httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch ...@sfritsch.de>
Subject Re: svn commit: r951896 - in /httpd/httpd/trunk/modules/ssl: ssl_engine_io.c ssl_engine_kernel.c
Date Wed, 09 Jun 2010 19:55:19 GMT
On Wed, 9 Jun 2010, Ruediger Pluem wrote:
> On 06/06/2010 07:01 PM, sf@apache.org wrote:
>> Author: sf
>> Date: Sun Jun  6 17:01:29 2010
>> New Revision: 951896
>>
>> URL: http://svn.apache.org/viewvc?rev=951896&view=rev
>> Log:
>> Use new loglevel accessor macros to simplify code
>>
>> Modified:
>>     httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
>>     httpd/httpd/trunk/modules/ssl/ssl_engine_kernel.c
>>
>> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_io.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_io.c?rev=951896&r1=951895&r2=951896&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/ssl/ssl_engine_io.c (original)
>> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_io.c Sun Jun  6 17:01:29 2010
>> @@ -1015,7 +1015,7 @@ static void ssl_filter_io_shutdown(ssl_f
>>      SSL_smart_shutdown(ssl);
>>
>>      /* and finally log the fact that we've closed the connection */
>> -    if (mySrvFromConn(c)->loglevel >= APLOG_INFO) {
>> +    if (APLOGcinfo(c)) {
>
> IMHO you need to use APLOGinfo(mySrvFromConn(c)) as otherwise you might choose the base_server
> which might not be what mySrvFromConn(c) returns.

I think it is even more complicated than that and it affects many places 
in mod_ssl. If c has a loglevel configuration, we should probably use 
that. If not, we should use mySrvFromConn(c). But in both cases, the log 
message should be tied to the connection, to ensure that things like the 
client IP are logged. Maybe we need a ap_log_scerror that accepts both a 
server_rec and conn_rec.

AIUI, c->base_server is the default virtual host for the relevant IP/port. 
Without SNI, mySrvFromConn(c) is the same but with SNI, mySrvFromConn(c) 
may be a different name-based virtual host with the same IP/port. So, 
mySrvFromConn(c) is basically r->server? Is that correct?


>
>>          ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c,
>>                        "Connection closed to child %ld with %s shutdown "
>>                        "(server %s)",
>> @@ -1740,8 +1740,7 @@ void ssl_io_filter_init(conn_rec *c, req
>>      apr_pool_cleanup_register(c->pool, (void*)filter_ctx,
>>                                ssl_io_filter_cleanup, apr_pool_cleanup_null);
>>
>> -    if ((s->loglevel >= APLOG_DEBUG)
>> -         && (sc->ssl_log_level >= SSL_LOG_IO)) {
>> +    if (APLOGcdebug(c) && (sc->ssl_log_level >= SSL_LOG_IO)) {
>
> Same as above.
>
>>          BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb);
>>          BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl);
>>      }
>>
>
> Regards
>
> RĂ¼diger
>
Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message