diff options
author | Kaspar Brand <kbrand@apache.org> | 2011-12-12 20:05:27 +0000 |
---|---|---|
committer | Kaspar Brand <kbrand@apache.org> | 2011-12-12 20:05:27 +0000 |
commit | 9fe3c24de9ecbf5ec1be72bc4c189c7e5f70a087 (patch) | |
tree | 771ef8d004b67573eeea44299d8e3b57949af082 /modules/ssl | |
parent | f082f40cb7a96f27e1072c8d9c793cdca5a21260 (diff) | |
download | httpd-9fe3c24de9ecbf5ec1be72bc4c189c7e5f70a087.tar.gz |
backport r1213399 from trunk:
logging adjustments:
- consistently call ssl_log_ssl_error after ap_log_error etc.
- ssl_init_ConfigureServer: add vhost_id to log message
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1213400 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/ssl')
-rw-r--r-- | modules/ssl/ssl_engine_init.c | 2 | ||||
-rw-r--r-- | modules/ssl/ssl_engine_ocsp.c | 10 | ||||
-rw-r--r-- | modules/ssl/ssl_util_ocsp.c | 4 |
3 files changed, 8 insertions, 8 deletions
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index afab1fad22..dc4269d8ef 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -1360,7 +1360,7 @@ void ssl_init_ConfigureServer(server_rec *s, */ if ((sc->enabled == SSL_ENABLED_TRUE) || (sc->enabled == SSL_ENABLED_OPTIONAL)) { ap_log_error(APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(01914) - "Configuring server for SSL protocol"); + "Configuring server %s for SSL protocol", sc->vhost_id); ssl_init_server_ctx(s, p, ptemp, sc); } diff --git a/modules/ssl/ssl_engine_ocsp.c b/modules/ssl/ssl_engine_ocsp.c index b4ea919c4e..90da5c279f 100644 --- a/modules/ssl/ssl_engine_ocsp.c +++ b/modules/ssl/ssl_engine_ocsp.c @@ -110,9 +110,9 @@ static OCSP_REQUEST *create_request(X509_STORE_CTX *ctx, X509 *cert, *certid = OCSP_cert_to_id(NULL, cert, ctx->current_issuer); if (!*certid || !OCSP_request_add0_id(req, *certid)) { - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01921) "could not retrieve certificate id"); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); return NULL; } @@ -164,9 +164,9 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c, if (rc == V_OCSP_CERTSTATUS_GOOD) { basicResponse = OCSP_response_get1_basic(response); if (!basicResponse) { - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01923) "could not retrieve OCSP basic response"); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); rc = V_OCSP_CERTSTATUS_UNKNOWN; } } @@ -182,9 +182,9 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c, if (rc == V_OCSP_CERTSTATUS_GOOD) { /* TODO: allow flags configuration. */ if (OCSP_basic_verify(basicResponse, NULL, ctx->ctx, 0) != 1) { - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(01925) "failed to verify the OCSP response"); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); rc = V_OCSP_CERTSTATUS_UNKNOWN; } } @@ -196,9 +196,9 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c, rc = OCSP_resp_find_status(basicResponse, certID, &status, &reason, NULL, &thisup, &nextup); if (rc != 1) { - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert, APLOGNO(02272) "failed to retrieve OCSP response status"); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); rc = V_OCSP_CERTSTATUS_UNKNOWN; } else { @@ -216,9 +216,9 @@ static int verify_ocsp_status(X509 *cert, X509_STORE_CTX *ctx, conn_rec *c, int vrc = OCSP_check_validity(thisup, nextup, resptime_skew, sc->server->ocsp_resp_maxage); if (vrc != 1) { - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); ssl_log_cxerror(SSLLOG_MARK, APLOG_ERR, 0, c, cert, APLOGNO(02273) "OCSP response outside validity period"); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, s); rc = V_OCSP_CERTSTATUS_UNKNOWN; } } diff --git a/modules/ssl/ssl_util_ocsp.c b/modules/ssl/ssl_util_ocsp.c index 48700c7c49..94ef4cd0a9 100644 --- a/modules/ssl/ssl_util_ocsp.c +++ b/modules/ssl/ssl_util_ocsp.c @@ -262,9 +262,9 @@ static OCSP_RESPONSE *read_response(apr_socket_t *sd, BIO *bio, conn_rec *c, * bio. */ response = d2i_OCSP_RESPONSE_bio(bio, NULL); if (response == NULL) { - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c)); ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01988) "failed to decode OCSP response data"); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c)); } return response; @@ -281,9 +281,9 @@ OCSP_RESPONSE *modssl_dispatch_ocsp_request(const apr_uri_t *uri, bio = serialize_request(request, uri); if (bio == NULL) { - ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c)); ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01989) "could not serialize OCSP request"); + ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, mySrvFromConn(c)); return NULL; } |