if (mc->szCryptoDevice) {
if (!(e = ENGINE_by_id(mc->szCryptoDevice))) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Init: Failed to load Crypto Device API `%s'",
mc->szCryptoDevice);
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
}
if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Init: Failed to enable Crypto Device API `%s'",
mc->szCryptoDevice);
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
* possibility that the user forgot to set them.
*/
if (!mctx->pks->cert_files[0] && !mctx->pkcs7) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"No SSL Certificate set [hint: SSLCertificateFile]");
ssl_die();
}
#endif
)
{
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Illegal attempt to re-initialise SSL for server "
"(theoretically shouldn't happen!)");
ssl_die();
if (!SSL_CTX_set_tlsext_servername_callback(mctx->ssl_ctx,
ssl_callback_ServerNameIndication) ||
!SSL_CTX_set_tlsext_servername_arg(mctx->ssl_ctx, mctx)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to initialize TLS servername extension "
"callback (incompatible OpenSSL version?)");
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
* Create the new per-server SSL context
*/
if (protocol == SSL_PROTOCOL_NONE) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"No SSL protocols available [hint: SSLProtocol]");
ssl_die();
}
MODSSL_PCHAR_CAST mctx->auth.ca_cert_file,
MODSSL_PCHAR_CAST mctx->auth.ca_cert_path))
{
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to configure verify locations "
"for client authentication");
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
mctx->auth.ca_cert_file,
mctx->auth.ca_cert_path);
if (!ca_list) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to determine list of acceptable "
"CA certificates for client authentication");
ssl_die();
suite);
if (!SSL_CTX_set_cipher_list(ctx, MODSSL_PCHAR_CAST suite)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to configure permitted SSL ciphers");
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
}
(char *)mctx->crl_path);
if (!mctx->crl) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to configure X.509 CRL storage "
"for certificate revocation");
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
}
(char *)chain,
skip_first, NULL);
if (n < 0) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Failed to configure CA certificate chain!");
ssl_die();
}
ptr = asn1->cpData;
if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to import %s server certificate", type);
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to configure %s server certificate", type);
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
ptr = asn1->cpData;
if (!(pkey = d2i_PrivateKey(pkey_type, NULL, &ptr, asn1->nData)))
{
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to import %s server private key", type);
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Unable to configure %s server private key", type);
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
|| have_ecc
#endif
)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
#ifndef OPENSSL_NO_EC
"Oops, no RSA, DSA or ECC server certificate found "
#else
|| have_ecc
#endif
)) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
#ifndef OPENSSL_NO_EC
"Oops, no RSA, DSA or ECC server private key found?!");
#else
apr_status_t rv;
if ((rv = apr_dir_open(&dir, ca_path, ptemp)) != APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
"Failed to open Certificate Path `%s'",
ca_path);
ssl_die();
*/
if (sc->server->pks->cert_files[0] == NULL
&& sc->server->pkcs7 == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, pServ,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, pServ,
"Server should be SSL-aware but has no certificate "
"configured [Hint: SSLCertificateFile] (%s:%d)",
pServ->defn_name, pServ->defn_line_number);
sizeof(szPath));
if ((rv = exists_and_readable(szPath, p, NULL))
!= APR_SUCCESS) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
"Init: Can't open server certificate file %s",
szPath);
ssl_die();
}
if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Init: Unable to read server certificate from"
" file %s", szPath);
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
}
at = ssl_util_algotypeof(pX509Cert, NULL);
an = ssl_util_algotypestr(at);
if (algoCert & at) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Init: Multiple %s server certificates not "
"allowed", an);
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
algoCert |= at;
*/
if ((rv = exists_and_readable(szPath, p,
&pkey_mtime)) != APR_SUCCESS ) {
- ap_log_error(APLOG_MARK, APLOG_ERR, rv, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s,
"Init: Can't open server private key file "
"%s",szPath);
ssl_die();
}
#ifdef WIN32
if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Init: SSLPassPhraseDialog builtin is not "
"supported on Win32 (key file "
"%s)", szPath);
}
}
else {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0,
pServ, "Init: Pass phrase incorrect");
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, pServ);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, pServ);
if (writetty) {
apr_file_printf(writetty, "Apache:mod_ssl:Error: Pass phrase incorrect.\n");
}
if (pPrivateKey == NULL) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Init: Unable to read server private key from "
"file %s [Hint: Perhaps it is in a separate file? "
" See SSLCertificateKeyFile]", szPath);
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
at = ssl_util_algotypeof(NULL, pPrivateKey);
an = ssl_util_algotypestr(at);
if (algoKey & at) {
- ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,
+ ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s,
"Init: Multiple %s server private keys not "
"allowed", an);
- ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
+ ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
ssl_die();
}
algoKey |= at;
projects / apache / commitdiff