@ -1860,7 +1860,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
ap_flush_conn(data); ap_flush_conn(data);
apr_socket_close(data_sock); apr_socket_close(data_sock);
data_sock = NULL; data_sock = NULL;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: data connection closed"); "proxy: FTP: data connection closed");
/* signal that we must leave */ /* signal that we must leave */
finish = TRUE; finish = TRUE;
@@ -1886,14 +1886,14 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf,
break; break;
} }
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: end body send"); "proxy: FTP: end body send");
} }
if (data_sock) { if (data_sock) {
ap_flush_conn(data); ap_flush_conn(data);
apr_socket_close(data_sock); apr_socket_close(data_sock);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: FTP: data connection closed"); "proxy: FTP: data connection closed");
} }

40
modules/proxy/proxy_http.c
View File

@@ -106,7 +106,7 @@ int ap_proxy_http_canon(request_rec *r, char *url)
} }
def_port = apr_uri_default_port_for_scheme(scheme); def_port = apr_uri_default_port_for_scheme(scheme);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: HTTP: canonicalising URL %s", url); "proxy: HTTP: canonicalising URL %s", url);
/* do syntatic check. /* do syntatic check.
@@ -218,7 +218,7 @@ apr_status_t ap_proxy_http_determine_connection(apr_pool_t *p, request_rec *r,
uri->port = apr_uri_default_port_for_scheme(uri->scheme); uri->port = apr_uri_default_port_for_scheme(uri->scheme);
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: HTTP connecting %s to %s:%d", *url, uri->hostname, "proxy: HTTP connecting %s to %s:%d", *url, uri->hostname,
uri->port); uri->port);
@@ -300,10 +300,10 @@ apr_status_t ap_proxy_http_create_connection(apr_pool_t *p, request_rec *r,
(backend->port == p_conn->port) && (backend->port == p_conn->port) &&
(backend->hostname) && (backend->hostname) &&
(!apr_strnatcasecmp(backend->hostname, p_conn->name))) { (!apr_strnatcasecmp(backend->hostname, p_conn->name))) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: keepalive address match (keep original socket)"); "proxy: keepalive address match (keep original socket)");
} else { } else {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: keepalive address mismatch / connection has" "proxy: keepalive address mismatch / connection has"
" changed (close old socket (%s/%s, %d/%d))", " changed (close old socket (%s/%s, %d/%d))",
p_conn->name, backend->hostname, p_conn->port, p_conn->name, backend->hostname, p_conn->port,
@@ -334,7 +334,7 @@ apr_status_t ap_proxy_http_create_connection(apr_pool_t *p, request_rec *r,
/* put back old timeout */ /* put back old timeout */
apr_setsocketopt(p_conn->sock, APR_SO_TIMEOUT, current_timeout); apr_setsocketopt(p_conn->sock, APR_SO_TIMEOUT, current_timeout);
if ( APR_STATUS_IS_EOF(socket_status) ) { if ( APR_STATUS_IS_EOF(socket_status) ) {
ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, NULL, ap_log_error(APLOG_MARK, APLOG_ERR, 0, NULL,
"proxy: HTTP: previous connection is closed"); "proxy: HTTP: previous connection is closed");
new = 1; new = 1;
} }
@@ -367,7 +367,7 @@ apr_status_t ap_proxy_http_create_connection(apr_pool_t *p, request_rec *r,
} }
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: socket is connected"); "proxy: socket is connected");
/* the socket is now open, create a new backend server connection */ /* the socket is now open, create a new backend server connection */
@@ -378,7 +378,7 @@ apr_status_t ap_proxy_http_create_connection(apr_pool_t *p, request_rec *r,
/* the peer reset the connection already; ap_run_create_connection() /* the peer reset the connection already; ap_run_create_connection()
* closed the socket * closed the socket
*/ */
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
r->server, "proxy: an error occurred creating a " r->server, "proxy: an error occurred creating a "
"new connection to %pI (%s)", p_conn->addr, "new connection to %pI (%s)", p_conn->addr,
p_conn->name); p_conn->name);
@@ -391,7 +391,7 @@ apr_status_t ap_proxy_http_create_connection(apr_pool_t *p, request_rec *r,
if (backend->is_ssl) { if (backend->is_ssl) {
if (!ap_proxy_ssl_enable(backend->connection)) { if (!ap_proxy_ssl_enable(backend->connection)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_ERR, 0,
r->server, "proxy: failed to enable ssl support " r->server, "proxy: failed to enable ssl support "
"for %pI (%s)", p_conn->addr, p_conn->name); "for %pI (%s)", p_conn->addr, p_conn->name);
return HTTP_INTERNAL_SERVER_ERROR; return HTTP_INTERNAL_SERVER_ERROR;
@@ -401,7 +401,7 @@ apr_status_t ap_proxy_http_create_connection(apr_pool_t *p, request_rec *r,
ap_proxy_ssl_disable(backend->connection); ap_proxy_ssl_disable(backend->connection);
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: connection complete to %pI (%s)", "proxy: connection complete to %pI (%s)",
p_conn->addr, p_conn->name); p_conn->addr, p_conn->name);
@@ -469,7 +469,7 @@ apr_status_t ap_proxy_http_request(apr_pool_t *p, request_rec *r,
const char* hostname = apr_table_get(r->headers_in,"Host"); const char* hostname = apr_table_get(r->headers_in,"Host");
if (!hostname) { if (!hostname) {
hostname = r->server->server_hostname; hostname = r->server->server_hostname;
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_WARNING, 0, r, ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
"proxy: no HTTP 0.9 request (with no host line) " "proxy: no HTTP 0.9 request (with no host line) "
"on incoming request and preserve host set " "on incoming request and preserve host set "
"forcing hostname to be %s for uri %s", "forcing hostname to be %s for uri %s",
@@ -675,7 +675,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
if (len <= 0) { if (len <= 0) {
apr_socket_close(p_conn->sock); apr_socket_close(p_conn->sock);
backend->connection = NULL; backend->connection = NULL;
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"proxy: error reading status line from remote " "proxy: error reading status line from remote "
"server %s", p_conn->name); "server %s", p_conn->name);
return ap_proxyerror(r, HTTP_BAD_GATEWAY, return ap_proxyerror(r, HTTP_BAD_GATEWAY,
@@ -717,7 +717,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
r->headers_out = ap_proxy_read_headers(r, rp, buffer, r->headers_out = ap_proxy_read_headers(r, rp, buffer,
sizeof(buffer), origin); sizeof(buffer), origin);
if (r->headers_out == NULL) { if (r->headers_out == NULL) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
r->server, "proxy: bad HTTP/%d.%d header " r->server, "proxy: bad HTTP/%d.%d header "
"returned by %s (%s)", major, minor, r->uri, "returned by %s (%s)", major, minor, r->uri,
r->method); r->method);
@@ -780,7 +780,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
if ( r->status != HTTP_CONTINUE ) { if ( r->status != HTTP_CONTINUE ) {
received_continue = 0; received_continue = 0;
} else { } else {
ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_DEBUG, 0, NULL, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,
"proxy: HTTP: received 100 CONTINUE"); "proxy: HTTP: received 100 CONTINUE");
} }
@@ -848,7 +848,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
apr_table_unset(r->headers_out,"Transfer-Encoding"); apr_table_unset(r->headers_out,"Transfer-Encoding");
apr_table_unset(r->headers_out,"Content-Length"); apr_table_unset(r->headers_out,"Content-Length");
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: start body send"); "proxy: start body send");
/* /*
@@ -868,7 +868,7 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
{ {
apr_off_t readbytes; apr_off_t readbytes;
apr_brigade_length(bb, 0, &readbytes); apr_brigade_length(bb, 0, &readbytes);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
r->server, "proxy (PID %d): readbytes: %#x", r->server, "proxy (PID %d): readbytes: %#x",
getpid(), readbytes); getpid(), readbytes);
} }
@@ -907,10 +907,10 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
} }
} }
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: end body send"); "proxy: end body send");
} else { } else {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: header only"); "proxy: header only");
} }
} }
@@ -994,7 +994,7 @@ int ap_proxy_http_handler(request_rec *r, proxy_server_conf *conf,
/* is it for us? */ /* is it for us? */
if (strncasecmp(url, "https:", 6) == 0) { if (strncasecmp(url, "https:", 6) == 0) {
if (!ap_proxy_ssl_enable(NULL)) { if (!ap_proxy_ssl_enable(NULL)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: HTTPS: declining URL %s" "proxy: HTTPS: declining URL %s"
" (mod_ssl not configured?)", url); " (mod_ssl not configured?)", url);
return DECLINED; return DECLINED;
@@ -1002,11 +1002,11 @@ int ap_proxy_http_handler(request_rec *r, proxy_server_conf *conf,
is_ssl = 1; is_ssl = 1;
} }
else if (strncasecmp(url, "http:", 5)) { else if (strncasecmp(url, "http:", 5)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: HTTP: declining URL %s", url); "proxy: HTTP: declining URL %s", url);
return DECLINED; /* only interested in HTTP */ return DECLINED; /* only interested in HTTP */
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: HTTP: serving URL %s", url); "proxy: HTTP: serving URL %s", url);

50
modules/proxy/proxy_util.c
View File

@@ -455,7 +455,7 @@ PROXY_DECLARE(apr_table_t *)ap_proxy_read_headers(request_rec *r, request_rec *r
return NULL; return NULL;
} }
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
"proxy: Ignoring duplicate HTTP header " "proxy: Ignoring duplicate HTTP header "
"returned by %s (%s)", r->uri, r->method); "returned by %s (%s)", r->uri, r->method);
continue; continue;
@@ -624,7 +624,7 @@ PROXY_DECLARE(int) ap_proxyerror(request_rec *r, int statuscode, const char *mes
apr_table_setn(r->notes, "verbose-error-to", apr_pstrdup(r->pool, "*")); apr_table_setn(r->notes, "verbose-error-to", apr_pstrdup(r->pool, "*"));
r->status_line = apr_psprintf(r->pool, "%3.3u Proxy Error", statuscode); r->status_line = apr_psprintf(r->pool, "%3.3u Proxy Error", statuscode);
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"proxy: %s returned by %s", message, r->uri); "proxy: %s returned by %s", message, r->uri);
return statuscode; return statuscode;
} }
@@ -648,7 +648,7 @@ static const char *
err = ap_proxy_canon_netloc(r->pool, &url, &user, &password, &host, &port); err = ap_proxy_canon_netloc(r->pool, &url, &user, &password, &host, &port);
if (err != NULL) if (err != NULL)
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"%s", err); "%s", err);
r->hostname = host; r->hostname = host;
@@ -736,7 +736,7 @@ PROXY_DECLARE(int) ap_proxy_is_ipaddr(struct dirconn_entry *This, apr_pool_t *p)
bits = 8 * quads; bits = 8 * quads;
if (bits != 32) /* no warning for fully qualified IP address */ if (bits != 32) /* no warning for fully qualified IP address */
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"Warning: NetMask not supplied with IP-Addr; guessing: %s/%ld\n", "Warning: NetMask not supplied with IP-Addr; guessing: %s/%ld\n",
inet_ntoa(This->addr), bits); inet_ntoa(This->addr), bits);
} }
@@ -744,11 +744,11 @@ PROXY_DECLARE(int) ap_proxy_is_ipaddr(struct dirconn_entry *This, apr_pool_t *p)
This->mask.s_addr = htonl(APR_INADDR_NONE << (32 - bits)); This->mask.s_addr = htonl(APR_INADDR_NONE << (32 - bits));
if (*addr == '\0' && (This->addr.s_addr & ~This->mask.s_addr) != 0) { if (*addr == '\0' && (This->addr.s_addr & ~This->mask.s_addr) != 0) {
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"Warning: NetMask and IP-Addr disagree in %s/%ld\n", "Warning: NetMask and IP-Addr disagree in %s/%ld\n",
inet_ntoa(This->addr), bits); inet_ntoa(This->addr), bits);
This->addr.s_addr &= This->mask.s_addr; This->addr.s_addr &= This->mask.s_addr;
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
" Set to %s/%ld\n", " Set to %s/%ld\n",
inet_ntoa(This->addr), bits); inet_ntoa(This->addr), bits);
} }
@@ -780,22 +780,22 @@ static int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r)
if (This->addr.s_addr == (addr.s_addr & This->mask.s_addr)) { if (This->addr.s_addr == (addr.s_addr & This->mask.s_addr)) {
#if DEBUGGING #if DEBUGGING
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"1)IP-Match: %s[%s] <-> ", host, inet_ntoa(addr)); "1)IP-Match: %s[%s] <-> ", host, inet_ntoa(addr));
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s/", inet_ntoa(This->addr)); "%s/", inet_ntoa(This->addr));
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s", inet_ntoa(This->mask)); "%s", inet_ntoa(This->mask));
#endif #endif
return 1; return 1;
} }
#if DEBUGGING #if DEBUGGING
else { else {
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"1)IP-NoMatch: %s[%s] <-> ", host, inet_ntoa(addr)); "1)IP-NoMatch: %s[%s] <-> ", host, inet_ntoa(addr));
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s/", inet_ntoa(This->addr)); "%s/", inet_ntoa(This->addr));
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s", inet_ntoa(This->mask)); "%s", inet_ntoa(This->mask));
} }
#endif #endif
@@ -806,7 +806,7 @@ static int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r)
if (apr_sockaddr_info_get(&reqaddr, host, APR_UNSPEC, 0, 0, r->pool) if (apr_sockaddr_info_get(&reqaddr, host, APR_UNSPEC, 0, 0, r->pool)
!= APR_SUCCESS) { != APR_SUCCESS) {
#if DEBUGGING #if DEBUGGING
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"2)IP-NoMatch: hostname=%s msg=Host not found", "2)IP-NoMatch: hostname=%s msg=Host not found",
host); host);
#endif #endif
@@ -819,24 +819,24 @@ static int proxy_match_ipaddr(struct dirconn_entry *This, request_rec *r)
ip = (struct in_addr *) reqaddr->ipaddr_ptr; ip = (struct in_addr *) reqaddr->ipaddr_ptr;
if (This->addr.s_addr == (ip->s_addr & This->mask.s_addr)) { if (This->addr.s_addr == (ip->s_addr & This->mask.s_addr)) {
#if DEBUGGING #if DEBUGGING
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"3)IP-Match: %s[%s] <-> ", host, "3)IP-Match: %s[%s] <-> ", host,
inet_ntoa(*ip)); inet_ntoa(*ip));
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s/", inet_ntoa(This->addr)); "%s/", inet_ntoa(This->addr));
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s", inet_ntoa(This->mask)); "%s", inet_ntoa(This->mask));
#endif #endif
return 1; return 1;
} }
#if DEBUGGING #if DEBUGGING
else { else {
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"3)IP-NoMatch: %s[%s] <-> ", host, "3)IP-NoMatch: %s[%s] <-> ", host,
inet_ntoa(*ip)); inet_ntoa(*ip));
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s/", inet_ntoa(This->addr)); "%s/", inet_ntoa(This->addr));
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"%s", inet_ntoa(This->mask)); "%s", inet_ntoa(This->mask));
} }
#endif #endif
@@ -863,7 +863,7 @@ PROXY_DECLARE(int) ap_proxy_is_domainname(struct dirconn_entry *This, apr_pool_t
#if 0 #if 0
if (addr[i] == ':') { if (addr[i] == ':') {
ap_log_error(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, NULL, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL,
"@@@@ handle optional port in proxy_is_domainname()"); "@@@@ handle optional port in proxy_is_domainname()");
/* @@@@ handle optional port */ /* @@@@ handle optional port */
} }
@@ -985,11 +985,11 @@ PROXY_DECLARE(int) ap_proxy_checkproxyblock(request_rec *r, proxy_server_conf *c
for (j = 0; j < conf->noproxies->nelts; j++) { for (j = 0; j < conf->noproxies->nelts; j++) {
struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts; struct noproxy_entry *npent = (struct noproxy_entry *) conf->noproxies->elts;
struct apr_sockaddr_t *conf_addr = npent[j].addr; struct apr_sockaddr_t *conf_addr = npent[j].addr;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: checking remote machine [%s] against [%s]", uri_addr->hostname, npent[j].name); "proxy: checking remote machine [%s] against [%s]", uri_addr->hostname, npent[j].name);
if ((npent[j].name && ap_strstr_c(uri_addr->hostname, npent[j].name)) if ((npent[j].name && ap_strstr_c(uri_addr->hostname, npent[j].name))
|| npent[j].name[0] == '*') { || npent[j].name[0] == '*') {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
"proxy: connect to remote machine %s blocked: name %s matched", uri_addr->hostname, npent[j].name); "proxy: connect to remote machine %s blocked: name %s matched", uri_addr->hostname, npent[j].name);
return HTTP_FORBIDDEN; return HTTP_FORBIDDEN;
} }
@@ -999,10 +999,10 @@ PROXY_DECLARE(int) ap_proxy_checkproxyblock(request_rec *r, proxy_server_conf *c
char *uri_ip; char *uri_ip;
apr_sockaddr_ip_get(&conf_ip, conf_addr); apr_sockaddr_ip_get(&conf_ip, conf_addr);
apr_sockaddr_ip_get(&uri_ip, uri_addr); apr_sockaddr_ip_get(&uri_ip, uri_addr);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: ProxyBlock comparing %s and %s", conf_ip, uri_ip); "proxy: ProxyBlock comparing %s and %s", conf_ip, uri_ip);
if (!apr_strnatcasecmp(conf_ip, uri_ip)) { if (!apr_strnatcasecmp(conf_ip, uri_ip)) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, r->server,
"proxy: connect to remote machine %s blocked: IP %s matched", uri_addr->hostname, conf_ip); "proxy: connect to remote machine %s blocked: IP %s matched", uri_addr->hostname, conf_ip);
return HTTP_FORBIDDEN; return HTTP_FORBIDDEN;
} }
@@ -1166,7 +1166,7 @@ PROXY_DECLARE(int) ap_proxy_connect_to_backend(apr_socket_t **newsock,
(int)(s->timeout * APR_USEC_PER_SEC)); (int)(s->timeout * APR_USEC_PER_SEC));
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"proxy: %s: fam %d socket created to connect to %s", "proxy: %s: fam %d socket created to connect to %s",
proxy_function, backend_addr->family, backend_name); proxy_function, backend_addr->family, backend_name);

24
modules/ssl/mod_ssl.c
View File

@@ -244,7 +244,7 @@ int ssl_proxy_enable(conn_rec *c)
SSLConnRec *sslconn = ssl_init_connection_ctx(c); SSLConnRec *sslconn = ssl_init_connection_ctx(c);
if (!sc->proxy_enabled) { if (!sc->proxy_enabled) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
"SSL Proxy requested for %s but not enabled " "SSL Proxy requested for %s but not enabled "
"[Hint: SSLProxyEngine]", sc->vhost_id); "[Hint: SSLProxyEngine]", sc->vhost_id);
@@ -307,7 +307,7 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
* later access inside callback functions * later access inside callback functions
*/ */
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, c->base_server, ap_log_error(APLOG_MARK, APLOG_INFO, 0, c->base_server,
"Connection to child %ld established " "Connection to child %ld established "
"(server %s, client %s)", c->id, sc->vhost_id, "(server %s, client %s)", c->id, sc->vhost_id,
c->remote_ip ? c->remote_ip : "unknown"); c->remote_ip ? c->remote_ip : "unknown");
@@ -325,7 +325,7 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
* so we can detach later. * so we can detach later.
*/ */
if (!(ssl = SSL_new(mctx->ssl_ctx))) { if (!(ssl = SSL_new(mctx->ssl_ctx))) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
"Unable to create a new SSL connection from the SSL " "Unable to create a new SSL connection from the SSL "
"context"); "context");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
@@ -340,7 +340,7 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5, if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5,
MD5_DIGESTSIZE*2)) MD5_DIGESTSIZE*2))
{ {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
"Unable to set session id context to `%s'", vhost_md5); "Unable to set session id context to `%s'", vhost_md5);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
@@ -408,7 +408,7 @@ int ssl_hook_process_connection(SSLFilterRec *filter)
if (!SSL_is_init_finished(filter->pssl)) { if (!SSL_is_init_finished(filter->pssl)) {
if (sslconn->is_proxy) { if (sslconn->is_proxy) {
if ((n = SSL_connect(filter->pssl)) <= 0) { if ((n = SSL_connect(filter->pssl)) <= 0) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_ERR, 0,
c->base_server, c->base_server,
"SSL Proxy connect failed"); "SSL Proxy connect failed");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
@@ -427,7 +427,7 @@ int ssl_hook_process_connection(SSLFilterRec *filter)
* was transferred. That's not a real error and can occur * was transferred. That's not a real error and can occur
* sporadically with some clients. * sporadically with some clients.
*/ */
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_INFO, 0,
c->base_server, c->base_server,
"SSL handshake stopped: connection was closed"); "SSL handshake stopped: connection was closed");
} }
@@ -452,14 +452,14 @@ int ssl_hook_process_connection(SSLFilterRec *filter)
(errno != EINTR)) (errno != EINTR))
{ {
if (errno > 0) { if (errno > 0) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_ERR, 0,
c->base_server, c->base_server,
"SSL handshake interrupted by system " "SSL handshake interrupted by system "
"[Hint: Stop button pressed in browser?!]"); "[Hint: Stop button pressed in browser?!]");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
} }
else { else {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_ERR, 0,
c->base_server, c->base_server,
"Spurious SSL handshake interrupt [Hint: " "Spurious SSL handshake interrupt [Hint: "
"Usually just one of those OpenSSL " "Usually just one of those OpenSSL "
@@ -471,7 +471,7 @@ int ssl_hook_process_connection(SSLFilterRec *filter)
/* /*
* Ok, anything else is a fatal error * Ok, anything else is a fatal error
*/ */
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_ERR, 0,
c->base_server, c->base_server,
"SSL handshake failed (server %s, client %s)", "SSL handshake failed (server %s, client %s)",
ssl_util_vhostid(c->pool, c->base_server), ssl_util_vhostid(c->pool, c->base_server),
@@ -501,7 +501,7 @@ int ssl_hook_process_connection(SSLFilterRec *filter)
* optional_no_ca doesn't appear to work as advertised * optional_no_ca doesn't appear to work as advertised
* in 1.x * in 1.x
*/ */
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_ERR, 0,
c->base_server, c->base_server,
"SSL client authentication failed, " "SSL client authentication failed, "
"accepting certificate based on " "accepting certificate based on "
@@ -514,7 +514,7 @@ int ssl_hook_process_connection(SSLFilterRec *filter)
sslconn->verify_error : sslconn->verify_error :
X509_verify_cert_error_string(verify_result); X509_verify_cert_error_string(verify_result);
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_ERR, 0,
c->base_server, c->base_server,
"SSL client authentication failed: %s", "SSL client authentication failed: %s",
error ? error : "unknown"); error ? error : "unknown");
@@ -539,7 +539,7 @@ int ssl_hook_process_connection(SSLFilterRec *filter)
if ((sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE) && if ((sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE) &&
!sslconn->client_cert) !sslconn->client_cert)
{ {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
"No acceptable peer certificate available"); "No acceptable peer certificate available");
return ssl_abort(filter, c); return ssl_abort(filter, c);

90
modules/ssl/ssl_engine_init.c
View File

@@ -98,7 +98,7 @@ static void ssl_add_version_components(apr_pool_t *p,
version_components[i]); version_components[i]);
} }
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Server: %s, Interface: %s, Library: %s", "Server: %s, Interface: %s, Library: %s",
AP_SERVER_BASEVERSION, AP_SERVER_BASEVERSION,
vals[1], /* SSL_VERSION_INTERFACE */ vals[1], /* SSL_VERSION_INTERFACE */
@@ -111,7 +111,7 @@ static void ssl_add_version_components(apr_pool_t *p,
*/ */
static void ssl_init_SSLLibrary(server_rec *s) static void ssl_init_SSLLibrary(server_rec *s)
{ {
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Init: Initializing %s library", SSL_LIBRARY_NAME); "Init: Initializing %s library", SSL_LIBRARY_NAME);
CRYPTO_malloc_init(); CRYPTO_malloc_init();
@@ -149,7 +149,7 @@ static void ssl_tmp_key_init_rsa(server_rec *s,
if (!(mc->pTmpKeys[idx] = if (!(mc->pTmpKeys[idx] =
RSA_generate_key(bits, RSA_F4, NULL, NULL))) RSA_generate_key(bits, RSA_F4, NULL, NULL)))
{ {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Failed to generate temporary " "Init: Failed to generate temporary "
"%d bit RSA private key", bits); "%d bit RSA private key", bits);
ssl_die(); ssl_die();
@@ -165,7 +165,7 @@ static void ssl_tmp_key_init_dh(server_rec *s,
if (!(mc->pTmpKeys[idx] = if (!(mc->pTmpKeys[idx] =
ssl_dh_GetTmpParam(bits))) ssl_dh_GetTmpParam(bits)))
{ {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Failed to generate temporary " "Init: Failed to generate temporary "
"%d bit DH parameters", bits); "%d bit DH parameters", bits);
ssl_die(); ssl_die();
@@ -180,13 +180,13 @@ static void ssl_tmp_key_init_dh(server_rec *s,
static void ssl_tmp_keys_init(server_rec *s) static void ssl_tmp_keys_init(server_rec *s)
{ {
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Init: Generating temporary RSA private keys (512/1024 bits)"); "Init: Generating temporary RSA private keys (512/1024 bits)");
MODSSL_TMP_KEY_INIT_RSA(s, 512); MODSSL_TMP_KEY_INIT_RSA(s, 512);
MODSSL_TMP_KEY_INIT_RSA(s, 1024); MODSSL_TMP_KEY_INIT_RSA(s, 1024);
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Init: Generating temporary DH parameters (512/1024 bits)"); "Init: Generating temporary DH parameters (512/1024 bits)");
MODSSL_TMP_KEY_INIT_DH(s, 512); MODSSL_TMP_KEY_INIT_DH(s, 512);
@@ -302,7 +302,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
/* /*
* initialize servers * initialize servers
*/ */
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, base_server, ap_log_error(APLOG_MARK, APLOG_INFO, 0, base_server,
"Init: Initializing (virtual) servers for SSL"); "Init: Initializing (virtual) servers for SSL");
for (s = base_server; s; s = s->next) { for (s = base_server; s; s = s->next) {
@@ -347,7 +347,7 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p)
if (mc->szCryptoDevice) { if (mc->szCryptoDevice) {
if (!(e = ENGINE_by_id(mc->szCryptoDevice))) { if (!(e = ENGINE_by_id(mc->szCryptoDevice))) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Failed to load Crypto Device API `%s'", "Init: Failed to load Crypto Device API `%s'",
mc->szCryptoDevice); mc->szCryptoDevice);
ssl_die(); ssl_die();
@@ -358,7 +358,7 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p)
} }
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Failed to enable Crypto Device API `%s'", "Init: Failed to enable Crypto Device API `%s'",
mc->szCryptoDevice); mc->szCryptoDevice);
ssl_die(); ssl_die();
@@ -379,7 +379,7 @@ static void ssl_init_server_check(server_rec *s,
* possibility that the user forgot to set them. * possibility that the user forgot to set them.
*/ */
if (!mctx->pks->cert_files[0]) { if (!mctx->pks->cert_files[0]) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"No SSL Certificate set [hint: SSLCertificateFile]"); "No SSL Certificate set [hint: SSLCertificateFile]");
ssl_die(); ssl_die();
} }
@@ -390,7 +390,7 @@ static void ssl_init_server_check(server_rec *s,
if (mctx->pks->certs[SSL_AIDX_RSA] || if (mctx->pks->certs[SSL_AIDX_RSA] ||
mctx->pks->certs[SSL_AIDX_DSA]) mctx->pks->certs[SSL_AIDX_DSA])
{ {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Illegal attempt to re-initialise SSL for server " "Illegal attempt to re-initialise SSL for server "
"(theoretically shouldn't happen!)"); "(theoretically shouldn't happen!)");
ssl_die(); ssl_die();
@@ -411,7 +411,7 @@ static void ssl_init_ctx_protocol(server_rec *s,
* Create the new per-server SSL context * Create the new per-server SSL context
*/ */
if (protocol == SSL_PROTOCOL_NONE) { if (protocol == SSL_PROTOCOL_NONE) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"No SSL protocols available [hint: SSLProtocol]"); "No SSL protocols available [hint: SSLProtocol]");
ssl_die(); ssl_die();
} }
@@ -423,7 +423,7 @@ static void ssl_init_ctx_protocol(server_rec *s,
NULL); NULL);
cp[strlen(cp)-2] = NUL; cp[strlen(cp)-2] = NUL;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Creating new SSL context (protocols: %s)", cp); "Creating new SSL context (protocols: %s)", cp);
if (protocol == SSL_PROTOCOL_SSLV2) { if (protocol == SSL_PROTOCOL_SSLV2) {
@@ -540,14 +540,14 @@ static void ssl_init_ctx_verify(server_rec *s,
* Configure Client Authentication details * Configure Client Authentication details
*/ */
if (mctx->auth.ca_cert_file || mctx->auth.ca_cert_path) { if (mctx->auth.ca_cert_file || mctx->auth.ca_cert_path) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Configuring client authentication"); "Configuring client authentication");
if (!SSL_CTX_load_verify_locations(ctx, if (!SSL_CTX_load_verify_locations(ctx,
mctx->auth.ca_cert_file, mctx->auth.ca_cert_file,
mctx->auth.ca_cert_path)) mctx->auth.ca_cert_path))
{ {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to configure verify locations " "Unable to configure verify locations "
"for client authentication"); "for client authentication");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
@@ -558,7 +558,7 @@ static void ssl_init_ctx_verify(server_rec *s,
mctx->auth.ca_cert_file, mctx->auth.ca_cert_file,
mctx->auth.ca_cert_path); mctx->auth.ca_cert_path);
if (!ca_list) { if (!ca_list) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to determine list of available " "Unable to determine list of available "
"CA certificates for client authentication"); "CA certificates for client authentication");
ssl_die(); ssl_die();
@@ -575,7 +575,7 @@ static void ssl_init_ctx_verify(server_rec *s,
ca_list = (STACK_OF(X509_NAME) *)SSL_CTX_get_client_CA_list(ctx); ca_list = (STACK_OF(X509_NAME) *)SSL_CTX_get_client_CA_list(ctx);
if (sk_X509_NAME_num(ca_list) == 0) { if (sk_X509_NAME_num(ca_list) == 0) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Init: Oops, you want to request client " "Init: Oops, you want to request client "
"authentication, but no CAs are known for " "authentication, but no CAs are known for "
"verification!? [Hint: SSLCACertificate*]"); "verification!? [Hint: SSLCACertificate*]");
@@ -598,12 +598,12 @@ static void ssl_init_ctx_cipher_suite(server_rec *s,
return; return;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Configuring permitted SSL ciphers [%s]", "Configuring permitted SSL ciphers [%s]",
suite); suite);
if (!SSL_CTX_set_cipher_list(ctx, suite)) { if (!SSL_CTX_set_cipher_list(ctx, suite)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to configure permitted SSL ciphers"); "Unable to configure permitted SSL ciphers");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die(); ssl_die();
@@ -623,7 +623,7 @@ static void ssl_init_ctx_crl(server_rec *s,
return; return;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Configuring certificate revocation facility"); "Configuring certificate revocation facility");
mctx->crl = mctx->crl =
@@ -631,7 +631,7 @@ static void ssl_init_ctx_crl(server_rec *s,
(char *)mctx->crl_path); (char *)mctx->crl_path);
if (!mctx->crl) { if (!mctx->crl) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to configure X.509 CRL storage " "Unable to configure X.509 CRL storage "
"for certificate revocation"); "for certificate revocation");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
@@ -677,12 +677,12 @@ static void ssl_init_ctx_cert_chain(server_rec *s,
(char *)chain, (char *)chain,
skip_first, NULL); skip_first, NULL);
if (n < 0) { if (n < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Failed to configure CA certificate chain!"); "Failed to configure CA certificate chain!");
ssl_die(); ssl_die();
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Configuring server certificate chain " "Configuring server certificate chain "
"(%d CA certificate%s)", "(%d CA certificate%s)",
n, n == 1 ? "" : "s"); n, n == 1 ? "" : "s");
@@ -726,19 +726,19 @@ static int ssl_server_import_cert(server_rec *s,
return FALSE; return FALSE;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Configuring %s server certificate", type); "Configuring %s server certificate", type);
ptr = asn1->cpData; ptr = asn1->cpData;
if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) { if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to import %s server certificate", type); "Unable to import %s server certificate", type);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die(); ssl_die();
} }
if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) { if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to configure %s server certificate", type); "Unable to configure %s server certificate", type);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die(); ssl_die();
@@ -765,20 +765,20 @@ static int ssl_server_import_key(server_rec *s,
return FALSE; return FALSE;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Configuring %s server private key", type); "Configuring %s server private key", type);
ptr = asn1->cpData; ptr = asn1->cpData;
if (!(pkey = d2i_PrivateKey(pkey_type, NULL, &ptr, asn1->nData))) if (!(pkey = d2i_PrivateKey(pkey_type, NULL, &ptr, asn1->nData)))
{ {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to import %s server private key", type); "Unable to import %s server private key", type);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die(); ssl_die();
} }
if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) { if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to configure %s server private key", type); "Unable to configure %s server private key", type);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die(); ssl_die();
@@ -793,7 +793,7 @@ static int ssl_server_import_key(server_rec *s,
if (pubkey && EVP_PKEY_missing_parameters(pubkey)) { if (pubkey && EVP_PKEY_missing_parameters(pubkey)) {
EVP_PKEY_copy_parameters(pubkey, pkey); EVP_PKEY_copy_parameters(pubkey, pkey);
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Copying DSA parameters from private key to certificate"); "Copying DSA parameters from private key to certificate");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
} }
@@ -821,7 +821,7 @@ static void ssl_check_public_cert(server_rec *s,
*/ */
if (SSL_X509_isSGC(cert)) { if (SSL_X509_isSGC(cert)) {
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"%s server certificate enables " "%s server certificate enables "
"Server Gated Cryptography (SGC)", "Server Gated Cryptography (SGC)",
ssl_asn1_keystr(type)); ssl_asn1_keystr(type));
@@ -829,14 +829,14 @@ static void ssl_check_public_cert(server_rec *s,
if (SSL_X509_getBC(cert, &is_ca, &pathlen)) { if (SSL_X509_getBC(cert, &is_ca, &pathlen)) {
if (is_ca) { if (is_ca) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"%s server certificate is a CA certificate " "%s server certificate is a CA certificate "
"(BasicConstraints: CA == TRUE !?)", "(BasicConstraints: CA == TRUE !?)",
ssl_asn1_keystr(type)); ssl_asn1_keystr(type));
} }
if (pathlen > 0) { if (pathlen > 0) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"%s server certificate is not a leaf certificate " "%s server certificate is not a leaf certificate "
"(BasicConstraints: pathlen == %d > 0 !?)", "(BasicConstraints: pathlen == %d > 0 !?)",
ssl_asn1_keystr(type), pathlen); ssl_asn1_keystr(type), pathlen);
@@ -850,13 +850,13 @@ static void ssl_check_public_cert(server_rec *s,
(apr_fnmatch(cn, s->server_hostname, (apr_fnmatch(cn, s->server_hostname,
fnm_flags) == FNM_NOMATCH)) fnm_flags) == FNM_NOMATCH))
{ {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"%s server certificate wildcard CommonName (CN) `%s' " "%s server certificate wildcard CommonName (CN) `%s' "
"does NOT match server name!?", "does NOT match server name!?",
ssl_asn1_keystr(type), cn); ssl_asn1_keystr(type), cn);
} }
else if (strNE(s->server_hostname, cn)) { else if (strNE(s->server_hostname, cn)) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"%s server certificate CommonName (CN) `%s' " "%s server certificate CommonName (CN) `%s' "
"does NOT match server name!?", "does NOT match server name!?",
ssl_asn1_keystr(type), cn); ssl_asn1_keystr(type), cn);
@@ -881,7 +881,7 @@ static void ssl_init_server_certs(server_rec *s,
have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA); have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA);
if (!(have_rsa || have_dsa)) { if (!(have_rsa || have_dsa)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Oops, no RSA or DSA server certificate found?!"); "Oops, no RSA or DSA server certificate found?!");
ssl_die(); ssl_die();
} }
@@ -894,7 +894,7 @@ static void ssl_init_server_certs(server_rec *s,
have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA); have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA);
if (!(have_rsa || have_dsa)) { if (!(have_rsa || have_dsa)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Oops, no RSA or DSA server private key found?!"); "Oops, no RSA or DSA server private key found?!");
ssl_die(); ssl_die();
} }
@@ -927,14 +927,14 @@ static void ssl_init_proxy_certs(server_rec *s,
} }
if ((ncerts = sk_X509_INFO_num(sk)) > 0) { if ((ncerts = sk_X509_INFO_num(sk)) > 0) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"loaded %d client certs for SSL proxy", "loaded %d client certs for SSL proxy",
ncerts); ncerts);
pkp->certs = sk; pkp->certs = sk;
} }
else { else {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"no client certs found for SSL proxy"); "no client certs found for SSL proxy");
sk_X509_INFO_free(sk); sk_X509_INFO_free(sk);
} }
@@ -971,7 +971,7 @@ void ssl_init_ConfigureServer(server_rec *s,
SSLSrvConfigRec *sc) SSLSrvConfigRec *sc)
{ {
if (sc->enabled) { if (sc->enabled) {
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Configuring server for SSL protocol"); "Configuring server for SSL protocol");
ssl_init_server_ctx(s, p, ptemp, sc); ssl_init_server_ctx(s, p, ptemp, sc);
} }
@@ -999,7 +999,7 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p)
sc = mySrvConfig(s); sc = mySrvConfig(s);
if (sc->enabled && (s->port == DEFAULT_HTTP_PORT)) { if (sc->enabled && (s->port == DEFAULT_HTTP_PORT)) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
base_server, base_server,
"Init: (%s) You configured HTTPS(%d) " "Init: (%s) You configured HTTPS(%d) "
"on the standard HTTP(%d) port!", "on the standard HTTP(%d) port!",
@@ -1008,7 +1008,7 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p)
} }
if (!sc->enabled && (s->port == DEFAULT_HTTPS_PORT)) { if (!sc->enabled && (s->port == DEFAULT_HTTPS_PORT)) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
base_server, base_server,
"Init: (%s) You configured HTTP(%d) " "Init: (%s) You configured HTTP(%d) "
"on the standard HTTPS(%d) port!", "on the standard HTTPS(%d) port!",
@@ -1037,7 +1037,7 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p)
klen = strlen(key); klen = strlen(key);
if ((ps = (server_rec *)apr_hash_get(table, key, klen))) { if ((ps = (server_rec *)apr_hash_get(table, key, klen))) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
base_server, base_server,
"Init: SSL server IP/port conflict: " "Init: SSL server IP/port conflict: "
"%s (%s:%d) vs. %s (%s:%d)", "%s (%s:%d) vs. %s (%s:%d)",
@@ -1055,7 +1055,7 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p)
} }
if (conflict) { if (conflict) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, base_server, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, base_server,
"Init: You should not use name-based " "Init: You should not use name-based "
"virtual hosts in conjunction with SSL!!"); "virtual hosts in conjunction with SSL!!");
} }
@@ -1082,7 +1082,7 @@ static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list,
char name_buf[256]; char name_buf[256];
X509_NAME *name = sk_X509_NAME_value(sk, n); X509_NAME *name = sk_X509_NAME_value(sk, n);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"CA certificate: %s", "CA certificate: %s",
X509_NAME_oneline(name, name_buf, sizeof(name_buf))); X509_NAME_oneline(name, name_buf, sizeof(name_buf)));

20
modules/ssl/ssl_engine_io.c
View File

@@ -502,7 +502,7 @@ static int ssl_io_hook_read(SSL *ssl, char *buf, int len)
* Log SSL errors * Log SSL errors
*/ */
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
"SSL error on reading data"); "SSL error on reading data");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
} }
@@ -535,7 +535,7 @@ static int ssl_io_hook_write(SSL *ssl, unsigned char *buf, int len)
* Log SSL errors * Log SSL errors
*/ */
conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); conn_rec *c = (conn_rec *)SSL_get_app_data(ssl);
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
"SSL error on writing data"); "SSL error on writing data");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server);
} }
@@ -567,7 +567,7 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
reason = "likely due to failed renegotiation"; reason = "likely due to failed renegotiation";
} }
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, c->base_server,
"failed to write %d of %d bytes (%s)", "failed to write %d of %d bytes (%s)",
n > 0 ? len - n : len, len, reason); n > 0 ? len - n : len, len, reason);
@@ -765,7 +765,7 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f,
switch (status) { switch (status) {
case HTTP_BAD_REQUEST: case HTTP_BAD_REQUEST:
/* log the situation */ /* log the situation */
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_ERR, 0,
f->c->base_server, f->c->base_server,
"SSL handshake failed: HTTP spoken on HTTPS port; " "SSL handshake failed: HTTP spoken on HTTPS port; "
"trying to send HTML error page"); "trying to send HTML error page");
@@ -959,7 +959,7 @@ static void ssl_io_data_dump(server_rec *srvr,
rows = (len / DUMP_WIDTH); rows = (len / DUMP_WIDTH);
if ((rows * DUMP_WIDTH) < len) if ((rows * DUMP_WIDTH) < len)
rows++; rows++;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
"+-------------------------------------------------------------------------+"); "+-------------------------------------------------------------------------+");
for(i = 0 ; i< rows; i++) { for(i = 0 ; i< rows; i++) {
apr_snprintf(tmp, sizeof(tmp), "| %04x: ", i * DUMP_WIDTH); apr_snprintf(tmp, sizeof(tmp), "| %04x: ", i * DUMP_WIDTH);
@@ -984,13 +984,13 @@ static void ssl_io_data_dump(server_rec *srvr,
} }
} }
apr_cpystrn(buf+strlen(buf), " |", sizeof(buf)-strlen(buf)); apr_cpystrn(buf+strlen(buf), " |", sizeof(buf)-strlen(buf));
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
"%s", buf); "%s", buf);
} }
if (trunc > 0) if (trunc > 0)
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
"| %04ld - <SPACES/NULS>", len + trunc); "| %04ld - <SPACES/NULS>", len + trunc);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr,
"+-------------------------------------------------------------------------+"); "+-------------------------------------------------------------------------+");
return; return;
} }
@@ -1012,7 +1012,7 @@ long ssl_io_data_cb(BIO *bio, int cmd,
if ( cmd == (BIO_CB_WRITE|BIO_CB_RETURN) if ( cmd == (BIO_CB_WRITE|BIO_CB_RETURN)
|| cmd == (BIO_CB_READ |BIO_CB_RETURN) ) { || cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
if (rc >= 0) { if (rc >= 0) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: %s %ld/%d bytes %s BIO#%p [mem: %p] %s", "%s: %s %ld/%d bytes %s BIO#%p [mem: %p] %s",
SSL_LIBRARY_NAME, SSL_LIBRARY_NAME,
(cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"), (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),
@@ -1023,7 +1023,7 @@ long ssl_io_data_cb(BIO *bio, int cmd,
ssl_io_data_dump(s, argp, rc); ssl_io_data_dump(s, argp, rc);
} }
else { else {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: I/O error, %d bytes expected to %s on BIO#%p [mem: %p]", "%s: I/O error, %d bytes expected to %s on BIO#%p [mem: %p]",
SSL_LIBRARY_NAME, argi, SSL_LIBRARY_NAME, argi,
(cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"), (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"),

104
modules/ssl/ssl_engine_kernel.c
View File

@@ -146,7 +146,7 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter)
/* and finally log the fact that we've closed the connection */ /* and finally log the fact that we've closed the connection */
if (conn->base_server->loglevel >= APLOG_INFO) { if (conn->base_server->loglevel >= APLOG_INFO) {
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, conn->base_server, ap_log_error(APLOG_MARK, APLOG_INFO, 0, conn->base_server,
"Connection to child %ld closed with %s shutdown" "Connection to child %ld closed with %s shutdown"
"(server %s, client %s)", "(server %s, client %s)",
conn->id, type, conn->id, type,
@@ -244,7 +244,7 @@ int ssl_hook_Translate(request_rec *r)
* Log information about incoming HTTPS requests * Log information about incoming HTTPS requests
*/ */
if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) { if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
"%s HTTPS request received for child %ld (server %s)", "%s HTTPS request received for child %ld (server %s)",
(r->connection->keepalives <= 0 ? (r->connection->keepalives <= 0 ?
"Initial (No.1)" : "Initial (No.1)" :
@@ -337,7 +337,7 @@ int ssl_hook_Access(request_rec *r)
* Support for SSLRequireSSL directive * Support for SSLRequireSSL directive
*/ */
if (dc->bSSLRequired && !ssl) { if (dc->bSSLRequired && !ssl) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"access to %s failed, reason: %s", "access to %s failed, reason: %s",
r->filename, "SSL connection required"); r->filename, "SSL connection required");
@@ -411,7 +411,7 @@ int ssl_hook_Access(request_rec *r)
/* configure new state */ /* configure new state */
if (!modssl_set_cipher_list(ssl, dc->szCipherSuite)) { if (!modssl_set_cipher_list(ssl, dc->szCipherSuite)) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_WARNING, 0,
r->server, r->server,
"Unable to reconfigure (per-directory) " "Unable to reconfigure (per-directory) "
"permitted SSL ciphers"); "permitted SSL ciphers");
@@ -479,7 +479,7 @@ int ssl_hook_Access(request_rec *r)
/* tracing */ /* tracing */
if (renegotiate) { if (renegotiate) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Reconfigured cipher suite will force renegotiation"); "Reconfigured cipher suite will force renegotiation");
} }
} }
@@ -505,7 +505,7 @@ int ssl_hook_Access(request_rec *r)
/* determine whether a renegotiation has to be forced */ /* determine whether a renegotiation has to be forced */
if (dc->nVerifyDepth < n) { if (dc->nVerifyDepth < n) {
renegotiate = TRUE; renegotiate = TRUE;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Reduced client verification depth will force " "Reduced client verification depth will force "
"renegotiation"); "renegotiation");
} }
@@ -565,7 +565,7 @@ int ssl_hook_Access(request_rec *r)
renegotiate_quick = TRUE; renegotiate_quick = TRUE;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
r->server, r->server,
"Changed client verification type will force " "Changed client verification type will force "
"%srenegotiation", "%srenegotiation",
@@ -603,7 +603,7 @@ int ssl_hook_Access(request_rec *r)
cert_store = X509_STORE_new(); cert_store = X509_STORE_new();
if (!X509_STORE_load_locations(cert_store, ca_file, ca_path)) { if (!X509_STORE_load_locations(cert_store, ca_file, ca_path)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Unable to reconfigure verify locations " "Unable to reconfigure verify locations "
"for client authentication"); "for client authentication");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
@@ -619,7 +619,7 @@ int ssl_hook_Access(request_rec *r)
if (!(ca_list = ssl_init_FindCAList(r->server, r->pool, if (!(ca_list = ssl_init_FindCAList(r->server, r->pool,
ca_file, ca_path))) ca_file, ca_path)))
{ {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Unable to determine list of available " "Unable to determine list of available "
"CA certificates for client authentication"); "CA certificates for client authentication");
@@ -629,7 +629,7 @@ int ssl_hook_Access(request_rec *r)
SSL_set_client_CA_list(ssl, ca_list); SSL_set_client_CA_list(ssl, ca_list);
renegotiate = TRUE; renegotiate = TRUE;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Changed client verification locations will force " "Changed client verification locations will force "
"renegotiation"); "renegotiation");
} }
@@ -696,7 +696,7 @@ int ssl_hook_Access(request_rec *r)
* !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !! * !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !!
*/ */
if (renegotiate && (r->method_number == M_POST)) { if (renegotiate && (r->method_number == M_POST)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"SSL Re-negotiation in conjunction " "SSL Re-negotiation in conjunction "
"with POST method not supported!"); "with POST method not supported!");
@@ -718,21 +718,21 @@ int ssl_hook_Access(request_rec *r)
* here because it resets too much of the connection. So we set the * here because it resets too much of the connection. So we set the
* state explicitly and continue the handshake manually. * state explicitly and continue the handshake manually.
*/ */
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
"Requesting connection re-negotiation"); "Requesting connection re-negotiation");
if (renegotiate_quick) { if (renegotiate_quick) {
STACK_OF(X509) *cert_stack; STACK_OF(X509) *cert_stack;
/* perform just a manual re-verification of the peer */ /* perform just a manual re-verification of the peer */
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Performing quick renegotiation: " "Performing quick renegotiation: "
"just re-verifying the peer"); "just re-verifying the peer");
cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl); cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl);
if (!cert_stack || (sk_X509_num(cert_stack) == 0)) { if (!cert_stack || (sk_X509_num(cert_stack) == 0)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Cannot find peer certificate chain"); "Cannot find peer certificate chain");
return HTTP_FORBIDDEN; return HTTP_FORBIDDEN;
@@ -741,7 +741,7 @@ int ssl_hook_Access(request_rec *r)
if (!(cert_store || if (!(cert_store ||
(cert_store = SSL_CTX_get_cert_store(ctx)))) (cert_store = SSL_CTX_get_cert_store(ctx))))
{ {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Cannot find certificate storage"); "Cannot find certificate storage");
return HTTP_FORBIDDEN; return HTTP_FORBIDDEN;
@@ -760,7 +760,7 @@ int ssl_hook_Access(request_rec *r)
(char *)ssl); (char *)ssl);
if (!modssl_X509_verify_cert(&cert_store_ctx)) { if (!modssl_X509_verify_cert(&cert_store_ctx)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Re-negotiation verification step failed"); "Re-negotiation verification step failed");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
} }
@@ -772,7 +772,7 @@ int ssl_hook_Access(request_rec *r)
request_rec *id = r->main ? r->main : r; request_rec *id = r->main ? r->main : r;
/* do a full renegotiation */ /* do a full renegotiation */
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"Performing full renegotiation: " "Performing full renegotiation: "
"complete handshake protocol"); "complete handshake protocol");
@@ -784,20 +784,20 @@ int ssl_hook_Access(request_rec *r)
SSL_do_handshake(ssl); SSL_do_handshake(ssl);
if (SSL_get_state(ssl) != SSL_ST_OK) { if (SSL_get_state(ssl) != SSL_ST_OK) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Re-negotiation request failed"); "Re-negotiation request failed");
return HTTP_FORBIDDEN; return HTTP_FORBIDDEN;
} }
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
"Awaiting re-negotiation handshake"); "Awaiting re-negotiation handshake");
SSL_set_state(ssl, SSL_ST_ACCEPT); SSL_set_state(ssl, SSL_ST_ACCEPT);
SSL_do_handshake(ssl); SSL_do_handshake(ssl);
if (SSL_get_state(ssl) != SSL_ST_OK) { if (SSL_get_state(ssl) != SSL_ST_OK) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Re-negotiation handshake failed: " "Re-negotiation handshake failed: "
"Not accepted by client!?"); "Not accepted by client!?");
@@ -820,7 +820,7 @@ int ssl_hook_Access(request_rec *r)
BOOL do_verify = (dc->nVerifyClient == SSL_CVERIFY_REQUIRE); BOOL do_verify = (dc->nVerifyClient == SSL_CVERIFY_REQUIRE);
if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) { if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Re-negotiation handshake failed: " "Re-negotiation handshake failed: "
"Client verification failed"); "Client verification failed");
@@ -828,7 +828,7 @@ int ssl_hook_Access(request_rec *r)
} }
if (do_verify && !SSL_get_peer_certificate(ssl)) { if (do_verify && !SSL_get_peer_certificate(ssl)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_ERR, 0, r->server,
"Re-negotiation handshake failed: " "Re-negotiation handshake failed: "
"Client certificate missing"); "Client certificate missing");
@@ -853,7 +853,7 @@ int ssl_hook_Access(request_rec *r)
"SSL requirement expression: %s", "SSL requirement expression: %s",
ssl_expr_get_error()); ssl_expr_get_error());
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"access to %s failed, reason: %s", "access to %s failed, reason: %s",
r->filename, cp); r->filename, cp);
@@ -864,15 +864,15 @@ int ssl_hook_Access(request_rec *r)
} }
if (ok != 1) { if (ok != 1) {
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
"Access to %s denied for %s " "Access to %s denied for %s "
"(requirement expression not fulfilled)", "(requirement expression not fulfilled)",
r->filename, r->connection->remote_ip); r->filename, r->connection->remote_ip);
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
"Failed expression: %s", req->cpExpr); "Failed expression: %s", req->cpExpr);
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"access to %s failed, reason: %s", "access to %s failed, reason: %s",
r->filename, r->filename,
"SSL requirement expression not fulfilled " "SSL requirement expression not fulfilled "
@@ -984,7 +984,7 @@ int ssl_hook_UserCheck(request_rec *r)
apr_snprintf(buf1, sizeof(buf1), "Basic %s", buf2); apr_snprintf(buf1, sizeof(buf1), "Basic %s", buf2);
apr_table_set(r->headers_in, "Authorization", buf1); apr_table_set(r->headers_in, "Authorization", buf1);
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_INFO, 0, r->server,
"Faking HTTP Basic Auth header: \"Authorization: %s\"", buf1); "Faking HTTP Basic Auth header: \"Authorization: %s\"", buf1);
return DECLINED; return DECLINED;
@@ -1207,7 +1207,7 @@ RSA *ssl_callback_TmpRSA(SSL *ssl, int export, int keylen)
SSLModConfigRec *mc = myModConfig(c->base_server); SSLModConfigRec *mc = myModConfig(c->base_server);
int idx; int idx;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, c->base_server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
"handing out temporary %d bit RSA key", keylen); "handing out temporary %d bit RSA key", keylen);
/* doesn't matter if export flag is on, /* doesn't matter if export flag is on,
@@ -1239,7 +1239,7 @@ DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen)
SSLModConfigRec *mc = myModConfig(c->base_server); SSLModConfigRec *mc = myModConfig(c->base_server);
int idx; int idx;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, c->base_server, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, c->base_server,
"handing out temporary %d bit DH key", keylen); "handing out temporary %d bit DH key", keylen);
switch (keylen) { switch (keylen) {
@@ -1285,7 +1285,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
char *sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); char *sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
char *iname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); char *iname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Certificate Verification: " "Certificate Verification: "
"depth: %d, subject: %s, issuer: %s", "depth: %d, subject: %s, issuer: %s",
errdepth, errdepth,
@@ -1323,7 +1323,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
if (ssl_verify_error_is_optional(errnum) && if (ssl_verify_error_is_optional(errnum) &&
(verify == SSL_CVERIFY_OPTIONAL_NO_CA)) (verify == SSL_CVERIFY_OPTIONAL_NO_CA))
{ {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Certificate Verification: Verifiable Issuer is " "Certificate Verification: Verifiable Issuer is "
"configured as optional, therefore we're accepting " "configured as optional, therefore we're accepting "
"the certificate"); "the certificate");
@@ -1345,7 +1345,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
* If we already know it's not ok, log the real reason * If we already know it's not ok, log the real reason
*/ */
if (!ok) { if (!ok) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Certificate Verification: Error (%d): %s", "Certificate Verification: Error (%d): %s",
errnum, X509_verify_cert_error_string(errnum)); errnum, X509_verify_cert_error_string(errnum));
@@ -1365,7 +1365,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
} }
if (errdepth > depth) { if (errdepth > depth) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Certificate Verification: Certificate Chain too long " "Certificate Verification: Certificate Chain too long "
"(chain has %d certificates, but maximum allowed are " "(chain has %d certificates, but maximum allowed are "
"only %d)", "only %d)",
@@ -1473,14 +1473,14 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
BIO_free(bio); BIO_free(bio);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, buff); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, buff);
} }
/* /*
* Verify the signature on this CRL * Verify the signature on this CRL
*/ */
if (X509_CRL_verify(crl, X509_get_pubkey(cert)) <= 0) { if (X509_CRL_verify(crl, X509_get_pubkey(cert)) <= 0) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Invalid signature on CRL"); "Invalid signature on CRL");
X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE); X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
@@ -1495,7 +1495,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl)); i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
if (i == 0) { if (i == 0) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Found CRL has invalid nextUpdate field"); "Found CRL has invalid nextUpdate field");
X509_STORE_CTX_set_error(ctx, X509_STORE_CTX_set_error(ctx,
@@ -1506,7 +1506,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
} }
if (i < 0) { if (i < 0) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Found CRL is expired - " "Found CRL is expired - "
"revoking all certificates until you get updated CRL"); "revoking all certificates until you get updated CRL");
@@ -1545,7 +1545,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
char *cp = X509_NAME_oneline(issuer, NULL, 0); char *cp = X509_NAME_oneline(issuer, NULL, 0);
long serial = ASN1_INTEGER_get(sn); long serial = ASN1_INTEGER_get(sn);
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Certificate with serial %ld (0x%lX) " "Certificate with serial %ld (0x%lX) "
"revoked per CRL from issuer %s", "revoked per CRL from issuer %s",
serial, serial, cp); serial, serial, cp);
@@ -1584,7 +1584,7 @@ static void modssl_proxy_info_log(server_rec *s,
name = X509_get_subject_name(info->x509); name = X509_get_subject_name(info->x509);
dn = X509_NAME_oneline(name, name_buf, sizeof(name_buf)); dn = X509_NAME_oneline(name, name_buf, sizeof(name_buf));
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s", SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s",
sc->vhost_id, msg, dn ? dn : "-uknown-"); sc->vhost_id, msg, dn ? dn : "-uknown-");
} }
@@ -1611,12 +1611,12 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
STACK_OF(X509_INFO) *certs = sc->proxy->pkp->certs; STACK_OF(X509_INFO) *certs = sc->proxy->pkp->certs;
int i, j; int i, j;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
SSLPROXY_CERT_CB_LOG_FMT "entered", SSLPROXY_CERT_CB_LOG_FMT "entered",
sc->vhost_id); sc->vhost_id);
if (!certs || (sk_X509_INFO_num(certs) <= 0)) { if (!certs || (sk_X509_INFO_num(certs) <= 0)) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
SSLPROXY_CERT_CB_LOG_FMT SSLPROXY_CERT_CB_LOG_FMT
"downstream server wanted client certificate " "downstream server wanted client certificate "
"but none are configured", sc->vhost_id); "but none are configured", sc->vhost_id);
@@ -1656,7 +1656,7 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
} }
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
SSLPROXY_CERT_CB_LOG_FMT SSLPROXY_CERT_CB_LOG_FMT
"no client certificate found!?", sc->vhost_id); "no client certificate found!?", sc->vhost_id);
@@ -1683,7 +1683,7 @@ static void ssl_session_log(server_rec *s,
"timeout=%lds ", (timeout - time(NULL))); "timeout=%lds ", (timeout - time(NULL)));
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Inter-Process Session Cache: " "Inter-Process Session Cache: "
"request=%s status=%s id=%s %s(session %s)", "request=%s status=%s id=%s %s(session %s)",
request, status, request, status,
@@ -1837,31 +1837,31 @@ void ssl_callback_LogTracingState(SSL *ssl, int where, int rc)
*/ */
if (s->loglevel >= APLOG_DEBUG) { if (s->loglevel >= APLOG_DEBUG) {
if (where & SSL_CB_HANDSHAKE_START) { if (where & SSL_CB_HANDSHAKE_START) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Handshake: start", SSL_LIBRARY_NAME); "%s: Handshake: start", SSL_LIBRARY_NAME);
} }
else if (where & SSL_CB_HANDSHAKE_DONE) { else if (where & SSL_CB_HANDSHAKE_DONE) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Handshake: done", SSL_LIBRARY_NAME); "%s: Handshake: done", SSL_LIBRARY_NAME);
} }
else if (where & SSL_CB_LOOP) { else if (where & SSL_CB_LOOP) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Loop: %s", "%s: Loop: %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
} }
else if (where & SSL_CB_READ) { else if (where & SSL_CB_READ) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Read: %s", "%s: Read: %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
} }
else if (where & SSL_CB_WRITE) { else if (where & SSL_CB_WRITE) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Write: %s", "%s: Write: %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
} }
else if (where & SSL_CB_ALERT) { else if (where & SSL_CB_ALERT) {
char *str = (where & SSL_CB_READ) ? "read" : "write"; char *str = (where & SSL_CB_READ) ? "read" : "write";
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Alert: %s:%s:%s\n", "%s: Alert: %s:%s:%s\n",
SSL_LIBRARY_NAME, str, SSL_LIBRARY_NAME, str,
SSL_alert_type_string_long(rc), SSL_alert_type_string_long(rc),
@@ -1869,12 +1869,12 @@ void ssl_callback_LogTracingState(SSL *ssl, int where, int rc)
} }
else if (where & SSL_CB_EXIT) { else if (where & SSL_CB_EXIT) {
if (rc == 0) { if (rc == 0) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Exit: failed in %s", "%s: Exit: failed in %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
} }
else if (rc < 0) { else if (rc < 0) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"%s: Exit: error in %s", "%s: Exit: error in %s",
SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); SSL_LIBRARY_NAME, SSL_state_string_long(ssl));
} }
@@ -1887,7 +1887,7 @@ void ssl_callback_LogTracingState(SSL *ssl, int where, int rc)
* right after a finished handshake. * right after a finished handshake.
*/ */
if (where & SSL_CB_HANDSHAKE_DONE) { if (where & SSL_CB_HANDSHAKE_DONE) {
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Connection: Client IP: %s, Protocol: %s, " "Connection: Client IP: %s, Protocol: %s, "
"Cipher: %s (%s/%s bits)", "Cipher: %s (%s/%s bits)",
ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"), ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"),

4
modules/ssl/ssl_engine_log.c
View File

@@ -123,12 +123,12 @@ void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s)
annotation = ssl_log_annotation(err); annotation = ssl_log_annotation(err);
if (annotation) { if (annotation) {
ap_log_error(file, line, level|APLOG_NOERRNO, 0, s, ap_log_error(file, line, level, 0, s,
"SSL Library Error: %ld %s %s", "SSL Library Error: %ld %s %s",
e, err, annotation); e, err, annotation);
} }
else { else {
ap_log_error(file, line, level|APLOG_NOERRNO, 0, s, ap_log_error(file, line, level, 0, s,
"SSL Library Error: %ld %s", "SSL Library Error: %ld %s",
e, err); e, err);
} }

40
modules/ssl/ssl_engine_pphrase.c
View File

@@ -207,7 +207,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
continue; continue;
cpVHostID = ssl_util_vhostid(p, pServ); cpVHostID = ssl_util_vhostid(p, pServ);
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, pServ, ap_log_error(APLOG_MARK, APLOG_INFO, 0, pServ,
"Loading certificate & private key of SSL-aware server"); "Loading certificate & private key of SSL-aware server");
/* /*
@@ -215,7 +215,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
* because this file isn't encrypted in any way. * because this file isn't encrypted in any way.
*/ */
if (sc->server->pks->cert_files[0] == NULL) { if (sc->server->pks->cert_files[0] == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, pServ, ap_log_error(APLOG_MARK, APLOG_ERR, 0, pServ,
"Server should be SSL-aware but has no certificate " "Server should be SSL-aware but has no certificate "
"configured [Hint: SSLCertificateFile]"); "configured [Hint: SSLCertificateFile]");
ssl_die(); ssl_die();
@@ -232,7 +232,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
ssl_die(); ssl_die();
} }
if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) { if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Unable to read server certificate from file %s", szPath); "Init: Unable to read server certificate from file %s", szPath);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
ssl_die(); ssl_die();
@@ -245,7 +245,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
at = ssl_util_algotypeof(pX509Cert, NULL); at = ssl_util_algotypeof(pX509Cert, NULL);
an = ssl_util_algotypestr(at); an = ssl_util_algotypestr(at);
if (algoCert & at) { if (algoCert & at) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Multiple %s server certificates not " "Init: Multiple %s server certificates not "
"allowed", an); "allowed", an);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
@@ -357,7 +357,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
ssl_asn1_table_get(mc->tPrivateKey, key_id); ssl_asn1_table_get(mc->tPrivateKey, key_id);
if (asn1 && (asn1->source_mtime == pkey_mtime)) { if (asn1 && (asn1->source_mtime == pkey_mtime)) {
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, ap_log_error(APLOG_MARK, APLOG_INFO,
0, pServ, 0, pServ,
"%s reusing existing " "%s reusing existing "
"%s private key on restart", "%s private key on restart",
@@ -417,7 +417,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
} }
#ifdef WIN32 #ifdef WIN32
if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN) { if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: PassPhraseDialog BuiltIn not " "Init: PassPhraseDialog BuiltIn not "
"supported in server private key from file " "supported in server private key from file "
"%s", szPath); "%s", szPath);
@@ -433,7 +433,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
if (nPassPhraseDialogCur && pkey_mtime && if (nPassPhraseDialogCur && pkey_mtime &&
!(isterm = isatty(fileno(stdout)))) /* XXX: apr_isatty() */ !(isterm = isatty(fileno(stdout)))) /* XXX: apr_isatty() */
{ {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_ERR, 0,
pServ, pServ,
"Init: Unable to read pass phrase " "Init: Unable to read pass phrase "
"[Hint: key introduced or changed " "[Hint: key introduced or changed "
@@ -441,7 +441,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
} }
else { else {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_ERR, 0,
pServ, "Init: Private key not found"); pServ, "Init: Private key not found");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
} }
@@ -452,7 +452,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
} }
} }
else { else {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_ERR, 0,
pServ, "Init: Pass phrase incorrect"); pServ, "Init: Pass phrase incorrect");
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
@@ -466,7 +466,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
} }
if (pPrivateKey == NULL) { if (pPrivateKey == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Unable to read server private key from " "Init: Unable to read server private key from "
"file %s [Hint: Perhaps it is in a separate file? " "file %s [Hint: Perhaps it is in a separate file? "
" See SSLCertificateKeyFile]", szPath); " See SSLCertificateKeyFile]", szPath);
@@ -481,7 +481,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
at = ssl_util_algotypeof(NULL, pPrivateKey); at = ssl_util_algotypeof(NULL, pPrivateKey);
an = ssl_util_algotypestr(at); an = ssl_util_algotypestr(at);
if (algoKey & at) { if (algoKey & at) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Multiple %s server private keys not " "Init: Multiple %s server private keys not "
"allowed", an); "allowed", an);
ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
@@ -493,19 +493,19 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
* Log the type of reading * Log the type of reading
*/ */
if (nPassPhraseDialogCur == 0) { if (nPassPhraseDialogCur == 0) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, pServ, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ,
"unencrypted %s private key - pass phrase not " "unencrypted %s private key - pass phrase not "
"required", an); "required", an);
} }
else { else {
if (cpPassPhraseCur != NULL) { if (cpPassPhraseCur != NULL) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
pServ, pServ,
"encrypted %s private key - pass phrase " "encrypted %s private key - pass phrase "
"requested", an); "requested", an);
} }
else { else {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
pServ, pServ,
"encrypted %s private key - pass phrase" "encrypted %s private key - pass phrase"
" reused", an); " reused", an);
@@ -563,7 +563,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
*/ */
if (aPassPhrase->nelts) { if (aPassPhrase->nelts) {
pphrase_array_clear(aPassPhrase); pphrase_array_clear(aPassPhrase);
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Init: Wiped out the queried pass phrases from memory"); "Init: Wiped out the queried pass phrases from memory");
} }
@@ -700,12 +700,12 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv)
if (sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) { if (sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) {
if (!readtty) { if (!readtty) {
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Init: Creating pass phrase dialog pipe child " "Init: Creating pass phrase dialog pipe child "
"'%s'", sc->server->pphrase_dialog_path); "'%s'", sc->server->pphrase_dialog_path);
if (ssl_pipe_child_create(p, sc->server->pphrase_dialog_path) if (ssl_pipe_child_create(p, sc->server->pphrase_dialog_path)
!= APR_SUCCESS) { != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Failed to create pass phrase pipe '%s'", "Init: Failed to create pass phrase pipe '%s'",
sc->server->pphrase_dialog_path); sc->server->pphrase_dialog_path);
PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
@@ -713,7 +713,7 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv)
return (-1); return (-1);
} }
} }
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Init: Requesting pass phrase via piped dialog"); "Init: Requesting pass phrase via piped dialog");
} }
else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */ else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */
@@ -730,7 +730,7 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv)
*/ */
apr_file_open_stdout(&writetty, p); apr_file_open_stdout(&writetty, p);
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Init: Requesting pass phrase via builtin terminal " "Init: Requesting pass phrase via builtin terminal "
"dialog"); "dialog");
#endif #endif
@@ -789,7 +789,7 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv)
const char **argv = apr_palloc(p, sizeof(char *) * 4); const char **argv = apr_palloc(p, sizeof(char *) * 4);
char *result; char *result;
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Init: Requesting pass phrase from dialog filter " "Init: Requesting pass phrase from dialog filter "
"program (%s)", cmd); "program (%s)", cmd);

4
modules/ssl/ssl_engine_rand.c
View File

@@ -157,11 +157,11 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix)
} }
} }
} }
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"%sSeeding PRNG with %d bytes of entropy", prefix, nDone); "%sSeeding PRNG with %d bytes of entropy", prefix, nDone);
if (RAND_status() == 0) if (RAND_status() == 0)
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"%sPRNG still contains not sufficient entropy!", prefix); "%sPRNG still contains not sufficient entropy!", prefix);
return nDone; return nDone;

2
modules/ssl/ssl_scache.c
View File

@@ -78,7 +78,7 @@ void ssl_scache_init(server_rec *s, apr_pool_t *p)
* But we can operate without it, of course. * But we can operate without it, of course.
*/ */
if (mc->nSessionCacheMode == SSL_SCMODE_UNSET) { if (mc->nSessionCacheMode == SSL_SCMODE_UNSET) {
ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s,
"Init: Session Cache is not configured " "Init: Session Cache is not configured "
"[hint: SSLSessionCache]"); "[hint: SSLSessionCache]");
mc->nSessionCacheMode = SSL_SCMODE_NONE; mc->nSessionCacheMode = SSL_SCMODE_NONE;

4
modules/ssl/ssl_scache_dbm.c
View File

@@ -67,7 +67,7 @@ void ssl_scache_dbm_init(server_rec *s, apr_pool_t *p)
/* for the DBM we need the data file */ /* for the DBM we need the data file */
if (mc->szSessionCacheDataFile == NULL) { if (mc->szSessionCacheDataFile == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"SSLSessionCache required"); "SSLSessionCache required");
ssl_die(); ssl_die();
} }
@@ -413,7 +413,7 @@ void ssl_scache_dbm_expire(server_rec *s)
} }
ssl_mutex_off(s); ssl_mutex_off(s);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Inter-Process Session Cache (DBM) Expiry: " "Inter-Process Session Cache (DBM) Expiry: "
"old: %d, new: %d, removed: %d", "old: %d, new: %d, removed: %d",
nElements, nElements-nDeleted, nDeleted); nElements, nElements-nDeleted, nDeleted);

150
modules/ssl/ssl_scache_shmcb.c
View File

@@ -368,7 +368,7 @@ void ssl_scache_shmcb_init(server_rec *s, apr_pool_t *p)
* Create shared memory segment * Create shared memory segment
*/ */
if (mc->szSessionCacheDataFile == NULL) { if (mc->szSessionCacheDataFile == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"SSLSessionCache required"); "SSLSessionCache required");
ssl_die(); ssl_die();
} }
@@ -378,7 +378,7 @@ void ssl_scache_shmcb_init(server_rec *s, apr_pool_t *p)
mc->szSessionCacheDataFile, mc->szSessionCacheDataFile,
mc->pPool)) != APR_SUCCESS) { mc->pPool)) != APR_SUCCESS) {
char buf[100]; char buf[100];
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Cannot allocate shared memory: (%d)%s", rv, "Cannot allocate shared memory: (%d)%s", rv,
apr_strerror(rv, buf, sizeof(buf))); apr_strerror(rv, buf, sizeof(buf)));
ssl_die(); ssl_die();
@@ -386,15 +386,15 @@ void ssl_scache_shmcb_init(server_rec *s, apr_pool_t *p)
shm_segment = apr_shm_baseaddr_get(mc->pSessionCacheDataMM); shm_segment = apr_shm_baseaddr_get(mc->pSessionCacheDataMM);
shm_segsize = apr_shm_size_get(mc->pSessionCacheDataMM); shm_segsize = apr_shm_size_get(mc->pSessionCacheDataMM);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"shmcb_init allocated %u bytes of shared memory", "shmcb_init allocated %u bytes of shared memory",
shm_segsize); shm_segsize);
if (!shmcb_init_memory(s, shm_segment, shm_segsize)) { if (!shmcb_init_memory(s, shm_segment, shm_segsize)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Failure initialising 'shmcb' shared memory"); "Failure initialising 'shmcb' shared memory");
ssl_die(); ssl_die();
} }
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Shared memory session cache initialised"); "Shared memory session cache initialised");
/* /*
@@ -429,11 +429,11 @@ BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR *id, int idlen,
ssl_mutex_on(s); ssl_mutex_on(s);
if (!shmcb_store_session(s, shm_segment, id, idlen, pSession, timeout)) if (!shmcb_store_session(s, shm_segment, id, idlen, pSession, timeout))
/* in this cache engine, "stores" should never fail. */ /* in this cache engine, "stores" should never fail. */
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"'shmcb' code was unable to store a " "'shmcb' code was unable to store a "
"session in the cache."); "session in the cache.");
else { else {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"shmcb_store successful"); "shmcb_store successful");
to_return = TRUE; to_return = TRUE;
} }
@@ -453,12 +453,12 @@ SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *s, UCHAR *id, int idlen)
pSession = shmcb_retrieve_session(s, shm_segment, id, idlen); pSession = shmcb_retrieve_session(s, shm_segment, id, idlen);
ssl_mutex_off(s); ssl_mutex_off(s);
if (pSession) if (pSession)
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"shmcb_retrieve had a hit"); "shmcb_retrieve had a hit");
else { else {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"shmcb_retrieve had a miss"); "shmcb_retrieve had a miss");
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Client requested a 'session-resume' but " "Client requested a 'session-resume' but "
"we have no such session."); "we have no such session.");
} }
@@ -497,7 +497,7 @@ void ssl_scache_shmcb_status(server_rec *s, apr_pool_t *p,
double expiry_total; double expiry_total;
time_t average_expiry, now, max_expiry, min_expiry, idxexpiry; time_t average_expiry, now, max_expiry, min_expiry, idxexpiry;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"inside ssl_scache_shmcb_status"); "inside ssl_scache_shmcb_status");
/* We've kludged our pointer into the other cache's member variable. */ /* We've kludged our pointer into the other cache's member variable. */
@@ -568,7 +568,7 @@ void ssl_scache_shmcb_status(server_rec *s, apr_pool_t *p,
func(apr_psprintf(p, "total removes since starting: <b>%lu</b> hit, " func(apr_psprintf(p, "total removes since starting: <b>%lu</b> hit, "
"<b>%lu</b> miss<br>", header->num_removes_hit, "<b>%lu</b> miss<br>", header->num_removes_hit,
header->num_removes_miss), arg); header->num_removes_miss), arg);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"leaving shmcb_status"); "leaving shmcb_status");
return; return;
} }
@@ -588,7 +588,7 @@ static BOOL shmcb_init_memory(
SHMCBCache cache; SHMCBCache cache;
unsigned int temp, loop, granularity; unsigned int temp, loop, granularity;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"entered shmcb_init_memory()"); "entered shmcb_init_memory()");
/* Calculate some sizes... */ /* Calculate some sizes... */
@@ -596,7 +596,7 @@ static BOOL shmcb_init_memory(
/* If the segment is ridiculously too small, bail out */ /* If the segment is ridiculously too small, bail out */
if (shm_mem_size < (2*temp)) { if (shm_mem_size < (2*temp)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"shared memory segment too small"); "shared memory segment too small");
return FALSE; return FALSE;
} }
@@ -610,7 +610,7 @@ static BOOL shmcb_init_memory(
* the cache is full, which is a lot less stupid than having * the cache is full, which is a lot less stupid than having
* having not enough index space to utilise the whole cache!. */ * having not enough index space to utilise the whole cache!. */
temp /= 120; temp /= 120;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"for %u bytes, recommending %u indexes", "for %u bytes, recommending %u indexes",
shm_mem_size, temp); shm_mem_size, temp);
@@ -627,7 +627,7 @@ static BOOL shmcb_init_memory(
/* Too small? Bail ... */ /* Too small? Bail ... */
if (temp < 5) { if (temp < 5) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"shared memory segment too small"); "shared memory segment too small");
return FALSE; return FALSE;
} }
@@ -653,38 +653,38 @@ static BOOL shmcb_init_memory(
header->queue_size - header->cache_data_offset; header->queue_size - header->cache_data_offset;
/* Output trace info */ /* Output trace info */
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"shmcb_init_memory choices follow"); "shmcb_init_memory choices follow");
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"division_mask = 0x%02X", header->division_mask); "division_mask = 0x%02X", header->division_mask);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"division_offset = %u", header->division_offset); "division_offset = %u", header->division_offset);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"division_size = %u", header->division_size); "division_size = %u", header->division_size);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"queue_size = %u", header->queue_size); "queue_size = %u", header->queue_size);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"index_num = %u", header->index_num); "index_num = %u", header->index_num);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"index_offset = %u", header->index_offset); "index_offset = %u", header->index_offset);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"index_size = %u", header->index_size); "index_size = %u", header->index_size);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"cache_data_offset = %u", header->cache_data_offset); "cache_data_offset = %u", header->cache_data_offset);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"cache_data_size = %u", header->cache_data_size); "cache_data_size = %u", header->cache_data_size);
/* The header is done, make the caches empty */ /* The header is done, make the caches empty */
for (loop = 0; loop < granularity; loop++) { for (loop = 0; loop < granularity; loop++) {
if (!shmcb_get_division(header, &queue, &cache, loop)) if (!shmcb_get_division(header, &queue, &cache, loop))
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "shmcb_init_memory, " "internal error"); ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "shmcb_init_memory, " "internal error");
shmcb_set_safe_uint(cache.first_pos, 0); shmcb_set_safe_uint(cache.first_pos, 0);
shmcb_set_safe_uint(cache.pos_count, 0); shmcb_set_safe_uint(cache.pos_count, 0);
shmcb_set_safe_uint(queue.first_pos, 0); shmcb_set_safe_uint(queue.first_pos, 0);
shmcb_set_safe_uint(queue.pos_count, 0); shmcb_set_safe_uint(queue.pos_count, 0);
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"leaving shmcb_init_memory()"); "leaving shmcb_init_memory()");
return TRUE; return TRUE;
} }
@@ -704,17 +704,17 @@ static BOOL shmcb_store_session(
time_t expiry_time; time_t expiry_time;
unsigned char *session_id = SSL_SESSION_get_session_id(pSession); unsigned char *session_id = SSL_SESSION_get_session_id(pSession);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"inside shmcb_store_session"); "inside shmcb_store_session");
/* Get the header structure, which division this session will fall into etc. */ /* Get the header structure, which division this session will fall into etc. */
shmcb_get_header(shm_segment, &header); shmcb_get_header(shm_segment, &header);
masked_index = session_id[0] & header->division_mask; masked_index = session_id[0] & header->division_mask;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"session_id[0]=%u, masked index=%u", "session_id[0]=%u, masked index=%u",
session_id[0], masked_index); session_id[0], masked_index);
if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) { if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"shmcb_store_session internal error"); "shmcb_store_session internal error");
return FALSE; return FALSE;
} }
@@ -724,7 +724,7 @@ static BOOL shmcb_store_session(
* or we find some assurance that it will never be necessary. */ * or we find some assurance that it will never be necessary. */
len_encoded = i2d_SSL_SESSION(pSession, NULL); len_encoded = i2d_SSL_SESSION(pSession, NULL);
if (len_encoded > SSL_SESSION_MAX_DER) { if (len_encoded > SSL_SESSION_MAX_DER) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"session is too big (%u bytes)", len_encoded); "session is too big (%u bytes)", len_encoded);
return FALSE; return FALSE;
} }
@@ -734,11 +734,11 @@ static BOOL shmcb_store_session(
if (!shmcb_insert_encoded_session(s, &queue, &cache, encoded, if (!shmcb_insert_encoded_session(s, &queue, &cache, encoded,
len_encoded, session_id, len_encoded, session_id,
expiry_time)) { expiry_time)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"can't store a session!"); "can't store a session!");
return FALSE; return FALSE;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"leaving shmcb_store successfully"); "leaving shmcb_store successfully");
header->num_stores++; header->num_stores++;
return TRUE; return TRUE;
@@ -754,10 +754,10 @@ static SSL_SESSION *shmcb_retrieve_session(
unsigned char masked_index; unsigned char masked_index;
SSL_SESSION *pSession; SSL_SESSION *pSession;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"inside shmcb_retrieve_session"); "inside shmcb_retrieve_session");
if (idlen < 2) { if (idlen < 2) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "unusably short session_id provided " ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "unusably short session_id provided "
"(%u bytes)", idlen); "(%u bytes)", idlen);
return FALSE; return FALSE;
} }
@@ -766,10 +766,10 @@ static SSL_SESSION *shmcb_retrieve_session(
* will come from etc. */ * will come from etc. */
shmcb_get_header(shm_segment, &header); shmcb_get_header(shm_segment, &header);
masked_index = id[0] & header->division_mask; masked_index = id[0] & header->division_mask;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"id[0]=%u, masked index=%u", id[0], masked_index); "id[0]=%u, masked index=%u", id[0], masked_index);
if (!shmcb_get_division(header, &queue, &cache, (unsigned int) masked_index)) { if (!shmcb_get_division(header, &queue, &cache, (unsigned int) masked_index)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"shmcb_retrieve_session internal error"); "shmcb_retrieve_session internal error");
header->num_retrieves_miss++; header->num_retrieves_miss++;
return FALSE; return FALSE;
@@ -782,7 +782,7 @@ static SSL_SESSION *shmcb_retrieve_session(
header->num_retrieves_hit++; header->num_retrieves_hit++;
else else
header->num_retrieves_miss++; header->num_retrieves_miss++;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"leaving shmcb_retrieve_session"); "leaving shmcb_retrieve_session");
return pSession; return pSession;
} }
@@ -797,10 +797,10 @@ static BOOL shmcb_remove_session(
unsigned char masked_index; unsigned char masked_index;
BOOL res; BOOL res;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"inside shmcb_remove_session"); "inside shmcb_remove_session");
if (id == NULL) { if (id == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "remove called with NULL session_id!"); ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "remove called with NULL session_id!");
return FALSE; return FALSE;
} }
@@ -808,10 +808,10 @@ static BOOL shmcb_remove_session(
* will happen in etc. */ * will happen in etc. */
shmcb_get_header(shm_segment, &header); shmcb_get_header(shm_segment, &header);
masked_index = id[0] & header->division_mask; masked_index = id[0] & header->division_mask;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"id[0]=%u, masked index=%u", id[0], masked_index); "id[0]=%u, masked index=%u", id[0], masked_index);
if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) { if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "shmcb_remove_session, internal error"); ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "shmcb_remove_session, internal error");
header->num_removes_miss++; header->num_removes_miss++;
return FALSE; return FALSE;
} }
@@ -820,7 +820,7 @@ static BOOL shmcb_remove_session(
header->num_removes_hit++; header->num_removes_hit++;
else else
header->num_removes_miss++; header->num_removes_miss++;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"leaving shmcb_remove_session"); "leaving shmcb_remove_session");
return res; return res;
} }
@@ -1009,7 +1009,7 @@ static unsigned int shmcb_expire_division(
unsigned int loop, index_num, pos_count, new_pos; unsigned int loop, index_num, pos_count, new_pos;
SHMCBHeader *header; SHMCBHeader *header;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"entering shmcb_expire_division"); "entering shmcb_expire_division");
/* We must calculate num and space ourselves based on expiry times. */ /* We must calculate num and space ourselves based on expiry times. */
@@ -1033,7 +1033,7 @@ static unsigned int shmcb_expire_division(
/* Find the new_offset and make the expiries happen. */ /* Find the new_offset and make the expiries happen. */
if (loop > 0) { if (loop > 0) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"will be expiring %u sessions", loop); "will be expiring %u sessions", loop);
/* We calculate the new_offset by "peeking" (or in the /* We calculate the new_offset by "peeking" (or in the
* case it's the last entry, "sneaking" ;-). */ * case it's the last entry, "sneaking" ;-). */
@@ -1058,7 +1058,7 @@ static unsigned int shmcb_expire_division(
shmcb_get_safe_uint(&(idx->offset)))); shmcb_get_safe_uint(&(idx->offset))));
shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset))); shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset)));
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"we now have %u sessions", "we now have %u sessions",
shmcb_get_safe_uint(queue->pos_count)); shmcb_get_safe_uint(queue->pos_count));
} }
@@ -1085,7 +1085,7 @@ static BOOL shmcb_insert_encoded_session(
unsigned int gap, new_pos, loop, new_offset; unsigned int gap, new_pos, loop, new_offset;
int need; int need;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"entering shmcb_insert_encoded_session, " "entering shmcb_insert_encoded_session, "
"*queue->pos_count = %u", "*queue->pos_count = %u",
shmcb_get_safe_uint(queue->pos_count)); shmcb_get_safe_uint(queue->pos_count));
@@ -1108,7 +1108,7 @@ static BOOL shmcb_insert_encoded_session(
shmcb_get_safe_uint(&(idx->offset))); shmcb_get_safe_uint(&(idx->offset)));
} }
if (loop > 0) { if (loop > 0) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"about to scroll %u sessions from %u", "about to scroll %u sessions from %u",
loop, shmcb_get_safe_uint(queue->pos_count)); loop, shmcb_get_safe_uint(queue->pos_count));
/* We are removing "loop" items from the cache. */ /* We are removing "loop" items from the cache. */
@@ -1120,7 +1120,7 @@ static BOOL shmcb_insert_encoded_session(
shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset))); shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset)));
shmcb_set_safe_uint(queue->pos_count, shmcb_get_safe_uint(queue->pos_count) - loop); shmcb_set_safe_uint(queue->pos_count, shmcb_get_safe_uint(queue->pos_count) - loop);
shmcb_set_safe_uint(queue->first_pos, new_pos); shmcb_set_safe_uint(queue->first_pos, new_pos);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"now only have %u sessions", "now only have %u sessions",
shmcb_get_safe_uint(queue->pos_count)); shmcb_get_safe_uint(queue->pos_count));
/* Update the stats!!! */ /* Update the stats!!! */
@@ -1132,16 +1132,16 @@ static BOOL shmcb_insert_encoded_session(
* is verified. */ * is verified. */
if (shmcb_get_safe_uint(cache->pos_count) + encoded_len > if (shmcb_get_safe_uint(cache->pos_count) + encoded_len >
header->cache_data_size) { header->cache_data_size) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"shmcb_insert_encoded_session internal error"); "shmcb_insert_encoded_session internal error");
return FALSE; return FALSE;
} }
if (shmcb_get_safe_uint(queue->pos_count) == header->index_num) { if (shmcb_get_safe_uint(queue->pos_count) == header->index_num) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"shmcb_insert_encoded_session internal error"); "shmcb_insert_encoded_session internal error");
return FALSE; return FALSE;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"we have %u bytes and %u indexes free - enough", "we have %u bytes and %u indexes free - enough",
header->cache_data_size - header->cache_data_size -
shmcb_get_safe_uint(cache->pos_count), header->index_num - shmcb_get_safe_uint(cache->pos_count), header->index_num -
@@ -1170,12 +1170,12 @@ static BOOL shmcb_insert_encoded_session(
new_pos = shmcb_cyclic_increment(header->index_num, new_pos = shmcb_cyclic_increment(header->index_num,
shmcb_get_safe_uint(queue->first_pos), shmcb_get_safe_uint(queue->first_pos),
shmcb_get_safe_uint(queue->pos_count)); shmcb_get_safe_uint(queue->pos_count));
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"storing in index %u, at offset %u", "storing in index %u, at offset %u",
new_pos, new_offset); new_pos, new_offset);
idx = shmcb_get_index(queue, new_pos); idx = shmcb_get_index(queue, new_pos);
if (idx == NULL) { if (idx == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"shmcb_insert_encoded_session internal error"); "shmcb_insert_encoded_session internal error");
return FALSE; return FALSE;
} }
@@ -1185,7 +1185,7 @@ static BOOL shmcb_insert_encoded_session(
/* idx->removed = (unsigned char)0; */ /* Not needed given the memset above. */ /* idx->removed = (unsigned char)0; */ /* Not needed given the memset above. */
idx->s_id2 = session_id[1]; idx->s_id2 = session_id[1];
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"session_id[0]=%u, idx->s_id2=%u", "session_id[0]=%u, idx->s_id2=%u",
session_id[0], session_id[1]); session_id[0], session_id[1]);
@@ -1196,11 +1196,11 @@ static BOOL shmcb_insert_encoded_session(
shmcb_get_safe_uint(queue->pos_count) + 1); shmcb_get_safe_uint(queue->pos_count) + 1);
/* And just for good debugging measure ... */ /* And just for good debugging measure ... */
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"leaving now with %u bytes in the cache and %u indexes", "leaving now with %u bytes in the cache and %u indexes",
shmcb_get_safe_uint(cache->pos_count), shmcb_get_safe_uint(cache->pos_count),
shmcb_get_safe_uint(queue->pos_count)); shmcb_get_safe_uint(queue->pos_count));
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"leaving shmcb_insert_encoded_session"); "leaving shmcb_insert_encoded_session");
return TRUE; return TRUE;
} }
@@ -1221,7 +1221,7 @@ static SSL_SESSION *shmcb_lookup_session_id(
unsigned char *ptr; unsigned char *ptr;
time_t now; time_t now;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"entering shmcb_lookup_session_id"); "entering shmcb_lookup_session_id");
/* If there are entries to expire, ditch them first thing. */ /* If there are entries to expire, ditch them first thing. */
@@ -1231,11 +1231,11 @@ static SSL_SESSION *shmcb_lookup_session_id(
count = shmcb_get_safe_uint(queue->pos_count); count = shmcb_get_safe_uint(queue->pos_count);
header = queue->header; header = queue->header;
for (loop = 0; loop < count; loop++) { for (loop = 0; loop < count; loop++) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"loop=%u, count=%u, curr_pos=%u", "loop=%u, count=%u, curr_pos=%u",
loop, count, curr_pos); loop, count, curr_pos);
idx = shmcb_get_index(queue, curr_pos); idx = shmcb_get_index(queue, curr_pos);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"idx->s_id2=%u, id[1]=%u, offset=%u", "idx->s_id2=%u, id[1]=%u, offset=%u",
idx->s_id2, id[1], shmcb_get_safe_uint(&(idx->offset))); idx->s_id2, id[1], shmcb_get_safe_uint(&(idx->offset)));
/* Only look into the session further if; /* Only look into the session further if;
@@ -1252,7 +1252,7 @@ static SSL_SESSION *shmcb_lookup_session_id(
unsigned int session_id_length; unsigned int session_id_length;
unsigned char *session_id; unsigned char *session_id;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"at index %u, found possible session match", "at index %u, found possible session match",
curr_pos); curr_pos);
shmcb_cyclic_cton_memcpy(header->cache_data_size, shmcb_cyclic_cton_memcpy(header->cache_data_size,
@@ -1265,24 +1265,24 @@ static SSL_SESSION *shmcb_lookup_session_id(
session_id = SSL_SESSION_get_session_id(pSession); session_id = SSL_SESSION_get_session_id(pSession);
if (pSession == NULL) { if (pSession == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"scach2_lookup_session_id internal error"); "scach2_lookup_session_id internal error");
return NULL; return NULL;
} }
if ((session_id_length == idlen) && if ((session_id_length == idlen) &&
(memcmp(session_id, id, idlen) == 0)) { (memcmp(session_id, id, idlen) == 0)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"a match!"); "a match!");
return pSession; return pSession;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"not a match"); "not a match");
SSL_SESSION_free(pSession); SSL_SESSION_free(pSession);
pSession = NULL; pSession = NULL;
} }
curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1); curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1);
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"no matching sessions were found"); "no matching sessions were found");
return NULL; return NULL;
} }
@@ -1299,7 +1299,7 @@ static BOOL shmcb_remove_session_id(
unsigned char *ptr; unsigned char *ptr;
BOOL to_return = FALSE; BOOL to_return = FALSE;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"entering shmcb_remove_session_id"); "entering shmcb_remove_session_id");
/* If there's entries to expire, ditch them first thing. */ /* If there's entries to expire, ditch them first thing. */
@@ -1318,11 +1318,11 @@ static BOOL shmcb_remove_session_id(
count = shmcb_get_safe_uint(queue->pos_count); count = shmcb_get_safe_uint(queue->pos_count);
header = cache->header; header = cache->header;
for (loop = 0; loop < count; loop++) { for (loop = 0; loop < count; loop++) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"loop=%u, count=%u, curr_pos=%u", "loop=%u, count=%u, curr_pos=%u",
loop, count, curr_pos); loop, count, curr_pos);
idx = shmcb_get_index(queue, curr_pos); idx = shmcb_get_index(queue, curr_pos);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"idx->s_id2=%u, id[1]=%u", idx->s_id2, "idx->s_id2=%u, id[1]=%u", idx->s_id2,
id[1]); id[1]);
/* Only look into the session further if the second byte of the /* Only look into the session further if the second byte of the
@@ -1331,7 +1331,7 @@ static BOOL shmcb_remove_session_id(
unsigned int session_id_length; unsigned int session_id_length;
unsigned char *session_id; unsigned char *session_id;
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"at index %u, found possible " "at index %u, found possible "
"session match", curr_pos); "session match", curr_pos);
shmcb_cyclic_cton_memcpy(header->cache_data_size, shmcb_cyclic_cton_memcpy(header->cache_data_size,
@@ -1341,7 +1341,7 @@ static BOOL shmcb_remove_session_id(
ptr = tempasn; ptr = tempasn;
pSession = d2i_SSL_SESSION(NULL, &ptr, SSL_SESSION_MAX_DER); pSession = d2i_SSL_SESSION(NULL, &ptr, SSL_SESSION_MAX_DER);
if (pSession == NULL) { if (pSession == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"shmcb_remove_session_id, internal error"); "shmcb_remove_session_id, internal error");
goto end; goto end;
} }
@@ -1350,7 +1350,7 @@ static BOOL shmcb_remove_session_id(
if ((session_id_length == idlen) if ((session_id_length == idlen)
&& (memcmp(id, session_id, idlen) == 0)) { && (memcmp(id, session_id, idlen) == 0)) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"a match!"); "a match!");
/* Scrub out this session "quietly" */ /* Scrub out this session "quietly" */
idx->removed = (unsigned char) 1; idx->removed = (unsigned char) 1;
@@ -1358,20 +1358,20 @@ static BOOL shmcb_remove_session_id(
to_return = TRUE; to_return = TRUE;
goto end; goto end;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"not a match"); "not a match");
SSL_SESSION_free(pSession); SSL_SESSION_free(pSession);
pSession = NULL; pSession = NULL;
} }
curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1); curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1);
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"no matching sessions were found"); "no matching sessions were found");
/* If there's entries to expire, ditch them now. */ /* If there's entries to expire, ditch them now. */
shmcb_expire_division(s, queue, cache); shmcb_expire_division(s, queue, cache);
end: end:
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"leaving shmcb_remove_session_id"); "leaving shmcb_remove_session_id");
return to_return; return to_return;
} }

10
modules/ssl/ssl_scache_shmht.c
View File

@@ -117,7 +117,7 @@ void ssl_scache_shmht_init(server_rec *s, apr_pool_t *p)
* Create shared memory segment * Create shared memory segment
*/ */
if (mc->szSessionCacheDataFile == NULL) { if (mc->szSessionCacheDataFile == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"SSLSessionCache required"); "SSLSessionCache required");
ssl_die(); ssl_die();
} }
@@ -137,7 +137,7 @@ void ssl_scache_shmht_init(server_rec *s, apr_pool_t *p)
"Cannot initialize rmm"); "Cannot initialize rmm");
ssl_die(); ssl_die();
} }
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"initialize MM %p RMM %p", "initialize MM %p RMM %p",
mc->pSessionCacheDataMM, mc->pSessionCacheDataRMM); mc->pSessionCacheDataMM, mc->pSessionCacheDataRMM);
@@ -157,7 +157,7 @@ void ssl_scache_shmht_init(server_rec *s, apr_pool_t *p)
ssl_scache_shmht_calloc, ssl_scache_shmht_calloc,
ssl_scache_shmht_realloc, ssl_scache_shmht_realloc,
ssl_scache_shmht_free, s )) == NULL) { ssl_scache_shmht_free, s )) == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Cannot allocate hash table in shared memory: %s", "Cannot allocate hash table in shared memory: %s",
table_strerror(ta_errno)); table_strerror(ta_errno));
ssl_die(); ssl_die();
@@ -171,7 +171,7 @@ void ssl_scache_shmht_init(server_rec *s, apr_pool_t *p)
/* /*
* Log the done work * Log the done work
*/ */
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Init: Created hash-table (%d buckets) " "Init: Created hash-table (%d buckets) "
"in shared memory (%d bytes) for SSL session cache", "in shared memory (%d bytes) for SSL session cache",
n, avail); n, avail);
@@ -340,7 +340,7 @@ void ssl_scache_shmht_expire(server_rec *s)
/* (vpKeyThis != vpKey) && (nKeyThis != nKey) */ /* (vpKeyThis != vpKey) && (nKeyThis != nKey) */
} }
ssl_mutex_off(s); ssl_mutex_off(s);
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,
"Inter-Process Session Cache (SHMHT) Expiry: " "Inter-Process Session Cache (SHMHT) Expiry: "
"old: %d, new: %d, removed: %d", "old: %d, new: %d, removed: %d",
nElements, nElements-nDeleted, nDeleted); nElements, nElements-nDeleted, nDeleted);