Introduce SSLLOG_MARK for use with ssl_log_ssl_error(). This will allow to

redefine APLOG_MARK later.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@951194 13f79535-47bb-0310-9956-ffa450edef68

modules/ssl/mod_ssl.c

@@ -417,7 +417,7 @@ int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
         ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
                       "Unable to create a new SSL connection from the SSL "
                       "context");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, server);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, server);
 
         c->aborted = 1;
 
@@ -432,7 +432,7 @@ int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
     {
         ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
                       "Unable to set session id context to '%s'", vhost_md5);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, server);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, server);
 
         c->aborted = 1;
 

modules/ssl/ssl_engine_init.c

@@ -97,7 +97,7 @@ static int ssl_tmp_key_init_rsa(server_rec *s,
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                      "Init: Failed to generate temporary "
                      "%d bit RSA private key", bits);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
         return !OK;
     }
 
@@ -270,7 +270,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
             }
             else {
                 ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "FIPS mode failed");
-                ssl_log_ssl_error(APLOG_MARK, APLOG_EMERG, s);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
                 ssl_die();
             }
         }
@@ -363,7 +363,7 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p)
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                          "Init: Failed to load Crypto Device API `%s'",
                          mc->szCryptoDevice);
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             ssl_die();
         }
 
@@ -375,7 +375,7 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p)
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                          "Init: Failed to enable Crypto Device API `%s'",
                          mc->szCryptoDevice);
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             ssl_die();
         }
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, 
@@ -440,7 +440,7 @@ static void ssl_init_ctx_tls_extensions(server_rec *s,
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                      "Unable to initialize TLS servername extension "
                      "callback (incompatible OpenSSL version?)");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
         ssl_die();
     }
 
@@ -631,7 +631,7 @@ static void ssl_init_ctx_verify(server_rec *s,
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                     "Unable to configure verify locations "
                     "for client authentication");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             ssl_die();
         }
 
@@ -691,7 +691,7 @@ static void ssl_init_ctx_cipher_suite(server_rec *s,
     if (!SSL_CTX_set_cipher_list(ctx, MODSSL_PCHAR_CAST suite)) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                 "Unable to configure permitted SSL ciphers");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
         ssl_die();
     }
 }
@@ -720,7 +720,7 @@ static void ssl_init_ctx_crl(server_rec *s,
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                 "Unable to configure X.509 CRL storage "
                 "for certificate revocation");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
         ssl_die();
     }
 }
@@ -837,14 +837,14 @@ static int ssl_server_import_cert(server_rec *s,
     if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                 "Unable to import %s server certificate", type);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
         ssl_die();
     }
 
     if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                 "Unable to configure %s server certificate", type);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
         ssl_die();
     }
   
@@ -893,14 +893,14 @@ static int ssl_server_import_key(server_rec *s,
     {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                 "Unable to import %s server private key", type);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
         ssl_die();
     }
 
     if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) {
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                 "Unable to configure %s server private key", type);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
         ssl_die();
     }
 
@@ -915,7 +915,7 @@ static int ssl_server_import_key(server_rec *s,
             EVP_PKEY_copy_parameters(pubkey, pkey);
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                     "Copying DSA parameters from private key to certificate");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             EVP_PKEY_free(pubkey);
         }
     }

modules/ssl/ssl_engine_io.c

@@ -721,7 +721,7 @@ static apr_status_t ssl_io_input_read(bio_filter_in_ctx_t *inctx,
                  */
                 ap_log_cerror(APLOG_MARK, APLOG_INFO, inctx->rc, c,
                               "SSL library error %d reading data", ssl_err);
-                ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, mySrvFromConn(c));
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, mySrvFromConn(c));
 
             }
             if (inctx->rc == APR_SUCCESS) {
@@ -828,7 +828,7 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
              */
             ap_log_cerror(APLOG_MARK, APLOG_INFO, outctx->rc, c,
                           "SSL library error %d writing data", ssl_err);
-            ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, mySrvFromConn(c));
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, mySrvFromConn(c));
         }
         if (outctx->rc == APR_SUCCESS) {
             outctx->rc = APR_EGENERAL;
@@ -898,7 +898,7 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f,
             ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c,
                          "SSL handshake failed: HTTP spoken on HTTPS port; "
                          "trying to send HTML error page");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, sslconn->server);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, sslconn->server);
 
             sslconn->non_ssl_request = 1;
             ssl_io_filter_disable(sslconn, f);
@@ -1085,7 +1085,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
         if ((n = SSL_connect(filter_ctx->pssl)) <= 0) {
             ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c,
                           "SSL Proxy connect failed");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);
             /* ensure that the SSL structures etc are freed, etc: */
             ssl_filter_io_shutdown(filter_ctx, c, 1);
             return MODSSL_ERROR_BAD_GATEWAY;
@@ -1180,7 +1180,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
                           "SSL library error %d in handshake "
                           "(server %s)", ssl_err,
                           ssl_util_vhostid(c->pool, server));
-            ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);
 
         }
         if (inctx->rc == APR_SUCCESS) {
@@ -1216,7 +1216,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
                           "accepting certificate based on "
                           "\"SSLVerifyClient optional_no_ca\" "
                           "configuration");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);
         }
         else {
             const char *error = sslconn->verify_error ?
@@ -1226,7 +1226,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
             ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c,
                          "SSL client authentication failed: %s",
                          error ? error : "unknown");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);
 
             ssl_filter_io_shutdown(filter_ctx, c, 1);
             return APR_ECONNABORTED;

modules/ssl/ssl_engine_kernel.c

@@ -414,7 +414,7 @@ int ssl_hook_Access(request_rec *r)
             ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
                           "Unable to reconfigure (per-directory) "
                           "permitted SSL ciphers");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
 
             if (cipher_list_old) {
                 sk_SSL_CIPHER_free(cipher_list_old);
@@ -733,7 +733,7 @@ int ssl_hook_Access(request_rec *r)
             if (!modssl_X509_verify_cert(&cert_store_ctx)) {
                 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                               "Re-negotiation verification step failed");
-                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
             }
 
             SSL_set_verify_result(ssl, cert_store_ctx.error);
@@ -790,7 +790,7 @@ int ssl_hook_Access(request_rec *r)
             if (SSL_get_state(ssl) != SSL_ST_OK) {
                 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                               "Re-negotiation request failed");
-                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
 
                 r->connection->keepalive = AP_CONN_CLOSE;
                 return HTTP_FORBIDDEN;
@@ -1352,7 +1352,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
     /*
      * Log verification information
      */
-    ssl_log_cxerror(APLOG_MARK, APLOG_DEBUG, 0, conn,
+    ssl_log_cxerror(SSLLOG_MARK, APLOG_DEBUG, 0, conn,
                     X509_STORE_CTX_get_current_cert(ctx),
                     "Certificate Verification, depth %d",
                     errdepth);

modules/ssl/ssl_engine_ocsp.c

@@ -110,7 +110,7 @@ static OCSP_REQUEST *create_request(X509_STORE_CTX *ctx, X509 *cert,
 
     *certid = OCSP_cert_to_id(NULL, cert, ctx->current_issuer);
     if (!*certid || !OCSP_request_add0_id(req, *certid)) {
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                      "could not retrieve certificate id");
         return NULL;
@@ -164,7 +164,7 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
     if (rc == V_OCSP_CERTSTATUS_GOOD) {
         basicResponse = OCSP_response_get1_basic(response);
         if (!basicResponse) {
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
                           "could not retrieve OCSP basic response");
             rc = V_OCSP_CERTSTATUS_UNKNOWN;
@@ -182,7 +182,7 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
     if (rc == V_OCSP_CERTSTATUS_GOOD) {
         /* TODO: allow flags configuration. */
         if (OCSP_basic_verify(basicResponse, NULL, ctx->ctx, 0) != 1) {
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                         "failed to verify the OCSP response");
             rc = V_OCSP_CERTSTATUS_UNKNOWN;
@@ -196,8 +196,8 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
         rc = OCSP_resp_find_status(basicResponse, certID, &status,
                                    &reason, NULL, &thisup, &nextup);
         if (rc != 1) {
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
-            ssl_log_cxerror(APLOG_MARK, APLOG_ERR, 0, c, cert,
+            ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert,
                             "failed to retrieve OCSP response status");
             rc = V_OCSP_CERTSTATUS_UNKNOWN;
         }
@@ -215,8 +215,8 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
             int vrc  = OCSP_check_validity(thisup, nextup, MAX_SKEW, MAX_AGE);
             
             if (vrc != 1) {
-                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
-                ssl_log_cxerror(APLOG_MARK, APLOG_ERR, 0, c, cert,
+                ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert,
                                 "OCSP response outside validity period");
                 rc = V_OCSP_CERTSTATUS_UNKNOWN;
             }
@@ -229,7 +229,7 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
                 status == V_OCSP_CERTSTATUS_GOOD ? "good" : 
                 (status == V_OCSP_CERTSTATUS_REVOKED ? "revoked" : "unknown");
 
-            ssl_log_cxerror(APLOG_MARK, level, 0, c, cert,
+            ssl_log_cxerror(SSLLOG_MARK, level, 0, c, cert,
                             "OCSP validation completed, "
                             "certificate status: %s (%d, %d)",
                             result, status, reason);

modules/ssl/ssl_engine_pphrase.c

@@ -218,7 +218,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                     ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                                  "Init: Unable to read server certificate from"
                                  " file %s", szPath);
-                    ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+                    ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
                     ssl_die();
                 }
             }
@@ -232,7 +232,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                              "Init: Multiple %s server certificates not "
                              "allowed", an);
-                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
                 ssl_die();
             }
             algoCert |= at;
@@ -426,12 +426,12 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                                      "Init: Unable to read pass phrase "
                                      "[Hint: key introduced or changed "
                                      "before restart?]");
-                        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
+                        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, pServ);
                     }
                     else {
                         ap_log_error(APLOG_MARK, APLOG_ERR, 0,
                                      pServ, "Init: Private key not found");
-                        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
+                        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, pServ);
                     }
                     if (writetty) {
                         apr_file_printf(writetty, "Apache:mod_ssl:Error: Private key not found.\n");
@@ -441,7 +441,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                 else {
                     ap_log_error(APLOG_MARK, APLOG_ERR, 0,
                                  pServ, "Init: Pass phrase incorrect");
-                    ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
+                    ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, pServ);
 
                     if (writetty) {
                         apr_file_printf(writetty, "Apache:mod_ssl:Error: Pass phrase incorrect.\n");
@@ -456,7 +456,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                             "Init: Unable to read server private key from "
                             "file %s [Hint: Perhaps it is in a separate file? "
                             "  See SSLCertificateKeyFile]", szPath);
-                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
                 ssl_die();
             }
 
@@ -470,7 +470,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                 ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                              "Init: Multiple %s server private keys not "
                              "allowed", an);
-                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
                 ssl_die();
             }
             algoKey |= at;

modules/ssl/ssl_private.h

@@ -749,6 +749,7 @@ void ssl_log_cxerror(const char *file, int line, int level,
                      const char *format, ...)
     __attribute__((format(printf,7,8)));
 
+#define SSLLOG_MARK              __FILE__,__LINE__
 
 /**  Variables  */
 

modules/ssl/ssl_util.c

@@ -295,7 +295,7 @@ STACK_OF(X509) *ssl_read_pkcs7(server_rec *s, const char *pkcs7)
     if (!p7) {
         ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
                      "Can't read PKCS7 object %s", pkcs7);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_CRIT, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_CRIT, s);
         exit(1);
     }
 

modules/ssl/ssl_util_ocsp.c

@@ -262,7 +262,7 @@ static OCSP_RESPONSE *read_response(apr_socket_t *sd, BIO *bio, conn_rec *c,
      * bio. */
     response = d2i_OCSP_RESPONSE_bio(bio, NULL);
     if (response == NULL) {
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, mySrvFromConn(c));
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
         ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
                       "failed to decode OCSP response data");
     }
@@ -281,7 +281,7 @@ OCSP_RESPONSE *modssl_dispatch_ocsp_request(const apr_uri_t *uri,
 
     bio = serialize_request(request, uri);
     if (bio == NULL) {
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, mySrvFromConn(c));
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
         ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
                       "could not serialize OCSP request");
         return NULL;