summaryrefslogtreecommitdiff
path: root/modules/ssl/ssl_engine_log.c
diff options
context:
space:
mode:
Diffstat (limited to 'modules/ssl/ssl_engine_log.c')
-rw-r--r--modules/ssl/ssl_engine_log.c326
1 files changed, 0 insertions, 326 deletions
diff --git a/modules/ssl/ssl_engine_log.c b/modules/ssl/ssl_engine_log.c
deleted file mode 100644
index 0e1c53a852..0000000000
--- a/modules/ssl/ssl_engine_log.c
+++ /dev/null
@@ -1,326 +0,0 @@
-/* _ _
-** _ __ ___ ___ __| | ___ ___| | mod_ssl
-** | '_ ` _ \ / _ \ / _` | / __/ __| | Apache Interface to OpenSSL
-** | | | | | | (_) | (_| | \__ \__ \ | www.modssl.org
-** |_| |_| |_|\___/ \__,_|___|___/___/_| ftp.modssl.org
-** |_____|
-** ssl_engine_log.c
-** Logging Facility
-*/
-
-/* ====================================================================
- * Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials
- * provided with the distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by
- * Ralf S. Engelschall <rse@engelschall.com> for use in the
- * mod_ssl project (http://www.modssl.org/)."
- *
- * 4. The names "mod_ssl" must not be used to endorse or promote
- * products derived from this software without prior written
- * permission. For written permission, please contact
- * rse@engelschall.com.
- *
- * 5. Products derived from this software may not be called "mod_ssl"
- * nor may "mod_ssl" appear in their names without prior
- * written permission of Ralf S. Engelschall.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by
- * Ralf S. Engelschall <rse@engelschall.com> for use in the
- * mod_ssl project (http://www.modssl.org/)."
- *
- * THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR
- * HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
- /* ``The difference between a computer
- industry job and open-source software
- hacking is about 30 hours a week.''
- -- Ralf S. Engelschall */
-#include "mod_ssl.h"
-
-
-/* _________________________________________________________________
-**
-** Logfile Support
-** _________________________________________________________________
-*/
-
-/*
- * Open the SSL logfile
- */
-void ssl_log_open(server_rec *s_main, server_rec *s, pool *p)
-{
- char *szLogFile;
- SSLSrvConfigRec *sc_main = mySrvConfig(s_main);
- SSLSrvConfigRec *sc = mySrvConfig(s);
- piped_log *pl;
-
- /*
- * Short-circuit for inherited logfiles in order to save
- * filedescriptors in mass-vhost situation. Be careful, this works
- * fine because the close happens implicitly by the pool facility.
- */
- if ( s != s_main
- && sc_main->fileLogFile != NULL
- && ( (sc->szLogFile == NULL)
- || ( sc->szLogFile != NULL
- && sc_main->szLogFile != NULL
- && strEQ(sc->szLogFile, sc_main->szLogFile)))) {
- sc->fileLogFile = sc_main->fileLogFile;
- }
- else if (sc->szLogFile != NULL) {
- if (strEQ(sc->szLogFile, "/dev/null"))
- return;
- else if (sc->szLogFile[0] == '|') {
- szLogFile = ssl_util_server_root_relative(p, "log", sc->szLogFile+1);
- if ((pl = ap_open_piped_log(p, szLogFile)) == NULL) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot open reliable pipe to SSL logfile filter %s", szLogFile);
- ssl_die();
- }
- sc->fileLogFile = ap_pfdopen(p, ap_piped_log_write_fd(pl), "a");
- setbuf(sc->fileLogFile, NULL);
- }
- else {
- szLogFile = ssl_util_server_root_relative(p, "log", sc->szLogFile);
- if ((sc->fileLogFile = ap_pfopen(p, szLogFile, "a")) == NULL) {
- ssl_log(s, SSL_LOG_ERROR|SSL_ADD_ERRNO,
- "Cannot open SSL logfile %s", szLogFile);
- ssl_die();
- }
- setbuf(sc->fileLogFile, NULL);
- }
- }
- return;
-}
-
-static struct {
- int nLevel;
- char *szLevel;
-} ssl_log_level2string[] = {
- { SSL_LOG_ERROR, "error" },
- { SSL_LOG_WARN, "warn" },
- { SSL_LOG_INFO, "info" },
- { SSL_LOG_TRACE, "trace" },
- { SSL_LOG_DEBUG, "debug" },
- { 0, NULL }
-};
-
-static struct {
- char *cpPattern;
- char *cpAnnotation;
-} ssl_log_annotate[] = {
- { "*envelope*bad*decrypt*", "wrong pass phrase!?" },
- { "*CLIENT_HELLO*unknown*protocol*", "speaking not SSL to HTTPS port!?" },
- { "*CLIENT_HELLO*http*request*", "speaking HTTP to HTTPS port!?" },
- { "*SSL3_READ_BYTES:sslv3*alert*bad*certificate*", "Subject CN in certificate not server name or identical to CA!?" },
- { "*self signed certificate in certificate chain*", "Client certificate signed by CA not known to server?" },
- { "*peer did not return a certificate*", "No CAs known to server for verification?" },
- { "*no shared cipher*", "Too restrictive SSLCipherSuite or using DSA server certificate?" },
- { "*no start line*", "Bad file contents or format - or even just a forgotten SSLCertificateKeyFile?" },
- { "*bad password read*", "You entered an incorrect pass phrase!?" },
- { "*bad mac decode*", "Browser still remembered details of a re-created server certificate?" },
- { NULL, NULL }
-};
-
-static char *ssl_log_annotation(char *error)
-{
- char *errstr;
- int i;
-
- errstr = NULL;
- for (i = 0; ssl_log_annotate[i].cpPattern != NULL; i++) {
- if (ap_strcmp_match(error, ssl_log_annotate[i].cpPattern) == 0) {
- errstr = ssl_log_annotate[i].cpAnnotation;
- break;
- }
- }
- return errstr;
-}
-
-BOOL ssl_log_applies(server_rec *s, int level)
-{
- SSLSrvConfigRec *sc;
-
- sc = mySrvConfig(s);
- if ( sc->fileLogFile == NULL
- && !(level & SSL_LOG_ERROR))
- return FALSE;
- if ( level > sc->nLogLevel
- && !(level & SSL_LOG_ERROR))
- return FALSE;
- return TRUE;
-}
-
-void ssl_log(server_rec *s, int level, const char *msg, ...)
-{
- char tstr[80];
- char lstr[20];
- char vstr[1024];
- char str[1024];
- char nstr[2];
- int timz;
- struct tm *t;
- va_list ap;
- int add;
- int i;
- char *astr;
- int safe_errno;
- unsigned long e;
- SSLSrvConfigRec *sc;
- char *cpE;
- char *cpA;
-
- /* initialization */
- va_start(ap, msg);
- safe_errno = errno;
- sc = mySrvConfig(s);
-
- /* strip out additional flags */
- add = (level & ~SSL_LOG_MASK);
- level = (level & SSL_LOG_MASK);
-
- /* reduce flags when not reasonable in context */
- if (add & SSL_ADD_ERRNO && errno == 0)
- add &= ~SSL_ADD_ERRNO;
- if (add & SSL_ADD_SSLERR && ERR_peek_error() == 0)
- add &= ~SSL_ADD_SSLERR;
-
- /* we log only levels below, except for errors */
- if ( sc->fileLogFile == NULL
- && !(level & SSL_LOG_ERROR))
- return;
- if ( level > sc->nLogLevel
- && !(level & SSL_LOG_ERROR))
- return;
-
- /* determine the time entry string */
- if (add & SSL_NO_TIMESTAMP)
- tstr[0] = NUL;
- else {
- t = ap_get_gmtoff(&timz);
- strftime(tstr, 80, "[%d/%b/%Y %H:%M:%S", t);
- i = strlen(tstr);
- ap_snprintf(tstr+i, 80-i, " %05d] ", (unsigned int)getpid());
- }
-
- /* determine whether newline should be written */
- if (add & SSL_NO_NEWLINE)
- nstr[0] = NUL;
- else {
- nstr[0] = '\n';
- nstr[1] = NUL;
- }
-
- /* determine level name */
- lstr[0] = NUL;
- if (!(add & SSL_NO_LEVELID)) {
- for (i = 0; ssl_log_level2string[i].nLevel != 0; i++) {
- if (ssl_log_level2string[i].nLevel == level) {
- ap_snprintf(lstr, sizeof(lstr), "[%s]", ssl_log_level2string[i].szLevel);
- break;
- }
- }
- for (i = strlen(lstr); i <= 7; i++)
- lstr[i] = ' ';
- lstr[i] = NUL;
- }
-
- /* create custom message */
- ap_vsnprintf(vstr, sizeof(vstr), msg, ap);
-
- /* write out SSLog message */
- if ((add & SSL_ADD_ERRNO) && (add & SSL_ADD_SSLERR))
- astr = " (System and " SSL_LIBRARY_NAME " library errors follow)";
- else if (add & SSL_ADD_ERRNO)
- astr = " (System error follows)";
- else if (add & SSL_ADD_SSLERR)
- astr = " (" SSL_LIBRARY_NAME " library error follows)";
- else
- astr = "";
- if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
- ap_snprintf(str, sizeof(str), "%s%s%s%s%s", tstr, lstr, vstr, astr, nstr);
- fprintf(sc->fileLogFile, "%s", str);
- }
- if (level & SSL_LOG_ERROR)
- ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
- "mod_ssl: %s%s", vstr, astr);
-
- /* write out additional attachment messages */
- if (add & SSL_ADD_ERRNO) {
- if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
- ap_snprintf(str, sizeof(str), "%s%sSystem: %s (errno: %d)%s",
- tstr, lstr, strerror(safe_errno), safe_errno, nstr);
- fprintf(sc->fileLogFile, "%s", str);
- }
- if (level & SSL_LOG_ERROR)
- ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
- "System: %s (errno: %d)",
- strerror(safe_errno), safe_errno);
- }
- if (add & SSL_ADD_SSLERR) {
- while ((e = ERR_get_error())) {
- cpE = ERR_error_string(e, NULL);
- cpA = ssl_log_annotation(cpE);
- if (level <= sc->nLogLevel && sc->fileLogFile != NULL) {
- ap_snprintf(str, sizeof(str), "%s%s%s: %s%s%s%s%s",
- tstr, lstr, SSL_LIBRARY_NAME, cpE,
- cpA != NULL ? " [Hint: " : "",
- cpA != NULL ? cpA : "", cpA != NULL ? "]" : "",
- nstr);
- fprintf(sc->fileLogFile, "%s", str);
- }
- if (level & SSL_LOG_ERROR)
- ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, s,
- "%s: %s%s%s%s", SSL_LIBRARY_NAME, cpE,
- cpA != NULL ? " [Hint: " : "",
- cpA != NULL ? cpA : "", cpA != NULL ? "]" : "");
- }
- }
- /* make sure the next log starts from a clean base */
- /* ERR_clear_error(); */
-
- /* cleanup and return */
- if (sc->fileLogFile != NULL)
- fflush(sc->fileLogFile);
- errno = safe_errno;
- va_end(ap);
- return;
-}
-
-void ssl_die(void)
-{
- /*
- * This is used for fatal errors and here
- * it is common module practice to really
- * exit from the complete program.
- */
- exit(1);
-}
-
View Lorry Controller Status