From ba0d30294e842c428544322f36c1e61a0ddcf5dc Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Sun, 6 Jun 2010 17:10:23 +0000 Subject: [PATCH] Replace LogLevelDebugDump with TRACE log levels git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@951904 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/ssl/ssl_howto.xml | 11 +++++++++++ modules/ssl/mod_ssl.c | 3 --- modules/ssl/ssl_engine_config.c | 26 -------------------------- modules/ssl/ssl_engine_io.c | 18 ++++++++---------- modules/ssl/ssl_private.h | 14 -------------- 5 files changed, 19 insertions(+), 53 deletions(-) diff --git a/docs/manual/ssl/ssl_howto.xml b/docs/manual/ssl/ssl_howto.xml index df90aa08d4..512622a5b0 100644 --- a/docs/manual/ssl/ssl_howto.xml +++ b/docs/manual/ssl/ssl_howto.xml @@ -301,5 +301,16 @@ Require valid-user +
+ Logging + +

mod_ssl can log extremely verbose debugging information + to the error log, when its LogLevel is + set to the higher trace levels. On the other hand, on a very busy server, + level info may already be too much. Remember that you can + configure the LogLevel per module to + suite your needs.

+
+ diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index 01f8d8aee1..603a00e7c7 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -130,9 +130,6 @@ static const command_rec ssl_config_cmds[] = { "Enable support for insecure renegotiation") SSL_CMD_ALL(UserName, TAKE1, "Set user name to SSL variable value") - SSL_CMD_SRV(LogLevelDebugDump, TAKE1, - "Include I/O Dump when LogLevel is set to Debug " - "([ None (default) | IO (not bytes) | Bytes ])") SSL_CMD_SRV(StrictSNIVHostCheck, FLAG, "Strict SNI virtual host checking") diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index cdfc733490..ec9dd5d0a8 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -186,7 +186,6 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p) sc->session_cache_timeout = UNSET; sc->cipher_server_pref = UNSET; sc->insecure_reneg = UNSET; - sc->ssl_log_level = SSL_LOG_UNSET; sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET; sc->proxy_ssl_check_peer_cn = SSL_ENABLED_UNSET; #ifndef OPENSSL_NO_TLSEXT @@ -299,7 +298,6 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv) cfgMergeInt(session_cache_timeout); cfgMergeBool(cipher_server_pref); cfgMergeBool(insecure_reneg); - cfgMerge(ssl_log_level, SSL_LOG_UNSET); cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET); cfgMerge(proxy_ssl_check_peer_cn, SSL_ENABLED_UNSET); #ifndef OPENSSL_NO_TLSEXT @@ -1073,30 +1071,6 @@ const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd, return NULL; } -const char *ssl_cmd_SSLLogLevelDebugDump(cmd_parms *cmd, - void *dcfg, - const char *arg) -{ - SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - - if (strcEQ(arg, "none") || strcEQ(arg, "off")) { - sc->ssl_log_level = SSL_LOG_NONE; - } - else if (strcEQ(arg, "io") || strcEQ(arg, "i/o")) { - sc->ssl_log_level = SSL_LOG_IO; - } - else if (strcEQ(arg, "bytes") || strcEQ(arg, "on")) { - sc->ssl_log_level = SSL_LOG_BYTES; - } - else { - return apr_pstrcat(cmd->temp_pool, cmd->cmd->name, - ": Invalid argument '", arg, "'", - NULL); - } - - return NULL; -} - const char *ssl_cmd_SSLOptions(cmd_parms *cmd, void *dcfg, const char *arg) diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index 762a03b569..33ca726147 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -1717,8 +1717,6 @@ static void ssl_io_input_add_filter(ssl_filter_ctx_t *filter_ctx, conn_rec *c, void ssl_io_filter_init(conn_rec *c, request_rec *r, SSL *ssl) { ssl_filter_ctx_t *filter_ctx; - server_rec *s = c->base_server; - SSLSrvConfigRec *sc = mySrvConfig(s); filter_ctx = apr_palloc(c->pool, sizeof(ssl_filter_ctx_t)); @@ -1742,7 +1740,7 @@ void ssl_io_filter_init(conn_rec *c, request_rec *r, SSL *ssl) apr_pool_cleanup_register(c->pool, (void*)filter_ctx, ssl_io_filter_cleanup, apr_pool_cleanup_null); - if (APLOGcdebug(c) && (sc->ssl_log_level >= SSL_LOG_IO)) { + if (APLOGctrace4(c)) { BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb); BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl); } @@ -1783,7 +1781,7 @@ static void ssl_io_data_dump(server_rec *srvr, rows = (len / DUMP_WIDTH); if ((rows * DUMP_WIDTH) < len) rows++; - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr, + ap_log_error(APLOG_MARK, APLOG_TRACE7, 0, srvr, "+-------------------------------------------------------------------------+"); for(i = 0 ; i< rows; i++) { #if APR_CHARSET_EBCDIC @@ -1822,13 +1820,13 @@ static void ssl_io_data_dump(server_rec *srvr, } } apr_cpystrn(buf+strlen(buf), " |", sizeof(buf)-strlen(buf)); - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr, + ap_log_error(APLOG_MARK, APLOG_TRACE7, 0, srvr, "%s", buf); } if (trunc > 0) - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr, + ap_log_error(APLOG_MARK, APLOG_TRACE7, 0, srvr, "| %04ld - ", len + trunc); - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, srvr, + ap_log_error(APLOG_MARK, APLOG_TRACE7, 0, srvr, "+-------------------------------------------------------------------------+"); return; } @@ -1852,18 +1850,18 @@ long ssl_io_data_cb(BIO *bio, int cmd, if ( cmd == (BIO_CB_WRITE|BIO_CB_RETURN) || cmd == (BIO_CB_READ |BIO_CB_RETURN) ) { if (rc >= 0) { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + ap_log_error(APLOG_MARK, APLOG_TRACE4, 0, s, "%s: %s %ld/%d bytes %s BIO#%pp [mem: %pp] %s", SSL_LIBRARY_NAME, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"), rc, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "to" : "from"), bio, argp, (argp != NULL ? "(BIO dump follows)" : "(Oops, no memory buffer?)")); - if ((argp != NULL) && (sc->ssl_log_level >= SSL_LOG_BYTES)) + if ((argp != NULL) && APLOGctrace7(c)) ssl_io_data_dump(s, argp, rc); } else { - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, + ap_log_error(APLOG_MARK, APLOG_TRACE4, 0, s, "%s: I/O error, %d bytes expected to %s on BIO#%pp [mem: %pp]", SSL_LIBRARY_NAME, argi, (cmd == (BIO_CB_WRITE|BIO_CB_RETURN) ? "write" : "read"), diff --git a/modules/ssl/ssl_private.h b/modules/ssl/ssl_private.h index d8f252a01d..5ead74678e 100644 --- a/modules/ssl/ssl_private.h +++ b/modules/ssl/ssl_private.h @@ -149,18 +149,6 @@ ap_set_module_config(c->conn_config, &ssl_module, val) #define DEFAULT_RENEG_BUFFER_SIZE (128 * 1024) #endif -/** - * Define the per-server SSLLogLevel constants which provide - * finer-than-debug resolution to decide if logs are to be - * assulted with tens of thousands of characters per request. - */ -typedef enum { - SSL_LOG_UNSET = UNSET, - SSL_LOG_NONE = 0, - SSL_LOG_IO = 6, - SSL_LOG_BYTES = 7 -} ssl_log_level_e; - /** * Support for MM library */ @@ -512,7 +500,6 @@ struct SSLSrvConfigRec { BOOL insecure_reneg; modssl_ctx_t *server; modssl_ctx_t *proxy; - ssl_log_level_e ssl_log_level; ssl_enabled_t proxy_ssl_check_peer_expire; ssl_enabled_t proxy_ssl_check_peer_cn; #ifndef OPENSSL_NO_TLSEXT @@ -583,7 +570,6 @@ const char *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLRequireSSL(cmd_parms *, void *); const char *ssl_cmd_SSLRequire(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLUserName(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLLogLevelDebugDump(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLRenegBufferSize(cmd_parms *cmd, void *dcfg, const char *arg); const char *ssl_cmd_SSLStrictSNIVHostCheck(cmd_parms *cmd, void *dcfg, int flag); const char *ssl_cmd_SSLInsecureRenegotiation(cmd_parms *cmd, void *dcfg, int flag); -- 2.40.0