From: Stefan Fritsch Date: Sun, 24 Oct 2010 21:57:08 +0000 (+0000) Subject: Consistently use loglevel emerg before ssl_die() X-Git-Tag: 2.3.9~224 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d658afdd1c96f5b0ecb2a8da5ecafe0478d2dec0;p=apache Consistently use loglevel emerg before ssl_die() git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1026903 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 4a4bd6b776..295fd72d83 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -375,10 +375,10 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p) if (mc->szCryptoDevice) { if (!(e = ENGINE_by_id(mc->szCryptoDevice))) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Init: Failed to load Crypto Device API `%s'", mc->szCryptoDevice); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } @@ -387,10 +387,10 @@ void ssl_init_Engine(server_rec *s, apr_pool_t *p) } if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Init: Failed to enable Crypto Device API `%s'", mc->szCryptoDevice); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, @@ -412,7 +412,7 @@ static void ssl_init_server_check(server_rec *s, * possibility that the user forgot to set them. */ if (!mctx->pks->cert_files[0] && !mctx->pkcs7) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "No SSL Certificate set [hint: SSLCertificateFile]"); ssl_die(); } @@ -427,7 +427,7 @@ static void ssl_init_server_check(server_rec *s, #endif ) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Illegal attempt to re-initialise SSL for server " "(theoretically shouldn't happen!)"); ssl_die(); @@ -452,10 +452,10 @@ static void ssl_init_ctx_tls_extensions(server_rec *s, if (!SSL_CTX_set_tlsext_servername_callback(mctx->ssl_ctx, ssl_callback_ServerNameIndication) || !SSL_CTX_set_tlsext_servername_arg(mctx->ssl_ctx, mctx)) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Unable to initialize TLS servername extension " "callback (incompatible OpenSSL version?)"); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } @@ -485,7 +485,7 @@ static void ssl_init_ctx_protocol(server_rec *s, * Create the new per-server SSL context */ if (protocol == SSL_PROTOCOL_NONE) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "No SSL protocols available [hint: SSLProtocol]"); ssl_die(); } @@ -643,10 +643,10 @@ static void ssl_init_ctx_verify(server_rec *s, MODSSL_PCHAR_CAST mctx->auth.ca_cert_file, MODSSL_PCHAR_CAST mctx->auth.ca_cert_path)) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Unable to configure verify locations " "for client authentication"); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } @@ -659,7 +659,7 @@ static void ssl_init_ctx_verify(server_rec *s, mctx->auth.ca_cert_file, mctx->auth.ca_cert_path); if (!ca_list) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Unable to determine list of acceptable " "CA certificates for client authentication"); ssl_die(); @@ -704,9 +704,9 @@ static void ssl_init_ctx_cipher_suite(server_rec *s, suite); if (!SSL_CTX_set_cipher_list(ctx, MODSSL_PCHAR_CAST suite)) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Unable to configure permitted SSL ciphers"); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } } @@ -732,10 +732,10 @@ static void ssl_init_ctx_crl(server_rec *s, (char *)mctx->crl_path); if (!mctx->crl) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Unable to configure X.509 CRL storage " "for certificate revocation"); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } } @@ -793,7 +793,7 @@ static void ssl_init_ctx_cert_chain(server_rec *s, (char *)chain, skip_first, NULL); if (n < 0) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Failed to configure CA certificate chain!"); ssl_die(); } @@ -850,16 +850,16 @@ static int ssl_server_import_cert(server_rec *s, ptr = asn1->cpData; if (!(cert = d2i_X509(NULL, &ptr, asn1->nData))) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Unable to import %s server certificate", type); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } if (SSL_CTX_use_certificate(mctx->ssl_ctx, cert) <= 0) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Unable to configure %s server certificate", type); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } @@ -906,16 +906,16 @@ static int ssl_server_import_key(server_rec *s, ptr = asn1->cpData; if (!(pkey = d2i_PrivateKey(pkey_type, NULL, &ptr, asn1->nData))) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Unable to import %s server private key", type); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } if (SSL_CTX_use_PrivateKey(mctx->ssl_ctx, pkey) <= 0) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Unable to configure %s server private key", type); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } @@ -1033,7 +1033,7 @@ static void ssl_init_server_certs(server_rec *s, || have_ecc #endif )) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, #ifndef OPENSSL_NO_EC "Oops, no RSA, DSA or ECC server certificate found " #else @@ -1058,7 +1058,7 @@ static void ssl_init_server_certs(server_rec *s, || have_ecc #endif )) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, #ifndef OPENSSL_NO_EC "Oops, no RSA, DSA or ECC server private key found?!"); #else @@ -1346,7 +1346,7 @@ STACK_OF(X509_NAME) *ssl_init_FindCAList(server_rec *s, apr_status_t rv; if ((rv = apr_dir_open(&dir, ca_path, ptemp)) != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, "Failed to open Certificate Path `%s'", ca_path); ssl_die(); diff --git a/modules/ssl/ssl_engine_pphrase.c b/modules/ssl/ssl_engine_pphrase.c index 4f431c7f0d..a0cd38dd86 100644 --- a/modules/ssl/ssl_engine_pphrase.c +++ b/modules/ssl/ssl_engine_pphrase.c @@ -186,7 +186,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) */ if (sc->server->pks->cert_files[0] == NULL && sc->server->pkcs7 == NULL) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, pServ, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, pServ, "Server should be SSL-aware but has no certificate " "configured [Hint: SSLCertificateFile] (%s:%d)", pServ->defn_name, pServ->defn_line_number); @@ -208,16 +208,16 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) sizeof(szPath)); if ((rv = exists_and_readable(szPath, p, NULL)) != APR_SUCCESS) { - ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, "Init: Can't open server certificate file %s", szPath); ssl_die(); } if ((pX509Cert = SSL_read_X509(szPath, NULL, NULL)) == NULL) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Init: Unable to read server certificate from" " file %s", szPath); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } } @@ -228,10 +228,10 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) at = ssl_util_algotypeof(pX509Cert, NULL); an = ssl_util_algotypestr(at); if (algoCert & at) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Init: Multiple %s server certificates not " "allowed", an); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } algoCert |= at; @@ -304,7 +304,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) */ if ((rv = exists_and_readable(szPath, p, &pkey_mtime)) != APR_SUCCESS ) { - ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, rv, s, "Init: Can't open server private key file " "%s",szPath); ssl_die(); @@ -405,7 +405,7 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) } #ifdef WIN32 if (sc->server->pphrase_dialog_type == SSL_PPTYPE_BUILTIN) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Init: SSLPassPhraseDialog builtin is not " "supported on Win32 (key file " "%s)", szPath); @@ -438,9 +438,9 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) } } else { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, pServ, "Init: Pass phrase incorrect"); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, pServ); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, pServ); if (writetty) { apr_file_printf(writetty, "Apache:mod_ssl:Error: Pass phrase incorrect.\n"); @@ -451,11 +451,11 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) } if (pPrivateKey == NULL) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Init: Unable to read server private key from " "file %s [Hint: Perhaps it is in a separate file? " " See SSLCertificateKeyFile]", szPath); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } @@ -466,10 +466,10 @@ void ssl_pphrase_Handle(server_rec *s, apr_pool_t *p) at = ssl_util_algotypeof(NULL, pPrivateKey); an = ssl_util_algotypestr(at); if (algoKey & at) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Init: Multiple %s server private keys not " "allowed", an); - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s); ssl_die(); } algoKey |= at; diff --git a/modules/ssl/ssl_scache.c b/modules/ssl/ssl_scache.c index afb2f51607..104151e295 100644 --- a/modules/ssl/ssl_scache.c +++ b/modules/ssl/ssl_scache.c @@ -67,7 +67,8 @@ void ssl_scache_init(server_rec *s, apr_pool_t *p) rv = mc->stapling_cache->init(mc->stapling_cache_context, "mod_ssl-stapling", &hints, s, p); if (rv) { - /* ABORT ABORT etc. */ + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + "Could not initialize stapling cache. Exiting."); ssl_die(); } } @@ -91,7 +92,8 @@ void ssl_scache_init(server_rec *s, apr_pool_t *p) rv = mc->sesscache->init(mc->sesscache_context, "mod_ssl-session", &hints, s, p); if (rv) { - /* ABORT ABORT etc. */ + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, + "Could not initialize session cache. Exiting."); ssl_die(); } } diff --git a/modules/ssl/ssl_util.c b/modules/ssl/ssl_util.c index 2aabb77e86..2b6ad0ba8f 100644 --- a/modules/ssl/ssl_util.c +++ b/modules/ssl/ssl_util.c @@ -287,7 +287,7 @@ STACK_OF(X509) *ssl_read_pkcs7(server_rec *s, const char *pkcs7) f = fopen(pkcs7, "r"); if (!f) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, "Can't open %s", pkcs7); + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Can't open %s", pkcs7); ssl_die(); } @@ -313,13 +313,13 @@ STACK_OF(X509) *ssl_read_pkcs7(server_rec *s, const char *pkcs7) break; default: - ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "Don't understand PKCS7 file %s", pkcs7); ssl_die(); } if (!certs) { - ap_log_error(APLOG_MARK, APLOG_CRIT|APLOG_NOERRNO, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "No certificates in %s", pkcs7); ssl_die(); } diff --git a/modules/ssl/ssl_util_stapling.c b/modules/ssl/ssl_util_stapling.c index ca47b8e419..8819def4ba 100644 --- a/modules/ssl/ssl_util_stapling.c +++ b/modules/ssl/ssl_util_stapling.c @@ -653,12 +653,12 @@ void modssl_init_stapling(server_rec *s, apr_pool_t *p, apr_pool_t *ptemp, SSLModConfigRec *mc = myModConfig(s); if (mc->stapling_cache == NULL) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "SSLStapling: no stapling cache available"); ssl_die(); } if (ssl_stapling_mutex_init(s, ptemp) == FALSE) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, + ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, "SSLStapling: cannot initialise stapling mutex"); ssl_die(); }