www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

Add some more log message tags

Browse Source 
Add some more mod_ssl macros that confuse coccinelle. Remove restriction
on format string because it causes coccinelle to not consider multi line format
strings.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1210284 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Stefan Fritsch
2011-12-04 23:57:02 +00:00
parent 34742c3550
commit 9701a5af4f
6 changed files with 49 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/log-message-tags/find-messages.cocci
View File

@@ -1,6 +1,6 @@
@r@ @r@
expression rv, s; expression rv, s;
constant char [] format !~ "APLOGNO"; constant char [] format;
identifier level =~ "^APLOG_(EMERG|ALERT|CRIT|ERR|WARNING|NOTICE|INFO|STARTUP|DEBUG)$"; identifier level =~ "^APLOG_(EMERG|ALERT|CRIT|ERR|WARNING|NOTICE|INFO|STARTUP|DEBUG)$";
identifier fn =~ "^ap_log_(|r|c|p)error$"; identifier fn =~ "^ap_log_(|r|c|p)error$";

6
docs/log-message-tags/macros.h
View File

@@ -24,3 +24,9 @@
#define BOOL int #define BOOL int
#define STACK_OF(x) x #define STACK_OF(x) x
#define MODSSL_D2I_SSL_SESSION_CONST
#define MODSSL_D2I_ASN1_type_bytes_CONST
#define MODSSL_D2I_PrivateKey_CONST
#define MODSSL_D2I_X509_CONST
#define MODSSL_SSL_CIPHER_CONST
#define MODSSL_SSL_METHOD_CONST

2
docs/log-message-tags/next-number
View File

@@ -1 +1 @@
2231 2270

20
modules/ssl/ssl_engine_init.c
View File

@@ -493,7 +493,7 @@ static void ssl_init_ctx_protocol(server_rec *s,
* Create the new per-server SSL context * Create the new per-server SSL context
*/ */
if (protocol == SSL_PROTOCOL_NONE) { if (protocol == SSL_PROTOCOL_NONE) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02231)
"No SSL protocols available [hint: SSLProtocol]"); "No SSL protocols available [hint: SSLProtocol]");
ssl_die(); ssl_die();
} }
@@ -881,19 +881,19 @@ static int ssl_server_import_cert(server_rec *s,
return FALSE; return FALSE;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02232)
"Configuring %s server certificate", type); "Configuring %s server certificate", type);
ptr = asn1->cpData; ptr = asn1->cpData;
if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) { if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02233)
"Unable to import %s server certificate", type); "Unable to import %s server certificate", type);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die(); ssl_die();
} }
if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) { if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02234)
"Unable to configure %s server certificate", type); "Unable to configure %s server certificate", type);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die(); ssl_die();
@@ -902,7 +902,7 @@ static int ssl_server_import_cert(server_rec *s,
#ifdef HAVE_OCSP_STAPLING #ifdef HAVE_OCSP_STAPLING
if ((mctx->pkp == FALSE) && (mctx->stapling_enabled == TRUE)) { if ((mctx->pkp == FALSE) && (mctx->stapling_enabled == TRUE)) {
if (!ssl_stapling_init_cert(s, mctx, cert)) { if (!ssl_stapling_init_cert(s, mctx, cert)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02235)
"Unable to configure server certificate for stapling"); "Unable to configure server certificate for stapling");
} }
} }
@@ -936,20 +936,20 @@ static int ssl_server_import_key(server_rec *s,
return FALSE; return FALSE;
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02236)
"Configuring %s server private key", type); "Configuring %s server private key", type);
ptr = asn1->cpData; ptr = asn1->cpData;
if (!(pkey = d2i_PrivateKey(pkey_type, NULL, &ptr, asn1->nData))) if (!(pkey = d2i_PrivateKey(pkey_type, NULL, &ptr, asn1->nData)))
{ {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02237)
"Unable to import %s server private key", type); "Unable to import %s server private key", type);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die(); ssl_die();
} }
if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) { if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02238)
"Unable to configure %s server private key", type); "Unable to configure %s server private key", type);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die(); ssl_die();
@@ -964,7 +964,7 @@ static int ssl_server_import_key(server_rec *s,
if (pubkey && EVP_PKEY_missing_parameters(pubkey)) { if (pubkey && EVP_PKEY_missing_parameters(pubkey)) {
EVP_PKEY_copy_parameters(pubkey, pkey); EVP_PKEY_copy_parameters(pubkey, pkey);
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02239)
"Copying DSA parameters from private key to certificate"); "Copying DSA parameters from private key to certificate");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
EVP_PKEY_free(pubkey); EVP_PKEY_free(pubkey);
@@ -1216,7 +1216,7 @@ static void ssl_init_proxy_certs(server_rec *s,
if (!inf->x509 || !inf->x_pkey) { if (!inf->x509 || !inf->x_pkey) {
sk_X509_INFO_free(sk); sk_X509_INFO_free(sk);
ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, s, APLOGNO(02252)
"incomplete client cert configured for SSL proxy " "incomplete client cert configured for SSL proxy "
"(missing or encrypted private key?)"); "(missing or encrypted private key?)");
ssl_die(); ssl_die();

34
modules/ssl/ssl_engine_kernel.c
View File

@@ -410,7 +410,7 @@ int ssl_hook_Access(request_rec *r)
!SSL_set_cipher_list(ssl, dc->szCipherSuite ? !SSL_set_cipher_list(ssl, dc->szCipherSuite ?
dc->szCipherSuite : dc->szCipherSuite :
sc->server->auth.cipher_suite)) { sc->server->auth.cipher_suite)) {
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02253)
"Unable to reconfigure (per-directory) " "Unable to reconfigure (per-directory) "
"permitted SSL ciphers"); "permitted SSL ciphers");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server); ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
@@ -507,7 +507,7 @@ int ssl_hook_Access(request_rec *r)
dc->nVerifyDepth : sc->server->auth.verify_depth; dc->nVerifyDepth : sc->server->auth.verify_depth;
if (sslconn->verify_depth < n) { if (sslconn->verify_depth < n) {
renegotiate = TRUE; renegotiate = TRUE;
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02254)
"Reduced client verification depth will force " "Reduced client verification depth will force "
"renegotiation"); "renegotiation");
} }
@@ -571,7 +571,7 @@ int ssl_hook_Access(request_rec *r)
X509_free(peercert); X509_free(peercert);
} }
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02255)
"Changed client verification type will force " "Changed client verification type will force "
"%srenegotiation", "%srenegotiation",
renegotiate_quick ? "quick " : ""); renegotiate_quick ? "quick " : "");
@@ -601,7 +601,7 @@ int ssl_hook_Access(request_rec *r)
if (MODSSL_CFG_CA_NE(ca_cert_file, sc, hssc) || if (MODSSL_CFG_CA_NE(ca_cert_file, sc, hssc) ||
MODSSL_CFG_CA_NE(ca_cert_path, sc, hssc)) { MODSSL_CFG_CA_NE(ca_cert_path, sc, hssc)) {
if (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) { if (verify & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02256)
"Non-default virtual host with SSLVerify set to " "Non-default virtual host with SSLVerify set to "
"'require' and VirtualHost-specific CA certificate " "'require' and VirtualHost-specific CA certificate "
"list is only available to clients with TLS server " "list is only available to clients with TLS server "
@@ -651,7 +651,7 @@ int ssl_hook_Access(request_rec *r)
} }
if (rv) { if (rv) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02257)
"could not buffer message body to allow " "could not buffer message body to allow "
"SSL renegotiation to proceed"); "SSL renegotiation to proceed");
return rv; return rv;
@@ -680,7 +680,7 @@ int ssl_hook_Access(request_rec *r)
STACK_OF(X509) *cert_stack; STACK_OF(X509) *cert_stack;
/* perform just a manual re-verification of the peer */ /* perform just a manual re-verification of the peer */
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02258)
"Performing quick renegotiation: " "Performing quick renegotiation: "
"just re-verifying the peer"); "just re-verifying the peer");
@@ -756,7 +756,7 @@ int ssl_hook_Access(request_rec *r)
* discarded. Legimately pipelined HTTP requests will be * discarded. Legimately pipelined HTTP requests will be
* retried anyway with this approach. */ * retried anyway with this approach. */
if (has_buffered_data(r)) { if (has_buffered_data(r)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02259)
"insecure SSL re-negotiation required, but " "insecure SSL re-negotiation required, but "
"a pipelined request is present; keepalive " "a pipelined request is present; keepalive "
"disabled"); "disabled");
@@ -764,7 +764,7 @@ int ssl_hook_Access(request_rec *r)
} }
/* Perform a full renegotiation. */ /* Perform a full renegotiation. */
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02260)
"Performing full renegotiation: complete handshake " "Performing full renegotiation: complete handshake "
"protocol (%s support secure renegotiation)", "protocol (%s support secure renegotiation)",
#if defined(SSL_get_secure_renegotiation_support) #if defined(SSL_get_secure_renegotiation_support)
@@ -808,7 +808,7 @@ int ssl_hook_Access(request_rec *r)
sslconn->reneg_state = RENEG_REJECT; sslconn->reneg_state = RENEG_REJECT;
if (SSL_get_state(ssl) != SSL_ST_OK) { if (SSL_get_state(ssl) != SSL_ST_OK) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02261)
"Re-negotiation handshake failed: " "Re-negotiation handshake failed: "
"Not accepted by client!?"); "Not accepted by client!?");
@@ -837,7 +837,7 @@ int ssl_hook_Access(request_rec *r)
(sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE)); (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE));
if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) { if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02262)
"Re-negotiation handshake failed: " "Re-negotiation handshake failed: "
"Client verification failed"); "Client verification failed");
@@ -846,7 +846,7 @@ int ssl_hook_Access(request_rec *r)
if (do_verify) { if (do_verify) {
if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) { if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02263)
"Re-negotiation handshake failed: " "Re-negotiation handshake failed: "
"Client certificate missing"); "Client certificate missing");
@@ -863,7 +863,7 @@ int ssl_hook_Access(request_rec *r)
if (cipher_list) { if (cipher_list) {
cipher = SSL_get_current_cipher(ssl); cipher = SSL_get_current_cipher(ssl);
if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) { if (sk_SSL_CIPHER_find(cipher_list, cipher) < 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02264)
"SSL cipher suite not renegotiated: " "SSL cipher suite not renegotiated: "
"access to %s denied using cipher %s", "access to %s denied using cipher %s",
r->filename, r->filename,
@@ -902,7 +902,7 @@ int ssl_hook_Access(request_rec *r)
ok = ap_expr_exec(r, req->mpExpr, &errstring); ok = ap_expr_exec(r, req->mpExpr, &errstring);
if (ok < 0) { if (ok < 0) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02265)
"access to %s failed, reason: Failed to execute " "access to %s failed, reason: Failed to execute "
"SSL requirement expression: %s", "SSL requirement expression: %s",
r->filename, errstring); r->filename, errstring);
@@ -914,7 +914,7 @@ int ssl_hook_Access(request_rec *r)
} }
if (ok != 1) { if (ok != 1) {
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02266)
"Access to %s denied for %s " "Access to %s denied for %s "
"(requirement expression not fulfilled)", "(requirement expression not fulfilled)",
r->filename, r->client_ip); r->filename, r->client_ip);
@@ -1596,12 +1596,12 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
STACK_OF(X509) **ca_cert_chains; STACK_OF(X509) **ca_cert_chains;
int i, j, k; int i, j, k;
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02267)
SSLPROXY_CERT_CB_LOG_FMT "entered", SSLPROXY_CERT_CB_LOG_FMT "entered",
sc->vhost_id); sc->vhost_id);
if (!certs || (sk_X509_INFO_num(certs) <= 0)) { if (!certs || (sk_X509_INFO_num(certs) <= 0)) {
ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, ap_log_error(APLOG_MARK, APLOG_WARNING, 0, s, APLOGNO(02268)
SSLPROXY_CERT_CB_LOG_FMT SSLPROXY_CERT_CB_LOG_FMT
"downstream server wanted client certificate " "downstream server wanted client certificate "
"but none are configured", sc->vhost_id); "but none are configured", sc->vhost_id);
@@ -1663,7 +1663,7 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey)
} /* end loop through available certs */ } /* end loop through available certs */
} }
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(02269)
SSLPROXY_CERT_CB_LOG_FMT SSLPROXY_CERT_CB_LOG_FMT
"no client certificate found!?", sc->vhost_id); "no client certificate found!?", sc->vhost_id);

24
modules/ssl/ssl_engine_pphrase.c
View File

@@ -192,7 +192,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
*/ */
if (sc->server->pks->cert_files[0] == NULL if (sc->server->pks->cert_files[0] == NULL
&& sc->server->pkcs7 == NULL) { && sc->server->pkcs7 == NULL) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, pServ, ap_log_error(APLOG_MARK, APLOG_EMERG, 0, pServ, APLOGNO(02240)
"Server should be SSL-aware but has no certificate " "Server should be SSL-aware but has no certificate "
"configured [Hint: SSLCertificateFile] (%s:%d)", "configured [Hint: SSLCertificateFile] (%s:%d)",
pServ->defn_name, pServ->defn_line_number); pServ->defn_name, pServ->defn_line_number);
@@ -228,7 +228,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
ssl_die(); ssl_die();
} }
if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) { if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02241)
"Init: Unable to read server certificate from" "Init: Unable to read server certificate from"
" file %s", szPath); " file %s", szPath);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
@@ -245,7 +245,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
at = ssl_util_algotypeof(pX509Cert, NULL); at = ssl_util_algotypeof(pX509Cert, NULL);
an = ssl_util_algotypestr(at); an = ssl_util_algotypestr(at);
if (algoCert & at) { if (algoCert & at) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02242)
"Init: Multiple %s server certificates not " "Init: Multiple %s server certificates not "
"allowed", an); "allowed", an);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
@@ -325,7 +325,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
*/ */
if ((rv = exists_and_readable(szPath, p, if ((rv = exists_and_readable(szPath, p,
&pkey_mtime)) != APR_SUCCESS ) { &pkey_mtime)) != APR_SUCCESS ) {
ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, APLOGNO(02243)
"Init: Can't open server private key file " "Init: Can't open server private key file "
"%s",szPath); "%s",szPath);
ssl_die(); ssl_die();
@@ -357,7 +357,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
if (asn1 && (asn1->source_mtime == pkey_mtime)) { if (asn1 && (asn1->source_mtime == pkey_mtime)) {
ap_log_error(APLOG_MARK, APLOG_INFO, ap_log_error(APLOG_MARK, APLOG_INFO,
0, pServ, 0, pServ, APLOGNO(02244)
"%s reusing existing " "%s reusing existing "
"%s private key on restart", "%s private key on restart",
cpVHostID, ssl_asn1_keystr(i)); cpVHostID, ssl_asn1_keystr(i));
@@ -421,7 +421,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
} }
#ifdef WIN32 #ifdef WIN32
if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN) { if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02245)
"Init: SSLPassPhraseDialog builtin is not " "Init: SSLPassPhraseDialog builtin is not "
"supported on Win32 (key file " "supported on Win32 (key file "
"%s)", szPath); "%s)", szPath);
@@ -437,7 +437,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
!isatty(fileno(stdout))) /* XXX: apr_isatty() */ !isatty(fileno(stdout))) /* XXX: apr_isatty() */
{ {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_log_error(APLOG_MARK, APLOG_ERR, 0,
pServ, pServ, APLOGNO(02246)
"Init: Unable to read pass phrase " "Init: Unable to read pass phrase "
"[Hint: key introduced or changed " "[Hint: key introduced or changed "
"before restart?]"); "before restart?]");
@@ -474,7 +474,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
continue; continue;
if (pPrivateKey == NULL) { if (pPrivateKey == NULL) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02247)
"Init: Unable to read server private key from " "Init: Unable to read server private key from "
"file %s [Hint: Perhaps it is in a separate file? " "file %s [Hint: Perhaps it is in a separate file? "
" See SSLCertificateKeyFile]", szPath); " See SSLCertificateKeyFile]", szPath);
@@ -489,7 +489,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
at = ssl_util_algotypeof(NULL, pPrivateKey); at = ssl_util_algotypeof(NULL, pPrivateKey);
an = ssl_util_algotypestr(at); an = ssl_util_algotypestr(at);
if (algoKey & at) { if (algoKey & at) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(02248)
"Init: Multiple %s server private keys not " "Init: Multiple %s server private keys not "
"allowed", an); "allowed", an);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
@@ -501,20 +501,20 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
* Log the type of reading * Log the type of reading
*/ */
if (nPassPhraseDialogCur == 0) { if (nPassPhraseDialogCur == 0) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, pServ, APLOGNO(02249)
"unencrypted %s private key - pass phrase not " "unencrypted %s private key - pass phrase not "
"required", an); "required", an);
} }
else { else {
if (cpPassPhraseCur != NULL) { if (cpPassPhraseCur != NULL) {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
pServ, pServ, APLOGNO(02250)
"encrypted %s private key - pass phrase " "encrypted %s private key - pass phrase "
"requested", an); "requested", an);
} }
else { else {
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ap_log_error(APLOG_MARK, APLOG_DEBUG, 0,
pServ, pServ, APLOGNO(02251)
"encrypted %s private key - pass phrase" "encrypted %s private key - pass phrase"
" reused", an); " reused", an);
} }