After some productive feedback and no negative feedback, introduce
  SSLEngine upgrade so that we can begin and continue to support these
  facilities.  This makes it simpler to keep this effort (while we have
  no known clients that support Connection: upgrade at this time), and
  begin refactoring more of SSL into smaller and tighter (and then optional)
  components.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97913 13f79535-47bb-0310-9956-ffa450edef68

  After some productive feedback and no negative feedback, introduce
  SSLEngine upgrade so that we can begin and continue to support these
  facilities.  This makes it simpler to keep this effort (while we have
  no known clients that support Connection: upgrade at this time), and
  begin refactoring more of SSL into smaller and tighter (and then optional)
  components.

  Submitted by: Ryan Bloom
  Reviewed by: William Rowe, Joe Orton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97912 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97800 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97617 13f79535-47bb-0310-9956-ffa450edef68

redirection on crypto accelerator.

Submitted by:     Frederic DONNAT <frederic.donnat@zencod.com>
Reviewed by:	  Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97482 13f79535-47bb-0310-9956-ffa450edef68

  Turn DOWN the volume of these errors... they are low enough level notes
  to land at loglevel INFO


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97439 13f79535-47bb-0310-9956-ffa450edef68

  Per Justin's feedback, this still needed a little work to get the
  four cases (block/nonblock read/nodata) straight.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97424 13f79535-47bb-0310-9956-ffa450edef68

  Rule one of winsock and other one-offs (even unix EINTR) ... blocking
  isn't necessarily blocking.  Should not have changed this in the prior
  commit, and adding the same retry to the -1/EAGAIN|EINTR case.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97423 13f79535-47bb-0310-9956-ffa450edef68

  errno?  EINTR?  what planet was this code on :-?  Normalize the
  ssl_io_filter_connect code to follow the filter read and write.
  Notice that it's buck ugly, but we will extract an rc first from
  the input BIO if it was written, and then try the output bio if
  it was APR_SUCCESS, during _connect processing.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97422 13f79535-47bb-0310-9956-ffa450edef68

  Merge the last of the 'filtering' functions into ssl_engine_io.c, merge
  ssl_abort into what was ssl_hook_CloseConnection, clean out a bunch of
  now-static or private headers from mod_ssl.h, and final fix a very small
  but potent segfault if ->pssl is destroyed within our read loop.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97411 13f79535-47bb-0310-9956-ffa450edef68

  Actually, the APR_ECONNABORTED (EOS-only brigade) is the direction we
  are contemplating for the next release, not the prior behavior
  (which was APR_SUCCESS for c->aborted.)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97401 13f79535-47bb-0310-9956-ffa450edef68

  With a last little bit of help from Justin, this should cause the
  appropriate amount of tumolt and turmoil if our client has 'gone away'
  on us, sparing us of further processing (and potential 'renegotiations'
  with a non-existant client.)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97400 13f79535-47bb-0310-9956-ffa450edef68

  At least one doc I've seen says EOF+bytes is valid.  This was a typo.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97399 13f79535-47bb-0310-9956-ffa450edef68

  Appears we forgot to check the possibility of errors coming from the
  write brigade passed down from the content generator through the body
  and protocol filters.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97397 13f79535-47bb-0310-9956-ffa450edef68

  Rename the many flavors of filter_ctx (pRec, fctx etc) to filter_ctx,
  wbio to bio_out, BIO new and free to create and destroy (to match OpenSSL),
  refactor the bio write code to stash errors in outctx->rc,
  fix the blocking read at EOF if we have some data to return,
  and preempt the nonblock read on GETLINE if we have the newline already.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97393 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97374 13f79535-47bb-0310-9956-ffa450edef68

in mod_ssl.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97373 13f79535-47bb-0310-9956-ffa450edef68

Stick a comment in there as a 'Waldo was here' so that if I ever see this
again, I realize that I've actually thought about it and didn't think >
was necessary.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97372 13f79535-47bb-0310-9956-ffa450edef68

  Clean up the read pattern for cases when some data already exists.
  Also return APR_SUCCESS once we've gathered any decrypted bytes.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97371 13f79535-47bb-0310-9956-ffa450edef68

  Distinguish inctx, outctx, frec [and b ??? looked like bucket to me!!!]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97370 13f79535-47bb-0310-9956-ffa450edef68

  More nits spotted by Justin, and catch all the errors except SYSCALL
  in the SSL logging section.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97369 13f79535-47bb-0310-9956-ffa450edef68

  Suggestions by Justin, implemention by Will.  Rename away all bogisity,
  especially eliminating all of 'our' capitalized identifiers that were
  easily confused with library symbols; go with APR_STATUS_IS_EOF() just
  in case there is a platform result; fix a bogus *len = 0; reassignment
  and fold the two flavors of input context tracking into one.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97368 13f79535-47bb-0310-9956-ffa450edef68

  Completely refactor the BIO-side client input handling for the SSL library.
  Should eliminate many false spurious interrupt detected errors.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97367 13f79535-47bb-0310-9956-ffa450edef68

  Fix memory leak in mod_ssl from internal SSL library allocations
  within SSL_get_peer_certificate and X509_get_pubkey.

Submitted by:	Zvi Har'El <rl@math.technion.ac.il>
Reviewed by:	Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97344 13f79535-47bb-0310-9956-ffa450edef68

  Close several small leaks in SSL.

Submitted by: Zvi Har'El <rl@math.technion.ac.il>
Reviewed by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97340 13f79535-47bb-0310-9956-ffa450edef68

  Outch.  No freeing consts.  Fortunately, the fn's return code isn't const.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97315 13f79535-47bb-0310-9956-ffa450edef68

Submitted by:	Madhu Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by:	Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97308 13f79535-47bb-0310-9956-ffa450edef68

memory which has been previously allocated inside OpenSSL.
Such memory should be freed with OPENSSL_free(), not with free().

Submitted by: Nadav Har'El <nyh@math.technion.ac.il>,
              Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by:  Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97307 13f79535-47bb-0310-9956-ffa450edef68

Submitted by:   Madhu Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by:	Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97298 13f79535-47bb-0310-9956-ffa450edef68

(and allow 8192 to be valid). Secondly, this missplaced else
made the size part (8192) non-optional for shm:
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97281 13f79535-47bb-0310-9956-ffa450edef68

which has the overloaded '%p' format (not ANSI).

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97252 13f79535-47bb-0310-9956-ffa450edef68

and it was included in a commit that shouldn't have touched these files.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97201 13f79535-47bb-0310-9956-ffa450edef68

Also, uncomment a line of code that the last commit should have uncommented.
Randall found this line and the fix, but I forgot to uncomment this line
along with the fix.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97179 13f79535-47bb-0310-9956-ffa450edef68

could lead to an infinite loop.

PR:                     12705
Diagnosis submitted by: amund.elstad@ergo.no (Amund Elstad)
Coded by:               Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97048 13f79535-47bb-0310-9956-ffa450edef68

/me wonders why we have generated content in CVS.    :-(


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97039 13f79535-47bb-0310-9956-ffa450edef68

network write.  All other status codes result in c->aborted being set,
which allows the logs to note that the connection was aborted.  Previous
to this patch, if the network cable was unplugged on the client, the server
would get APR_ETIMEUP, but we wouldn't note that the connection was
aborted.

Submitted by:	Ryan Morgan <rmorgan@covalent.net>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97038 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97002 13f79535-47bb-0310-9956-ffa450edef68

This matches what Apache 1.3 does.  Also add documentation for
this feature.

PR:	9299
Submitted by:	Jay Ball <jay@veggiespam.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97001 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@96818 13f79535-47bb-0310-9956-ffa450edef68

  Small fixes for SSLC


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@96477 13f79535-47bb-0310-9956-ffa450edef68