up stdlib.h.
* modules/ssl/ssl_engine_pphrase.c (ssl_pphrase_Handle),
modules/ssl/ssl_engine_vars.c: Stop pretending mod_ssl has a version
independent of the rest of the server.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1082202 13f79535-47bb-0310-9956-ffa450edef68
startup failure in cases where multiple vhosts share the same
"vhost-id" and private key file. The cached-key case would
previously cause an abrupt return from the function, which could
prevent processing of configured keypairs for other vhosts. There
is no apparent reason to check for a "cache hit" against cached keys
using *any* algorithm types; instead only check against a key with
the matching type.
Submitted by: Masahiro Matsuya <matsuya redhat.com>, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1069772 13f79535-47bb-0310-9956-ffa450edef68
calculate hash index only once per loop iteration; no (intended)
functional change. Add comments and tweak a log message.
* modules/ssl/ssl_private.h: Add comments.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1069765 13f79535-47bb-0310-9956-ffa450edef68
to be included even when mod_ssl is not enabled.
* Makefile.in (install-include): Only install mod_ssl.h.
* modules/ssl/ssl_private.h: New file.
* modules/ssl/mod_ssl.h: Move everything apart from than the optional
hook definitions into ssl_private.h.
* modules/ssl/*.c: Include ssl_private.h not mod_ssl.h
* modules/ssl/config.m4: Always add the mod_ssl directory to the
include path so other modules can find mod_ssl.h.
* modules/proxy/mod_proxy.c: Include mod_ssl.h to pick up the optional
hook definitions rather than copy'n'pasting them.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102803 13f79535-47bb-0310-9956-ffa450edef68
during pass phrase entry.
* ssl_engine_pphrase.c (ssl_pphrase_Handle): Clear the OpenSSL error
stack before reading the private key.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@101515 13f79535-47bb-0310-9956-ffa450edef68
type overrides;
MODSSL_CLIENT_CERT_CB_ARG_TYPE
MODSSL_PCHAR_CAST (for a host of non-void/const sslc values)
modssl_read_bio_cb_fn (for several callbacks with same prototypes)
Declare callback functions appropriately.
And protect us from indetermineant toolkits with
#error "Unrecognized SSL Toolkit!"
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99183 13f79535-47bb-0310-9956-ffa450edef68
opened readtty or writetty. But they are absolute failures, nothing the
user could do to deal with them. They are logged in the ssl vhost's error
log.
In this case, I forgot my SSLCertificateKeyFile, so the server never
tried the callback. writetty wasn't initialized, so we segfaulted.
This segfault is due to misconfig, not to the dialog with the user.
This is the easiest fix (easier to read, too), but we shouldn't need
to worry too much that the release is tagged. If we retag, fine, then
grab it, but it only addresses a config problem.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95734 13f79535-47bb-0310-9956-ffa450edef68
Not only should it just say "can't do that on win32," which is after all
the bottom line, it was spitting out openssl error messages which were
totally useless. Eg:
[30/May/2002 17:31:17 05760] [error] Init: PassPhraseDialog BuiltIn not
supported in server private key from file
F:/Apache/Apache2/conf/ssl/secure.key (OpenSSL library error follows)
[30/May/2002 17:31:17 05760] [error] OpenSSL: error:0D084069:asn1
encoding routines:d2i_ASN1_SET:bad tag
[30/May/2002 17:31:17 05760] [error] OpenSSL: error:0D09D082:asn1
encoding routines:d2i_RSAPrivateKey:parsing
[30/May/2002 17:31:17 05760] [error] OpenSSL: error:0D09B00D:asn1
encoding routines:d2i_PrivateKey:ASN1 lib
Which is essentially saying "OpenSSL couldn't read your private key because
it was encrypted, and we can't get the passphrase the way you asked us to
on this platform."
Brought to my attention by the inquiry of: Chris Hsiang <chsiang@ivivos.com>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95415 13f79535-47bb-0310-9956-ffa450edef68
The issue is that ssl_log doesn't handle apr_status_t result codes. This
leads to a number of places (esp. with mutexes) where the error codes get
lost. Rather than extending ssl_log further, since mod_ssl is part of
our core, migrate to ap_log_error. This means that mod_ssl no longer
does its own logging.
Most uses of SSL_ADD_ERRNO are now mapped correctly to apr_status_t values
(mainly because the APIs that used to return errnos are now APRized and
have apr_status_t codes available).
SSL_LOG_TRACE and SSL_LOG_DEBUG were mapped to the APLOG_DEBUG values.
mod_ssl prints out a LOT of debugging information, so mod_ssl with LogLevel
Debug may not be a good idea - perhaps mod_ssl should be less chatty.
Numerous printf type collisions were also resolved.
(The ssl logging code itself will be removed in a subsequent commit.)
This has been discussed on dev@httpd, but the fact that there isn't
much to review besides the mindless changes, I'm going to commit now
and rely on CTR if I screwed up anything on the translation.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95127 13f79535-47bb-0310-9956-ffa450edef68
ssl_log_ssl_error() function that wraps ap_log_error instead.
This begins the migration from ssl_log() -> ap_log_error(). Divorcing
ourselves from the SSL_ADD_SSLERR option is required to make the next
pass easier.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95122 13f79535-47bb-0310-9956-ffa450edef68
+ modssl_pk_server_t - certs/keys for the server
+ modssl_pk_proxy_t - certs/keys for the proxy
+ modssl_auth_ctx_t - stuff related to authentication that can also
be per-dir, used by both server and proxy
+ modssl_ctx_t - context that can be used by both server and proxy
+ SSLSrvConfigRec - now contains original stuff specific to the
server config and modssl_ctx_t *server, *proxy
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94267 13f79535-47bb-0310-9956-ffa450edef68
ssl_log(s, flags, "Init: (%s) ...", sc->szVHostID)
add SSL_INIT flag to cut down some noise and end up with:
ssl_log(s, flags, "...")
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@94247 13f79535-47bb-0310-9956-ffa450edef68
