diff options
| author | Stefan Fritsch <sf@apache.org> | 2011-12-07 23:33:35 +0100 |
|---|---|---|
| committer | Stefan Fritsch <sf@apache.org> | 2011-12-07 23:33:35 +0100 |
| commit | 53164d250f83bcc0eee81ad947f5fc002724e610 (patch) | |
| tree | b50f8fc1b985e266be215f67398659feff0db5a9 /modules/ssl | |
| parent | Remove usage of APLOG_NOERRNO. It has been a no-op since at least 2.0.x (diff) | |
| download | apache2-53164d250f83bcc0eee81ad947f5fc002724e610.tar.xz apache2-53164d250f83bcc0eee81ad947f5fc002724e610.zip | |
Various fixes for log message tags:
- Remove tags in ssl_log_ssl_error() and ssl_log_cert_error()
- Instead add tags to various ssl_log_xerror, ssl_log_cxerror
calls (ssl_log_rxerror is unused).
- likewise for modssl_proxy_info_log()
- Fix spelling of APLOG_NOERRNO in coccinelle script
- add support for ssl_log_*error and ap_log_cserror
- add some more tags missing due to APLOG_NOERRNO spelling error
- Remove tags from example modules (we don't want people to blindly copy
those)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1211680 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
| -rw-r--r-- | modules/ssl/ssl_engine_init.c | 10 | ||||
| -rw-r--r-- | modules/ssl/ssl_engine_kernel.c | 14 | ||||
| -rw-r--r-- | modules/ssl/ssl_engine_log.c | 6 | ||||
| -rw-r--r-- | modules/ssl/ssl_engine_ocsp.c | 4 | ||||
| -rw-r--r-- | modules/ssl/ssl_util.c | 2 |
5 files changed, 20 insertions, 16 deletions
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 79b683cce8..637d35ca85 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -1257,8 +1257,9 @@ static void ssl_init_proxy_certs(server_rec *s, if (X509_verify_cert(sctx) != 1) { int err = X509_STORE_CTX_get_error(sctx); ssl_log_xerror(SSLLOG_MARK, APLOG_WARNING, 0, ptemp, s, inf->x509, - "SSL proxy client cert chain verification failed: %s :", - X509_verify_cert_error_string(err)); + APLOGNO(02270) "SSL proxy client cert chain " + "verification failed: %s :", + X509_verify_cert_error_string(err)); } /* Clear X509_verify_cert errors */ @@ -1282,8 +1283,9 @@ static void ssl_init_proxy_certs(server_rec *s, } ssl_log_xerror(SSLLOG_MARK, APLOG_DEBUG, 0, ptemp, s, inf->x509, - "loaded %i intermediate CA%s for cert %i: ", - i, i == 1 ? "" : "s", n); + APLOGNO(02271) + "loaded %i intermediate CA%s for cert %i: ", + i, i == 1 ? "" : "s", n); if (i > 0) { int j; for (j = 0; j < i; j++) { diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index a3643d9783..e3f48c7af9 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -1429,7 +1429,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) * Log verification information */ ssl_log_cxerror(SSLLOG_MARK, APLOG_DEBUG, 0, conn, - X509_STORE_CTX_get_current_cert(ctx), + X509_STORE_CTX_get_current_cert(ctx), APLOGNO(02275) "Certificate Verification, depth %d, " "CRL checking mode: %s", errdepth, mctx->crl_check_mode == SSL_CRLCHECK_CHAIN ? @@ -1514,7 +1514,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) if (!ok) { if (APLOGcinfo(conn)) { ssl_log_cxerror(SSLLOG_MARK, APLOG_INFO, 0, conn, - X509_STORE_CTX_get_current_cert(ctx), + X509_STORE_CTX_get_current_cert(ctx), APLOGNO(02276) "Certificate Verification: Error (%d): %s", errnum, X509_verify_cert_error_string(errnum)); } else { @@ -1567,7 +1567,7 @@ static void modssl_proxy_info_log(conn_rec *c, X509_INFO *info, const char *msg) { - ssl_log_cxerror(SSLLOG_MARK, APLOG_DEBUG, 0, c, info->x509, + ssl_log_cxerror(SSLLOG_MARK, APLOG_DEBUG, 0, c, info->x509, APLOGNO(02277) SSLPROXY_CERT_CB_LOG_FMT "%s, sending", (mySrvConfigFromConn(c))->vhost_id, msg); } @@ -1618,7 +1618,7 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey) */ info = sk_X509_INFO_value(certs, 0); - modssl_proxy_info_log(c, info, "no acceptable CA list"); + modssl_proxy_info_log(c, info, APLOGNO(02278) "no acceptable CA list"); modssl_set_cert_info(info, x509, pkey); @@ -1635,7 +1635,8 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey) /* Search certs (by issuer name) one by one*/ if (X509_NAME_cmp(issuer, ca_name) == 0) { - modssl_proxy_info_log(c, info, "found acceptable cert"); + modssl_proxy_info_log(c, info, APLOGNO(02279) + "found acceptable cert"); modssl_set_cert_info(info, x509, pkey); @@ -1653,7 +1654,8 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey) ca_issuer = X509_get_issuer_name(ca_cert); if(X509_NAME_cmp(ca_issuer, ca_name) == 0 ) { - modssl_proxy_info_log(c, info, "found acceptable cert by intermediate CA"); + modssl_proxy_info_log(c, info, APLOGNO(02280) + "found acceptable cert by intermediate CA"); modssl_set_cert_info(info, x509, pkey); diff --git a/modules/ssl/ssl_engine_log.c b/modules/ssl/ssl_engine_log.c index 271ecc5f79..31861ca721 100644 --- a/modules/ssl/ssl_engine_log.c +++ b/modules/ssl/ssl_engine_log.c @@ -94,7 +94,7 @@ void ssl_log_ssl_error(const char *file, int line, int level, server_rec *s) annotation = ssl_log_annotation(err); ap_log_error(file, line, APLOG_MODULE_INDEX, level, 0, s, - APLOGNO(02021) "SSL Library Error: %s%s%s%s%s%s", + "SSL Library Error: %s%s%s%s%s%s", /* %s */ err, /* %s%s%s */ @@ -135,7 +135,7 @@ static void ssl_log_cert_error(const char *file, int line, int level, */ int maxdnlen = (HUGE_STRING_LEN - msglen - 300) / 2; - BIO_puts(bio, APLOGNO(02022) " [subject: "); + BIO_puts(bio, " [subject: "); name = SSL_X509_NAME_to_string(p, X509_get_subject_name(cert), maxdnlen); if (!strIsEmpty(name)) { @@ -174,7 +174,7 @@ static void ssl_log_cert_error(const char *file, int line, int level, } else { apr_snprintf(buf + msglen, sizeof buf - msglen, - APLOGNO(02023) " [certificate: -not available-]"); + " [certificate: -not available-]"); } if (r) { diff --git a/modules/ssl/ssl_engine_ocsp.c b/modules/ssl/ssl_engine_ocsp.c index 4c22b18e3d..b4ea919c4e 100644 --- a/modules/ssl/ssl_engine_ocsp.c +++ b/modules/ssl/ssl_engine_ocsp.c @@ -197,7 +197,7 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c, &reason, NULL, &thisup, &nextup); if (rc != 1) { ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); - ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert, + ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert, APLOGNO(02272) "failed to retrieve OCSP response status"); rc = V_OCSP_CERTSTATUS_UNKNOWN; } @@ -217,7 +217,7 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c, sc->server->ocsp_resp_maxage); if (vrc != 1) { ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); - ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert, + ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert, APLOGNO(02273) "OCSP response outside validity period"); rc = V_OCSP_CERTSTATUS_UNKNOWN; } diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c index 969dab2873..6b5a7de64e 100644 --- a/modules/ssl/ssl_util.c +++ b/modules/ssl/ssl_util.c @@ -292,7 +292,7 @@ STACK_OF(X509) *ssl_read_pkcs7(server_rec *s, const char *pkcs7) p7 = PEM_read_PKCS7(f, NULL, NULL, NULL); if (!p7) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(02274) "Can't read PKCS7 object %s", pkcs7); ssl_log_ssl_error(SSLLOG_MARK, APLOG_CRIT, s); exit(1); |