httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [PATCH]es More descriptive mod_ssl/OpenSSL version logging
Date Wed, 21 Mar 2007 01:51:48 GMT
William A. Rowe, Jr. wrote:
> William A. Rowe, Jr. wrote:
>> httpd was patched for httpd -v some time ago to report both the compiled
>> and loaded versions of apr[-util].
>>
>> I'd like to get this into trunk/2.2/2.0 similarly for openssl.
>>
>> It's very common for users to hotfix openssl for security vulnerabilities,
>> but the apache error log remains 'scary' to auditors and administrators...
>>
>> [Tue Mar 20 15:54:21 2007] [notice] Apache/2.0.59 (Unix) DAV/2 CovalentSNMP/3.0.
>> 3 mod_jk/1.2.18 mod_ssl/2.0.59 OpenSSL/0.9.7i PHP/4.4.4 mod_perl/1.999.21 Perl/v
>> 5.8.8 configured -- resuming normal operations
>> [Tue Mar 20 15:59:51 2007] [info] Server: Apache/2.0.59, Interface: mod_ssl/2.0.
>> 59, Library: OpenSSL/0.9.7i

Committed to trunk for your review, but unless you deliberately trip this,
you probably wouldn't notice the case such as...

[Tue Mar 20 20:19:22 2007] [info] mod_ssl/2.0.59 compiled against Server:
Apache/2.0.59, Library: OpenSSL/0.9.7l
[Tue Mar 20 20:19:22 2007] [notice] Apache/2.0.59 (Unix) DAV/2
CovalentSNMP/3.0.3 mod_jk/1.2.18 mod_ssl/2.0.59 OpenSSL/0.9.7g-fips PHP/4.4.4
mod_perl/1.999.21 Perl/v5.8.8 configured -- resuming normal operations

This illustrates mod_ssl built against OpenSSL/0.9.7l, but actually
running against OpenSSL/0.9.7g-fips.

Bill


Mime
View raw message