Introduce SSLLOG_MARK for use with ssl_log_ssl_error(). This will allow to

redefine APLOG_MARK later. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@951194 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2010-06-03 22:57:00 +00:00
parent 4a3208e16a
commit 7d6bd86673
9 changed files with 45 additions and 44 deletions
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -417,7 +417,7 @@ int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
                      "Unable to create a new SSL connection from the SSL "
                      "context");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, server);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, server);

        c->aborted = 1;

@@ -432,7 +432,7 @@ int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
    {
        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
                      "Unable to set session id context to '%s'", vhost_md5);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, server);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, server);

        c->aborted = 1;

--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -97,7 +97,7 @@ static int ssl_tmp_key_init_rsa(server_rec *s,
        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                     "Init: Failed to generate temporary "
                     "%d bit RSA private key", bits);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
        return !OK;
    }

@@ -270,7 +270,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
            }
            else {
                ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "FIPS mode failed");
-                ssl_log_ssl_error(APLOG_MARK, APLOG_EMERG, s);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
                ssl_die();
            }
        }
@@ -363,7 +363,7 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p)
            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                         "Init: Failed to load Crypto Device API `%s'",
                         mc->szCryptoDevice);
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
            ssl_die();
        }

@@ -375,7 +375,7 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p)
            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                         "Init: Failed to enable Crypto Device API `%s'",
                         mc->szCryptoDevice);
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
            ssl_die();
        }
        ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, 
@@ -440,7 +440,7 @@ static void ssl_init_ctx_tls_extensions(server_rec *s,
        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                     "Unable to initialize TLS servername extension "
                     "callback (incompatible OpenSSL version?)");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
        ssl_die();
    }

@@ -631,7 +631,7 @@ static void ssl_init_ctx_verify(server_rec *s,
            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                    "Unable to configure verify locations "
                    "for client authentication");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
            ssl_die();
        }

@@ -691,7 +691,7 @@ static void ssl_init_ctx_cipher_suite(server_rec *s,
    if (!SSL_CTX_set_cipher_list(ctx, MODSSL_PCHAR_CAST suite)) {
        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                "Unable to configure permitted SSL ciphers");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
        ssl_die();
    }
 }
@@ -720,7 +720,7 @@ static void ssl_init_ctx_crl(server_rec *s,
        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                "Unable to configure X.509 CRL storage "
                "for certificate revocation");
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
        ssl_die();
    }
 }
@@ -837,14 +837,14 @@ static int ssl_server_import_cert(server_rec *s,
    if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) {
        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                "Unable to import %s server certificate", type);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
        ssl_die();
    }

    if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) {
        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                "Unable to configure %s server certificate", type);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
        ssl_die();
    }
  
@@ -893,14 +893,14 @@ static int ssl_server_import_key(server_rec *s,
    {
        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                "Unable to import %s server private key", type);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
        ssl_die();
    }

    if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) {
        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                "Unable to configure %s server private key", type);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
        ssl_die();
    }

@@ -915,7 +915,7 @@ static int ssl_server_import_key(server_rec *s,
            EVP_PKEY_copy_parameters(pubkey, pkey);
            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                    "Copying DSA parameters from private key to certificate");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
            EVP_PKEY_free(pubkey);
        }
    }
--- a/modules/ssl/ssl_engine_io.c
+++ b/modules/ssl/ssl_engine_io.c
@@ -721,7 +721,7 @@ static apr_status_t ssl_io_input_read(bio_filter_in_ctx_t *inctx,
                 */
                ap_log_cerror(APLOG_MARK, APLOG_INFO, inctx->rc, c,
                              "SSL library error %d reading data", ssl_err);
-                ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, mySrvFromConn(c));
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, mySrvFromConn(c));

            }
            if (inctx->rc == APR_SUCCESS) {
@@ -828,7 +828,7 @@ static apr_status_t ssl_filter_write(ap_filter_t *f,
             */
            ap_log_cerror(APLOG_MARK, APLOG_INFO, outctx->rc, c,
                          "SSL library error %d writing data", ssl_err);
-            ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, mySrvFromConn(c));
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, mySrvFromConn(c));
        }
        if (outctx->rc == APR_SUCCESS) {
            outctx->rc = APR_EGENERAL;
@@ -898,7 +898,7 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f,
            ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c,
                         "SSL handshake failed: HTTP spoken on HTTPS port; "
                         "trying to send HTML error page");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, sslconn->server);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, sslconn->server);

            sslconn->non_ssl_request = 1;
            ssl_io_filter_disable(sslconn, f);
@@ -1085,7 +1085,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
        if ((n = SSL_connect(filter_ctx->pssl)) <= 0) {
            ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c,
                          "SSL Proxy connect failed");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);
            /* ensure that the SSL structures etc are freed, etc: */
            ssl_filter_io_shutdown(filter_ctx, c, 1);
            return MODSSL_ERROR_BAD_GATEWAY;
@@ -1180,7 +1180,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
                          "SSL library error %d in handshake "
                          "(server %s)", ssl_err,
                          ssl_util_vhostid(c->pool, server));
-            ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);

        }
        if (inctx->rc == APR_SUCCESS) {
@@ -1216,7 +1216,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
                          "accepting certificate based on "
                          "\"SSLVerifyClient optional_no_ca\" "
                          "configuration");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);
        }
        else {
            const char *error = sslconn->verify_error ?
@@ -1226,7 +1226,7 @@ static apr_status_t ssl_io_filter_handshake(ssl_filter_ctx_t *filter_ctx)
            ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c,
                         "SSL client authentication failed: %s",
                         error ? error : "unknown");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);

            ssl_filter_io_shutdown(filter_ctx, c, 1);
            return APR_ECONNABORTED;
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -414,7 +414,7 @@ int ssl_hook_Access(request_rec *r)
            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
                          "Unable to reconfigure (per-directory) "
                          "permitted SSL ciphers");
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);

            if (cipher_list_old) {
                sk_SSL_CIPHER_free(cipher_list_old);
@@ -733,7 +733,7 @@ int ssl_hook_Access(request_rec *r)
            if (!modssl_X509_verify_cert(&cert_store_ctx)) {
                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                              "Re-negotiation verification step failed");
-                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
            }

            SSL_set_verify_result(ssl, cert_store_ctx.error);
@@ -790,7 +790,7 @@ int ssl_hook_Access(request_rec *r)
            if (SSL_get_state(ssl) != SSL_ST_OK) {
                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                              "Re-negotiation request failed");
-                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);

                r->connection->keepalive = AP_CONN_CLOSE;
                return HTTP_FORBIDDEN;
@@ -1352,7 +1352,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
    /*
     * Log verification information
     */
-    ssl_log_cxerror(APLOG_MARK, APLOG_DEBUG, 0, conn,
+    ssl_log_cxerror(SSLLOG_MARK, APLOG_DEBUG, 0, conn,
                    X509_STORE_CTX_get_current_cert(ctx),
                    "Certificate Verification, depth %d",
                    errdepth);
--- a/modules/ssl/ssl_engine_ocsp.c
+++ b/modules/ssl/ssl_engine_ocsp.c
@@ -110,7 +110,7 @@ static OCSP_REQUEST *create_request(X509_STORE_CTX *ctx, X509 *cert,

    *certid = OCSP_cert_to_id(NULL, cert, ctx->current_issuer);
    if (!*certid || !OCSP_request_add0_id(req, *certid)) {
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                     "could not retrieve certificate id");
        return NULL;
@@ -164,7 +164,7 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
    if (rc == V_OCSP_CERTSTATUS_GOOD) {
        basicResponse = OCSP_response_get1_basic(response);
        if (!basicResponse) {
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
            ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
                          "could not retrieve OCSP basic response");
            rc = V_OCSP_CERTSTATUS_UNKNOWN;
@@ -182,7 +182,7 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
    if (rc == V_OCSP_CERTSTATUS_GOOD) {
        /* TODO: allow flags configuration. */
        if (OCSP_basic_verify(basicResponse, NULL, ctx->ctx, 0) != 1) {
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
            ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                        "failed to verify the OCSP response");
            rc = V_OCSP_CERTSTATUS_UNKNOWN;
@@ -196,8 +196,8 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
        rc = OCSP_resp_find_status(basicResponse, certID, &status,
                                   &reason, NULL, &thisup, &nextup);
        if (rc != 1) {
-            ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-            ssl_log_cxerror(APLOG_MARK, APLOG_ERR, 0, c, cert,
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+            ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert,
                            "failed to retrieve OCSP response status");
            rc = V_OCSP_CERTSTATUS_UNKNOWN;
        }
@@ -215,8 +215,8 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
            int vrc  = OCSP_check_validity(thisup, nextup, MAX_SKEW, MAX_AGE);
            
            if (vrc != 1) {
-                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
-                ssl_log_cxerror(APLOG_MARK, APLOG_ERR, 0, c, cert,
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+                ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert,
                                "OCSP response outside validity period");
                rc = V_OCSP_CERTSTATUS_UNKNOWN;
            }
@@ -229,7 +229,7 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
                status == V_OCSP_CERTSTATUS_GOOD ? "good" : 
                (status == V_OCSP_CERTSTATUS_REVOKED ? "revoked" : "unknown");

-            ssl_log_cxerror(APLOG_MARK, level, 0, c, cert,
+            ssl_log_cxerror(SSLLOG_MARK, level, 0, c, cert,
                            "OCSP validation completed, "
                            "certificate status: %s (%d, %d)",
                            result, status, reason);
--- a/modules/ssl/ssl_engine_pphrase.c
+++ b/modules/ssl/ssl_engine_pphrase.c
@@ -218,7 +218,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                    ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                                 "Init: Unable to read server certificate from"
                                 " file %s", szPath);
-                    ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+                    ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
                    ssl_die();
                }
            }
@@ -232,7 +232,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                             "Init: Multiple %s server certificates not "
                             "allowed", an);
-                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
                ssl_die();
            }
            algoCert |= at;
@@ -426,12 +426,12 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                                     "Init: Unable to read pass phrase "
                                     "[Hint: key introduced or changed "
                                     "before restart?]");
-                        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
+                        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, pServ);
                    }
                    else {
                        ap_log_error(APLOG_MARK, APLOG_ERR, 0,
                                     pServ, "Init: Private key not found");
-                        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
+                        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, pServ);
                    }
                    if (writetty) {
                        apr_file_printf(writetty, "Apache:mod_ssl:Error: Private key not found.\n");
@@ -441,7 +441,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                else {
                    ap_log_error(APLOG_MARK, APLOG_ERR, 0,
                                 pServ, "Init: Pass phrase incorrect");
-                    ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
+                    ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, pServ);

                    if (writetty) {
                        apr_file_printf(writetty, "Apache:mod_ssl:Error: Pass phrase incorrect.\n");
@@ -456,7 +456,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                            "Init: Unable to read server private key from "
                            "file %s [Hint: Perhaps it is in a separate file? "
                            "  See SSLCertificateKeyFile]", szPath);
-                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
                ssl_die();
            }

@@ -470,7 +470,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
                ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
                             "Init: Multiple %s server private keys not "
                             "allowed", an);
-                ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
                ssl_die();
            }
            algoKey |= at;
--- a/modules/ssl/ssl_private.h
+++ b/modules/ssl/ssl_private.h
@@ -749,6 +749,7 @@ void ssl_log_cxerror(const char *file, int line, int level,
                     const char *format, ...)
    __attribute__((format(printf,7,8)));

+#define SSLLOG_MARK              __FILE__,__LINE__

 /**  Variables  */

--- a/modules/ssl/ssl_util.c
+++ b/modules/ssl/ssl_util.c
@@ -295,7 +295,7 @@ STACK_OF(X509) *ssl_read_pkcs7(server_rec *s, const char *pkcs7)
    if (!p7) {
        ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
                     "Can't read PKCS7 object %s", pkcs7);
-        ssl_log_ssl_error(APLOG_MARK, APLOG_CRIT, s);
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_CRIT, s);
        exit(1);
    }

--- a/modules/ssl/ssl_util_ocsp.c
+++ b/modules/ssl/ssl_util_ocsp.c
@@ -262,7 +262,7 @@ static OCSP_RESPONSE *read_response(apr_socket_t *sd, BIO *bio, conn_rec *c,
     * bio. */
    response = d2i_OCSP_RESPONSE_bio(bio, NULL);
    if (response == NULL) {
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, mySrvFromConn(c));
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
                      "failed to decode OCSP response data");
    }
@@ -281,7 +281,7 @@ OCSP_RESPONSE *modssl_dispatch_ocsp_request(const apr_uri_t *uri,

    bio = serialize_request(request, uri);
    if (bio == NULL) {
-        ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, mySrvFromConn(c));
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
                      "could not serialize OCSP request");
        return NULL;