diff options
| author | Justin Erenkrantz <jerenkrantz@apache.org> | 2002-05-16 07:17:11 +0200 |
|---|---|---|
| committer | Justin Erenkrantz <jerenkrantz@apache.org> | 2002-05-16 07:17:11 +0200 |
| commit | d0214d5ae72704327942d7e8a615ce38410fd159 (patch) | |
| tree | 0cd68d23a0b47ed027fa69d30da7601f071652e2 /modules | |
| parent | Feeling more confident in the worker MPM now, so I'm with Brian on (diff) | |
| download | apache2-d0214d5ae72704327942d7e8a615ce38410fd159.tar.xz apache2-d0214d5ae72704327942d7e8a615ce38410fd159.zip | |
Change mod_ssl from using ssl_log() to ap_log_error().
The issue is that ssl_log doesn't handle apr_status_t result codes. This
leads to a number of places (esp. with mutexes) where the error codes get
lost. Rather than extending ssl_log further, since mod_ssl is part of
our core, migrate to ap_log_error. This means that mod_ssl no longer
does its own logging.
Most uses of SSL_ADD_ERRNO are now mapped correctly to apr_status_t values
(mainly because the APIs that used to return errnos are now APRized and
have apr_status_t codes available).
SSL_LOG_TRACE and SSL_LOG_DEBUG were mapped to the APLOG_DEBUG values.
mod_ssl prints out a LOT of debugging information, so mod_ssl with LogLevel
Debug may not be a good idea - perhaps mod_ssl should be less chatty.
Numerous printf type collisions were also resolved.
(The ssl logging code itself will be removed in a subsequent commit.)
This has been discussed on dev@httpd, but the fact that there isn't
much to review besides the mindless changes, I'm going to commit now
and rely on CTR if I screwed up anything on the translation.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95127 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/ssl/mod_ssl.c | 82 | ||||
| -rw-r--r-- | modules/ssl/ssl_engine_init.c | 234 | ||||
| -rw-r--r-- | modules/ssl/ssl_engine_io.c | 32 | ||||
| -rw-r--r-- | modules/ssl/ssl_engine_kernel.c | 305 | ||||
| -rw-r--r-- | modules/ssl/ssl_engine_mutex.c | 29 | ||||
| -rw-r--r-- | modules/ssl/ssl_engine_pphrase.c | 124 | ||||
| -rw-r--r-- | modules/ssl/ssl_engine_rand.c | 6 | ||||
| -rw-r--r-- | modules/ssl/ssl_scache.c | 6 | ||||
| -rw-r--r-- | modules/ssl/ssl_scache_dbm.c | 96 | ||||
| -rw-r--r-- | modules/ssl/ssl_scache_shmcb.c | 272 | ||||
| -rw-r--r-- | modules/ssl/ssl_scache_shmht.c | 36 |
11 files changed, 676 insertions, 546 deletions
diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 4fc7bf5561..d2d3a08685 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -244,9 +244,9 @@ int ssl_proxy_enable(conn_rec *c) SSLConnRec *sslconn = ssl_init_connection_ctx(c); if (!sc->proxy_enabled) { - ssl_log(c->base_server, SSL_LOG_ERROR, - "SSL Proxy requested for %s but not enabled " - "[Hint: SSLProxyEngine]", sc->vhost_id); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server, + "SSL Proxy requested for %s but not enabled " + "[Hint: SSLProxyEngine]", sc->vhost_id); return 0; } @@ -309,10 +309,10 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd) * later access inside callback functions */ - ssl_log(c->base_server, SSL_LOG_INFO, - "Connection to child %d established " - "(server %s, client %s)", c->id, sc->vhost_id, - c->remote_ip ? c->remote_ip : "unknown"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, c->base_server, + "Connection to child %ld established " + "(server %s, client %s)", c->id, sc->vhost_id, + c->remote_ip ? c->remote_ip : "unknown"); /* * Seed the Pseudo Random Number Generator (PRNG) @@ -327,8 +327,9 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd) * so we can detach later. */ if (!(ssl = SSL_new(mctx->ssl_ctx))) { - ssl_log(c->base_server, SSL_LOG_ERROR, - "Unable to create a new SSL connection from the SSL context"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server, + "Unable to create a new SSL connection from the SSL " + "context"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); c->aborted = 1; @@ -341,8 +342,8 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd) if (!SSL_set_session_id_context(ssl, (unsigned char *)vhost_md5, MD5_DIGESTSIZE*2)) { - ssl_log(c->base_server, SSL_LOG_ERROR, - "Unable to set session id context to `%s'", vhost_md5); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server, + "Unable to set session id context to `%s'", vhost_md5); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); c->aborted = 1; @@ -409,9 +410,9 @@ int ssl_hook_process_connection(SSLFilterRec *filter) if (!SSL_is_init_finished(filter->pssl)) { if (sslconn->is_proxy) { if ((n = SSL_connect(filter->pssl)) <= 0) { - ssl_log(c->base_server, - SSL_LOG_ERROR|SSL_ADD_ERRNO, - "SSL Proxy connect failed"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, + c->base_server, + "SSL Proxy connect failed"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); return ssl_abort(filter, c); } @@ -428,8 +429,9 @@ int ssl_hook_process_connection(SSLFilterRec *filter) * was transferred. That's not a real error and can occur * sporadically with some clients. */ - ssl_log(c->base_server, SSL_LOG_INFO, - "SSL handshake stopped: connection was closed"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, + c->base_server, + "SSL handshake stopped: connection was closed"); } else if (err == SSL_ERROR_WANT_READ) { /* @@ -452,17 +454,18 @@ int ssl_hook_process_connection(SSLFilterRec *filter) (errno != EINTR)) { if (errno > 0) { - ssl_log(c->base_server, - SSL_LOG_ERROR|SSL_ADD_ERRNO, - "SSL handshake interrupted by system " - "[Hint: Stop button pressed in browser?!]"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, + c->base_server, + "SSL handshake interrupted by system " + "[Hint: Stop button pressed in browser?!]"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); } else { - ssl_log(c->base_server, - SSL_LOG_INFO|SSL_ADD_ERRNO, - "Spurious SSL handshake interrupt [Hint: " - "Usually just one of those OpenSSL confusions!?]"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, + c->base_server, + "Spurious SSL handshake interrupt [Hint: " + "Usually just one of those OpenSSL " + "confusions!?]"); ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, c->base_server); } } @@ -470,11 +473,11 @@ int ssl_hook_process_connection(SSLFilterRec *filter) /* * Ok, anything else is a fatal error */ - ssl_log(c->base_server, - SSL_LOG_ERROR|SSL_ADD_ERRNO, - "SSL handshake failed (server %s, client %s)", - ssl_util_vhostid(c->pool, c->base_server), - c->remote_ip ? c->remote_ip : "unknown"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, + c->base_server, + "SSL handshake failed (server %s, client %s)", + ssl_util_vhostid(c->pool, c->base_server), + c->remote_ip ? c->remote_ip : "unknown"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); } @@ -500,10 +503,12 @@ int ssl_hook_process_connection(SSLFilterRec *filter) * optional_no_ca doesn't appear to work as advertised * in 1.x */ - ssl_log(c->base_server, SSL_LOG_ERROR, - "SSL client authentication failed, " - "accepting certificate based on " - "\"SSLVerifyClient optional_no_ca\" configuration"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, + c->base_server, + "SSL client authentication failed, " + "accepting certificate based on " + "\"SSLVerifyClient optional_no_ca\" " + "configuration"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); } else { @@ -511,9 +516,10 @@ int ssl_hook_process_connection(SSLFilterRec *filter) sslconn->verify_error : X509_verify_cert_error_string(verify_result); - ssl_log(c->base_server, SSL_LOG_ERROR, - "SSL client authentication failed: %s", - error ? error : "unknown"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, + c->base_server, + "SSL client authentication failed: %s", + error ? error : "unknown"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); return ssl_abort(filter, c); @@ -535,8 +541,8 @@ int ssl_hook_process_connection(SSLFilterRec *filter) if ((sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE) && !sslconn->client_cert) { - ssl_log(c->base_server, SSL_LOG_ERROR, - "No acceptable peer certificate available"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server, + "No acceptable peer certificate available"); return ssl_abort(filter, c); } diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index b046ac0249..a314de9f62 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -98,11 +98,11 @@ static void ssl_add_version_components(apr_pool_t *p, version_components[i]); } - ssl_log(s, SSL_LOG_INFO, - "Server: %s, Interface: %s, Library: %s", - AP_SERVER_BASEVERSION, - vals[1], /* SSL_VERSION_INTERFACE */ - vals[2]); /* SSL_VERSION_LIBRARY */ + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Server: %s, Interface: %s, Library: %s", + AP_SERVER_BASEVERSION, + vals[1], /* SSL_VERSION_INTERFACE */ + vals[2]); /* SSL_VERSION_LIBRARY */ } @@ -111,8 +111,8 @@ static void ssl_add_version_components(apr_pool_t *p, */ static void ssl_init_SSLLibrary(server_rec *s) { - ssl_log(s, SSL_LOG_INFO, - "Init: Initializing %s library", SSL_LIBRARY_NAME); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Init: Initializing %s library", SSL_LIBRARY_NAME); CRYPTO_malloc_init(); SSL_load_error_strings(); @@ -149,9 +149,9 @@ static void ssl_tmp_key_init_rsa(server_rec *s, if (!(mc->pTmpKeys[idx] = RSA_generate_key(bits, RSA_F4, NULL, NULL))) { - ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to generate temporary " - "%d bit RSA private key", bits); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Init: Failed to generate temporary " + "%d bit RSA private key", bits); ssl_die(); } @@ -165,9 +165,9 @@ static void ssl_tmp_key_init_dh(server_rec *s, if (!(mc->pTmpKeys[idx] = ssl_dh_GetTmpParam(bits))) { - ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to generate temporary " - "%d bit DH parameters", bits); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Init: Failed to generate temporary " + "%d bit DH parameters", bits); ssl_die(); } } @@ -180,14 +180,14 @@ static void ssl_tmp_key_init_dh(server_rec *s, static void ssl_tmp_keys_init(server_rec *s) { - ssl_log(s, SSL_LOG_INFO, - "Init: Generating temporary RSA private keys (512/1024 bits)"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Init: Generating temporary RSA private keys (512/1024 bits)"); MODSSL_TMP_KEY_INIT_RSA(s, 512); MODSSL_TMP_KEY_INIT_RSA(s, 1024); - ssl_log(s, SSL_LOG_INFO, - "Init: Generating temporary DH parameters (512/1024 bits)"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Init: Generating temporary DH parameters (512/1024 bits)"); MODSSL_TMP_KEY_INIT_DH(s, 512); MODSSL_TMP_KEY_INIT_DH(s, 1024); @@ -304,8 +304,8 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, /* * initialize servers */ - ssl_log(base_server, SSL_LOG_INFO, - "Init: Initializing (virtual) servers for SSL"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, base_server, + "Init: Initializing (virtual) servers for SSL"); for (s = base_server; s; s = s->next) { sc = mySrvConfig(s); @@ -349,9 +349,9 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p) if (mc->szCryptoDevice) { if (!(e = ENGINE_by_id(mc->szCryptoDevice))) { - ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to load Crypto Device API `%s'", - mc->szCryptoDevice); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Init: Failed to load Crypto Device API `%s'", + mc->szCryptoDevice); ssl_die(); } @@ -360,9 +360,9 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p) } if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { - ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to enable Crypto Device API `%s'", - mc->szCryptoDevice); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Init: Failed to enable Crypto Device API `%s'", + mc->szCryptoDevice); ssl_die(); } @@ -381,7 +381,7 @@ static void ssl_init_server_check(server_rec *s, * possibility that the user forgot to set them. */ if (!mctx->pks->cert_files[0]) { - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "No SSL Certificate set [hint: SSLCertificateFile]"); ssl_die(); } @@ -392,7 +392,7 @@ static void ssl_init_server_check(server_rec *s, if (mctx->pks->certs[SSL_AIDX_RSA] || mctx->pks->certs[SSL_AIDX_DSA]) { - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "Illegal attempt to re-initialise SSL for server " "(theoretically shouldn't happen!)"); ssl_die(); @@ -413,7 +413,7 @@ static void ssl_init_ctx_protocol(server_rec *s, * Create the new per-server SSL context */ if (protocol == SSL_PROTOCOL_NONE) { - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "No SSL protocols available [hint: SSLProtocol]"); ssl_die(); } @@ -425,8 +425,8 @@ static void ssl_init_ctx_protocol(server_rec *s, NULL); cp[strlen(cp)-2] = NUL; - ssl_log(s, SSL_LOG_TRACE|SSL_INIT, - "Creating new SSL context (protocols: %s)", cp); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "Creating new SSL context (protocols: %s)", cp); if (protocol == SSL_PROTOCOL_SSLV2) { method = mctx->pkp ? @@ -542,14 +542,14 @@ static void ssl_init_ctx_verify(server_rec *s, * Configure Client Authentication details */ if (mctx->auth.ca_cert_file || mctx->auth.ca_cert_path) { - ssl_log(s, SSL_LOG_TRACE|SSL_INIT, - "Configuring client authentication"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "Configuring client authentication"); if (!SSL_CTX_load_verify_locations(ctx, mctx->auth.ca_cert_file, mctx->auth.ca_cert_path)) { - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "Unable to configure verify locations " "for client authentication"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); @@ -560,7 +560,7 @@ static void ssl_init_ctx_verify(server_rec *s, mctx->auth.ca_cert_file, mctx->auth.ca_cert_path); if (!ca_list) { - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "Unable to determine list of available " "CA certificates for client authentication"); ssl_die(); @@ -577,10 +577,10 @@ static void ssl_init_ctx_verify(server_rec *s, ca_list = (STACK_OF(X509_NAME) *)SSL_CTX_get_client_CA_list(ctx); if (sk_X509_NAME_num(ca_list) == 0) { - ssl_log(s, SSL_LOG_WARN, - "Init: Oops, you want to request client authentication, " - "but no CAs are known for verification!? " - "[Hint: SSLCACertificate*]"); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, + "Init: Oops, you want to request client " + "authentication, but no CAs are known for " + "verification!? [Hint: SSLCACertificate*]"); } } } @@ -600,12 +600,12 @@ static void ssl_init_ctx_cipher_suite(server_rec *s, return; } - ssl_log(s, SSL_LOG_TRACE|SSL_INIT, - "Configuring permitted SSL ciphers [%s]", - suite); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "Configuring permitted SSL ciphers [%s]", + suite); if (!SSL_CTX_set_cipher_list(ctx, suite)) { - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "Unable to configure permitted SSL ciphers"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_die(); @@ -625,15 +625,15 @@ static void ssl_init_ctx_crl(server_rec *s, return; } - ssl_log(s, SSL_LOG_TRACE|SSL_INIT, - "Configuring certificate revocation facility"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "Configuring certificate revocation facility"); mctx->crl = SSL_X509_STORE_create((char *)mctx->crl_file, (char *)mctx->crl_path); if (!mctx->crl) { - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "Unable to configure X.509 CRL storage " "for certificate revocation"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); @@ -679,15 +679,15 @@ static void ssl_init_ctx_cert_chain(server_rec *s, (char *)chain, skip_first, NULL); if (n < 0) { - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "Failed to configure CA certificate chain!"); ssl_die(); } - ssl_log(s, SSL_LOG_TRACE|SSL_INIT, - "Configuring server certificate chain " - "(%d CA certificate%s)", - n, n == 1 ? "" : "s"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "Configuring server certificate chain " + "(%d CA certificate%s)", + n, n == 1 ? "" : "s"); } static void ssl_init_ctx(server_rec *s, @@ -728,19 +728,19 @@ static int ssl_server_import_cert(server_rec *s, return FALSE; } - ssl_log(s, SSL_LOG_TRACE|SSL_INIT, - "Configuring %s server certificate", type); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "Configuring %s server certificate", type); ptr = asn1->cpData; if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) { - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "Unable to import %s server certificate", type); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_die(); } if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) { - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "Unable to configure %s server certificate", type); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_die(); @@ -767,20 +767,20 @@ static int ssl_server_import_key(server_rec *s, return FALSE; } - ssl_log(s, SSL_LOG_TRACE|SSL_INIT, - "Configuring %s server private key", type); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "Configuring %s server private key", type); ptr = asn1->cpData; if (!(pkey = d2i_PrivateKey(pkey_type, NULL, &ptr, asn1->nData))) { - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "Unable to import %s server private key", type); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_die(); } if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) { - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "Unable to configure %s server private key", type); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_die(); @@ -795,7 +795,7 @@ static int ssl_server_import_key(server_rec *s, if (pubkey && EVP_PKEY_missing_parameters(pubkey)) { EVP_PKEY_copy_parameters(pubkey, pkey); - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "Copying DSA parameters from private key to certificate"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); } @@ -823,25 +823,25 @@ static void ssl_check_public_cert(server_rec *s, */ if (SSL_X509_isSGC(cert)) { - ssl_log(s, SSL_LOG_INFO|SSL_INIT, - "%s server certificate enables " - "Server Gated Cryptography (SGC)", - ssl_asn1_keystr(type)); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "%s server certificate enables " + "Server Gated Cryptography (SGC)", + ssl_asn1_keystr(type)); } if (SSL_X509_getBC(cert, &is_ca, &pathlen)) { if (is_ca) { - ssl_log(s, SSL_LOG_WARN|SSL_INIT, - "%s server certificate is a CA certificate " - "(BasicConstraints: CA == TRUE !?)", - ssl_asn1_keystr(type)); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, + "%s server certificate is a CA certificate " + "(BasicConstraints: CA == TRUE !?)", + ssl_asn1_keystr(type)); } if (pathlen > 0) { - ssl_log(s, SSL_LOG_WARN|SSL_INIT, - "%s server certificate is not a leaf certificate " - "(BasicConstraints: pathlen == %d > 0 !?)", - ssl_asn1_keystr(type), pathlen); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, + "%s server certificate is not a leaf certificate " + "(BasicConstraints: pathlen == %d > 0 !?)", + ssl_asn1_keystr(type), pathlen); } } @@ -852,16 +852,16 @@ static void ssl_check_public_cert(server_rec *s, (apr_fnmatch(cn, s->server_hostname, fnm_flags) == FNM_NOMATCH)) { - ssl_log(s, SSL_LOG_WARN|SSL_INIT, - "%s server certificate wildcard CommonName (CN) `%s' " - "does NOT match server name!?", - ssl_asn1_keystr(type), cn); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, + "%s server certificate wildcard CommonName (CN) `%s' " + "does NOT match server name!?", + ssl_asn1_keystr(type), cn); } else if (strNE(s->server_hostname, cn)) { - ssl_log(s, SSL_LOG_WARN|SSL_INIT, - "%s server certificate CommonName (CN) `%s' " - "does NOT match server name!?", - ssl_asn1_keystr(type), cn); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, + "%s server certificate CommonName (CN) `%s' " + "does NOT match server name!?", + ssl_asn1_keystr(type), cn); } } } @@ -883,7 +883,7 @@ static void ssl_init_server_certs(server_rec *s, have_dsa = ssl_server_import_cert(s, mctx, dsa_id, SSL_AIDX_DSA); if (!(have_rsa || have_dsa)) { - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "Oops, no RSA or DSA server certificate found?!"); ssl_die(); } @@ -896,7 +896,7 @@ static void ssl_init_server_certs(server_rec *s, have_dsa = ssl_server_import_key(s, mctx, dsa_id, SSL_AIDX_DSA); if (!(have_rsa || have_dsa)) { - ssl_log(s, SSL_LOG_ERROR|SSL_INIT, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "Oops, no RSA or DSA server private key found?!"); ssl_die(); } @@ -929,15 +929,15 @@ static void ssl_init_proxy_certs(server_rec *s, } if ((ncerts = sk_X509_INFO_num(sk)) > 0) { - ssl_log(s, SSL_LOG_TRACE|SSL_INIT, - "loaded %d client certs for SSL proxy", - ncerts); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "loaded %d client certs for SSL proxy", + ncerts); pkp->certs = sk; } else { - ssl_log(s, SSL_LOG_WARN|SSL_INIT, - "no client certs found for SSL proxy"); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, + "no client certs found for SSL proxy"); sk_X509_INFO_free(sk); } } @@ -973,8 +973,8 @@ void ssl_init_ConfigureServer(server_rec *s, SSLSrvConfigRec *sc) { if (sc->enabled) { - ssl_log(s, SSL_LOG_INFO|SSL_INIT, - "Configuring server for SSL protocol"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Configuring server for SSL protocol"); ssl_init_server_ctx(s, p, ptemp, sc); } @@ -1001,19 +1001,21 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p) sc = mySrvConfig(s); if (sc->enabled && (s->port == DEFAULT_HTTP_PORT)) { - ssl_log(base_server, SSL_LOG_WARN, - "Init: (%s) You configured HTTPS(%d) " - "on the standard HTTP(%d) port!", - ssl_util_vhostid(p, s), - DEFAULT_HTTPS_PORT, DEFAULT_HTTP_PORT); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, + base_server, + "Init: (%s) You configured HTTPS(%d) " + "on the standard HTTP(%d) port!", + ssl_util_vhostid(p, s), + DEFAULT_HTTPS_PORT, DEFAULT_HTTP_PORT); } if (!sc->enabled && (s->port == DEFAULT_HTTPS_PORT)) { - ssl_log(base_server, SSL_LOG_WARN, - "Init: (%s) You configured HTTP(%d) " - "on the standard HTTPS(%d) port!", - ssl_util_vhostid(p, s), - DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, + base_server, + "Init: (%s) You configured HTTP(%d) " + "on the standard HTTPS(%d) port!", + ssl_util_vhostid(p, s), + DEFAULT_HTTP_PORT, DEFAULT_HTTPS_PORT); } } @@ -1037,15 +1039,16 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p) klen = strlen(key); if ((ps = (server_rec *)apr_hash_get(table, key, klen))) { - ssl_log(base_server, SSL_LOG_WARN, - "Init: SSL server IP/port conflict: " - "%s (%s:%d) vs. %s (%s:%d)", - ssl_util_vhostid(p, s), - (s->defn_name ? s->defn_name : "unknown"), - s->defn_line_number, - ssl_util_vhostid(p, ps), - (ps->defn_name ? ps->defn_name : "unknown"), - ps->defn_line_number); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, + base_server, + "Init: SSL server IP/port conflict: " + "%s (%s:%d) vs. %s (%s:%d)", + ssl_util_vhostid(p, s), + (s->defn_name ? s->defn_name : "unknown"), + s->defn_line_number, + ssl_util_vhostid(p, ps), + (ps->defn_name ? ps->defn_name : "unknown"), + ps->defn_line_number); conflict = TRUE; continue; } @@ -1054,9 +1057,9 @@ void ssl_init_CheckServers(server_rec *base_server, apr_pool_t *p) } if (conflict) { - ssl_log(base_server, SSL_LOG_WARN, - "Init: You should not use name-based " - "virtual hosts in conjunction with SSL!!"); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, base_server, + "Init: You should not use name-based " + "virtual hosts in conjunction with SSL!!"); } } @@ -1081,9 +1084,9 @@ static void ssl_init_PushCAList(STACK_OF(X509_NAME) *ca_list, char name_buf[256]; X509_NAME *name = sk_X509_NAME_value(sk, n); - ssl_log(s, SSL_LOG_TRACE, - "CA certificate: %s", - X509_NAME_oneline(name, name_buf, sizeof(name_buf))); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "CA certificate: %s", + X509_NAME_oneline(name, name_buf, sizeof(name_buf))); /* * note that SSL_load_client_CA_file() checks for duplicates, @@ -1131,9 +1134,10 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, apr_dir_t *dir; apr_finfo_t direntry; apr_int32_t finfo_flags = APR_FINFO_MIN|APR_FINFO_NAME; + apr_status_t rv; - if (apr_dir_open(&dir, ca_path, ptemp) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO|SSL_INIT, + if ((rv = apr_dir_open(&dir, ca_path, ptemp)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, "Failed to open SSLCACertificatePath `%s'", ca_path); ssl_die(); diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index 880af86a3f..ca5597c478 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -502,7 +502,7 @@ static int ssl_io_hook_read(SSL *ssl, char *buf, int len) * Log SSL errors */ conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); - ssl_log(c->base_server, SSL_LOG_ERROR, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server, "SSL error on reading data"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); } @@ -535,7 +535,7 @@ static int ssl_io_hook_write(SSL *ssl, unsigned char *buf, int len) * Log SSL errors */ conn_rec *c = (conn_rec *)SSL_get_app_data(ssl); - ssl_log(c->base_server, SSL_LOG_ERROR, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server, "SSL error on writing data"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, c->base_server); } @@ -567,7 +567,7 @@ static apr_status_t ssl_filter_write(ap_filter_t *f, reason = "likely due to failed renegotiation"; } - ssl_log(c->base_server, SSL_LOG_ERROR, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, c->base_server, "failed to write %d of %d bytes (%s)", n > 0 ? len - n : len, len, reason); @@ -765,9 +765,10 @@ static apr_status_t ssl_io_filter_error(ap_filter_t *f, switch (status) { case HTTP_BAD_REQUEST: /* log the situation */ - ssl_log(f->c->base_server, SSL_LOG_ERROR, - "SSL handshake failed: HTTP spoken on HTTPS port; " - "trying to send HTML error page"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, + f->c->base_server, + "SSL handshake failed: HTTP spoken on HTTPS port; " + "trying to send HTML error page"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, f->c->base_server); /* fake the request line */ @@ -959,7 +960,7 @@ static void ssl_io_data_dump(server_rec *srvr, rows = (len / DUMP_WIDTH); if ((rows * DUMP_WIDTH) < len) rows++; - ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID, + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr, "+-------------------------------------------------------------------------+"); for(i = 0 ; i< rows; i++) { apr_snprintf(tmp, sizeof(tmp), "| %04x: ", i * DUMP_WIDTH); @@ -984,12 +985,13 @@ static void ssl_io_data_dump(server_rec *srvr, } } apr_cpystrn(buf+strlen(buf), " |", sizeof(buf)-strlen(buf)); - ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID, "%s", buf); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr, + "%s", buf); } if (trunc > 0) - ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID, - "| %04x - <SPACES/NULS>", len + trunc); - ssl_log(srvr, SSL_LOG_DEBUG|SSL_NO_TIMESTAMP|SSL_NO_LEVELID, + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr, + "| %04ld - <SPACES/NULS>", len + trunc); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, srvr, "+-------------------------------------------------------------------------+"); return; } @@ -1011,8 +1013,8 @@ long ssl_io_data_cb(BIO *bio, int cmd, if ( cmd == (BIO_CB_WRITE|BIO_CB_RETURN) || cmd == (BIO_CB_READ |BIO_CB_RETURN) ) { if (rc >= 0) { - ssl_log(s, SSL_LOG_DEBUG, - "%s: %s %ld/%d bytes %s BIO#%08X [mem: %08lX] %s", + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "%s: %s %ld/%d bytes %s BIO#%p [mem: %p] %s", SSL_LIBRARY_NAME, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"), rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"), @@ -1022,8 +1024,8 @@ long ssl_io_data_cb(BIO *bio, int cmd, ssl_io_data_dump(s, argp, rc); } else { - ssl_log(s, SSL_LOG_DEBUG, - "%s: I/O error, %d bytes expected to %s on BIO#%08X [mem: %08lX]", + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "%s: I/O error, %d bytes expected to %s on BIO#%p [mem: %p]", SSL_LIBRARY_NAME, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"), bio, argp); diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index da8719b9dc..895c38ad86 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -146,12 +146,12 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter) /* and finally log the fact that we've closed the connection */ if (SSLConnLogApplies(sslconn, SSL_LOG_INFO)) { - ssl_log(conn->base_server, SSL_LOG_INFO, - "Connection to child %d closed with %s shutdown" - "(server %s, client %s)", - conn->id, type, - ssl_util_vhostid(conn->pool, conn->base_server), - conn->remote_ip ? conn->remote_ip : "unknown"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, conn->base_server, + "Connection to child %ld closed with %s shutdown" + "(server %s, client %s)", + conn->id, type, + ssl_util_vhostid(conn->pool, conn->base_server), + conn->remote_ip ? conn->remote_ip : "unknown"); } /* deallocate the SSL connection */ @@ -244,14 +244,14 @@ int ssl_hook_Translate(request_rec *r) * Log information about incoming HTTPS requests */ if (SSLConnLogApplies(sslconn, SSL_LOG_INFO) && ap_is_initial_req(r)) { - ssl_log(r->server, SSL_LOG_INFO, - "%s HTTPS request received for child %d (server %s)", - (r->connection->keepalives <= 0 ? - "Initial (No.1)" : - apr_psprintf(r->pool, "Subsequent (No.%d)", - r->connection->keepalives+1)), - r->connection->id, - ssl_util_vhostid(r->pool, r->server)); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server, + "%s HTTPS request received for child %ld (server %s)", + (r->connection->keepalives <= 0 ? + "Initial (No.1)" : + apr_psprintf(r->pool, "Subsequent (No.%d)", + r->connection->keepalives+1)), + r->connection->id, + ssl_util_vhostid(r->pool, r->server)); } /* SetEnvIf ssl-*-shutdown flags can only be per-server, @@ -411,9 +411,10 @@ int ssl_hook_Access(request_rec *r) /* configure new state */ if (!modssl_set_cipher_list(ssl, dc->szCipherSuite)) { - ssl_log(r->server, SSL_LOG_WARN, - "Unable to reconfigure (per-directory) " - "permitted SSL ciphers"); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, + r->server, + "Unable to reconfigure (per-directory) " + "permitted SSL ciphers"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server); if (cipher_list_old) { @@ -478,8 +479,8 @@ int ssl_hook_Access(request_rec *r) /* tracing */ if (renegotiate) { - ssl_log(r->server, SSL_LOG_TRACE, - "Reconfigured cipher suite will force renegotiation"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, + "Reconfigured cipher suite will force renegotiation"); } } @@ -504,9 +505,9 @@ int ssl_hook_Access(request_rec *r) /* determine whether a renegotiation has to be forced */ if (dc->nVerifyDepth < n) { renegotiate = TRUE; - ssl_log(r->server, SSL_LOG_TRACE, - "Reduced client verification depth " - "will force renegotiation"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, + "Reduced client verification depth will force " + "renegotiation"); } } @@ -564,10 +565,11 @@ int ssl_hook_Access(request_rec *r) renegotiate_quick = TRUE; } - ssl_log(r->server, SSL_LOG_TRACE, - "Changed client verification type " - "will force %srenegotiation", - renegotiate_quick ? "quick " : ""); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, + r->server, + "Changed client verification type will force " + "%srenegotiation", + renegotiate_quick ? "quick " : ""); } } } @@ -601,9 +603,9 @@ int ssl_hook_Access(request_rec *r) cert_store = X509_STORE_new(); if (!X509_STORE_load_locations(cert_store, ca_file, ca_path)) { - ssl_log(r->server, SSL_LOG_ERROR, - "Unable to reconfigure verify locations " - "for client authentication"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, + "Unable to reconfigure verify locations " + "for client authentication"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server); X509_STORE_free(cert_store); @@ -617,9 +619,9 @@ int ssl_hook_Access(request_rec *r) if (!(ca_list = ssl_init_FindCAList(r->server, r->pool, ca_file, ca_path))) { - ssl_log(r->server, SSL_LOG_ERROR, - "Unable to determine list of available " - "CA certificates for client authentication"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, + "Unable to determine list of available " + "CA certificates for client authentication"); return HTTP_FORBIDDEN; } @@ -627,9 +629,9 @@ int ssl_hook_Access(request_rec *r) SSL_set_client_CA_list(ssl, ca_list); renegotiate = TRUE; - ssl_log(r->server, SSL_LOG_TRACE, - "Changed client verification locations " - "will force renegotiation"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, + "Changed client verification locations will force " + "renegotiation"); } #endif /* HAVE_SSL_SET_CERT_STORE */ @@ -694,9 +696,9 @@ int ssl_hook_Access(request_rec *r) * !! BUT ALL THIS IS STILL NOT RE-IMPLEMENTED FOR APACHE 2.0 !! */ if (renegotiate && (r->method_number == M_POST)) { - ssl_log(r->server, SSL_LOG_ERROR, - "SSL Re-negotiation in conjunction " - "with POST method not supported!"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, + "SSL Re-negotiation in conjunction " + "with POST method not supported!"); return HTTP_METHOD_NOT_ALLOWED; } @@ -716,22 +718,22 @@ int ssl_hook_Access(request_rec *r) * here because it resets too much of the connection. So we set the * state explicitly and continue the handshake manually. */ - ssl_log(r->server, SSL_LOG_INFO, - "Requesting connection re-negotiation"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server, + "Requesting connection re-negotiation"); if (renegotiate_quick) { STACK_OF(X509) *cert_stack; /* perform just a manual re-verification of the peer */ - ssl_log(r->server, SSL_LOG_TRACE, - "Performing quick renegotiation: " - "just re-verifying the peer"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, + "Performing quick renegotiation: " + "just re-verifying the peer"); cert_stack = (STACK_OF(X509) *)SSL_get_peer_cert_chain(ssl); if (!cert_stack || (sk_X509_num(cert_stack) == 0)) { - ssl_log(r->server, SSL_LOG_ERROR, - "Cannot find peer certificate chain"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, + "Cannot find peer certificate chain"); return HTTP_FORBIDDEN; } @@ -739,8 +741,8 @@ int ssl_hook_Access(request_rec *r) if (!(cert_store || (cert_store = SSL_CTX_get_cert_store(ctx)))) { - ssl_log(r->server, SSL_LOG_ERROR, - "Cannot find certificate storage"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, + "Cannot find certificate storage"); return HTTP_FORBIDDEN; } @@ -758,8 +760,8 @@ int ssl_hook_Access(request_rec *r) (char *)ssl); if (!modssl_X509_verify_cert(&cert_store_ctx)) { - ssl_log(r->server, SSL_LOG_ERROR, - "Re-negotiation verification step failed"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, + "Re-negotiation verification step failed"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server); } @@ -770,9 +772,9 @@ int ssl_hook_Access(request_rec *r) request_rec *id = r->main ? r->main : r; /* do a full renegotiation */ - ssl_log(r->server, SSL_LOG_TRACE, - "Performing full renegotiation: " - "complete handshake protocol"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, r->server, + "Performing full renegotiation: " + "complete handshake protocol"); SSL_set_session_id_context(ssl, (unsigned char *)&id, @@ -782,21 +784,21 @@ int ssl_hook_Access(request_rec *r) SSL_do_handshake(ssl); if (SSL_get_state(ssl) != SSL_ST_OK) { - ssl_log(r->server, SSL_LOG_ERROR, - "Re-negotiation request failed"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, + "Re-negotiation request failed"); return HTTP_FORBIDDEN; } - ssl_log(r->server, SSL_LOG_INFO, - "Awaiting re-negotiation handshake"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server, + "Awaiting re-negotiation handshake"); SSL_set_state(ssl, SSL_ST_ACCEPT); SSL_do_handshake(ssl); if (SSL_get_state(ssl) != SSL_ST_OK) { - ssl_log(r->server, SSL_LOG_ERROR, - "Re-negotiation handshake failed: " + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, + "Re-negotiation handshake failed: " "Not accepted by client!?"); return HTTP_FORBIDDEN; @@ -818,17 +820,17 @@ int ssl_hook_Access(request_rec *r) BOOL do_verify = (dc->nVerifyClient == SSL_CVERIFY_REQUIRE); if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) { - ssl_log(r->server, SSL_LOG_ERROR, - "Re-negotiation handshake failed: " - "Client verification failed"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, + "Re-negotiation handshake failed: " + "Client verification failed"); return HTTP_FORBIDDEN; } if (do_verify && !SSL_get_peer_certificate(ssl)) { - ssl_log(r->server, SSL_LOG_ERROR, - "Re-negotiation handshake failed: " - "Client certificate missing"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, r->server, + "Re-negotiation handshake failed: " + "Client certificate missing"); return HTTP_FORBIDDEN; } @@ -862,13 +864,13 @@ int ssl_hook_Access(request_rec *r) } if (ok != 1) { - ssl_log(r->server, SSL_LOG_INFO, - "Access to %s denied for %s " - "(requirement expression not fulfilled)", - r->filename, r->connection->remote_ip); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server, + "Access to %s denied for %s " + "(requirement expression not fulfilled)", + r->filename, r->connection->remote_ip); - ssl_log(r->server, SSL_LOG_INFO, - "Failed expression: %s", req->cpExpr); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server, + "Failed expression: %s", req->cpExpr); ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, "access to %s failed, reason: %s", @@ -982,8 +984,8 @@ int ssl_hook_UserCheck(request_rec *r) apr_snprintf(buf1, sizeof(buf1), "Basic %s", buf2); apr_table_set(r->headers_in, "Authorization", buf1); - ssl_log(r->server, SSL_LOG_INFO, - "Faking HTTP Basic Auth header: \"Authorization: %s\"", buf1); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server, + "Faking HTTP Basic Auth header: \"Authorization: %s\"", buf1); return DECLINED; } @@ -1205,8 +1207,8 @@ RSA *ssl_callback_TmpRSA(SSL *ssl, int export, int keylen) SSLModConfigRec *mc = myModConfig(c->base_server); int idx; - ssl_log(c->base_server, SSL_LOG_TRACE, - "handing out temporary %d bit RSA key", keylen); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, c->base_server, + "handing out temporary %d bit RSA key", keylen); /* doesn't matter if export flag is on, * we won't be asked for keylen > 512 in that case. @@ -1237,8 +1239,8 @@ DH *ssl_callback_TmpDH(SSL *ssl, int export, int keylen) SSLModConfigRec *mc = myModConfig(c->base_server); int idx; - ssl_log(c->base_server, SSL_LOG_TRACE, - "handing out temporary %d bit DH key", keylen); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, c->base_server, + "handing out temporary %d bit DH key", keylen); switch (keylen) { case 512: @@ -1283,11 +1285,12 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) char *sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); char *iname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); - ssl_log(s, SSL_LOG_TRACE, - "Certificate Verification: depth: %d, subject: %s, issuer: %s", - errdepth, - sname ? sname : "-unknown-", - iname ? iname : "-unknown-"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "Certificate Verification: " + "depth: %d, subject: %s, issuer: %s", + errdepth, + sname ? sname : "-unknown-", + iname ? iname : "-unknown-"); if (sname) { free(sname); @@ -1320,9 +1323,10 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) if (ssl_verify_error_is_optional(errnum) && (verify == SSL_CVERIFY_OPTIONAL_NO_CA)) { - ssl_log(s, SSL_LOG_TRACE, - "Certificate Verification: Verifiable Issuer is configured as " - "optional, therefore we're accepting the certificate"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "Certificate Verification: Verifiable Issuer is " + "configured as optional, therefore we're accepting " + "the certificate"); sslconn->verify_info = "GENEROUS"; ok = TRUE; @@ -1341,9 +1345,9 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) * If we already know it's not ok, log the real reason */ if (!ok) { - ssl_log(s, SSL_LOG_ERROR, - "Certificate Verification: Error (%d): %s", - errnum, X509_verify_cert_error_string(errnum)); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Certificate Verification: Error (%d): %s", + errnum, X509_verify_cert_error_string(errnum)); sslconn->client_dn = NULL; sslconn->client_cert = NULL; @@ -1361,10 +1365,11 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) } if (errdepth > depth) { - ssl_log(s, SSL_LOG_ERROR, - "Certificate Verification: Certificate Chain too long " - "(chain has %d certificates, but maximum allowed are only %d)", - errdepth, depth); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Certificate Verification: Certificate Chain too long " + "(chain has %d certificates, but maximum allowed are " + "only %d)", + errdepth, depth); errnum = X509_V_ERR_CERT_CHAIN_TOO_LONG; sslconn->verify_error = X509_verify_cert_error_string(errnum); @@ -1468,14 +1473,15 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c) BIO_free(bio); - ssl_log(s, SSL_LOG_TRACE, buff); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, buff); } /* * Verify the signature on this CRL */ if (X509_CRL_verify(crl, X509_get_pubkey(cert)) <= 0) { - ssl_log(s, SSL_LOG_WARN, "Invalid signature on CRL"); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, + "Invalid signature on CRL"); X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE); X509_OBJECT_free_contents(&obj); @@ -1489,8 +1495,8 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c) i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl)); if (i == 0) { - ssl_log(s, SSL_LOG_WARN, - "Found CRL has invalid nextUpdate field"); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, + "Found CRL has invalid nextUpdate field"); X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD); @@ -1500,9 +1506,9 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c) } if (i < 0) { - ssl_log(s, SSL_LOG_WARN, - "Found CRL is expired - " - "revoking all certificates until you get updated CRL"); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, + "Found CRL is expired - " + "revoking all certificates until you get updated CRL"); X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED); X509_OBJECT_free_contents(&obj); @@ -1539,10 +1545,10 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c) char *cp = X509_NAME_oneline(issuer, NULL, 0); long serial = ASN1_INTEGER_get(sn); - ssl_log(s, SSL_LOG_INFO, - "Certificate with serial %ld (0x%lX) " - "revoked per CRL from issuer %s", - serial, serial, cp); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Certificate with serial %ld (0x%lX) " + "revoked per CRL from issuer %s", + serial, serial, cp); free(cp); } @@ -1578,9 +1584,9 @@ static void modssl_proxy_info_log(server_rec *s, name = X509_get_subject_name(info->x509); dn = X509_NAME_oneline(name, name_buf, sizeof(name_buf)); - ssl_log(s, SSL_LOG_TRACE, - SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s", - sc->vhost_id, msg, dn ? dn : "-uknown-"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + SSLPROXY_CERT_CB_LOG_FMT "%s, sending %s", + sc->vhost_id, msg, dn ? dn : "-uknown-"); } /* @@ -1605,15 +1611,15 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey) STACK_OF(X509_INFO) *certs = sc->proxy->pkp->certs; int i, j; - ssl_log(s, SSL_LOG_TRACE, - SSLPROXY_CERT_CB_LOG_FMT "entered", - sc->vhost_id); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + SSLPROXY_CERT_CB_LOG_FMT "entered", + sc->vhost_id); if (!certs || (sk_X509_INFO_num(certs) <= 0)) { - ssl_log(s, SSL_LOG_WARN, - SSLPROXY_CERT_CB_LOG_FMT - "downstream server wanted client certificate " - "but none are configured", sc->vhost_id); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, + SSLPROXY_CERT_CB_LOG_FMT + "downstream server wanted client certificate " + "but none are configured", sc->vhost_id); return FALSE; } @@ -1650,9 +1656,9 @@ int ssl_callback_proxy_cert(SSL *ssl, X509 **x509, EVP_PKEY **pkey) } } - ssl_log(s, SSL_LOG_TRACE, - SSLPROXY_CERT_CB_LOG_FMT - "no client certificate found!?", sc->vhost_id); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + SSLPROXY_CERT_CB_LOG_FMT + "no client certificate found!?", sc->vhost_id); return FALSE; } @@ -1678,11 +1684,12 @@ static void ssl_session_log(server_rec *s, "timeout=%lds ", (timeout - time(NULL))); } - ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache: " - "request=%s status=%s id=%s %s(session %s)", - request, status, - SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)), - timeout_str, result); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "Inter-Process Session Cache: " + "request=%s status=%s id=%s %s(session %s)", + request, status, + SSL_SESSION_id2sz(id, idlen, buf, sizeof(buf)), + timeout_str, result); } /* @@ -1831,40 +1838,46 @@ void ssl_callback_LogTracingState(SSL *ssl, int where, int rc) */ if (sc->log_level >= SSL_LOG_TRACE) { if (where & SSL_CB_HANDSHAKE_START) { - ssl_log(s, SSL_LOG_TRACE, - "%s: Handshake: start", SSL_LIBRARY_NAME); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "%s: Handshake: start", SSL_LIBRARY_NAME); } else if (where & SSL_CB_HANDSHAKE_DONE) { - ssl_log(s, SSL_LOG_TRACE, - "%s: Handshake: done", SSL_LIBRARY_NAME); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "%s: Handshake: done", SSL_LIBRARY_NAME); } else if (where & SSL_CB_LOOP) { - ssl_log(s, SSL_LOG_TRACE, "%s: Loop: %s", - SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "%s: Loop: %s", + SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); } else if (where & SSL_CB_READ) { - ssl_log(s, SSL_LOG_TRACE, "%s: Read: %s", - SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "%s: Read: %s", + SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); } else if (where & SSL_CB_WRITE) { - ssl_log(s, SSL_LOG_TRACE, "%s: Write: %s", - SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "%s: Write: %s", + SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); } else if (where & SSL_CB_ALERT) { char *str = (where & SSL_CB_READ) ? "read" : "write"; - ssl_log(s, SSL_LOG_TRACE, "%s: Alert: %s:%s:%s\n", - SSL_LIBRARY_NAME, str, - SSL_alert_type_string_long(rc), - SSL_alert_desc_string_long(rc)); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "%s: Alert: %s:%s:%s\n", + SSL_LIBRARY_NAME, str, + SSL_alert_type_string_long(rc), + SSL_alert_desc_string_long(rc)); } else if (where & SSL_CB_EXIT) { if (rc == 0) { - ssl_log(s, SSL_LOG_TRACE, "%s: Exit: failed in %s", - SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "%s: Exit: failed in %s", + SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); } else if (rc < 0) { - ssl_log(s, SSL_LOG_TRACE, "%s: Exit: error in %s", - SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "%s: Exit: error in %s", + SSL_LIBRARY_NAME, SSL_state_string_long(ssl)); } } } @@ -1875,14 +1888,14 @@ void ssl_callback_LogTracingState(SSL *ssl, int where, int rc) * right after a finished handshake. */ if (where & SSL_CB_HANDSHAKE_DONE) { - ssl_log(s, SSL_LOG_INFO, - "Connection: Client IP: %s, Protocol: %s, " - "Cipher: %s (%s/%s bits)", - ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"), - ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"), - ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"), - ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"), - ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE")); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Connection: Client IP: %s, Protocol: %s, " + "Cipher: %s (%s/%s bits)", + ssl_var_lookup(NULL, s, c, NULL, "REMOTE_ADDR"), + ssl_var_lookup(NULL, s, c, NULL, "SSL_PROTOCOL"), + ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER"), + ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_USEKEYSIZE"), + ssl_var_lookup(NULL, s, c, NULL, "SSL_CIPHER_ALGKEYSIZE")); } } diff --git a/modules/ssl/ssl_engine_mutex.c b/modules/ssl/ssl_engine_mutex.c index d85e504a59..ccbe56abcf 100644 --- a/modules/ssl/ssl_engine_mutex.c +++ b/modules/ssl/ssl_engine_mutex.c @@ -68,26 +68,25 @@ int ssl_mutex_init(server_rec *s, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); -#if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) apr_status_t rv; -#endif if (mc->nMutexMode == SSL_MUTEXMODE_NONE) return TRUE; - if (apr_global_mutex_create(&mc->pMutex, mc->szMutexFile, - APR_LOCK_DEFAULT, p) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR, - "Cannot create SSLMutex file `%s'", - mc->szMutexFile); + if ((rv = apr_global_mutex_create(&mc->pMutex, mc->szMutexFile, + APR_LOCK_DEFAULT, p)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Cannot create SSLMutex file `%s'", + mc->szMutexFile); return FALSE; } #if !defined(OS2) && !defined(WIN32) && !defined(BEOS) && !defined(NETWARE) rv = unixd_set_global_mutex_perms(mc->pMutex); if (rv != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR, "Could not set permissions on " - "ssl_mutex; check User and Group directives"); + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Could not set permissions on ssl_mutex; check User " + "and Group directives"); return FALSE; } #endif @@ -110,11 +109,13 @@ int ssl_mutex_reinit(server_rec *s, apr_pool_t *p) int ssl_mutex_on(server_rec *s) { SSLModConfigRec *mc = myModConfig(s); + apr_status_t rv; if (mc->nMutexMode == SSL_MUTEXMODE_NONE) return TRUE; - if (apr_global_mutex_lock(mc->pMutex) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_WARN, "Failed to acquire global mutex lock"); + if ((rv = apr_global_mutex_lock(mc->pMutex)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s, + "Failed to acquire global mutex lock"); return FALSE; } return TRUE; @@ -123,11 +124,13 @@ int ssl_mutex_on(server_rec *s) int ssl_mutex_off(server_rec *s) { SSLModConfigRec *mc = myModConfig(s); + apr_status_t rv; if (mc->nMutexMode == SSL_MUTEXMODE_NONE) return TRUE; - if (apr_global_mutex_unlock(mc->pMutex) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_WARN, "Failed to release global mutex lock"); + if ((rv = apr_global_mutex_unlock(mc->pMutex)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_WARNING, rv, s, + "Failed to release global mutex lock"); return FALSE; } return TRUE; diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c index f8a972cc1f..86e9cc2949 100644 --- a/modules/ssl/ssl_engine_pphrase.c +++ b/modules/ssl/ssl_engine_pphrase.c @@ -189,6 +189,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) char *cp; apr_time_t pkey_mtime = 0; int isterm = 1; + apr_status_t rv; /* * Start with a fresh pass phrase array */ @@ -206,17 +207,17 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) continue; cpVHostID = ssl_util_vhostid(p, pServ); - ssl_log(pServ, SSL_LOG_INFO|SSL_INIT, - "Loading certificate & private key of SSL-aware server"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, pServ, + "Loading certificate & private key of SSL-aware server"); /* * Read in server certificate(s): This is the easy part * because this file isn't encrypted in any way. */ if (sc->server->pks->cert_files[0] == NULL) { - ssl_log(pServ, SSL_LOG_ERROR|SSL_INIT, - "Server should be SSL-aware but has no certificate configured " - "[Hint: SSLCertificateFile]"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, pServ, + "Server should be SSL-aware but has no certificate " + "configured [Hint: SSLCertificateFile]"); ssl_die(); } algoCert = SSL_ALGO_UNKNOWN; @@ -224,13 +225,14 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) for (i = 0, j = 0; i < SSL_AIDX_MAX && sc->server->pks->cert_files[i] != NULL; i++) { apr_cpystrn(szPath, sc->server->pks->cert_files[i], sizeof(szPath)); - if ( exists_and_readable(szPath, p, NULL) != APR_SUCCESS ) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Init: Can't open server certificate file %s", szPath); + if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Init: Can't open server certificate file %s", + szPath); ssl_die(); } if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) { - ssl_log(s, SSL_LOG_ERROR, + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "Init: Unable to read server certificate from file %s", szPath); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_die(); @@ -243,8 +245,9 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) at = ssl_util_algotypeof(pX509Cert, NULL); an = ssl_util_algotypestr(at); if (algoCert & at) { - ssl_log(s, SSL_LOG_ERROR, - "Init: Multiple %s server certificates not allowed", an); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Init: Multiple %s server certificates not " + "allowed", an); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_die(); } @@ -316,9 +319,11 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) * the callback function which serves the pass * phrases to OpenSSL */ - if ( exists_and_readable(szPath, p, &pkey_mtime) != APR_SUCCESS ) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Init: Can't open server private key file %s",szPath); + if ((rv = exists_and_readable(szPath, p, + &pkey_mtime)) != APR_SUCCESS ) { + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Init: Can't open server private key file " + "%s",szPath); ssl_die(); } @@ -352,10 +357,11 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) ssl_asn1_table_get(mc->tPrivateKey, key_id); if (asn1 && (asn1->source_mtime == pkey_mtime)) { - ssl_log(pServ, SSL_LOG_INFO, - "%s reusing existing " - "%s private key on restart", - cpVHostID, ssl_asn1_keystr(i)); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, + 0, pServ, + "%s reusing existing " + "%s private key on restart", + cpVHostID, ssl_asn1_keystr(i)); return; } } @@ -411,8 +417,10 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) } #ifdef WIN32 if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN) { - ssl_log(s, SSL_LOG_ERROR, - "Init: PassPhraseDialog BuiltIn not supported in server private key from file %s", szPath); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Init: PassPhraseDialog BuiltIn not " + "supported in server private key from file " + "%s", szPath); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_die(); } @@ -425,13 +433,16 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) if (nPassPhraseDialogCur && pkey_mtime && !(isterm = isatty(fileno(stdout)))) /* XXX: apr_isatty() */ { - ssl_log(pServ, SSL_LOG_ERROR, - "Init: Unable read passphrase " - "[Hint: key introduced or changed before restart?]"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, + pServ, + "Init: Unable read passphrase " + "[Hint: key introduced or changed " + "before restart?]"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ); } else { - ssl_log(pServ, SSL_LOG_ERROR, "Init: Private key not found"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, + pServ, "Init: Private key not found"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ); } if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN @@ -441,7 +452,8 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) } } else { - ssl_log(pServ, SSL_LOG_ERROR, "Init: Pass phrase incorrect"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, + pServ, "Init: Pass phrase incorrect"); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ); if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN @@ -454,8 +466,10 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) } if (pPrivateKey == NULL) { - ssl_log(s, SSL_LOG_ERROR, - "Init: Unable to read server private key from file %s [Hint: Perhaps it is in a separate file? See SSLCertificateKeyFile]", szPath); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Init: Unable to read server private key from " + "file %s [Hint: Perhaps it is in a separate file? " + " See SSLCertificateKeyFile]", szPath); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_die(); } @@ -467,8 +481,9 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) at = ssl_util_algotypeof(NULL, pPrivateKey); an = ssl_util_algotypestr(at); if (algoKey & at) { - ssl_log(s, SSL_LOG_ERROR, - "Init: Multiple %s server private keys not allowed", an); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Init: Multiple %s server private keys not " + "allowed", an); ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s); ssl_die(); } @@ -478,20 +493,22 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) * Log the type of reading */ if (nPassPhraseDialogCur == 0) { - ssl_log(pServ, SSL_LOG_TRACE|SSL_INIT, - "unencrypted %s private key - pass phrase not required", - an); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, pServ, + "unencrypted %s private key - pass phrase not " + "required", an); } else { if (cpPassPhraseCur != NULL) { - ssl_log(pServ, SSL_LOG_TRACE|SSL_INIT, - "encrypted %s private key - pass phrase requested", - an); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, + pServ, + "encrypted %s private key - pass phrase " + "requested", an); } else { - ssl_log(pServ, SSL_LOG_TRACE|SSL_INIT, - "encrypted %s private key - pass phrase reused", - an); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, + pServ, + "encrypted %s private key - pass phrase" + " reused", an); } } @@ -546,8 +563,8 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) */ if (aPassPhrase->nelts) { pphrase_array_clear(aPassPhrase); - ssl_log(s, SSL_LOG_INFO, - "Init: Wiped out the queried pass phrases from memory"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Init: Wiped out the queried pass phrases from memory"); } /* Close the pipes if they were opened @@ -683,21 +700,21 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv) if (sc->server->pphrase_dialog_type == SSL_PPTYPE_PIPE) { if (!readtty) { - ssl_log(s, SSL_LOG_INFO, - "Init: Creating pass phrase dialog pipe child '%s'", - sc->server->pphrase_dialog_path); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Init: Creating pass phrase dialog pipe child " + "'%s'", sc->server->pphrase_dialog_path); if (ssl_pipe_child_create(p, sc->server->pphrase_dialog_path) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR, - "Init: Failed to create pass phrase pipe '%s'", - sc->server->pphrase_dialog_path); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Init: Failed to create pass phrase pipe '%s'", + sc->server->pphrase_dialog_path); PEMerr(PEM_F_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD); memset(buf, 0, (unsigned int)bufsize); return (-1); } } - ssl_log(s, SSL_LOG_INFO, - "Init: Requesting pass phrase via piped dialog"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Init: Requesting pass phrase via piped dialog"); } else { /* sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN */ #ifdef WIN32 @@ -713,8 +730,9 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv) */ apr_file_open_stdout(&writetty, p); - ssl_log(s, SSL_LOG_INFO, - "Init: Requesting pass phrase via builtin terminal dialog"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Init: Requesting pass phrase via builtin terminal " + "dialog"); #endif } @@ -771,9 +789,9 @@ int ssl_pphrase_Handle_CB(char *buf, int bufsize, int verify, void *srv) const char **argv = apr_palloc(p, sizeof(char *) * 4); char *result; - ssl_log(s, SSL_LOG_INFO, - "Init: Requesting pass phrase from dialog filter program (%s)", - cmd); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Init: Requesting pass phrase from dialog filter " + "program (%s)", cmd); argv[0] = cmd; argv[1] = cpVHostID; diff --git a/modules/ssl/ssl_engine_rand.c b/modules/ssl/ssl_engine_rand.c index 4a69d5904e..73c5360cc3 100644 --- a/modules/ssl/ssl_engine_rand.c +++ b/modules/ssl/ssl_engine_rand.c @@ -157,10 +157,12 @@ int ssl_rand_seed(server_rec *s, apr_pool_t *p, ssl_rsctx_t nCtx, char *prefix) } } } - ssl_log(s, SSL_LOG_INFO, "%sSeeding PRNG with %d bytes of entropy", prefix, nDone); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "%sSeeding PRNG with %d bytes of entropy", prefix, nDone); if (RAND_status() == 0) - ssl_log(s, SSL_LOG_WARN, "%sPRNG still contains not sufficient entropy!", prefix); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, + "%sPRNG still contains not sufficient entropy!", prefix); return nDone; } diff --git a/modules/ssl/ssl_scache.c b/modules/ssl/ssl_scache.c index df7567df78..5f7d2841a4 100644 --- a/modules/ssl/ssl_scache.c +++ b/modules/ssl/ssl_scache.c @@ -78,9 +78,9 @@ void ssl_scache_init(server_rec *s, apr_pool_t *p) * But we can operate without it, of course. */ if (mc->nSessionCacheMode == SSL_SCMODE_UNSET) { - ssl_log(s, SSL_LOG_WARN, - "Init: Session Cache is not configured " - "[hint: SSLSessionCache]"); + ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, s, + "Init: Session Cache is not configured " + "[hint: SSLSessionCache]"); mc->nSessionCacheMode = SSL_SCMODE_NONE; return; } diff --git a/modules/ssl/ssl_scache_dbm.c b/modules/ssl/ssl_scache_dbm.c index 0fefab588c..bbd7871351 100644 --- a/modules/ssl/ssl_scache_dbm.c +++ b/modules/ssl/ssl_scache_dbm.c @@ -63,20 +63,22 @@ void ssl_scache_dbm_init(server_rec *s, apr_pool_t *p) { SSLModConfigRec *mc = myModConfig(s); apr_dbm_t *dbm; + apr_status_t rv; /* for the DBM we need the data file */ if (mc->szSessionCacheDataFile == NULL) { - ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "SSLSessionCache required"); ssl_die(); } /* open it once to create it and to make sure it _can_ be created */ ssl_mutex_on(s); - if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile, - APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Cannot create SSLSessionCache DBM file `%s'", - mc->szSessionCacheDataFile); + if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile, + APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Cannot create SSLSessionCache DBM file `%s'", + mc->szSessionCacheDataFile); ssl_mutex_off(s); return; } @@ -140,6 +142,7 @@ BOOL ssl_scache_dbm_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SS UCHAR ucaData[SSL_SESSION_MAX_DER]; int nData; UCHAR *ucp; + apr_status_t rv; /* streamline session data */ if ((nData = i2d_SSL_SESSION(sess, NULL)) > sizeof(ucaData)) @@ -170,19 +173,20 @@ BOOL ssl_scache_dbm_store(server_rec *s, UCHAR *id, int idlen, time_t expiry, SS /* and store it to the DBM file */ ssl_mutex_on(s); - if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile, - APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Cannot open SSLSessionCache DBM file `%s' for writing (store)", - mc->szSessionCacheDataFile); + if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile, + APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Cannot open SSLSessionCache DBM file `%s' for writing " + "(store)", + mc->szSessionCacheDataFile); ssl_mutex_off(s); free(dbmval.dptr); return FALSE; } - if (apr_dbm_store(dbm, dbmkey, dbmval) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Cannot store SSL session to DBM file `%s'", - mc->szSessionCacheDataFile); + if ((rv = apr_dbm_store(dbm, dbmkey, dbmval)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Cannot store SSL session to DBM file `%s'", + mc->szSessionCacheDataFile); apr_dbm_close(dbm); ssl_mutex_off(s); free(dbmval.dptr); @@ -224,11 +228,12 @@ SSL_SESSION *ssl_scache_dbm_retrieve(server_rec *s, UCHAR *id, int idlen) * XXX: Should we open the dbm against r->pool so the cleanup will * do the apr_dbm_close? This would make the code a bit cleaner. */ - if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile, - APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Cannot open SSLSessionCache DBM file `%s' for reading (fetch)", - mc->szSessionCacheDataFile); + if ((rc = apr_dbm_open(&dbm, mc->szSessionCacheDataFile, + APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, rc, s, + "Cannot open SSLSessionCache DBM file `%s' for reading " + "(fetch)", + mc->szSessionCacheDataFile); return NULL; } rc = apr_dbm_fetch(dbm, dbmkey, &dbmval); @@ -271,6 +276,7 @@ void ssl_scache_dbm_remove(server_rec *s, UCHAR *id, int idlen) SSLModConfigRec *mc = myModConfig(s); apr_dbm_t *dbm; apr_datum_t dbmkey; + apr_status_t rv; /* create DBM key and values */ dbmkey.dptr = (char *)id; @@ -278,11 +284,12 @@ void ssl_scache_dbm_remove(server_rec *s, UCHAR *id, int idlen) /* and delete it from the DBM file */ ssl_mutex_on(s); - if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile, - APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Cannot open SSLSessionCache DBM file `%s' for writing (delete)", - mc->szSessionCacheDataFile); + if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile, + APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Cannot open SSLSessionCache DBM file `%s' for writing " + "(delete)", + mc->szSessionCacheDataFile); ssl_mutex_off(s); return; } @@ -310,6 +317,7 @@ void ssl_scache_dbm_expire(server_rec *s) int keyidx; int i; time_t tNow; + apr_status_t rv; /* * make sure the expiration for still not-accessed session @@ -346,11 +354,13 @@ void ssl_scache_dbm_expire(server_rec *s) /* pass 1: scan DBM database */ keyidx = 0; - if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile, - APR_DBM_RWCREATE,SSL_DBM_FILE_MODE, p) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Cannot open SSLSessionCache DBM file `%s' for scanning", - mc->szSessionCacheDataFile); + if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile, + APR_DBM_RWCREATE,SSL_DBM_FILE_MODE, + p)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Cannot open SSLSessionCache DBM file `%s' for " + "scanning", + mc->szSessionCacheDataFile); apr_pool_destroy(p); break; } @@ -382,9 +392,10 @@ void ssl_scache_dbm_expire(server_rec *s) /* pass 2: delete expired elements */ if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile, APR_DBM_RWCREATE,SSL_DBM_FILE_MODE, p) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Cannot re-open SSLSessionCache DBM file `%s' for expiring", - mc->szSessionCacheDataFile); + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Cannot re-open SSLSessionCache DBM file `%s' for " + "expiring", + mc->szSessionCacheDataFile); apr_pool_destroy(p); break; } @@ -402,8 +413,10 @@ void ssl_scache_dbm_expire(server_rec *s) } ssl_mutex_off(s); - ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache (DBM) Expiry: " - "old: %d, new: %d, removed: %d", nElements, nElements-nDeleted, nDeleted); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "Inter-Process Session Cache (DBM) Expiry: " + "old: %d, new: %d, removed: %d", + nElements, nElements-nDeleted, nDeleted); return; } @@ -416,6 +429,7 @@ void ssl_scache_dbm_status(server_rec *s, apr_pool_t *p, void (*func)(char *, vo int nElem; int nSize; int nAverage; + apr_status_t rv; nElem = 0; nSize = 0; @@ -423,11 +437,13 @@ void ssl_scache_dbm_status(server_rec *s, apr_pool_t *p, void (*func)(char *, vo /* * XXX - Check what pool is to be used - TBD */ - if (apr_dbm_open(&dbm, mc->szSessionCacheDataFile, - APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, mc->pPool) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Cannot open SSLSessionCache DBM file `%s' for status retrival", - mc->szSessionCacheDataFile); + if ((rv = apr_dbm_open(&dbm, mc->szSessionCacheDataFile, + APR_DBM_RWCREATE, SSL_DBM_FILE_MODE, + mc->pPool)) != APR_SUCCESS) { + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Cannot open SSLSessionCache DBM file `%s' for status " + "retrival", + mc->szSessionCacheDataFile); ssl_mutex_off(s); return; } diff --git a/modules/ssl/ssl_scache_shmcb.c b/modules/ssl/ssl_scache_shmcb.c index fe74577197..f5dfd86810 100644 --- a/modules/ssl/ssl_scache_shmcb.c +++ b/modules/ssl/ssl_scache_shmcb.c @@ -368,7 +368,8 @@ void ssl_scache_shmcb_init(server_rec *s, apr_pool_t *p) * Create shared memory segment */ if (mc->szSessionCacheDataFile == NULL) { - ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "SSLSessionCache required"); ssl_die(); } @@ -377,22 +378,24 @@ void ssl_scache_shmcb_init(server_rec *s, apr_pool_t *p) mc->szSessionCacheDataFile, mc->pPool)) != APR_SUCCESS) { char buf[100]; - ssl_log(s, SSL_LOG_ERROR, - "Cannot allocate shared memory: (%d)%s", rv, - apr_strerror(rv, buf, sizeof(buf))); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Cannot allocate shared memory: (%d)%s", rv, + apr_strerror(rv, buf, sizeof(buf))); ssl_die(); } shm_segment = apr_shm_baseaddr_get(mc->pSessionCacheDataMM); shm_segsize = apr_shm_size_get(mc->pSessionCacheDataMM); - ssl_log(s, SSL_LOG_TRACE, "shmcb_init allocated %u bytes of shared " - "memory", shm_segsize); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "shmcb_init allocated %u bytes of shared memory", + shm_segsize); if (!shmcb_init_memory(s, shm_segment, shm_segsize)) { - ssl_log(s, SSL_LOG_ERROR, - "Failure initialising 'shmcb' shared memory"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Failure initialising 'shmcb' shared memory"); ssl_die(); } - ssl_log(s, SSL_LOG_INFO, "Shared memory session cache initialised"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Shared memory session cache initialised"); /* * Success ... we hack the memory block into place by cheating for @@ -426,10 +429,12 @@ BOOL ssl_scache_shmcb_store(server_rec *s, UCHAR *id, int idlen, ssl_mutex_on(s); if (!shmcb_store_session(s, shm_segment, id, idlen, pSession, timeout)) /* in this cache engine, "stores" should never fail. */ - ssl_log(s, SSL_LOG_ERROR, "'shmcb' code was unable to store a " - "session in the cache."); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "'shmcb' code was unable to store a " + "session in the cache."); else { - ssl_log(s, SSL_LOG_TRACE, "shmcb_store successful"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "shmcb_store successful"); to_return = TRUE; } ssl_mutex_off(s); @@ -448,11 +453,14 @@ SSL_SESSION *ssl_scache_shmcb_retrieve(server_rec *s, UCHAR *id, int idlen) pSession = shmcb_retrieve_session(s, shm_segment, id, idlen); ssl_mutex_off(s); if (pSession) - ssl_log(s, SSL_LOG_TRACE, "shmcb_retrieve had a hit"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "shmcb_retrieve had a hit"); else { - ssl_log(s, SSL_LOG_TRACE, "shmcb_retrieve had a miss"); - ssl_log(s, SSL_LOG_INFO, "Client requested a 'session-resume' but " - "we have no such session."); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "shmcb_retrieve had a miss"); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Client requested a 'session-resume' but " + "we have no such session."); } return pSession; } @@ -489,7 +497,8 @@ void ssl_scache_shmcb_status(server_rec *s, apr_pool_t *p, double expiry_total; time_t average_expiry, now, max_expiry, min_expiry, idxexpiry; - ssl_log(s, SSL_LOG_TRACE, "inside ssl_scache_shmcb_status"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "inside ssl_scache_shmcb_status"); /* We've kludged our pointer into the other cache's member variable. */ shm_segment = (void *) mc->tSessionCacheDataTable; @@ -559,7 +568,8 @@ void ssl_scache_shmcb_status(server_rec *s, apr_pool_t *p, func(apr_psprintf(p, "total removes since starting: <b>%lu</b> hit, " "<b>%lu</b> miss<br>", header->num_removes_hit, header->num_removes_miss), arg); - ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_status"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "leaving shmcb_status"); return; } @@ -578,14 +588,16 @@ static BOOL shmcb_init_memory( SHMCBCache cache; unsigned int temp, loop, granularity; - ssl_log(s, SSL_LOG_TRACE, "entered shmcb_init_memory()"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "entered shmcb_init_memory()"); /* Calculate some sizes... */ temp = sizeof(SHMCBHeader); /* If the segment is ridiculously too small, bail out */ if (shm_mem_size < (2*temp)) { - ssl_log(s, SSL_LOG_ERROR, "shared memory segment too small"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "shared memory segment too small"); return FALSE; } @@ -598,8 +610,9 @@ static BOOL shmcb_init_memory( * the cache is full, which is a lot less stupid than having * having not enough index space to utilise the whole cache!. */ temp /= 120; - ssl_log(s, SSL_LOG_TRACE, "for %u bytes, recommending %u indexes", - shm_mem_size, temp); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "for %u bytes, recommending %u indexes", + shm_mem_size, temp); /* We should divide these indexes evenly amongst the queues. Try * to get it so that there are roughly half the number of divisions @@ -614,7 +627,8 @@ static BOOL shmcb_init_memory( /* Too small? Bail ... */ if (temp < 5) { - ssl_log(s, SSL_LOG_ERROR, "shared memory segment too small"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "shared memory segment too small"); return FALSE; } @@ -639,28 +653,39 @@ static BOOL shmcb_init_memory( header->queue_size - header->cache_data_offset; /* Output trace info */ - ssl_log(s, SSL_LOG_TRACE, "shmcb_init_memory choices follow"); - ssl_log(s, SSL_LOG_TRACE, "division_mask = 0x%02X", header->division_mask); - ssl_log(s, SSL_LOG_TRACE, "division_offset = %u", header->division_offset); - ssl_log(s, SSL_LOG_TRACE, "division_size = %u", header->division_size); - ssl_log(s, SSL_LOG_TRACE, "queue_size = %u", header->queue_size); - ssl_log(s, SSL_LOG_TRACE, "index_num = %u", header->index_num); - ssl_log(s, SSL_LOG_TRACE, "index_offset = %u", header->index_offset); - ssl_log(s, SSL_LOG_TRACE, "index_size = %u", header->index_size); - ssl_log(s, SSL_LOG_TRACE, "cache_data_offset = %u", header->cache_data_offset); - ssl_log(s, SSL_LOG_TRACE, "cache_data_size = %u", header->cache_data_size); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "shmcb_init_memory choices follow"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "division_mask = 0x%02X", header->division_mask); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "division_offset = %u", header->division_offset); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "division_size = %u", header->division_size); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "queue_size = %u", header->queue_size); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "index_num = %u", header->index_num); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "index_offset = %u", header->index_offset); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "index_size = %u", header->index_size); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "cache_data_offset = %u", header->cache_data_offset); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "cache_data_size = %u", header->cache_data_size); /* The header is done, make the caches empty */ for (loop = 0; loop < granularity; loop++) { if (!shmcb_get_division(header, &queue, &cache, loop)) - ssl_log(s, SSL_LOG_ERROR, "shmcb_init_memory, " "internal error"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "shmcb_init_memory, " "internal error"); shmcb_set_safe_uint(cache.first_pos, 0); shmcb_set_safe_uint(cache.pos_count, 0); shmcb_set_safe_uint(queue.first_pos, 0); shmcb_set_safe_uint(queue.pos_count, 0); } - ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_init_memory()"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "leaving shmcb_init_memory()"); return TRUE; } @@ -679,15 +704,18 @@ static BOOL shmcb_store_session( time_t expiry_time; unsigned char *session_id = SSL_SESSION_get_session_id(pSession); - ssl_log(s, SSL_LOG_TRACE, "inside shmcb_store_session"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "inside shmcb_store_session"); /* Get the header structure, which division this session will fall into etc. */ shmcb_get_header(shm_segment, &header); masked_index = session_id[0] & header->division_mask; - ssl_log(s, SSL_LOG_TRACE, "session_id[0]=%u, masked index=%u", - session_id[0], masked_index); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "session_id[0]=%u, masked index=%u", + session_id[0], masked_index); if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) { - ssl_log(s, SSL_LOG_ERROR, "shmcb_store_session, " "internal error"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "shmcb_store_session internal error"); return FALSE; } @@ -696,8 +724,8 @@ static BOOL shmcb_store_session( * or we find some assurance that it will never be necessary. */ len_encoded = i2d_SSL_SESSION(pSession, NULL); if (len_encoded > SSL_SESSION_MAX_DER) { - ssl_log(s, SSL_LOG_ERROR, "session is too big (%u bytes)", - len_encoded); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "session is too big (%u bytes)", len_encoded); return FALSE; } ptr_encoded = encoded; @@ -706,10 +734,12 @@ static BOOL shmcb_store_session( if (!shmcb_insert_encoded_session(s, &queue, &cache, encoded, len_encoded, session_id, expiry_time)) { - ssl_log(s, SSL_LOG_ERROR, "can't store a session!"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "can't store a session!"); return FALSE; } - ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_store successfully"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "leaving shmcb_store successfully"); header->num_stores++; return TRUE; } @@ -724,9 +754,10 @@ static SSL_SESSION *shmcb_retrieve_session( unsigned char masked_index; SSL_SESSION *pSession; - ssl_log(s, SSL_LOG_TRACE, "inside shmcb_retrieve_session"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "inside shmcb_retrieve_session"); if (idlen < 2) { - ssl_log(s, SSL_LOG_ERROR, "unusably short session_id provided " + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "unusably short session_id provided " "(%u bytes)", idlen); return FALSE; } @@ -735,10 +766,11 @@ static SSL_SESSION *shmcb_retrieve_session( * will come from etc. */ shmcb_get_header(shm_segment, &header); masked_index = id[0] & header->division_mask; - ssl_log(s, SSL_LOG_TRACE, "id[0]=%u, masked index=%u", id[0], - masked_index); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "id[0]=%u, masked index=%u", id[0], masked_index); if (!shmcb_get_division(header, &queue, &cache, (unsigned int) masked_index)) { - ssl_log(s, SSL_LOG_ERROR, "shmcb_retrieve_session, " "internal error"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "shmcb_retrieve_session internal error"); header->num_retrieves_miss++; return FALSE; } @@ -750,7 +782,8 @@ static SSL_SESSION *shmcb_retrieve_session( header->num_retrieves_hit++; else header->num_retrieves_miss++; - ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_retrieve_session"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "leaving shmcb_retrieve_session"); return pSession; } @@ -764,9 +797,10 @@ static BOOL shmcb_remove_session( unsigned char masked_index; BOOL res; - ssl_log(s, SSL_LOG_TRACE, "inside shmcb_remove_session"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "inside shmcb_remove_session"); if (id == NULL) { - ssl_log(s, SSL_LOG_ERROR, "remove called with NULL session_id!"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "remove called with NULL session_id!"); return FALSE; } @@ -774,10 +808,10 @@ static BOOL shmcb_remove_session( * will happen in etc. */ shmcb_get_header(shm_segment, &header); masked_index = id[0] & header->division_mask; - ssl_log(s, SSL_LOG_TRACE, "id[0]=%u, masked index=%u", - id[0], masked_index); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "id[0]=%u, masked index=%u", id[0], masked_index); if (!shmcb_get_division(header, &queue, &cache, (unsigned int)masked_index)) { - ssl_log(s, SSL_LOG_ERROR, "shmcb_remove_session, internal error"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, "shmcb_remove_session, internal error"); header->num_removes_miss++; return FALSE; } @@ -786,7 +820,8 @@ static BOOL shmcb_remove_session( header->num_removes_hit++; else header->num_removes_miss++; - ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_remove_session"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "leaving shmcb_remove_session"); return res; } @@ -974,7 +1009,8 @@ static unsigned int shmcb_expire_division( unsigned int loop, index_num, pos_count, new_pos; SHMCBHeader *header; - ssl_log(s, SSL_LOG_TRACE, "entering shmcb_expire_division"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "entering shmcb_expire_division"); /* We must calculate num and space ourselves based on expiry times. */ now = time(NULL); @@ -997,7 +1033,8 @@ static unsigned int shmcb_expire_division( /* Find the new_offset and make the expiries happen. */ if (loop > 0) { - ssl_log(s, SSL_LOG_TRACE, "will be expiring %u sessions", loop); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "will be expiring %u sessions", loop); /* We calculate the new_offset by "peeking" (or in the * case it's the last entry, "sneaking" ;-). */ if (loop == pos_count) { @@ -1021,8 +1058,9 @@ static unsigned int shmcb_expire_division( shmcb_get_safe_uint(&(idx->offset)))); shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset))); } - ssl_log(s, SSL_LOG_TRACE, "we now have %u sessions", - shmcb_get_safe_uint(queue->pos_count)); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "we now have %u sessions", + shmcb_get_safe_uint(queue->pos_count)); } header->num_expiries += loop; return loop; @@ -1047,8 +1085,10 @@ static BOOL shmcb_insert_encoded_session( unsigned int gap, new_pos, loop, new_offset; int need; - ssl_log(s, SSL_LOG_TRACE, "entering shmcb_insert_encoded_session, " - "*queue->pos_count = %u", shmcb_get_safe_uint(queue->pos_count)); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "entering shmcb_insert_encoded_session, " + "*queue->pos_count = %u", + shmcb_get_safe_uint(queue->pos_count)); /* If there's entries to expire, ditch them first thing. */ shmcb_expire_division(s, queue, cache); @@ -1068,8 +1108,9 @@ static BOOL shmcb_insert_encoded_session( shmcb_get_safe_uint(&(idx->offset))); } if (loop > 0) { - ssl_log(s, SSL_LOG_TRACE, "about to scroll %u sessions from %u", - loop, shmcb_get_safe_uint(queue->pos_count)); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "about to scroll %u sessions from %u", + loop, shmcb_get_safe_uint(queue->pos_count)); /* We are removing "loop" items from the cache. */ shmcb_set_safe_uint(cache->pos_count, shmcb_get_safe_uint(cache->pos_count) - @@ -1079,8 +1120,9 @@ static BOOL shmcb_insert_encoded_session( shmcb_set_safe_uint(cache->first_pos, shmcb_get_safe_uint(&(idx->offset))); shmcb_set_safe_uint(queue->pos_count, shmcb_get_safe_uint(queue->pos_count) - loop); shmcb_set_safe_uint(queue->first_pos, new_pos); - ssl_log(s, SSL_LOG_TRACE, "now only have %u sessions", - shmcb_get_safe_uint(queue->pos_count)); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "now only have %u sessions", + shmcb_get_safe_uint(queue->pos_count)); /* Update the stats!!! */ header->num_scrolled += loop; } @@ -1090,19 +1132,20 @@ static BOOL shmcb_insert_encoded_session( * is verified. */ if (shmcb_get_safe_uint(cache->pos_count) + encoded_len > header->cache_data_size) { - ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, " - "internal error"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "shmcb_insert_encoded_session internal error"); return FALSE; } if (shmcb_get_safe_uint(queue->pos_count) == header->index_num) { - ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, " - "internal error"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "shmcb_insert_encoded_session internal error"); return FALSE; } - ssl_log(s, SSL_LOG_TRACE, "we have %u bytes and %u indexes free - " - "enough", header->cache_data_size - - shmcb_get_safe_uint(cache->pos_count), header->index_num - - shmcb_get_safe_uint(queue->pos_count)); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "we have %u bytes and %u indexes free - enough", + header->cache_data_size - + shmcb_get_safe_uint(cache->pos_count), header->index_num - + shmcb_get_safe_uint(queue->pos_count)); /* HERE WE ASSUME THAT THE NEW SESSION SHOULD GO ON THE END! I'M NOT @@ -1127,12 +1170,13 @@ static BOOL shmcb_insert_encoded_session( new_pos = shmcb_cyclic_increment(header->index_num, shmcb_get_safe_uint(queue->first_pos), shmcb_get_safe_uint(queue->pos_count)); - ssl_log(s, SSL_LOG_TRACE, "storing in index %u, at offset %u", new_pos, - new_offset); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "storing in index %u, at offset %u", + new_pos, new_offset); idx = shmcb_get_index(queue, new_pos); if (idx == NULL) { - ssl_log(s, SSL_LOG_ERROR, "shmcb_insert_encoded_session, " - "internal error"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "shmcb_insert_encoded_session internal error"); return FALSE; } shmcb_safe_clear(idx, sizeof(SHMCBIndex)); @@ -1141,8 +1185,9 @@ static BOOL shmcb_insert_encoded_session( /* idx->removed = (unsigned char)0; */ /* Not needed given the memset above. */ idx->s_id2 = session_id[1]; - ssl_log(s, SSL_LOG_TRACE, "session_id[0]=%u, idx->s_id2=%u", - session_id[0], session_id[1]); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "session_id[0]=%u, idx->s_id2=%u", + session_id[0], session_id[1]); /* All that remains is to adjust the cache's and queue's "pos_count"s. */ shmcb_set_safe_uint(cache->pos_count, @@ -1151,10 +1196,12 @@ static BOOL shmcb_insert_encoded_session( shmcb_get_safe_uint(queue->pos_count) + 1); /* And just for good debugging measure ... */ - ssl_log(s, SSL_LOG_TRACE, "leaving now with %u bytes in the cache and " - "%u indexes", shmcb_get_safe_uint(cache->pos_count), - shmcb_get_safe_uint(queue->pos_count)); - ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_insert_encoded_session"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "leaving now with %u bytes in the cache and %u indexes", + shmcb_get_safe_uint(cache->pos_count), + shmcb_get_safe_uint(queue->pos_count)); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "leaving shmcb_insert_encoded_session"); return TRUE; } @@ -1174,7 +1221,8 @@ static SSL_SESSION *shmcb_lookup_session_id( unsigned char *ptr; time_t now; - ssl_log(s, SSL_LOG_TRACE, "entering shmcb_lookup_session_id"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "entering shmcb_lookup_session_id"); /* If there are entries to expire, ditch them first thing. */ shmcb_expire_division(s, queue, cache); @@ -1183,10 +1231,12 @@ static SSL_SESSION *shmcb_lookup_session_id( count = shmcb_get_safe_uint(queue->pos_count); header = queue->header; for (loop = 0; loop < count; loop++) { - ssl_log(s, SSL_LOG_TRACE, "loop=%u, count=%u, curr_pos=%u", - loop, count, curr_pos); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "loop=%u, count=%u, curr_pos=%u", + loop, count, curr_pos); idx = shmcb_get_index(queue, curr_pos); - ssl_log(s, SSL_LOG_TRACE, "idx->s_id2=%u, id[1]=%u, offset=%u", + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "idx->s_id2=%u, id[1]=%u, offset=%u", idx->s_id2, id[1], shmcb_get_safe_uint(&(idx->offset))); /* Only look into the session further if; * (a) the second byte of the session_id matches, @@ -1202,8 +1252,9 @@ static SSL_SESSION *shmcb_lookup_session_id( unsigned int session_id_length; unsigned char *session_id; - ssl_log(s, SSL_LOG_TRACE, "at index %u, found possible " - "session match", curr_pos); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "at index %u, found possible session match", + curr_pos); shmcb_cyclic_cton_memcpy(header->cache_data_size, tempasn, cache->data, shmcb_get_safe_uint(&(idx->offset)), @@ -1214,22 +1265,25 @@ static SSL_SESSION *shmcb_lookup_session_id( session_id = SSL_SESSION_get_session_id(pSession); if (pSession == NULL) { - ssl_log(s, SSL_LOG_ERROR, "scach2_lookup_" - "session_id, internal error"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "scach2_lookup_session_id internal error"); return NULL; } if ((session_id_length == idlen) && (memcmp(session_id, id, idlen) == 0)) { - ssl_log(s, SSL_LOG_TRACE, "a match!"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "a match!"); return pSession; } - ssl_log(s, SSL_LOG_TRACE, "not a match"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "not a match"); SSL_SESSION_free(pSession); pSession = NULL; } curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1); } - ssl_log(s, SSL_LOG_TRACE, "no matching sessions were found"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "no matching sessions were found"); return NULL; } @@ -1245,7 +1299,8 @@ static BOOL shmcb_remove_session_id( unsigned char *ptr; BOOL to_return = FALSE; - ssl_log(s, SSL_LOG_TRACE, "entering shmcb_remove_session_id"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "entering shmcb_remove_session_id"); /* If there's entries to expire, ditch them first thing. */ /* shmcb_expire_division(s, queue, cache); */ @@ -1263,10 +1318,12 @@ static BOOL shmcb_remove_session_id( count = shmcb_get_safe_uint(queue->pos_count); header = cache->header; for (loop = 0; loop < count; loop++) { - ssl_log(s, SSL_LOG_TRACE, "loop=%u, count=%u, curr_pos=%u", + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "loop=%u, count=%u, curr_pos=%u", loop, count, curr_pos); idx = shmcb_get_index(queue, curr_pos); - ssl_log(s, SSL_LOG_TRACE, "idx->s_id2=%u, id[1]=%u", idx->s_id2, + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "idx->s_id2=%u, id[1]=%u", idx->s_id2, id[1]); /* Only look into the session further if the second byte of the * session_id matches. */ @@ -1274,8 +1331,9 @@ static BOOL shmcb_remove_session_id( unsigned int session_id_length; unsigned char *session_id; - ssl_log(s, SSL_LOG_TRACE, "at index %u, found possible " - "session match", curr_pos); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "at index %u, found possible " + "session match", curr_pos); shmcb_cyclic_cton_memcpy(header->cache_data_size, tempasn, cache->data, shmcb_get_safe_uint(&(idx->offset)), @@ -1283,8 +1341,8 @@ static BOOL shmcb_remove_session_id( ptr = tempasn; pSession = d2i_SSL_SESSION(NULL, &ptr, SSL_SESSION_MAX_DER); if (pSession == NULL) { - ssl_log(s, SSL_LOG_ERROR, "shmcb_remove_session_id, " - "internal error"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "shmcb_remove_session_id, internal error"); goto end; } session_id_length = SSL_SESSION_get_session_id_length(pSession); @@ -1292,24 +1350,28 @@ static BOOL shmcb_remove_session_id( if ((session_id_length == idlen) && (memcmp(id, session_id, idlen) == 0)) { - ssl_log(s, SSL_LOG_TRACE, "a match!"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "a match!"); /* Scrub out this session "quietly" */ idx->removed = (unsigned char) 1; SSL_SESSION_free(pSession); to_return = TRUE; goto end; } - ssl_log(s, SSL_LOG_TRACE, "not a match"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "not a match"); SSL_SESSION_free(pSession); pSession = NULL; } curr_pos = shmcb_cyclic_increment(header->index_num, curr_pos, 1); } - ssl_log(s, SSL_LOG_TRACE, "no matching sessions were found"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "no matching sessions were found"); /* If there's entries to expire, ditch them now. */ shmcb_expire_division(s, queue, cache); end: - ssl_log(s, SSL_LOG_TRACE, "leaving shmcb_remove_session_id"); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "leaving shmcb_remove_session_id"); return to_return; } diff --git a/modules/ssl/ssl_scache_shmht.c b/modules/ssl/ssl_scache_shmht.c index 7d301ad0b2..a3f71f097c 100644 --- a/modules/ssl/ssl_scache_shmht.c +++ b/modules/ssl/ssl_scache_shmht.c @@ -117,27 +117,29 @@ void ssl_scache_shmht_init(server_rec *s, apr_pool_t *p) * Create shared memory segment */ if (mc->szSessionCacheDataFile == NULL) { - ssl_log(s, SSL_LOG_ERROR, "SSLSessionCache required"); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "SSLSessionCache required"); ssl_die(); } if ((rv = apr_shm_create(&(mc->pSessionCacheDataMM), mc->nSessionCacheDataSize, mc->szSessionCacheDataFile, mc->pPool)) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR, - "Cannot allocate shared memory: %d", rv); + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Cannot allocate shared memory"); ssl_die(); } if ((rv = apr_rmm_init(&(mc->pSessionCacheDataRMM), NULL, apr_shm_baseaddr_get(mc->pSessionCacheDataMM), mc->nSessionCacheDataSize, mc->pPool)) != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR, - "Cannot initialize rmm: %d", rv); + ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + "Cannot initialize rmm"); ssl_die(); } -ssl_log(s, SSL_LOG_ERROR, "initialize MM %ld RMM %ld", - mc->pSessionCacheDataMM, mc->pSessionCacheDataRMM); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "initialize MM %p RMM %p", + mc->pSessionCacheDataMM, mc->pSessionCacheDataRMM); /* * Create hash table in shared memory segment @@ -155,9 +157,9 @@ ssl_log(s, SSL_LOG_ERROR, "initialize MM %ld RMM %ld", ssl_scache_shmht_calloc, ssl_scache_shmht_realloc, ssl_scache_shmht_free, s )) == NULL) { - ssl_log(s, SSL_LOG_ERROR, - "Cannot allocate hash table in shared memory: %s", - table_strerror(ta_errno)); + ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, + "Cannot allocate hash table in shared memory: %s", + table_strerror(ta_errno)); ssl_die(); } @@ -169,9 +171,10 @@ ssl_log(s, SSL_LOG_ERROR, "initialize MM %ld RMM %ld", /* * Log the done work */ - ssl_log(s, SSL_LOG_INFO, - "Init: Created hash-table (%d buckets) " - "in shared memory (%d bytes) for SSL session cache", n, avail); + ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, s, + "Init: Created hash-table (%d buckets) " + "in shared memory (%d bytes) for SSL session cache", + n, avail); return; } @@ -337,9 +340,10 @@ void ssl_scache_shmht_expire(server_rec *s) /* (vpKeyThis != vpKey) && (nKeyThis != nKey) */ } ssl_mutex_off(s); - ssl_log(s, SSL_LOG_TRACE, "Inter-Process Session Cache (SHMHT) Expiry: " - "old: %d, new: %d, removed: %d", - nElements, nElements-nDeleted, nDeleted); + ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, + "Inter-Process Session Cache (SHMHT) Expiry: " + "old: %d, new: %d, removed: %d", + nElements, nElements-nDeleted, nDeleted); return; } |