Commit 17d84a2b authored by Graham Leggett's avatar Graham Leggett
Browse files

mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits 

in the error log to debug level.

trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1447993
2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-quiet-fips.patch

Submitted by: wrowe
Reviewed by: druggeri, kbrand


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1485689 13f79535-47bb-0310-9956-ffa450edef68
parent cd77e75b

CHANGES

+3 −0
Original line number Diff line number Diff line
@@ -6,6 +6,9 @@ Changes with Apache 2.2.25 
     escaped to prevent terminal escape sequences from entering the

     log file.  [Joe Orton]



  *) mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits

     in the error log to debug level.  [William Rowe]



  *) htdigest: Fix buffer overflow when reading digest password file

     with very long lines. PR 54893. [Rainer Jung]

STATUS

+0 −7
Original line number Diff line number Diff line
@@ -96,13 +96,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: 
  [ start all new proposals below, under PATCHES PROPOSED. ]

  

  

  * mod_ssl: Quiet FIPS mode weak keys disabled and FIPS not selected emits

    in the error log to debug level.  [William Rowe]

    trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1447993

    2.4.x patch: trunk patch applies.

    2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-quiet-fips.patch

    +1: wrowe, druggeri, kbrand



   * mod_authnz_ldap: Allow using exec: callouts like SSLPassphraseDialog

     for AuthLDAPBindPassword.

     trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1433478

modules/ssl/ssl_engine_init.c

+3 −3
Original line number Diff line number Diff line
@@ -83,7 +83,7 @@ static int ssl_tmp_key_init_rsa(server_rec *s, 


    if (FIPS_mode() && bits < 1024) {

        mc->pTmpKeys[idx] = NULL;

        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,

        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,

                     "Init: Skipping generating temporary "

                     "%d bit RSA private key in FIPS mode", bits);

        return OK;
@@ -113,7 +113,7 @@ static int ssl_tmp_key_init_dh(server_rec *s, 


    if (FIPS_mode() && bits < 1024) {

        mc->pTmpKeys[idx] = NULL;

        ap_log_error(APLOG_MARK, APLOG_ERR, 0, s,

        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,

                     "Init: Skipping generating temporary "

                     "%d bit DH parameters in FIPS mode", bits);

        return OK;
@@ -276,7 +276,7 @@ int ssl_init_Module(apr_pool_t *p, apr_pool_t *plog, 
        }

    }

    else {

        ap_log_error(APLOG_MARK, APLOG_NOTICE, 0, s,

        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s,

                     "SSL FIPS mode disabled");

    }

#endif