From fafabb637f01f973f11c368c9078bc701ae03a69 Mon Sep 17 00:00:00 2001 From: Justin Erenkrantz Date: Thu, 16 May 2002 06:09:13 +0000 Subject: [PATCH] Remove SSLLog and SSLLogLevel directives in favor of having mod_ssl use the standard ErrorLog directives. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@95129 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 + docs/conf/ssl-std.conf | 10 -- docs/manual/mod/mod_ssl.xml | 72 ----------- modules/ssl/mod_ssl.c | 14 +-- modules/ssl/mod_ssl.h | 29 ----- modules/ssl/ssl_engine_config.c | 60 --------- modules/ssl/ssl_engine_init.c | 6 +- modules/ssl/ssl_engine_io.c | 3 +- modules/ssl/ssl_engine_kernel.c | 17 ++- modules/ssl/ssl_engine_log.c | 211 -------------------------------- 10 files changed, 20 insertions(+), 405 deletions(-) diff --git a/CHANGES b/CHANGES index 2d140ed815..d8194be79e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,8 @@ Changes with Apache 2.0.37 + *) Remove SSLLog and SSLLogLevel directives in favor of having + mod_ssl use the standard ErrorLog directives. [Justin Erenkrantz] + *) OS/390: LIBPATH no longer has to be manually uncommented in envvars to get apachectl to set up httpd properly. [Jeff Trawick] diff --git a/docs/conf/ssl-std.conf b/docs/conf/ssl-std.conf index 17cd5f9918..434a471839 100644 --- a/docs/conf/ssl-std.conf +++ b/docs/conf/ssl-std.conf @@ -82,16 +82,6 @@ SSLRandomSeed connect builtin #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 -# Logging: -# The home of the dedicated SSL protocol logfile. Errors are -# additionally duplicated in the general error log file. Put -# this somewhere where it cannot be used for symlink attacks on -# a real server (i.e. somewhere where only root can write). -# Log levels are (ascending order: higher ones include lower ones): -# none, error, warn, info, trace, debug. -SSLLog logs/ssl_engine_log -SSLLogLevel info - ## ## SSL Virtual Host Context ## diff --git a/docs/manual/mod/mod_ssl.xml b/docs/manual/mod/mod_ssl.xml index fabe668a32..772cc7a0e8 100644 --- a/docs/manual/mod/mod_ssl.xml +++ b/docs/manual/mod/mod_ssl.xml @@ -901,78 +901,6 @@ SSLVerifyDepth 10 - -SSLLog -Where to write the dedicated SSL engine logfile -SSLLog file-path -server config -virtual host - - -

-This directive sets the name of the dedicated SSL protocol engine logfile. -Error type messages are additionally duplicated to the general Apache error -log file (directive ErrorLog). Put this somewhere where it cannot -be used for symlink attacks on a real server (i.e. somewhere where only root -can write). If the file-path does not begin with a slash -('/') then it is assumed to be relative to the Server -Root. If file-path begins with a bar ('|') then the -following string is assumed to be a path to an executable program to which a -reliable pipe can be established. The directive should occur only once per -virtual server config.

-Example -SSLLog /usr/local/apache/logs/ssl_engine_log - - - - - -SSLLogLevel -Logging level for the dedicated SSL engine -logfile -SSLLogLevel level -SSLLogLevel none -server config -virtual host - - -

-This directive sets the verbosity degree of the dedicated SSL protocol engine -logfile. The level is one of the following (in ascending order where -higher levels include lower levels):

-
    -
  • none
    - no dedicated SSL logging is done, but messages of level - ``error'' are still written to the general Apache error - logfile. -
    • -
  • error
    - log messages of error type only, i.e. messages which show fatal situations - (processing is stopped). Those messages are also duplicated to the - general Apache error logfile. -
    • -
  • warn
    - log also warning messages, i.e. messages which show non-fatal problems - (processing is continued). -
    • -
  • info
    - log also informational messages, i.e. messages which show major - processing steps. -
    • -
  • trace
    - log also trace messages, i.e. messages which show minor processing steps. -
    • -
  • debug
    - log also debugging messages, i.e. messages which show development and - low-level I/O information. -
    • -
-Example -SSLLogLevel warn - - - - SSLOptions Configure various SSL engine run-time options diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c index d2d3a08685..7e1969b931 100644 --- a/modules/ssl/mod_ssl.c +++ b/modules/ssl/mod_ssl.c @@ -141,12 +141,6 @@ static const command_rec ssl_config_cmds[] = { SSL_CMD_SRV(SessionCacheTimeout, TAKE1, "SSL Session Cache object lifetime " "(`N' - number of seconds)") - SSL_CMD_SRV(Log, TAKE1, - "SSL logfile for SSL-related messages " - "(`/path/to/file', `|/path/to/program')") - SSL_CMD_SRV(LogLevel, TAKE1, - "SSL logfile verbosity level " - "(`none', `error', `warn', `info', `debug')") SSL_CMD_SRV(Protocol, RAW_ARGS, "Enable or disable various SSL protocols" "(`[+-][SSLv2|SSLv3|TLSv1] ...' - see manual)") @@ -201,6 +195,12 @@ static const command_rec ssl_config_cmds[] = { "Require a boolean expression to evaluate to true for granting access" "(arbitrary complex boolean expression - see manual)") + /* Deprecated directives. */ + AP_INIT_RAW_ARGS("SSLLog", ap_set_deprecated, NULL, OR_ALL, + "SSLLog directive is no longer supported - use ErrorLog."), + AP_INIT_RAW_ARGS("SSLLogLevel", ap_set_deprecated, NULL, OR_ALL, + "SSLLogLevel directive is no longer supported - use LogLevel."), + AP_END_CMD }; @@ -302,8 +302,6 @@ static int ssl_hook_pre_connection(conn_rec *c, void *csd) return DECLINED; } - sslconn->log_level = sc->log_level; - /* * Remember the connection information for * later access inside callback functions diff --git a/modules/ssl/mod_ssl.h b/modules/ssl/mod_ssl.h index 7a0b561e0a..aedd09390f 100644 --- a/modules/ssl/mod_ssl.h +++ b/modules/ssl/mod_ssl.h @@ -203,25 +203,6 @@ ap_set_module_config(c->conn_config, &ssl_module, val) #define myCtxVarSet(mc,num,val) mc->rCtx.pV##num = val #define myCtxVarGet(mc,num,type) (type)(mc->rCtx.pV##num) -/* - * SSL Logging - */ -#define SSL_LOG_NONE (1<<0) -#define SSL_LOG_ERROR (1<<1) -#define SSL_LOG_WARN (1<<2) -#define SSL_LOG_INFO (1<<3) -#define SSL_LOG_TRACE (1<<4) -#define SSL_LOG_DEBUG (1<<5) -#define SSL_LOG_MASK (SSL_LOG_ERROR|SSL_LOG_WARN|SSL_LOG_INFO|SSL_LOG_TRACE|SSL_LOG_DEBUG) - -#define SSL_ADD_NONE (1<<8) -#define SSL_ADD_ERRNO (1<<9) -#define SSL_ADD_SSLERR (1<<10) -#define SSL_NO_TIMESTAMP (1<<11) -#define SSL_NO_LEVELID (1<<12) -#define SSL_NO_NEWLINE (1<<13) -#define SSL_INIT (1<<14) - /* * Defaults for the configuration */ @@ -431,13 +412,10 @@ typedef struct { const char *verify_info; const char *verify_error; int verify_depth; - int log_level; /* for avoiding expensive logging */ int is_proxy; int disabled; } SSLConnRec; -#define SSLConnLogApplies(sslconn, level) (sslconn->log_level >= level) - typedef struct { pid_t pid; apr_pool_t *pPool; @@ -528,9 +506,6 @@ struct SSLSrvConfigRec { BOOL proxy_enabled; const char *vhost_id; int vhost_id_len; - const char *log_file_name; - apr_file_t *log_file; - int log_level; int session_cache_timeout; modssl_ctx_t *server; modssl_ctx_t *proxy; @@ -586,8 +561,6 @@ const char *ssl_cmd_SSLVerifyClient(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLVerifyDepth(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLSessionCache(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLLog(cmd_parms *, void *, const char *); -const char *ssl_cmd_SSLLogLevel(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLProtocol(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLOptions(cmd_parms *, void *, const char *); const char *ssl_cmd_SSLRequireSSL(cmd_parms *, void *); @@ -704,8 +677,6 @@ int ssl_mutex_on(server_rec *); int ssl_mutex_off(server_rec *); /* Logfile Support */ -void ssl_log_open(server_rec *, server_rec *, apr_pool_t *); -void ssl_log(server_rec *, int, const char *, ...); void ssl_die(void); void ssl_log_ssl_error(const char *, int, int, server_rec *); diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index 03932a8846..1350e4fc56 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -209,9 +209,6 @@ static SSLSrvConfigRec *ssl_config_server_new(apr_pool_t *p) sc->proxy_enabled = UNSET; sc->vhost_id = NULL; /* set during module init */ sc->vhost_id_len = 0; /* set during module init */ - sc->log_file_name = NULL; - sc->log_file = NULL; /* set during module init */ - sc->log_level = SSL_LOG_NONE; sc->session_cache_timeout = UNSET; modssl_ctx_init_proxy(sc, p); @@ -296,8 +293,6 @@ void *ssl_config_server_merge(apr_pool_t *p, void *basev, void *addv) cfgMerge(mc, NULL); cfgMergeBool(enabled); cfgMergeBool(proxy_enabled); - cfgMergeString(log_file_name); - cfgMerge(log_level, SSL_LOG_NONE); cfgMergeInt(session_cache_timeout); modssl_ctx_cfg_merge_proxy(base->proxy, add->proxy, mrg->proxy); @@ -1052,61 +1047,6 @@ const char *ssl_cmd_SSLSessionCacheTimeout(cmd_parms *cmd, return NULL; } -#define SSL_FLAGS_LOG_CONTEXT \ - (NOT_IN_LIMIT|NOT_IN_DIRECTORY|NOT_IN_LOCATION|NOT_IN_FILES) - -const char *ssl_cmd_SSLLog(cmd_parms *cmd, - void *dcfg, - const char *arg) -{ - SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - const char *err; - - if ((err = ap_check_cmd_context(cmd, SSL_FLAGS_LOG_CONTEXT))) { - return err; - } - - sc->log_file_name = arg; - - return NULL; -} - -const char *ssl_cmd_SSLLogLevel(cmd_parms *cmd, - void *dcfg, - const char *level) -{ - SSLSrvConfigRec *sc = mySrvConfig(cmd->server); - const char *err; - - if ((err = ap_check_cmd_context(cmd, SSL_FLAGS_LOG_CONTEXT))) { - return err; - } - - if (strcEQ(level, "none")) { - sc->log_level = SSL_LOG_NONE; - } - else if (strcEQ(level, "error")) { - sc->log_level = SSL_LOG_ERROR; - } - else if (strcEQ(level, "warn")) { - sc->log_level = SSL_LOG_WARN; - } - else if (strcEQ(level, "info")) { - sc->log_level = SSL_LOG_INFO; - } - else if (strcEQ(level, "trace")) { - sc->log_level = SSL_LOG_TRACE; - } - else if (strcEQ(level, "debug")) { - sc->log_level = SSL_LOG_DEBUG; - } - else { - return "SSLLogLevel: Invalid argument"; - } - - return NULL; -} - const char *ssl_cmd_SSLOptions(cmd_parms *cmd, void *dcfg, const char *arg) diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index a314de9f62..05d049e9d9 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -255,8 +255,6 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, sc->server->pphrase_dialog_type = SSL_PPTYPE_BUILTIN; } - /* Open the dedicated SSL logfile */ - ssl_log_open(base_server, s, p); } ssl_init_SSLLibrary(base_server); @@ -499,8 +497,8 @@ static void ssl_init_ctx_callbacks(server_rec *s, SSL_CTX_set_tmp_rsa_callback(ctx, ssl_callback_TmpRSA); SSL_CTX_set_tmp_dh_callback(ctx, ssl_callback_TmpDH); - if (mctx->sc->log_level >= SSL_LOG_INFO) { - /* this callback only logs if SSLLogLevel >= info */ + if (s->loglevel >= APLOG_DEBUG) { + /* this callback only logs if LogLevel >= info */ SSL_CTX_set_info_callback(ctx, ssl_callback_LogTracingState); } } diff --git a/modules/ssl/ssl_engine_io.c b/modules/ssl/ssl_engine_io.c index ca5597c478..79b7510b20 100644 --- a/modules/ssl/ssl_engine_io.c +++ b/modules/ssl/ssl_engine_io.c @@ -903,7 +903,6 @@ static apr_status_t ssl_io_filter_cleanup (void *data) void ssl_io_filter_init(conn_rec *c, SSL *ssl) { - SSLSrvConfigRec *sc = mySrvConfig(c->base_server); SSLFilterRec *filter; filter = apr_palloc(c->pool, sizeof(SSLFilterRec)); @@ -922,7 +921,7 @@ void ssl_io_filter_init(conn_rec *c, SSL *ssl) apr_pool_cleanup_register(c->pool, (void*)filter, ssl_io_filter_cleanup, apr_pool_cleanup_null); - if (sc->log_level >= SSL_LOG_DEBUG) { + if (c->base_server->loglevel >= APLOG_DEBUG) { BIO_set_callback(SSL_get_rbio(ssl), ssl_io_data_cb); BIO_set_callback_arg(SSL_get_rbio(ssl), (void *)ssl); } diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c index 895c38ad86..4112391b6a 100644 --- a/modules/ssl/ssl_engine_kernel.c +++ b/modules/ssl/ssl_engine_kernel.c @@ -145,7 +145,7 @@ apr_status_t ssl_hook_CloseConnection(SSLFilterRec *filter) SSL_smart_shutdown(ssl); /* and finally log the fact that we've closed the connection */ - if (SSLConnLogApplies(sslconn, SSL_LOG_INFO)) { + if (conn->base_server->loglevel >= APLOG_INFO) { ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, conn->base_server, "Connection to child %ld closed with %s shutdown" "(server %s, client %s)", @@ -243,7 +243,7 @@ int ssl_hook_Translate(request_rec *r) /* * Log information about incoming HTTPS requests */ - if (SSLConnLogApplies(sslconn, SSL_LOG_INFO) && ap_is_initial_req(r)) { + if (r->server->loglevel >= APLOG_INFO && ap_is_initial_req(r)) { ap_log_error(APLOG_MARK, APLOG_INFO|APLOG_NOERRNO, 0, r->server, "%s HTTPS request received for child %ld (server %s)", (r->connection->keepalives <= 0 ? @@ -1280,7 +1280,7 @@ int ssl_callback_SSLVerify(int ok, X509_STORE_CTX *ctx) /* * Log verification information */ - if (sc->log_level >= SSL_LOG_TRACE) { + if (s->loglevel >= APLOG_DEBUG) { X509 *cert = X509_STORE_CTX_get_current_cert(ctx); char *sname = X509_NAME_oneline(X509_get_subject_name(cert), NULL, 0); char *iname = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); @@ -1455,7 +1455,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c) * Log information about CRL * (A little bit complicated because of ASN.1 and BIOs...) */ - if (sc->log_level >= SSL_LOG_TRACE) { + if (s->loglevel >= APLOG_DEBUG) { char buff[512]; /* should be plenty */ BIO *bio = BIO_new(BIO_s_mem()); @@ -1541,7 +1541,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, conn_rec *c) ASN1_INTEGER *sn = X509_REVOKED_get_serialNumber(revoked); if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(cert))) { - if (sc->log_level >= SSL_LOG_INFO) { + if (s->loglevel >= APLOG_DEBUG) { char *cp = X509_NAME_oneline(issuer, NULL, 0); long serial = ASN1_INTEGER_get(sn); @@ -1577,7 +1577,7 @@ static void modssl_proxy_info_log(server_rec *s, X509_NAME *name; const char *dn; - if (sc->log_level < SSL_LOG_TRACE) { + if (s->loglevel < APLOG_DEBUG) { return; } @@ -1671,11 +1671,10 @@ static void ssl_session_log(server_rec *s, const char *result, long timeout) { - SSLSrvConfigRec *sc = mySrvConfig(s); char buf[SSL_SESSION_ID_STRING_LEN]; char timeout_str[56] = {'\0'}; - if (sc->log_level < SSL_LOG_TRACE) { + if (s->loglevel < APLOG_DEBUG) { return; } @@ -1836,7 +1835,7 @@ void ssl_callback_LogTracingState(SSL *ssl, int where, int rc) /* * create the various trace messages */ - if (sc->log_level >= SSL_LOG_TRACE) { + if (s->loglevel >= APLOG_DEBUG) { if (where & SSL_CB_HANDSHAKE_START) { ap_log_error(APLOG_MARK, APLOG_DEBUG|APLOG_NOERRNO, 0, s, "%s: Handshake: start", SSL_LIBRARY_NAME); diff --git a/modules/ssl/ssl_engine_log.c b/modules/ssl/ssl_engine_log.c index d7f51cf2a7..728dd8534b 100644 --- a/modules/ssl/ssl_engine_log.c +++ b/modules/ssl/ssl_engine_log.c @@ -68,75 +68,6 @@ ** _________________________________________________________________ */ -/* - * Open the SSL logfile - */ -void ssl_log_open(server_rec *s_main, server_rec *s, apr_pool_t *p) -{ - const char *szLogFile; - SSLSrvConfigRec *sc_main = mySrvConfig(s_main); - SSLSrvConfigRec *sc = mySrvConfig(s); - piped_log *pl; - - /* - * Short-circuit for inherited logfiles in order to save - * filedescriptors in mass-vhost situation. Be careful, this works - * fine because the close happens implicitly by the pool facility. - */ - if ((s != s_main) && - (sc_main->log_file != NULL) && - ((sc->log_file_name == NULL) || - ((sc->log_file_name != NULL) && - (sc_main->log_file_name != NULL) && - strEQ(sc->log_file_name, sc_main->log_file_name)))) - { - sc->log_file = sc_main->log_file; - } - else if (sc->log_file_name != NULL) { - if (strEQ(sc->log_file_name, "/dev/null")) - return; - else if (sc->log_file_name[0] == '|') { - szLogFile = sc->log_file_name + 1; - while (*szLogFile == ' ' || *szLogFile == '\t') - szLogFile++; - if ((pl = ap_open_piped_log(p, szLogFile)) == NULL) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Cannot open reliable pipe to SSL logfile filter %s", szLogFile); - ssl_die(); - } - sc->log_file = ap_piped_log_write_fd(pl); - } - else { - szLogFile = ap_server_root_relative(p, sc->log_file_name); - if (!szLogFile) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Invalid SSL logfile path %s", sc->log_file_name); - ssl_die(); - } - if ((apr_file_open(&(sc->log_file), szLogFile, - APR_WRITE|APR_APPEND|APR_CREATE, APR_OS_DEFAULT, p)) - != APR_SUCCESS) { - ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO, - "Cannot open SSL logfile %s", szLogFile); - ssl_die(); - } - } - } - return; -} - -static struct { - int nLevel; - char *szLevel; -} ssl_log_level2string[] = { - { SSL_LOG_ERROR, "error" }, - { SSL_LOG_WARN, "warn" }, - { SSL_LOG_INFO, "info" }, - { SSL_LOG_TRACE, "trace" }, - { SSL_LOG_DEBUG, "debug" }, - { 0, NULL } -}; - static struct { char *cpPattern; char *cpAnnotation; @@ -169,148 +100,6 @@ static char *ssl_log_annotation(char *error) return errstr; } -void ssl_log(server_rec *s, int level, const char *msg, ...) -{ - char tstr[80]; - char lstr[256]; - char vstr[1024]; - char str[1024]; - char *nstr; - apr_size_t len; - apr_time_exp_t t; - va_list ap; - int add; - int i; - char *astr; - int safe_errno; - unsigned long e; - SSLSrvConfigRec *sc; - char *cpE; - char *cpA; - - /* initialization */ - safe_errno = errno; - sc = mySrvConfig(s); - - /* strip out additional flags */ - add = (level & ~SSL_LOG_MASK); - level = (level & SSL_LOG_MASK); - - /* reduce flags when not reasonable in context */ - if (add & SSL_ADD_ERRNO && errno == 0) - add &= ~SSL_ADD_ERRNO; - if (add & SSL_ADD_SSLERR && ERR_peek_error() == 0) - add &= ~SSL_ADD_SSLERR; - - /* we log only levels below, except for errors */ - if ( sc->log_file == NULL - && !(level & SSL_LOG_ERROR)) - return; - if ( level > sc->log_level - && !(level & SSL_LOG_ERROR)) - return; - - /* determine the time entry string */ - if (add & SSL_NO_TIMESTAMP) - tstr[0] = NUL; - else { - apr_time_exp_lt(&t, apr_time_now()); - apr_strftime(tstr, &len, 80, "[%d/%b/%Y %H:%M:%S", &t); - apr_snprintf(tstr + strlen(tstr), 80 - strlen(tstr), " %05d] ", - (unsigned int)getpid()); - } - - /* determine whether newline should be written */ - if (add & SSL_NO_NEWLINE) - nstr = ""; - else { - nstr = APR_EOL_STR; - } - - /* determine level name */ - lstr[0] = NUL; - if (!(add & SSL_NO_LEVELID)) { - for (i = 0; ssl_log_level2string[i].nLevel != 0; i++) { - if (ssl_log_level2string[i].nLevel == level) { - apr_snprintf(lstr, sizeof(lstr), "[%s]", ssl_log_level2string[i].szLevel); - break; - } - } - for (i = strlen(lstr); i <= 7; i++) - lstr[i] = ' '; - lstr[i] = NUL; - } - - if (add & SSL_INIT) { - len = strlen(lstr); - apr_snprintf(&lstr[len], sizeof(lstr) - len, - "Init: (%s) ", sc->vhost_id); - } - - /* create custom message */ - va_start(ap, msg); - apr_vsnprintf(vstr, sizeof(vstr), msg, ap); - va_end(ap); - - /* write out SSLog message */ - if ((add & SSL_ADD_ERRNO) && (add & SSL_ADD_SSLERR)) - astr = " (System and " SSL_LIBRARY_NAME " library errors follow)"; - else if (add & SSL_ADD_ERRNO) - astr = " (System error follows)"; - else if (add & SSL_ADD_SSLERR) - astr = " (" SSL_LIBRARY_NAME " library error follows)"; - else - astr = ""; - if (level <= sc->log_level && sc->log_file != NULL) { - apr_snprintf(str, sizeof(str), "%s%s%s%s%s", - tstr, lstr, vstr, astr, nstr); - apr_file_printf(sc->log_file, "%s", str); - } - if (level & SSL_LOG_ERROR) - ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, - "mod_ssl: %s%s", vstr, astr); - - /* write out additional attachment messages */ - if (add & SSL_ADD_ERRNO) { - if (level <= sc->log_level && sc->log_file != NULL) { - apr_snprintf(str, sizeof(str), "%s%sSystem: %s (errno: %d)%s", - tstr, lstr, strerror(safe_errno), safe_errno, nstr); - apr_file_printf(sc->log_file, "%s", str); - } - if (level & SSL_LOG_ERROR) - ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, - "System: %s (errno: %d)", - strerror(safe_errno), safe_errno); - } - if (add & SSL_ADD_SSLERR) { - while ((e = ERR_get_error())) { - cpE = ERR_error_string(e, NULL); - cpA = ssl_log_annotation(cpE); - if (level <= sc->log_level && sc->log_file != NULL) { - apr_snprintf(str, sizeof(str), "%s%s%s: %s%s%s%s%s", - tstr, lstr, SSL_LIBRARY_NAME, cpE, - cpA != NULL ? " [Hint: " : "", - cpA != NULL ? cpA : "", cpA != NULL ? "]" : "", - nstr); - apr_file_printf(sc->log_file, "%s", str); - } - if (level & SSL_LOG_ERROR) - ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, - "%s: %s%s%s%s", SSL_LIBRARY_NAME, cpE, - cpA != NULL ? " [Hint: " : "", - cpA != NULL ? cpA : "", cpA != NULL ? "]" : ""); - } - } - /* make sure the next log starts from a clean base */ - /* ERR_clear_error(); */ - - /* cleanup and return */ - if (sc->log_file != NULL) - apr_file_flush(sc->log_file); - errno = safe_errno; - return; -} - void ssl_die(void) { /* -- 2.50.1