From: Kaspar Brand <kbrand@apache.org>
Date: Mon, 12 Dec 2011 20:05:27 +0000 (+0000)
Subject: backport r1213399 from trunk:
X-Git-Tag: 2.3.16~9
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9fe3c24de9ecbf5ec1be72bc4c189c7e5f70a087;p=apache

backport r1213399 from trunk:

logging adjustments:
- consistently call ssl_log_ssl_error after ap_log_error etc.
- ssl_init_ConfigureServer: add vhost_id to log message


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1213400 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index afab1fad22..dc4269d8ef 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -1360,7 +1360,7 @@ void ssl_init_ConfigureServer(server_rec *s,
      */
     if ((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) {
         ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01914)
-                     "Configuring server for SSL protocol");
+                     "Configuring server %s for SSL protocol", sc->vhost_id);
         ssl_init_server_ctx(s, p, ptemp, sc);
     }
 
diff --git a/modules/ssl/ssl_engine_ocsp.c b/modules/ssl/ssl_engine_ocsp.c
index b4ea919c4e..90da5c279f 100644
--- a/modules/ssl/ssl_engine_ocsp.c
+++ b/modules/ssl/ssl_engine_ocsp.c
@@ -110,9 +110,9 @@ static OCSP_REQUEST *create_request(X509_STORE_CTX *ctx, X509 *cert,
 
     *certid = OCSP_cert_to_id(NULL, cert, ctx->current_issuer);
     if (!*certid || !OCSP_request_add0_id(req, *certid)) {
-        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
         ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01921)
                      "could not retrieve certificate id");
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
         return NULL;
     }
 
@@ -164,9 +164,9 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
     if (rc == V_OCSP_CERTSTATUS_GOOD) {
         basicResponse = OCSP_response_get1_basic(response);
         if (!basicResponse) {
-            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01923)
                           "could not retrieve OCSP basic response");
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             rc = V_OCSP_CERTSTATUS_UNKNOWN;
         }
     }
@@ -182,9 +182,9 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
     if (rc == V_OCSP_CERTSTATUS_GOOD) {
         /* TODO: allow flags configuration. */
         if (OCSP_basic_verify(basicResponse, NULL, ctx->ctx, 0) != 1) {
-            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01925)
                         "failed to verify the OCSP response");
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             rc = V_OCSP_CERTSTATUS_UNKNOWN;
         }
     }
@@ -196,9 +196,9 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
         rc = OCSP_resp_find_status(basicResponse, certID, &status,
                                    &reason, NULL, &thisup, &nextup);
         if (rc != 1) {
-            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert, APLOGNO(02272)
                             "failed to retrieve OCSP response status");
+            ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
             rc = V_OCSP_CERTSTATUS_UNKNOWN;
         }
         else {
@@ -216,9 +216,9 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c,
             int vrc  = OCSP_check_validity(thisup, nextup, resptime_skew,
                                            sc->server->ocsp_resp_maxage);
             if (vrc != 1) {
-                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
                 ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert, APLOGNO(02273)
                                 "OCSP response outside validity period");
+                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s);
                 rc = V_OCSP_CERTSTATUS_UNKNOWN;
             }
         }
diff --git a/modules/ssl/ssl_util_ocsp.c b/modules/ssl/ssl_util_ocsp.c
index 48700c7c49..94ef4cd0a9 100644
--- a/modules/ssl/ssl_util_ocsp.c
+++ b/modules/ssl/ssl_util_ocsp.c
@@ -262,9 +262,9 @@ static OCSP_RESPONSE *read_response(apr_socket_t *sd, BIO *bio, conn_rec *c,
      * bio. */
     response = d2i_OCSP_RESPONSE_bio(bio, NULL);
     if (response == NULL) {
-        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
         ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01988)
                       "failed to decode OCSP response data");
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
     }
 
     return response;
@@ -281,9 +281,9 @@ OCSP_RESPONSE *modssl_dispatch_ocsp_request(const apr_uri_t *uri,
 
     bio = serialize_request(request, uri);
     if (bio == NULL) {
-        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
         ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01989)
                       "could not serialize OCSP request");
+        ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c));
         return NULL;
     }