249519625c
there is a heaping pile of:
...
ssl_log(s, flags, "Init: (%s) ...", sc->szVHostID)
add SSL_INIT flag to cut down some noise and end up with:
ssl_log(s, flags, "...")
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94247 13f79535-47bb-0310-9956-ffa450edef68
2002-03-28 00:34:13 +00:00
934bb7f29b
break out certificate revocation list initialization into
...
ssl_init_crl function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94246 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 23:53:27 +00:00
a413cb6798
break out cipher suite initialization into ssl_init_cipher_suite function
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94245 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 23:49:09 +00:00
20ae69adba
move warning about session cache not being configured to ssl_scache_init
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94243 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 23:25:58 +00:00
9379b72632
break out SSL_CTX session initialization into
...
ssl_init_session_cache_ctx function
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94242 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 23:19:08 +00:00
af9bfbb2b3
"Oops" has two o's in it. :)
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94235 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 21:16:37 +00:00
948cab95a4
break SSL_CTX initialization into ssl_init_ctx function
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94234 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 21:14:49 +00:00
bbd6a5e76f
(starting to break apart the init code into smaller, generic functions,
...
preparing for proxy support)
break out verify code into ssl_init_verify function.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94233 13f79535-47bb-0310-9956-ffa450edef68
2002-03-27 21:07:08 +00:00
05ae021cfd
Clear up a const warning, and recognize some arrays by changing the
...
variable names to the plural [rather than aszFoo, which I hope continues
to be cleaned up as folks have time.]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93982 13f79535-47bb-0310-9956-ffa450edef68
2002-03-17 17:32:24 +00:00
845cbfd508
Update our copyright for this year.
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93918 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 20:48:07 +00:00
e89fcb92f1
use ssl_asn1_keystr
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93913 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 18:59:56 +00:00
9432ed4273
use ssl_asn1_table_keyfmt() function and only format each (rsa,dsa)
...
lookup key once, rather than twice.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93911 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 18:51:35 +00:00
9dbc0c3442
couple o minor style/log fixos
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93896 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 05:05:51 +00:00
55294115e5
use ptemp in ssl_init_FindCAList() rather than creating a subpool.
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93895 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 04:59:19 +00:00
e38e20775e
switch to ptemp pool for ssl_pphrase_Handle
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93894 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 04:49:23 +00:00
22b44bf05c
only call: ssl_rand_seed(s, p, SSL_RSCTX_STARTUP, "Init: ");
...
once at startup. if there is value in calling it more than once at
startup, it should be done explicitly rather than hidden in
ssl_tmp_keys_init().
switch to ptemp pool when calling ssl_rand_seed() at startup.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93893 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 04:38:35 +00:00
ec39586ace
minor ssl_init_CheckServers() enhancements:
...
- pass the ptemp (temporary pool) so we don't need to create a subpool
and destroy it ourselves.
- change ssl_ds_table usage to apr_hash_t
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93887 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 01:15:14 +00:00
e7f00d8c09
folding more duplication in ssl_tmp_keys_init
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93886 13f79535-47bb-0310-9956-ffa450edef68
2002-03-13 00:50:13 +00:00
d9d26c6b82
for the sake of readablity,
...
change: SSL_TKPIDX_{DH,RSA}{512,1024}
to: SSL_TMP_KEY_{DH,RSA}_{512,1024}
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93883 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 23:05:33 +00:00
52ff7b736e
split ssl_init_TmpKeysHandle function to init/free functions,
...
and make them static to ssl_engine_init.c
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93882 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 22:50:38 +00:00
15d581b6fe
it is not required that temporary keys survive restarts, since they
...
are generated and destroyed on every restart.
so get rid of SSLModConfigRec.tTmpKeys table and mess that was
managing it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93881 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 22:34:31 +00:00
e77f92b4e5
remove call to legacy X509V3_add_standard_extensions() function,
...
not needed with OpenSSL 0.9.6+
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93878 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 22:08:23 +00:00
c502a4a518
removing unused ssl_init_ChildKill
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93875 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 21:54:27 +00:00
4e2c5954f9
making ssl_init_SSLLibrary() static
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93874 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 21:53:44 +00:00
7be8a550ae
cleanup version component construction.
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93873 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 21:48:48 +00:00
72814e709a
dropping hungarian notation
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93851 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 04:41:57 +00:00
c85b45e940
various style fixups / general changes to make code more readable.
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93847 13f79535-47bb-0310-9956-ffa450edef68
2002-03-12 01:04:16 +00:00
8097066e90
Consensus is that we should not use the scoreboard as a source of entropy.
...
Reviewed by: OtherBill, Justin, Madhu
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93652 13f79535-47bb-0310-9956-ffa450edef68
2002-03-01 04:35:17 +00:00
ea9d330c32
remove an XXX: we already do CRYPTO_set_locking_callback() in ssl_util_thread_setup()
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93637 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 05:58:49 +00:00
2cd3334d76
remove #ifdef SHARED_MODULE around ssl library cleanup calls.
...
SHARED_MODULE is no longer defined, so we were leaking.
plus we always do a full startup/teardown regardless of being a dso or
static.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93636 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 05:28:43 +00:00
7984837e03
move SSL_load_client_CA_file() comment to where we moved the call to it
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93635 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 05:22:56 +00:00
496a09a809
various SSLCACertificatePath fixes:
...
- return value from apr_dir_read() was checking != APR_SUCCESS rather
than == APR_SUCCESS, so no certs were ever loaded.
- wasn't checking return value of apr_dir_open(), now log an error and
ssl_die() on failure.
- don't bother trying to load directories
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93634 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 05:17:03 +00:00
2ed45ef1b1
plug leak in ssl_init_FindCAList() where return value of
...
X509_NAME_oneline() used for trace logging was not freed.
now passes in a static buffer so no buffer is malloced.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93633 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 04:59:07 +00:00
161b60fcff
fold some duplication within ssl_init_FindCAList() into generic
...
ssl_init_PushCAList() function.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93632 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 04:35:29 +00:00
c25e79513a
need to free X509_NAME duplicates already found in the stack built by
...
ssl_init_FindCAList().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93626 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 04:00:51 +00:00
c892fe3559
need to free the stacks returned by calls to SSL_load_client_CA_file()
...
in ssl_init_FindCAList(). values are pushed into another stack which
gets freed when SSL context is destroyed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93625 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 03:48:26 +00:00
925dbed8b2
contrary to what comments say, DH* returned from ssl_dh_GetTmpParam()
...
is _not_ static and needs to be freed via DH_free().
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93624 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 03:21:51 +00:00
a32ba5671e
need to free sc->pRevocationStore at shutdown
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93623 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 03:12:11 +00:00
b4f77dcf27
switch SSLModConfigRec.tPublicCert to ssl_asn1_table api to prevent
...
leakage on restarts.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93615 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 00:28:05 +00:00
e778179d1f
switch SSLModConfigRec.tPrivateKey to ssl_asn1_table api to prevent
...
leakage on restarts.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93614 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 00:23:32 +00:00
01b903dfc4
add ssl_asn1_table_get() wrapper and change ssl_init_TmpKeysHandle()
...
to use it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93613 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 00:10:52 +00:00
d6a76369d5
mod_ssl was "leaking" on restart since mc->tTmpKeys table entries
...
were allocated using apr_palloc out of s->process->pool and pushed
into an apr_array_header_t.
solve the problem by moving from apr_array_header_t's to an apr_hash_t.
also add ssl_asn1_table_{set,unset} wrappers to use malloc/free so we
do not "leak" from s->process->pool.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93612 13f79535-47bb-0310-9956-ffa450edef68
2002-02-28 00:01:57 +00:00
0ba62becc5
changing mod_ssl to do a full startup/teardown on each restart rather
...
than hack to only read passphrase on 1st round startup. this change:
- fixes current segv on restarts (SHARED_MODULE is not defined)
- allows LoadModule ssl_module to be added to httpd.conf on restart
(was core dumping previously)
- allows certs/keys to be changed on restart provided key is not
encrypted or SSLPassPhraseDialog is exec. if key is encrypted and
SSLPassPhraseDialog is builtin, existing private keys will be reused
on restart (which happens currently for any type of key/dialog).
note: mod_ssl currently leaks on restart; leaks more with this change.
fixes to come.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93585 13f79535-47bb-0310-9956-ffa450edef68
2002-02-27 03:21:09 +00:00
0f45e62dcd
Forward port of changes in mod_ssl for Apache 1.3 up through mod_ssl
...
version 2.8.7-1.3.23.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93564 13f79535-47bb-0310-9956-ffa450edef68
2002-02-25 04:23:03 +00:00
39b3c29d1e
If the file specified by SSLMutex cannot be created (because the directory does not exist for example), children will segfault on init without giving any reason that the user can figure out. This happens because the module init in the parent never checks to see if the mutex intialization succeded. This patch adds this check and a user-friendly error message.
...
(Justin made one formatting change to this patch.)
Submitted by: Adam Sussman <myddryn@vishnu.vidya.com >
Reviewed by: Justin Erenkrantz
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@93441 13f79535-47bb-0310-9956-ffa450edef68
2002-02-16 18:35:21 +00:00
ffeb2bbe16
The mutex must be pool-managed, not ssl managed. We are encountering
...
segfaults on Win32 when the cleanup of the mutex occurs after the pool
was destroyed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92818 13f79535-47bb-0310-9956-ffa450edef68
2002-01-11 06:05:18 +00:00
c53456b4c1
mod_ssl adjustments to help with using toolkits other than OpenSSL:
...
Use SSL functions/macros instead of directly dereferencing SSL
structures wherever possible.
Add type-casts for the cases where functions return a generic pointer.
Add $SSL/include to configure search path.
PR:
Obtained from:
Submitted by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com >
Reviewed by: dougm
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92800 13f79535-47bb-0310-9956-ffa450edef68
2002-01-10 04:55:19 +00:00
9236e4bfa2
call ssl_mutex_kill() during module cleanup
...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92788 13f79535-47bb-0310-9956-ffa450edef68
2002-01-09 22:21:34 +00:00
538110d762
move srand() call from ssl_rand_choosenum() to ssl_init_Child()
...
this was being called twice per-connection with 'SSLRandom connect builtin'
configured (which is in the default config)
this also gets rid of two time() syscalls per-connection
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92232 13f79535-47bb-0310-9956-ffa450edef68
2001-11-29 05:08:47 +00:00
1c3ac886e0
call getpid() once at child init and save in the SSLModConfigRec
...
to avoid getpid() calls at request time
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92231 13f79535-47bb-0310-9956-ffa450edef68
2001-11-29 05:04:22 +00:00
