www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

Remove SSLLog and SSLLogLevel directives in favor of having mod_ssl use the

Browse Source 
standard ErrorLog directives.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95129 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Justin Erenkrantz
2002-05-16 06:09:13 +00:00
parent a44ccba9da
commit fafabb637f
10 changed files with 20 additions and 405 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,5 +1,8 @@
Changes with Apache 2.0.37 Changes with Apache 2.0.37
*) Remove SSLLog and SSLLogLevel directives in favor of having
mod_ssl use the standard ErrorLog directives. [Justin Erenkrantz]
*) OS/390: LIBPATH no longer has to be manually uncommented in *) OS/390: LIBPATH no longer has to be manually uncommented in
envvars to get apachectl to set up httpd properly. [Jeff Trawick] envvars to get apachectl to set up httpd properly. [Jeff Trawick]

10
docs/conf/ssl-std.conf
View File

@@ -82,16 +82,6 @@ SSLRandomSeed connect builtin
#SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/urandom 512
# Logging:
# The home of the dedicated SSL protocol logfile. Errors are
# additionally duplicated in the general error log file. Put
# this somewhere where it cannot be used for symlink attacks on
# a real server (i.e. somewhere where only root can write).
# Log levels are (ascending order: higher ones include lower ones):
# none, error, warn, info, trace, debug.
SSLLog logs/ssl_engine_log
SSLLogLevel info
## ##
## SSL Virtual Host Context ## SSL Virtual Host Context
## ##

72
docs/manual/mod/mod_ssl.xml
View File

@@ -901,78 +901,6 @@ SSLVerifyDepth 10
</usage> </usage>
</directivesynopsis> </directivesynopsis>
<directivesynopsis>
<name>SSLLog</name>
<description>Where to write the dedicated SSL engine logfile</description>
<syntax>SSLLog <em>file-path</em></syntax>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
<usage>
<p>
This directive sets the name of the dedicated SSL protocol engine logfile.
Error type messages are additionally duplicated to the general Apache error
log file (directive <code>ErrorLog</code>). Put this somewhere where it cannot
be used for symlink attacks on a real server (i.e. somewhere where only root
can write). If the <em>file-path</em> does not begin with a slash
('<code>/</code>') then it is assumed to be relative to the <em>Server
Root</em>. If <em>file-path</em> begins with a bar ('<code>|</code>') then the
following string is assumed to be a path to an executable program to which a
reliable pipe can be established. The directive should occur only once per
virtual server config.</p>
<example><title>Example</title>
SSLLog /usr/local/apache/logs/ssl_engine_log
</example>
</usage>
</directivesynopsis>
<directivesynopsis>
<name>SSLLogLevel</name>
<description>Logging level for the dedicated SSL engine
logfile</description>
<syntax>SSLLogLevel <em>level</em></syntax>
<default>SSLLogLevel none</default>
<contextlist><context>server config</context>
<context>virtual host</context></contextlist>
<usage>
<p>
This directive sets the verbosity degree of the dedicated SSL protocol engine
logfile. The <em>level</em> is one of the following (in ascending order where
higher levels include lower levels):</p>
<ul>
<li><code>none</code><br />
no dedicated SSL logging is done, but messages of level
``<code>error</code>'' are still written to the general Apache error
logfile.
</li>
<li><code>error</code><br />
log messages of error type only, i.e. messages which show fatal situations
(processing is stopped). Those messages are also duplicated to the
general Apache error logfile.
</li>
<li><code>warn</code><br />
log also warning messages, i.e. messages which show non-fatal problems
(processing is continued).
</li>
<li><code>info</code><br />
log also informational messages, i.e. messages which show major
processing steps.
</li>
<li><code>trace</code><br />
log also trace messages, i.e. messages which show minor processing steps.
</li>
<li><code>debug</code><br />
log also debugging messages, i.e. messages which show development and
low-level I/O information.
</li>
</ul>
<example><title>Example</title>
SSLLogLevel warn
</example>
</usage>
</directivesynopsis>
<directivesynopsis> <directivesynopsis>
<name>SSLOptions</name> <name>SSLOptions</name>
<description>Configure various SSL engine run-time options</description> <description>Configure various SSL engine run-time options</description>

14
modules/ssl/mod_ssl.c
View File

@@ -141,12 +141,6 @@ static const command_rec ssl_config_cmds[] = {
SSL_CMD_SRV(SessionCacheTimeout, TAKE1, SSL_CMD_SRV(SessionCacheTimeout, TAKE1,
"SSL Session Cache object lifetime " "SSL Session Cache object lifetime "
"(`N' - number of seconds)") "(`N' - number of seconds)")
SSL_CMD_SRV(Log, TAKE1,
"SSL logfile for SSL-related messages "
"(`/path/to/file', `|/path/to/program')")
SSL_CMD_SRV(LogLevel, TAKE1,
"SSL logfile verbosity level "
"(`none', `error', `warn', `info', `debug')")
SSL_CMD_SRV(Protocol, RAW_ARGS, SSL_CMD_SRV(Protocol, RAW_ARGS,
"Enable or disable various SSL protocols" "Enable or disable various SSL protocols"
"(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)") "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)")
@@ -201,6 +195,12 @@ static const command_rec ssl_config_cmds[] = {
"Require a boolean expression to evaluate to true for granting access" "Require a boolean expression to evaluate to true for granting access"
"(arbitrary complex boolean expression - see manual)") "(arbitrary complex boolean expression - see manual)")
/* Deprecated directives. */
AP_INIT_RAW_ARGS("SSLLog", ap_set_deprecated, NULL, OR_ALL,
"SSLLog directive is no longer supported - use ErrorLog."),
AP_INIT_RAW_ARGS("SSLLogLevel", ap_set_deprecated, NULL, OR_ALL,
"SSLLogLevel directive is no longer supported - use LogLevel."),
AP_END_CMD AP_END_CMD
}; };
@@ -302,8 +302,6 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd)
return DECLINED; return DECLINED;
} }
sslconn->log_level = sc->log_level;
/* /*
* Remember the connection information for * Remember the connection information for
* later access inside callback functions * later access inside callback functions

29
modules/ssl/mod_ssl.h
View File

@@ -203,25 +203,6 @@ ap_set_module_config(c->conn_config, &ssl_module, val)
#define myCtxVarSet(mc,num,val) mc->rCtx.pV##num = val #define myCtxVarSet(mc,num,val) mc->rCtx.pV##num = val
#define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num) #define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num)
/*
* SSL Logging
*/
#define SSL_LOG_NONE (1<<0)
#define SSL_LOG_ERROR (1<<1)
#define SSL_LOG_WARN (1<<2)
#define SSL_LOG_INFO (1<<3)
#define SSL_LOG_TRACE (1<<4)
#define SSL_LOG_DEBUG (1<<5)
#define SSL_LOG_MASK (SSL_LOG_ERROR|SSL_LOG_WARN|SSL_LOG_INFO|SSL_LOG_TRACE|SSL_LOG_DEBUG)
#define SSL_ADD_NONE (1<<8)
#define SSL_ADD_ERRNO (1<<9)
#define SSL_ADD_SSLERR (1<<10)
#define SSL_NO_TIMESTAMP (1<<11)
#define SSL_NO_LEVELID (1<<12)
#define SSL_NO_NEWLINE (1<<13)
#define SSL_INIT (1<<14)
/* /*
* Defaults for the configuration * Defaults for the configuration
*/ */
@@ -431,13 +412,10 @@ typedef struct {
const char *verify_info; const char *verify_info;
const char *verify_error; const char *verify_error;
int verify_depth; int verify_depth;
int log_level; /* for avoiding expensive logging */
int is_proxy; int is_proxy;
int disabled; int disabled;
} SSLConnRec; } SSLConnRec;
#define SSLConnLogApplies(sslconn, level) (sslconn->log_level >= level)
typedef struct { typedef struct {
pid_t pid; pid_t pid;
apr_pool_t *pPool; apr_pool_t *pPool;
@@ -528,9 +506,6 @@ struct SSLSrvConfigRec {
BOOL proxy_enabled; BOOL proxy_enabled;
const char *vhost_id; const char *vhost_id;
int vhost_id_len; int vhost_id_len;
const char *log_file_name;
apr_file_t *log_file;
int log_level;
int session_cache_timeout; int session_cache_timeout;
modssl_ctx_t *server; modssl_ctx_t *server;
modssl_ctx_t *proxy; modssl_ctx_t *proxy;
@@ -586,8 +561,6 @@ const char *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLLog(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLLogLevel(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *);
const char *ssl_cmd_SSLRequireSSL(cmd_parms *, void *); const char *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
@@ -704,8 +677,6 @@ int ssl_mutex_on(server_rec *);
int ssl_mutex_off(server_rec *); int ssl_mutex_off(server_rec *);
/* Logfile Support */ /* Logfile Support */
void ssl_log_open(server_rec *, server_rec *, apr_pool_t *);
void ssl_log(server_rec *, int, const char *, ...);
void ssl_die(void); void ssl_die(void);
void ssl_log_ssl_error(const char *, int, int, server_rec *); void ssl_log_ssl_error(const char *, int, int, server_rec *);

60
modules/ssl/ssl_engine_config.c
View File

@@ -209,9 +209,6 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p)
sc->proxy_enabled = UNSET; sc->proxy_enabled = UNSET;
sc->vhost_id = NULL; /* set during module init */ sc->vhost_id = NULL; /* set during module init */
sc->vhost_id_len = 0; /* set during module init */ sc->vhost_id_len = 0; /* set during module init */
sc->log_file_name = NULL;
sc->log_file = NULL; /* set during module init */
sc->log_level = SSL_LOG_NONE;
sc->session_cache_timeout = UNSET; sc->session_cache_timeout = UNSET;
modssl_ctx_init_proxy(sc, p); modssl_ctx_init_proxy(sc, p);
@@ -296,8 +293,6 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv)
cfgMerge(mc, NULL); cfgMerge(mc, NULL);
cfgMergeBool(enabled); cfgMergeBool(enabled);
cfgMergeBool(proxy_enabled); cfgMergeBool(proxy_enabled);
cfgMergeString(log_file_name);
cfgMerge(log_level, SSL_LOG_NONE);
cfgMergeInt(session_cache_timeout); cfgMergeInt(session_cache_timeout);
modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy); modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
@@ -1052,61 +1047,6 @@ const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd,
return NULL; return NULL;
} }
#define SSL_FLAGS_LOG_CONTEXT \
(NOT_IN_LIMIT|NOT_IN_DIRECTORY|NOT_IN_LOCATION|NOT_IN_FILES)
const char *ssl_cmd_SSLLog(cmd_parms *cmd,
void *dcfg,
const char *arg)
{
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
const char *err;
if ((err = ap_check_cmd_context(cmd, SSL_FLAGS_LOG_CONTEXT))) {
return err;
}
sc->log_file_name = arg;
return NULL;
}
const char *ssl_cmd_SSLLogLevel(cmd_parms *cmd,
void *dcfg,
const char *level)
{
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
const char *err;
if ((err = ap_check_cmd_context(cmd, SSL_FLAGS_LOG_CONTEXT))) {
return err;
}
if (strcEQ(level, "none")) {
sc->log_level = SSL_LOG_NONE;
}
else if (strcEQ(level, "error")) {
sc->log_level = SSL_LOG_ERROR;
}
else if (strcEQ(level, "warn")) {
sc->log_level = SSL_LOG_WARN;
}
else if (strcEQ(level, "info")) {
sc->log_level = SSL_LOG_INFO;
}
else if (strcEQ(level, "trace")) {
sc->log_level = SSL_LOG_TRACE;
}
else if (strcEQ(level, "debug")) {
sc->log_level = SSL_LOG_DEBUG;
}
else {
return "SSLLogLevel: Invalid argument";
}
return NULL;
}
const char *ssl_cmd_SSLOptions(cmd_parms *cmd, const char *ssl_cmd_SSLOptions(cmd_parms *cmd,
void *dcfg, void *dcfg,
const char *arg) const char *arg)

6
modules/ssl/ssl_engine_init.c
View File

@@ -255,8 +255,6 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog,
sc->server->pphrase_dialog_type = SSL_PPTYPE_BUILTIN; sc->server->pphrase_dialog_type = SSL_PPTYPE_BUILTIN;
} }
/* Open the dedicated SSL logfile */
ssl_log_open(base_server, s, p);
} }
ssl_init_SSLLibrary(base_server); ssl_init_SSLLibrary(base_server);
@@ -499,8 +497,8 @@ static void ssl_init_ctx_callbacks(server_rec *s,
SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA); SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA);
SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH);
if (mctx->sc->log_level >= SSL_LOG_INFO) { if (s->loglevel >= APLOG_DEBUG) {
/* this callback only logs if SSLLogLevel >= info */ /* this callback only logs if LogLevel >= info */
SSL_CTX_set_info_callback(ctx, ssl_callback_LogTracingState); SSL_CTX_set_info_callback(ctx, ssl_callback_LogTracingState);
} }
} }

3
modules/ssl/ssl_engine_io.c
View File

@@ -903,7 +903,6 @@ static apr_status_t ssl_io_filter_cleanup (void *data)
void ssl_io_filter_init(conn_rec *c, SSL *ssl) void ssl_io_filter_init(conn_rec *c, SSL *ssl)
{ {
SSLSrvConfigRec *sc = mySrvConfig(c->base_server);
SSLFilterRec *filter; SSLFilterRec *filter;
filter = apr_palloc(c->pool, sizeof(SSLFilterRec)); filter = apr_palloc(c->pool, sizeof(SSLFilterRec));
@@ -922,7 +921,7 @@ void ssl_io_filter_init(conn_rec *c, SSL *ssl)
apr_pool_cleanup_register(c->pool, (void*)filter, apr_pool_cleanup_register(c->pool, (void*)filter,
ssl_io_filter_cleanup, apr_pool_cleanup_null); ssl_io_filter_cleanup, apr_pool_cleanup_null);
if (sc->log_level >= SSL_LOG_DEBUG) { if (c->base_server->loglevel >= APLOG_DEBUG) {
BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb); BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl); BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
} }

17
modules/ssl/ssl_engine_kernel.c
View File

@@ -145,7 +145,7 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter)
SSL_smart_shutdown(ssl); SSL_smart_shutdown(ssl);
/* and finally log the fact that we've closed the connection */ /* and finally log the fact that we've closed the connection */
if (SSLConnLogApplies(sslconn, SSL_LOG_INFO)) { if (conn->base_server->loglevel >= APLOG_INFO) {
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, conn->base_server, ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, conn->base_server,
"Connection to child %ld closed with %s shutdown" "Connection to child %ld closed with %s shutdown"
"(server %s, client %s)", "(server %s, client %s)",
@@ -243,7 +243,7 @@ int ssl_hook_Translate(request_rec *r)
/* /*
* Log information about incoming HTTPS requests * Log information about incoming HTTPS requests
*/ */
if (SSLConnLogApplies(sslconn, SSL_LOG_INFO) && ap_is_initial_req(r)) { if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) {
ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server, ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server,
"%s HTTPS request received for child %ld (server %s)", "%s HTTPS request received for child %ld (server %s)",
(r->connection->keepalives <= 0 ? (r->connection->keepalives <= 0 ?
@@ -1280,7 +1280,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx)
/* /*
* Log verification information * Log verification information
*/ */
if (sc->log_level >= SSL_LOG_TRACE) { if (s->loglevel >= APLOG_DEBUG) {
X509 *cert = X509_STORE_CTX_get_current_cert(ctx); X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
char *sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); char *sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
char *iname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); char *iname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0);
@@ -1455,7 +1455,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
* Log information about CRL * Log information about CRL
* (A little bit complicated because of ASN.1 and BIOs...) * (A little bit complicated because of ASN.1 and BIOs...)
*/ */
if (sc->log_level >= SSL_LOG_TRACE) { if (s->loglevel >= APLOG_DEBUG) {
char buff[512]; /* should be plenty */ char buff[512]; /* should be plenty */
BIO *bio = BIO_new(BIO_s_mem()); BIO *bio = BIO_new(BIO_s_mem());
@@ -1541,7 +1541,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c)
ASN1_INTEGER *sn = X509_REVOKED_get_serialNumber(revoked); ASN1_INTEGER *sn = X509_REVOKED_get_serialNumber(revoked);
if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(cert))) { if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(cert))) {
if (sc->log_level >= SSL_LOG_INFO) { if (s->loglevel >= APLOG_DEBUG) {
char *cp = X509_NAME_oneline(issuer, NULL, 0); char *cp = X509_NAME_oneline(issuer, NULL, 0);
long serial = ASN1_INTEGER_get(sn); long serial = ASN1_INTEGER_get(sn);
@@ -1577,7 +1577,7 @@ static void modssl_proxy_info_log(server_rec *s,
X509_NAME *name; X509_NAME *name;
const char *dn; const char *dn;
if (sc->log_level < SSL_LOG_TRACE) { if (s->loglevel < APLOG_DEBUG) {
return; return;
} }
@@ -1671,11 +1671,10 @@ static void ssl_session_log(server_rec *s,
const char *result, const char *result,
long timeout) long timeout)
{ {
SSLSrvConfigRec *sc = mySrvConfig(s);
char buf[SSL_SESSION_ID_STRING_LEN]; char buf[SSL_SESSION_ID_STRING_LEN];
char timeout_str[56] = {'\0'}; char timeout_str[56] = {'\0'};
if (sc->log_level < SSL_LOG_TRACE) { if (s->loglevel < APLOG_DEBUG) {
return; return;
} }
@@ -1836,7 +1835,7 @@ void ssl_callback_LogTracingState(SSL *ssl, int where, int rc)
/* /*
* create the various trace messages * create the various trace messages
*/ */
if (sc->log_level >= SSL_LOG_TRACE) { if (s->loglevel >= APLOG_DEBUG) {
if (where & SSL_CB_HANDSHAKE_START) { if (where & SSL_CB_HANDSHAKE_START) {
ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s,
"%s: Handshake: start", SSL_LIBRARY_NAME); "%s: Handshake: start", SSL_LIBRARY_NAME);

211
modules/ssl/ssl_engine_log.c
View File

@@ -68,75 +68,6 @@
** _________________________________________________________________ ** _________________________________________________________________
*/ */
/*
* Open the SSL logfile
*/
void ssl_log_open(server_rec *s_main, server_rec *s, apr_pool_t *p)
{
const char *szLogFile;
SSLSrvConfigRec *sc_main = mySrvConfig(s_main);
SSLSrvConfigRec *sc = mySrvConfig(s);
piped_log *pl;
/*
* Short-circuit for inherited logfiles in order to save
* filedescriptors in mass-vhost situation. Be careful, this works
* fine because the close happens implicitly by the pool facility.
*/
if ((s != s_main) &&
(sc_main->log_file != NULL) &&
((sc->log_file_name == NULL) ||
((sc->log_file_name != NULL) &&
(sc_main->log_file_name != NULL) &&
strEQ(sc->log_file_name, sc_main->log_file_name))))
{
sc->log_file = sc_main->log_file;
}
else if (sc->log_file_name != NULL) {
if (strEQ(sc->log_file_name, "/dev/null"))
return;
else if (sc->log_file_name[0] == '|') {
szLogFile = sc->log_file_name + 1;
while (*szLogFile == ' ' || *szLogFile == '\t')
szLogFile++;
if ((pl = ap_open_piped_log(p, szLogFile)) == NULL) {
ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
"Cannot open reliable pipe to SSL logfile filter %s", szLogFile);
ssl_die();
}
sc->log_file = ap_piped_log_write_fd(pl);
}
else {
szLogFile = ap_server_root_relative(p, sc->log_file_name);
if (!szLogFile) {
ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
"Invalid SSL logfile path %s", sc->log_file_name);
ssl_die();
}
if ((apr_file_open(&(sc->log_file), szLogFile,
APR_WRITE|APR_APPEND|APR_CREATE, APR_OS_DEFAULT, p))
!= APR_SUCCESS) {
ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
"Cannot open SSL logfile %s", szLogFile);
ssl_die();
}
}
}
return;
}
static struct {
int nLevel;
char *szLevel;
} ssl_log_level2string[] = {
{ SSL_LOG_ERROR, "error" },
{ SSL_LOG_WARN, "warn" },
{ SSL_LOG_INFO, "info" },
{ SSL_LOG_TRACE, "trace" },
{ SSL_LOG_DEBUG, "debug" },
{ 0, NULL }
};
static struct { static struct {
char *cpPattern; char *cpPattern;
char *cpAnnotation; char *cpAnnotation;
@@ -169,148 +100,6 @@ static char *ssl_log_annotation(char *error)
return errstr; return errstr;
} }
void ssl_log(server_rec *s, int level, const char *msg, ...)
{
char tstr[80];
char lstr[256];
char vstr[1024];
char str[1024];
char *nstr;
apr_size_t len;
apr_time_exp_t t;
va_list ap;
int add;
int i;
char *astr;
int safe_errno;
unsigned long e;
SSLSrvConfigRec *sc;
char *cpE;
char *cpA;
/* initialization */
safe_errno = errno;
sc = mySrvConfig(s);
/* strip out additional flags */
add = (level & ~SSL_LOG_MASK);
level = (level & SSL_LOG_MASK);
/* reduce flags when not reasonable in context */
if (add & SSL_ADD_ERRNO && errno == 0)
add &= ~SSL_ADD_ERRNO;
if (add & SSL_ADD_SSLERR && ERR_peek_error() == 0)
add &= ~SSL_ADD_SSLERR;
/* we log only levels below, except for errors */
if ( sc->log_file == NULL
&& !(level & SSL_LOG_ERROR))
return;
if ( level > sc->log_level
&& !(level & SSL_LOG_ERROR))
return;
/* determine the time entry string */
if (add & SSL_NO_TIMESTAMP)
tstr[0] = NUL;
else {
apr_time_exp_lt(&t, apr_time_now());
apr_strftime(tstr, &len, 80, "[%d/%b/%Y %H:%M:%S", &t);
apr_snprintf(tstr + strlen(tstr), 80 - strlen(tstr), " %05d] ",
(unsigned int)getpid());
}
/* determine whether newline should be written */
if (add & SSL_NO_NEWLINE)
nstr = "";
else {
nstr = APR_EOL_STR;
}
/* determine level name */
lstr[0] = NUL;
if (!(add & SSL_NO_LEVELID)) {
for (i = 0; ssl_log_level2string[i].nLevel != 0; i++) {
if (ssl_log_level2string[i].nLevel == level) {
apr_snprintf(lstr, sizeof(lstr), "[%s]", ssl_log_level2string[i].szLevel);
break;
}
}
for (i = strlen(lstr); i <= 7; i++)
lstr[i] = ' ';
lstr[i] = NUL;
}
if (add & SSL_INIT) {
len = strlen(lstr);
apr_snprintf(&lstr[len], sizeof(lstr) - len,
"Init: (%s) ", sc->vhost_id);
}
/* create custom message */
va_start(ap, msg);
apr_vsnprintf(vstr, sizeof(vstr), msg, ap);
va_end(ap);
/* write out SSLog message */
if ((add & SSL_ADD_ERRNO) && (add & SSL_ADD_SSLERR))
astr = " (System and " SSL_LIBRARY_NAME " library errors follow)";
else if (add & SSL_ADD_ERRNO)
astr = " (System error follows)";
else if (add & SSL_ADD_SSLERR)
astr = " (" SSL_LIBRARY_NAME " library error follows)";
else
astr = "";
if (level <= sc->log_level && sc->log_file != NULL) {
apr_snprintf(str, sizeof(str), "%s%s%s%s%s",
tstr, lstr, vstr, astr, nstr);
apr_file_printf(sc->log_file, "%s", str);
}
if (level & SSL_LOG_ERROR)
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"mod_ssl: %s%s", vstr, astr);
/* write out additional attachment messages */
if (add & SSL_ADD_ERRNO) {
if (level <= sc->log_level && sc->log_file != NULL) {
apr_snprintf(str, sizeof(str), "%s%sSystem: %s (errno: %d)%s",
tstr, lstr, strerror(safe_errno), safe_errno, nstr);
apr_file_printf(sc->log_file, "%s", str);
}
if (level & SSL_LOG_ERROR)
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"System: %s (errno: %d)",
strerror(safe_errno), safe_errno);
}
if (add & SSL_ADD_SSLERR) {
while ((e = ERR_get_error())) {
cpE = ERR_error_string(e, NULL);
cpA = ssl_log_annotation(cpE);
if (level <= sc->log_level && sc->log_file != NULL) {
apr_snprintf(str, sizeof(str), "%s%s%s: %s%s%s%s%s",
tstr, lstr, SSL_LIBRARY_NAME, cpE,
cpA != NULL ? " [Hint: " : "",
cpA != NULL ? cpA : "", cpA != NULL ? "]" : "",
nstr);
apr_file_printf(sc->log_file, "%s", str);
}
if (level & SSL_LOG_ERROR)
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"%s: %s%s%s%s", SSL_LIBRARY_NAME, cpE,
cpA != NULL ? " [Hint: " : "",
cpA != NULL ? cpA : "", cpA != NULL ? "]" : "");
}
}
/* make sure the next log starts from a clean base */
/* ERR_clear_error(); */
/* cleanup and return */
if (sc->log_file != NULL)
apr_file_flush(sc->log_file);
errno = safe_errno;
return;
}
void ssl_die(void) void ssl_die(void)
{ {
/* /*