www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Consistently use loglevel emerg before ssl_die()

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1026903 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Stefan Fritsch
2010-10-24 21:57:08 +00:00
parent 52210adbd1
commit d658afdd1c
5 changed files with 51 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
modules/ssl/ssl_engine_init.c
View File

@@ -375,10 +375,10 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p)
if (mc->szCryptoDevice) {
if (!(e = ENGINE_by_id(mc->szCryptoDevice))) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Init: Failed to load Crypto Device API `%s'",
mc->szCryptoDevice);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
@@ -387,10 +387,10 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p)
}
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Init: Failed to enable Crypto Device API `%s'",
mc->szCryptoDevice);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
@@ -412,7 +412,7 @@ static void ssl_init_server_check(server_rec *s,
* possibility that the user forgot to set them.
*/
if (!mctx->pks->cert_files[0] && !mctx->pkcs7) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"No SSL Certificate set [hint: SSLCertificateFile]");
ssl_die();
}
@@ -427,7 +427,7 @@ static void ssl_init_server_check(server_rec *s,
#endif
)
{
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Illegal attempt to re-initialise SSL for server "
"(theoretically shouldn't happen!)");
ssl_die();
@@ -452,10 +452,10 @@ static void ssl_init_ctx_tls_extensions(server_rec *s,
if (!SSL_CTX_set_tlsext_servername_callback(mctx->ssl_ctx,
ssl_callback_ServerNameIndication) ||
!SSL_CTX_set_tlsext_servername_arg(mctx->ssl_ctx, mctx)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to initialize TLS servername extension "
"callback (incompatible OpenSSL version?)");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
@@ -485,7 +485,7 @@ static void ssl_init_ctx_protocol(server_rec *s,
* Create the new per-server SSL context
*/
if (protocol == SSL_PROTOCOL_NONE) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"No SSL protocols available [hint: SSLProtocol]");
ssl_die();
}
@@ -643,10 +643,10 @@ static void ssl_init_ctx_verify(server_rec *s,
MODSSL_PCHAR_CAST mctx->auth.ca_cert_file,
MODSSL_PCHAR_CAST mctx->auth.ca_cert_path))
{
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to configure verify locations "
"for client authentication");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
@@ -659,7 +659,7 @@ static void ssl_init_ctx_verify(server_rec *s,
mctx->auth.ca_cert_file,
mctx->auth.ca_cert_path);
if (!ca_list) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to determine list of acceptable "
"CA certificates for client authentication");
ssl_die();
@@ -704,9 +704,9 @@ static void ssl_init_ctx_cipher_suite(server_rec *s,
suite);
if (!SSL_CTX_set_cipher_list(ctx, MODSSL_PCHAR_CAST suite)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to configure permitted SSL ciphers");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
}
@@ -732,10 +732,10 @@ static void ssl_init_ctx_crl(server_rec *s,
(char *)mctx->crl_path);
if (!mctx->crl) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to configure X.509 CRL storage "
"for certificate revocation");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
}
@@ -793,7 +793,7 @@ static void ssl_init_ctx_cert_chain(server_rec *s,
(char *)chain,
skip_first, NULL);
if (n < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Failed to configure CA certificate chain!");
ssl_die();
}
@@ -850,16 +850,16 @@ static int ssl_server_import_cert(server_rec *s,
ptr = asn1->cpData;
if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to import %s server certificate", type);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to configure %s server certificate", type);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
@@ -906,16 +906,16 @@ static int ssl_server_import_key(server_rec *s,
ptr = asn1->cpData;
if (!(pkey = d2i_PrivateKey(pkey_type, NULL, &ptr, asn1->nData)))
{
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to import %s server private key", type);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to configure %s server private key", type);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
@@ -1033,7 +1033,7 @@ static void ssl_init_server_certs(server_rec *s,
|| have_ecc
#endif
)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
#ifndef OPENSSL_NO_EC
"Oops, no RSA, DSA or ECC server certificate found "
#else
@@ -1058,7 +1058,7 @@ static void ssl_init_server_certs(server_rec *s,
|| have_ecc
#endif
)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
#ifndef OPENSSL_NO_EC
"Oops, no RSA, DSA or ECC server private key found?!");
#else
@@ -1346,7 +1346,7 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s,
apr_status_t rv;
if ((rv = apr_dir_open(&dir, ca_path, ptemp)) != APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
"Failed to open Certificate Path `%s'",
ca_path);
ssl_die();

28
modules/ssl/ssl_engine_pphrase.c
View File

@@ -186,7 +186,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
*/
if (sc->server->pks->cert_files[0] == NULL
&& sc->server->pkcs7 == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, pServ,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, pServ,
"Server should be SSL-aware but has no certificate "
"configured [Hint: SSLCertificateFile] (%s:%d)",
pServ->defn_name, pServ->defn_line_number);
@@ -208,16 +208,16 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
sizeof(szPath));
if ((rv = exists_and_readable(szPath, p, NULL))
!= APR_SUCCESS) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
"Init: Can't open server certificate file %s",
szPath);
ssl_die();
}
if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Init: Unable to read server certificate from"
" file %s", szPath);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
}
@@ -228,10 +228,10 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
at = ssl_util_algotypeof(pX509Cert, NULL);
an = ssl_util_algotypestr(at);
if (algoCert & at) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Init: Multiple %s server certificates not "
"allowed", an);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
algoCert |= at;
@@ -304,7 +304,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
*/
if ((rv = exists_and_readable(szPath, p,
&pkey_mtime)) != APR_SUCCESS ) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
"Init: Can't open server private key file "
"%s",szPath);
ssl_die();
@@ -405,7 +405,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
}
#ifdef WIN32
if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Init: SSLPassPhraseDialog builtin is not "
"supported on Win32 (key file "
"%s)", szPath);
@@ -438,9 +438,9 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
}
}
else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0,
pServ, "Init: Pass phrase incorrect");
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, pServ);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, pServ);
if (writetty) {
apr_file_printf(writetty, "Apache:mod_ssl:Error: Pass phrase incorrect.\n");
@@ -451,11 +451,11 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
}
if (pPrivateKey == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Init: Unable to read server private key from "
"file %s [Hint: Perhaps it is in a separate file? "
" See SSLCertificateKeyFile]", szPath);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
@@ -466,10 +466,10 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p)
at = ssl_util_algotypeof(NULL, pPrivateKey);
an = ssl_util_algotypestr(at);
if (algoKey & at) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Init: Multiple %s server private keys not "
"allowed", an);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
algoKey |= at;

6
modules/ssl/ssl_scache.c
View File

@@ -67,7 +67,8 @@ void ssl_scache_init(server_rec *s, apr_pool_t *p)
rv = mc->stapling_cache->init(mc->stapling_cache_context,
"mod_ssl-stapling", &hints, s, p);
if (rv) {
/* ABORT ABORT etc. */
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Could not initialize stapling cache. Exiting.");
ssl_die();
}
}
@@ -91,7 +92,8 @@ void ssl_scache_init(server_rec *s, apr_pool_t *p)
rv = mc->sesscache->init(mc->sesscache_context, "mod_ssl-session", &hints, s, p);
if (rv) {
/* ABORT ABORT etc. */
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Could not initialize session cache. Exiting.");
ssl_die();
}
}

6
modules/ssl/ssl_util.c
View File

@@ -287,7 +287,7 @@ STACK_OF(X509) *ssl_read_pkcs7(server_rec *s, const char *pkcs7)
f = fopen(pkcs7, "r");
if (!f) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Can't open %s", pkcs7);
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Can't open %s", pkcs7);
ssl_die();
}
@@ -313,13 +313,13 @@ STACK_OF(X509) *ssl_read_pkcs7(server_rec *s, const char *pkcs7)
break;
default:
ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Don't understand PKCS7 file %s", pkcs7);
ssl_die();
}
if (!certs) {
ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"No certificates in %s", pkcs7);
ssl_die();
}

4
modules/ssl/ssl_util_stapling.c
View File

@@ -653,12 +653,12 @@ void modssl_init_stapling(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp,
SSLModConfigRec *mc = myModConfig(s);
if (mc->stapling_cache == NULL) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"SSLStapling: no stapling cache available");
ssl_die();
}
if (ssl_stapling_mutex_init(s, ptemp) == FALSE) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"SSLStapling: cannot initialise stapling mutex");
ssl_die();
}