Return-Path: 
 <dev-return-82950-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-dev-archive@www.apache.org
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id D34F418943
	for <apmail-httpd-dev-archive@www.apache.org>;
 Fri, 12 Jun 2015 12:11:38 +0000 (UTC)
Received: (qmail 95870 invoked by uid 500); 12 Jun 2015 12:11:38 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 95795 invoked by uid 500); 12 Jun 2015 12:11:38 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 95785 invoked by uid 99); 12 Jun 2015 12:11:38 -0000
Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 12 Jun 2015 12:11:38 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org)
 with ESMTP id 0232518221F
	for <dev@httpd.apache.org>; Fri, 12 Jun 2015 12:11:38 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.901
X-Spam-Level: **
X-Spam-Status: No, score=2.901 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=3, URIBL_BLOCKED=0.001] autolearn=disabled
Authentication-Results: spamd3-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=gmail.com
Received: from mx1-eu-west.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new,
 port 10024)
	with ESMTP id Fsz-9FYj_SsX for <dev@httpd.apache.org>;
	Fri, 12 Jun 2015 12:11:27 +0000 (UTC)
Received: from mail-yh0-f48.google.com (mail-yh0-f48.google.com
 [209.85.213.48])
	by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with
 ESMTPS id CF52B24B1A
	for <dev@httpd.apache.org>; Fri, 12 Jun 2015 12:11:26 +0000 (UTC)
Received: by yhak3 with SMTP id k3so13061631yha.2
        for <dev@httpd.apache.org>; Fri, 12 Jun 2015 05:11:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=RUmLDNzzoU+r9ai0hyJefsdq3mB/xKClWg1EyEHZM/M=;
        b=zZTsiCPRosRKMRpCg40dUmi/pllLQ21w0kRr+phulamuMasBFRR0/ZJa4wTKyroiTH
         yugQ7vB6Lk0KShOWc6SFpS9/dcM7C41ILRVmM+FpRrhH073HYihZ2poaDUy+ofZfMCx4
         ER6Rian5ywwCFLcYT9cMS4F1zyVZVSdo+1kPLqgNc1hwvMTkU98E+6YzG98UvS8adBer
         ggQAv5DsmggU144HUYM35hotVWh3JjlsLAbNkshtxWswgrNVQPwX1PbhoH+SGw3ERFGf
         1NJUkqdu30JOXhz77yYt3wfpYS3TQO4P9S1gTYX4qJMsduqefjjs1UQ7LID2d+1w7bNT
         y7Dg==
MIME-Version: 1.0
X-Received: by 10.13.243.65 with SMTP id c62mr18030010ywf.114.1434111079502;
 Fri, 12 Jun 2015 05:11:19 -0700 (PDT)
Received: by 10.13.206.195 with HTTP; Fri, 12 Jun 2015 05:11:19 -0700 (PDT)
In-Reply-To: <20150612090734.A311AAC0608@hades.apache.org>
References: <20150612090734.A311AAC0608@hades.apache.org>
Date: Fri, 12 Jun 2015 08:11:19 -0400
Message-ID: 
 <CAKUrXK7HXgJUz8TOuhogyovZJb7=w06rZDJgHUXvLU=QOT3kDg@mail.gmail.com>
Subject: Re: svn commit: r1685052 - in /httpd/httpd/trunk: CHANGES
 modules/ssl/ssl_engine_config.c
From: Jeff Trawick <trawick@gmail.com>
To: Apache HTTP Server Development List <dev@httpd.apache.org>
Content-Type: multipart/alternative; boundary=94eb2c036328765caa0518510178

--94eb2c036328765caa0518510178
Content-Type: text/plain; charset=UTF-8

On Fri, Jun 12, 2015 at 5:07 AM, <ylavic@apache.org> wrote:

> Author: ylavic
> Date: Fri Jun 12 09:07:34 2015
> New Revision: 1685052
>
> URL: http://svn.apache.org/r1685052
> Log:
> mod_ssl: Warn about deprecated SSLCertificateChainFile once at startup,
> on first usage only.
>
> Modified:
>     httpd/httpd/trunk/CHANGES
>     httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
>
> Modified: httpd/httpd/trunk/CHANGES
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1685052&r1=1685051&r2=1685052&view=diff
>
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Fri Jun 12 09:07:34 2015
> @@ -1,6 +1,9 @@
>                                                           -*- coding:
> utf-8 -*-
>  Changes with Apache 2.5.0
>
> +  *) mod_ssl: Warn about deprecated SSLCertificateChainFile once at
> startup,
> +     on first usage only.  [Yann Ylavic]
> +
>    *) mod_substitute: Fix configuraton merge order.
>       PR 57641 [<Marc.Stern approach.be>]
>
>
> Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=1685052&r1=1685051&r2=1685052&view=diff
>
> ==============================================================================
> --- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)
> +++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Fri Jun 12 09:07:34
> 2015
> @@ -839,13 +839,22 @@ const char *ssl_cmd_SSLCertificateChainF
>                                              const char *arg)
>  {
>      SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
> +    void *once = NULL;
>      const char *err;
>
> -    ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_STARTUP, 0, NULL,
> -                 APLOGNO(02559)
> -                 "The SSLCertificateChainFile directive (%s:%d) is
> deprecated, "
> -                 "SSLCertificateFile should be used instead",
> -                 cmd->directive->filename, cmd->directive->line_num);
> +    apr_pool_userdata_get(&once, "ssl_cmd_SSLCertificateChainFile",
> +                          ap_pglobal);
> +    if (!once) {
> +        ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_STARTUP, 0, NULL,
> +                     APLOGNO(02559)
> +                     "The SSLCertificateChainFile directive (%s:%d) is "
> +                     "deprecated, SSLCertificateFile should be used
> instead",
> +                     cmd->directive->filename, cmd->directive->line_num);
> +
> +        apr_pool_userdata_set("ssl_cmd_SSLCertificateChainFile",
> +                              apr_pstrdup(ap_pglobal, "1"), NULL,
> +                              ap_pglobal);
> +    }
>
> IMHO the  ap_retained_data_get/create APIs make this "nicer" than this
older pattern.

    retained = ap_retained_data_get(userdata_key);
    if (!retained) {
        retained = ap_retained_data_create(userdata_key, sizeof(*retained))



     if ((err = ssl_cmd_check_file(cmd, &arg))) {
>          return err;
>
>
>


-- 
Born in Roswell... married an alien...
http://emptyhammock.com/

--94eb2c036328765caa0518510178
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On F=
ri, Jun 12, 2015 at 5:07 AM,  <span dir=3D"ltr">&lt;<a href=3D"mailto:ylavi=
c@apache.org" target=3D"_blank">ylavic@apache.org</a>&gt;</span> wrote:<br>=
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;p=
adding-left:1ex">Author: ylavic<br>
Date: Fri Jun 12 09:07:34 2015<br>
New Revision: 1685052<br>
<br>
URL: <a href=3D"http://svn.apache.org/r1685052" rel=3D"noreferrer" target=
=3D"_blank">http://svn.apache.org/r1685052</a><br>
Log:<br>
mod_ssl: Warn about deprecated SSLCertificateChainFile once at startup,<br>
on first usage only.<br>
<br>
Modified:<br>
=C2=A0 =C2=A0 httpd/httpd/trunk/CHANGES<br>
=C2=A0 =C2=A0 httpd/httpd/trunk/modules/ssl/ssl_engine_config.c<br>
<br>
Modified: httpd/httpd/trunk/CHANGES<br>
URL: <a href=3D"http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=
=3D1685052&amp;r1=3D1685051&amp;r2=3D1685052&amp;view=3Ddiff" rel=3D"norefe=
rrer" target=3D"_blank">http://svn.apache.org/viewvc/httpd/httpd/trunk/CHAN=
GES?rev=3D1685052&amp;r1=3D1685051&amp;r2=3D1685052&amp;view=3Ddiff</a><br>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D<br>
--- httpd/httpd/trunk/CHANGES [utf-8] (original)<br>
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Jun 12 09:07:34 2015<br>
@@ -1,6 +1,9 @@<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 -*- coding: utf-8 -=
*-<br>
=C2=A0Changes with Apache 2.5.0<br>
<br>
+=C2=A0 *) mod_ssl: Warn about deprecated SSLCertificateChainFile once at s=
tartup,<br>
+=C2=A0 =C2=A0 =C2=A0on first usage only.=C2=A0 [Yann Ylavic]<br>
+<br>
=C2=A0 =C2=A0*) mod_substitute: Fix configuraton merge order.<br>
=C2=A0 =C2=A0 =C2=A0 PR 57641 [&lt;Marc.Stern <a href=3D"http://approach.be=
" rel=3D"noreferrer" target=3D"_blank">approach.be</a>&gt;]<br>
<br>
<br>
Modified: httpd/httpd/trunk/modules/ssl/ssl_engine_config.c<br>
URL: <a href=3D"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ssl/=
ssl_engine_config.c?rev=3D1685052&amp;r1=3D1685051&amp;r2=3D1685052&amp;vie=
w=3Ddiff" rel=3D"noreferrer" target=3D"_blank">http://svn.apache.org/viewvc=
/httpd/httpd/trunk/modules/ssl/ssl_engine_config.c?rev=3D1685052&amp;r1=3D1=
685051&amp;r2=3D1685052&amp;view=3Ddiff</a><br>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D<br>
--- httpd/httpd/trunk/modules/ssl/ssl_engine_config.c (original)<br>
+++ httpd/httpd/trunk/modules/ssl/ssl_engine_config.c Fri Jun 12 09:07:34 2=
015<br>
@@ -839,13 +839,22 @@ const char *ssl_cmd_SSLCertificateChainF<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0const char *arg)<br>
=C2=A0{<br>
=C2=A0 =C2=A0 =C2=A0SSLSrvConfigRec *sc =3D mySrvConfig(cmd-&gt;server);<br=
>
+=C2=A0 =C2=A0 void *once =3D NULL;<br>
=C2=A0 =C2=A0 =C2=A0const char *err;<br>
<br>
-=C2=A0 =C2=A0 ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_STARTUP, 0, NUL=
L,<br>
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0APLOGNO(0255=
9)<br>
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&quot;The SS=
LCertificateChainFile directive (%s:%d) is deprecated, &quot;<br>
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&quot;SSLCer=
tificateFile should be used instead&quot;,<br>
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0cmd-&gt;dire=
ctive-&gt;filename, cmd-&gt;directive-&gt;line_num);<br>
+=C2=A0 =C2=A0 apr_pool_userdata_get(&amp;once, &quot;ssl_cmd_SSLCertificat=
eChainFile&quot;,<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 ap_pglobal);<br>
+=C2=A0 =C2=A0 if (!once) {<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_S=
TARTUP, 0, NULL,<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0APLOGNO(02559)<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0&quot;The SSLCertificateChainFile directive (%s:%d) is &quot;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0&quot;deprecated, SSLCertificateFile should be used instead&quot;,<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0cmd-&gt;directive-&gt;filename, cmd-&gt;directive-&gt;line_num);<br>
+<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 apr_pool_userdata_set(&quot;ssl_cmd_SSLCertifi=
cateChainFile&quot;,<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 apr_pstrdup(ap_pglobal, &quot;1&quot;), NUL=
L,<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 ap_pglobal);<br>
+=C2=A0 =C2=A0 }<br>
<br></blockquote><div>IMHO the =C2=A0ap_retained_data_get/create APIs make =
this &quot;nicer&quot; than this older pattern.</div><div><br></div><div><d=
iv>=C2=A0 =C2=A0 retained =3D ap_retained_data_get(userdata_key);</div><div=
>=C2=A0 =C2=A0 if (!retained) {</div><div>=C2=A0 =C2=A0 =C2=A0 =C2=A0 retai=
ned =3D ap_retained_data_create(userdata_key, sizeof(*retained))</div></div=
><div><br></div><div><br></div><div><br></div><blockquote class=3D"gmail_qu=
ote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-co=
lor:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
=C2=A0 =C2=A0 =C2=A0if ((err =3D ssl_cmd_check_file(cmd, &amp;arg))) {<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0return err;<br>
<br>
<br>
</blockquote></div><br><br clear=3D"all"><div><br></div>-- <br><div class=
=3D"gmail_signature"><div dir=3D"ltr">Born in Roswell... married an alien..=
.<br><a href=3D"http://emptyhammock.com/" target=3D"_blank">http://emptyham=
mock.com/</a><div><br></div></div></div>
</div></div>

--94eb2c036328765caa0518510178--