ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
"Unable to create a new SSL connection from the SSL "
"context");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, server);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, server);
c->aborted = 1;
{
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
"Unable to set session id context to '%s'", vhost_md5);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, server);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, server);
c->aborted = 1;
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Failed to generate temporary "
"%d bit RSA private key", bits);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
return !OK;
}
}
else {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "FIPS mode failed");
- ssl_log_ssl_error(APLOG_MARK, APLOG_EMERG, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
}
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Failed to load Crypto Device API `%s'",
mc->szCryptoDevice);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_die();
}
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Failed to enable Crypto Device API `%s'",
mc->szCryptoDevice);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_die();
}
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to initialize TLS servername extension "
"callback (incompatible OpenSSL version?)");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_die();
}
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to configure verify locations "
"for client authentication");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_die();
}
if (!SSL_CTX_set_cipher_list(ctx, MODSSL_PCHAR_CAST suite)) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to configure permitted SSL ciphers");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_die();
}
}
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to configure X.509 CRL storage "
"for certificate revocation");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_die();
}
}
if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to import %s server certificate", type);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_die();
}
if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to configure %s server certificate", type);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_die();
}
{
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to import %s server private key", type);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_die();
}
if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Unable to configure %s server private key", type);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_die();
}
EVP_PKEY_copy_parameters(pubkey, pkey);
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Copying DSA parameters from private key to certificate");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
EVP_PKEY_free(pubkey);
}
}
*/
ap_log_cerror(APLOG_MARK, APLOG_INFO, inctx->rc, c,
"SSL library error %d reading data", ssl_err);
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, mySrvFromConn(c));
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, mySrvFromConn(c));
}
if (inctx->rc == APR_SUCCESS) {
*/
ap_log_cerror(APLOG_MARK, APLOG_INFO, outctx->rc, c,
"SSL library error %d writing data", ssl_err);
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, mySrvFromConn(c));
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, mySrvFromConn(c));
}
if (outctx->rc == APR_SUCCESS) {
outctx->rc = APR_EGENERAL;
ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, f->c,
"SSL handshake failed: HTTP spoken on HTTPS port; "
"trying to send HTML error page");
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, sslconn->server);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, sslconn->server);
sslconn->non_ssl_request = 1;
ssl_io_filter_disable(sslconn, f);
if ((n = SSL_connect(filter_ctx->pssl)) <= 0) {
ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c,
"SSL Proxy connect failed");
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);
/* ensure that the SSL structures etc are freed, etc: */
ssl_filter_io_shutdown(filter_ctx, c, 1);
return MODSSL_ERROR_BAD_GATEWAY;
"SSL library error %d in handshake "
"(server %s)", ssl_err,
ssl_util_vhostid(c->pool, server));
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);
}
if (inctx->rc == APR_SUCCESS) {
"accepting certificate based on "
"\"SSLVerifyClient optional_no_ca\" "
"configuration");
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);
}
else {
const char *error = sslconn->verify_error ?
ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, c,
"SSL client authentication failed: %s",
error ? error : "unknown");
- ssl_log_ssl_error(APLOG_MARK, APLOG_INFO, server);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_INFO, server);
ssl_filter_io_shutdown(filter_ctx, c, 1);
return APR_ECONNABORTED;
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
"Unable to reconfigure (per-directory) "
"permitted SSL ciphers");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
if (cipher_list_old) {
sk_SSL_CIPHER_free(cipher_list_old);
if (!modssl_X509_verify_cert(&cert_store_ctx)) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Re-negotiation verification step failed");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
}
SSL_set_verify_result(ssl, cert_store_ctx.error);
if (SSL_get_state(ssl) != SSL_ST_OK) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"Re-negotiation request failed");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, r->server);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
r->connection->keepalive = AP_CONN_CLOSE;
return HTTP_FORBIDDEN;
/*
* Log verification information
*/
- ssl_log_cxerror(APLOG_MARK, APLOG_DEBUG, 0, conn,
+ ssl_log_cxerror(SSLLOG_MARK, APLOG_DEBUG, 0, conn,
X509_STORE_CTX_get_current_cert(ctx),
"Certificate Verification, depth %d",
errdepth);
*certid = OCSP_cert_to_id(NULL, cert, ctx->current_issuer);
if (!*certid || !OCSP_request_add0_id(req, *certid)) {
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"could not retrieve certificate id");
return NULL;
if (rc == V_OCSP_CERTSTATUS_GOOD) {
basicResponse = OCSP_response_get1_basic(response);
if (!basicResponse) {
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
"could not retrieve OCSP basic response");
rc = V_OCSP_CERTSTATUS_UNKNOWN;
if (rc == V_OCSP_CERTSTATUS_GOOD) {
/* TODO: allow flags configuration. */
if (OCSP_basic_verify(basicResponse, NULL, ctx->ctx, 0) != 1) {
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"failed to verify the OCSP response");
rc = V_OCSP_CERTSTATUS_UNKNOWN;
rc = OCSP_resp_find_status(basicResponse, certID, &status,
&reason, NULL, &thisup, &nextup);
if (rc != 1) {
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_log_cxerror(APLOG_MARK, APLOG_ERR, 0, c, cert,
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert,
"failed to retrieve OCSP response status");
rc = V_OCSP_CERTSTATUS_UNKNOWN;
}
int vrc = OCSP_check_validity(thisup, nextup, MAX_SKEW, MAX_AGE);
if (vrc != 1) {
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
- ssl_log_cxerror(APLOG_MARK, APLOG_ERR, 0, c, cert,
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert,
"OCSP response outside validity period");
rc = V_OCSP_CERTSTATUS_UNKNOWN;
}
status == V_OCSP_CERTSTATUS_GOOD ? "good" :
(status == V_OCSP_CERTSTATUS_REVOKED ? "revoked" : "unknown");
- ssl_log_cxerror(APLOG_MARK, level, 0, c, cert,
+ ssl_log_cxerror(SSLLOG_MARK, level, 0, c, cert,
"OCSP validation completed, "
"certificate status: %s (%d, %d)",
result, status, reason);
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Unable to read server certificate from"
" file %s", szPath);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_die();
}
}
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Multiple %s server certificates not "
"allowed", an);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_die();
}
algoCert |= at;
"Init: Unable to read pass phrase "
"[Hint: key introduced or changed "
"before restart?]");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, pServ);
}
else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0,
pServ, "Init: Private key not found");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, pServ);
}
if (writetty) {
apr_file_printf(writetty, "Apache:mod_ssl:Error: Private key not found.\n");
else {
ap_log_error(APLOG_MARK, APLOG_ERR, 0,
pServ, "Init: Pass phrase incorrect");
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, pServ);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, pServ);
if (writetty) {
apr_file_printf(writetty, "Apache:mod_ssl:Error: Pass phrase incorrect.\n");
"Init: Unable to read server private key from "
"file %s [Hint: Perhaps it is in a separate file? "
" See SSLCertificateKeyFile]", szPath);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_die();
}
ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
"Init: Multiple %s server private keys not "
"allowed", an);
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
ssl_die();
}
algoKey |= at;
const char *format, ...)
__attribute__((format(printf,7,8)));
+#define SSLLOG_MARK __FILE__,__LINE__
/** Variables */
if (!p7) {
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"Can't read PKCS7 object %s", pkcs7);
- ssl_log_ssl_error(APLOG_MARK, APLOG_CRIT, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_CRIT, s);
exit(1);
}
* bio. */
response = d2i_OCSP_RESPONSE_bio(bio, NULL);
if (response == NULL) {
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, mySrvFromConn(c));
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
"failed to decode OCSP response data");
}
bio = serialize_request(request, uri);
if (bio == NULL) {
- ssl_log_ssl_error(APLOG_MARK, APLOG_ERR, mySrvFromConn(c));
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c,
"could not serialize OCSP request");
return NULL;
projects / apache / commitdiff