httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kbr...@apache.org
Subject svn commit: r1213400 - in /httpd/httpd/branches/2.4.x/modules/ssl: ssl_engine_init.c ssl_engine_ocsp.c ssl_util_ocsp.c
Date Mon, 12 Dec 2011 20:05:28 GMT
Author: kbrand
Date: Mon Dec 12 20:05:27 2011
New Revision: 1213400

URL: http://svn.apache.org/viewvc?rev=1213400&view=rev
Log:
backport r1213399 from trunk:

logging adjustments:
- consistently call ssl_log_ssl_error after ap_log_error etc.
- ssl_init_ConfigureServer: add vhost_id to log message

Modified:
    httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
    httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_ocsp.c
    httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c

Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c?rev=1213400&r1=1213399&r2=1213400&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c Mon Dec 12 20:05:27 2011
@@ -1360,7 +1360,7 @@ void ssl_init_ConfigureServer(server_rec
      */
     if ((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL))
{
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01914)
-                     "Configuring server for SSL protocol");
+                     "Configuring server %s for SSL protocol", sc->vhost_id);
         ssl_init_server_ctx(s, p, ptemp, sc);
     }
 

Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_ocsp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_ocsp.c?rev=1213400&r1=1213399&r2=1213400&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_ocsp.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_ocsp.c Mon Dec 12 20:05:27 2011
@@ -110,9 +110,9 @@ static OCSP_REQUEST *create_request(X509
 
     *certid = OCSP_cert_to_id(NULL, cert, ctx->current_issuer);
     if (!*certid || !OCSP_request_add0_id(req, *certid)) {
-        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01921)
                      "could not retrieve certificate id");
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
         return NULL;
     }
 
@@ -164,9 +164,9 @@ static int verify_ocsp_status(X509 *cert
     if (rc == V_OCSP_CERTSTATUS_GOOD) {
         basicResponse = OCSP_response_get1_basic(response);
         if (!basicResponse) {
-            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01923)
                           "could not retrieve OCSP basic response");
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             rc = V_OCSP_CERTSTATUS_UNKNOWN;
         }
     }
@@ -182,9 +182,9 @@ static int verify_ocsp_status(X509 *cert
     if (rc == V_OCSP_CERTSTATUS_GOOD) {
         /* TODO: allow flags configuration. */
         if (OCSP_basic_verify(basicResponse, NULL, ctx->ctx, 0) != 1) {
-            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01925)
                         "failed to verify the OCSP response");
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             rc = V_OCSP_CERTSTATUS_UNKNOWN;
         }
     }
@@ -196,9 +196,9 @@ static int verify_ocsp_status(X509 *cert
         rc = OCSP_resp_find_status(basicResponse, certID, &status,
                                    &reason, NULL, &thisup, &nextup);
         if (rc != 1) {
-            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert, APLOGNO(02272)
                             "failed to retrieve OCSP response status");
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             rc = V_OCSP_CERTSTATUS_UNKNOWN;
         }
         else {
@@ -216,9 +216,9 @@ static int verify_ocsp_status(X509 *cert
             int vrc  = OCSP_check_validity(thisup, nextup, resptime_skew,
                                            sc->server->ocsp_resp_maxage);
             if (vrc != 1) {
-                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
                 ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert, APLOGNO(02273)
                                 "OCSP response outside validity period");
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
                 rc = V_OCSP_CERTSTATUS_UNKNOWN;
             }
         }

Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c?rev=1213400&r1=1213399&r2=1213400&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c (original)
+++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_util_ocsp.c Mon Dec 12 20:05:27 2011
@@ -262,9 +262,9 @@ static OCSP_RESPONSE *read_response(apr_
      * bio. */
     response = d2i_OCSP_RESPONSE_bio(bio, NULL);
     if (response == NULL) {
-        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
         ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01988)
                       "failed to decode OCSP response data");
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
     }
 
     return response;
@@ -281,9 +281,9 @@ OCSP_RESPONSE *modssl_dispatch_ocsp_requ
 
     bio = serialize_request(request, uri);
     if (bio == NULL) {
-        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
         ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01989)
                       "could not serialize OCSP request");
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
         return NULL;
     }
 



Mime
View raw message