* modules/ssl/ssl_engine_log.c (ssl_log_cxerror): Log the certificate

  serial number along with the subject and issuer names.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@598690 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_log.c b/modules/ssl/ssl_engine_log.c
index b3ca90df2eb011ad3eab9f0b2d9c72c2cbff57a8..71efc401dfed3fbfc0ac831dd8fdd5bdbc8f2f36 100644 (file)
--- a/modules/ssl/ssl_engine_log.c
+++ b/modules/ssl/ssl_engine_log.c
@@ -114,7 +114,8 @@ void ssl_log_cxerror(const char *file, int line, int level,
 {
     va_list ap;
     char buf[HUGE_STRING_LEN];
-    char *sname, *iname;
+    char *sname, *iname, *serial;
+    BIGNUM *bn;
     
     if (c->base_server->loglevel < level) {
         /* Bail early since the rest of this function is expensive. */
@@ -123,16 +124,19 @@ void ssl_log_cxerror(const char *file, int line, int level,
 
     sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0);
     iname = X509_NAME_oneline(X509_get_issuer_name(cert),  NULL, 0);
+    bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(cert), NULL);
+    serial = bn && !BN_is_zero(bn) ? BN_bn2hex(bn) : NULL;
     
     va_start(ap, format);
     apr_vsnprintf(buf, sizeof buf, format, ap);
     va_end(ap);
 
     ap_log_cerror(file, line, level, rv, c, 
-                  "%s [peer subject: %s, issuer: %s]",
+                  "%s [peer subject: %s, issuer: %s, serial: %s]",
                   buf,
                   sname ? sname : "-unknown-",
-                  iname ? iname : "-unknown-");
+                  iname ? iname : "-unknown-",
+                  serial ? serial : "-unknown-");
 
     if (sname) {
         modssl_free(sname);
@@ -141,4 +145,12 @@ void ssl_log_cxerror(const char *file, int line, int level,
     if (iname) {
         modssl_free(iname);
     }
+    
+    if (serial) {
+        modssl_free(serial);
+    }
+
+    if (bn) {
+        BN_free(bn);
+    }
 }