WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Commit d9b0ea8e authored Feb 15, 2013 by Rainer Jung

mod_ssl: log revoked certificates at level INFO

instead of DEBUG.

PR 52162

Partial backport of r1165056 from trunk/2.4.x.

Submitted by: sf
Backported by: rjung
Reviewed by: wrowe, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1446637 13f79535-47bb-0310-9956-ffa450edef68

parent 18c4d5dd

CHANGES

+3 −0

Original line number	Diff line number	Diff line
		-- coding: utf-8 --
		Changes with Apache 2.2.24

		*) mod_ssl: log revoked certificates at level INFO
		instead of DEBUG. PR 52162. [Stefan Fritsch]

		*) mod_proxy_ajp: Support unknown HTTP methods. PR 54416.
		[Rainer Jung]

STATUS

+0 −5

Original line number	Diff line number	Diff line
		@@ -94,11 +94,6 @@ RELEASE SHOWSTOPPERS:
		PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
		[ start all new proposals below, under PATCHES PROPOSED. ]

		* mod_ssl: PR 52162: log revoked certificates at level INFO instead of DEBUG
		trunk/2.4.x: Changed as part of http://svn.apache.org/viewvc?rev=1165056&view=rev
		2.2.x patch: https://issues.apache.org/bugzilla/attachment.cgi?id=27913
		+1: sf, wrowe, rpluem

		* mod_ssl: When receiving http on https, send the error response with http 1.0
		It is important that we send a proper error status, or search engines
		may index the error message.

modules/ssl/ssl_engine_kernel.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1588,7 +1588,7 @@ int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX ctx, conn_rec c)
		ASN1_INTEGER *sn = X509_REVOKED_get_serialNumber(revoked);

		if (!ASN1_INTEGER_cmp(sn, X509_get_serialNumber(cert))) {
		if (s->loglevel >= APLOG_DEBUG) {
		if (s->loglevel >= APLOG_INFO) {
		char *cp = X509_NAME_oneline(issuer, NULL, 0);
		long serial = ASN1_INTEGER_get(sn);