httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r416265 - in /httpd/httpd/trunk/modules/ssl: mod_ssl.c ssl_engine_config.c ssl_engine_io.c ssl_private.h
Date Thu, 22 Jun 2006 06:13:08 GMT
Author: wrowe
Date: Wed Jun 21 23:13:07 2006
New Revision: 416265

URL: http://svn.apache.org/viewvc?rev=416265&view=rev
Log:

  New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ]
  configures the I/O Dump of SSL traffic, when LogLevel is set to Debug.
  The default is none as this is far greater debugging resolution than 
  the typical administrator is prepared to untangle.

Modified:
    httpd/httpd/trunk/modules/ssl/mod_ssl.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
    httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
    httpd/httpd/trunk/modules/ssl/ssl_private.h

Modified: httpd/httpd/trunk/modules/ssl/mod_ssl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/mod_ssl.c?rev=416265&r1=416264&r2=416265&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/mod_ssl.c (original)
+++ httpd/httpd/trunk/modules/ssl/mod_ssl.c Wed Jun 21 23:13:07 2006
@@ -145,6 +145,9 @@
                 "Use the server's cipher ordering preference")
     SSL_CMD_ALL(UserName, TAKE1,
                 "Set user name to SSL variable value")
+    SSL_CMD_SRV(LogLevelDebugDump, TAKE1,
+                "Include I/O Dump when LogLevel is set to Debug "
+                "([ None (default) | IO (not bytes) | Bytes ])")
 
     /*
      * Proxy configuration for remote SSL connections

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=416265&r1=416264&r2=416265&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Wed Jun 21 23:13:07 2006
@@ -169,6 +169,7 @@
     sc->vhost_id_len           = 0;     /* set during module init */
     sc->session_cache_timeout  = UNSET;
     sc->cipher_server_pref     = UNSET;
+    sc->ssl_log_level          = SSL_LOG_UNSET;
 
     modssl_ctx_init_proxy(sc, p);
 
@@ -257,6 +258,7 @@
     cfgMergeBool(proxy_enabled);
     cfgMergeInt(session_cache_timeout);
     cfgMergeBool(cipher_server_pref);
+    cfgMerge(ssl_log_level, SSL_LOG_UNSET);
 
     modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy);
 
@@ -1089,6 +1091,30 @@
 
     if (sc->session_cache_timeout < 0) {
         return "SSLSessionCacheTimeout: Invalid argument";
+    }
+
+    return NULL;
+}
+
+const char *ssl_cmd_SSLLogLevelDebugDump(cmd_parms *cmd,
+                                         void *dcfg,
+                                         const char *arg)
+{
+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+
+    if (strcEQ(arg, "none") || strcEQ(arg, "off")) {
+        sc->ssl_log_level = SSL_LOG_NONE;
+    }
+    else if (strcEQ(arg, "io") || strcEQ(arg, "i/o")) {
+        sc->ssl_log_level = SSL_LOG_IO;
+    }
+    else if (strcEQ(arg, "bytes") || strcEQ(arg, "on")) {
+        sc->ssl_log_level = SSL_LOG_BYTES;
+    }
+    else {
+        return apr_pstrcat(cmd->temp_pool, cmd->cmd->name,
+                           ": Invalid argument '", arg, "'",
+                           NULL);
     }
 
     return NULL;

Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_io.c?rev=416265&r1=416264&r2=416265&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_engine_io.c (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_io.c Wed Jun 21 23:13:07 2006
@@ -1655,6 +1655,8 @@
 void ssl_io_filter_init(conn_rec *c, SSL *ssl)
 {
     ssl_filter_ctx_t *filter_ctx;
+    server_rec *s = c->base_server;
+    SSLSrvConfigRec *sc = mySrvConfig(s);
 
     filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t));
 
@@ -1673,7 +1675,8 @@
     apr_pool_cleanup_register(c->pool, (void*)filter_ctx,
                               ssl_io_filter_cleanup, apr_pool_cleanup_null);
 
-    if (c->base_server->loglevel >= APLOG_DEBUG) {
+    if ((s->loglevel >= APLOG_DEBUG)
+         && (sc->ssl_log_level >= SSL_LOG_IO)) {
         BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
         BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
     }
@@ -1776,12 +1779,14 @@
     SSL *ssl;
     conn_rec *c;
     server_rec *s;
+    SSLSrvConfigRec *sc;
 
     if ((ssl = (SSL *)BIO_get_callback_arg(bio)) == NULL)
         return rc;
     if ((c = (conn_rec *)SSL_get_app_data(ssl)) == NULL)
         return rc;
     s = c->base_server;
+    sc = mySrvConfig(s);
 
     if (   cmd == (BIO_CB_WRITE|BIO_CB_RETURN)
         || cmd == (BIO_CB_READ |BIO_CB_RETURN) ) {
@@ -1793,7 +1798,7 @@
                     rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"),
                     bio, argp,
                     (argp != NULL ? "(BIO dump follows)" : "(Oops, no memory buffer?)"));
-            if (argp != NULL)
+            if ((argp != NULL) && (sc->ssl_log_level >= SSL_LOG_BYTES))
                 ssl_io_data_dump(s, argp, rc);
         }
         else {

Modified: httpd/httpd/trunk/modules/ssl/ssl_private.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_private.h?rev=416265&r1=416264&r2=416265&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/ssl/ssl_private.h (original)
+++ httpd/httpd/trunk/modules/ssl/ssl_private.h Wed Jun 21 23:13:07 2006
@@ -141,6 +141,18 @@
 #endif
 
 /**
+ * Define the per-server SSLLogLevel constants which provide
+ * finer-than-debug resolution to decide if logs are to be
+ * assulted with tens of thousands of characters per request.
+ */
+typedef enum {
+    SSL_LOG_UNSET  = UNSET,
+    SSL_LOG_NONE   = 0,
+    SSL_LOG_IO     = 6,
+    SSL_LOG_BYTES  = 7
+} ssl_log_level_e;
+
+/**
  * Support for MM library
  */
 #define SSL_MM_FILE_MODE ( APR_UREAD | APR_UWRITE | APR_GREAD | APR_WREAD )
@@ -244,7 +256,7 @@
     SSL_PPTYPE_UNSET   = UNSET,
     SSL_PPTYPE_BUILTIN = 0,
     SSL_PPTYPE_FILTER  = 1,
-	SSL_PPTYPE_PIPE    = 2
+    SSL_PPTYPE_PIPE    = 2
 } ssl_pphrase_t;
 
 /**
@@ -284,7 +296,7 @@
     SSL_ENABLED_UNSET    = UNSET,
     SSL_ENABLED_FALSE    = 0,
     SSL_ENABLED_TRUE     = 1,
-	SSL_ENABLED_OPTIONAL = 3
+    SSL_ENABLED_OPTIONAL = 3
 } ssl_enabled_t;
 
 /**
@@ -449,6 +461,7 @@
     BOOL             cipher_server_pref;
     modssl_ctx_t    *server;
     modssl_ctx_t    *proxy;
+    ssl_log_level_e  ssl_log_level;
 };
 
 /**
@@ -513,6 +526,7 @@
 const char  *ssl_cmd_SSLRequireSSL(cmd_parms *, void *);
 const char  *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLUserName(cmd_parms *, void *, const char *);
+const char  *ssl_cmd_SSLLogLevelDebugDump(cmd_parms *, void *, const char *);
 
 const char  *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
 const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);



Mime
View raw message