macros for OpenSSL in mod_ssl.h


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92918 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92897 13f79535-47bb-0310-9956-ffa450edef68

  Clean up several typesaftey (signedness and size) emits.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92889 13f79535-47bb-0310-9956-ffa450edef68

- avoid creating a new bucket brigade for each EOS or FLUSH bucket
- do not pass FLUSH bucket since BIO_bucket_flush() already does so
  if there is any data to flush.
- do not call apr_brigade_destroy(bb); since we will have either
  emptied it or passed it, in which case it will be destroyed further
  down the chain.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92885 13f79535-47bb-0310-9956-ffa450edef68

ssl_var_lookup_ssl_cipher()


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92883 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92881 13f79535-47bb-0310-9956-ffa450edef68

PR:
Obtained from:
Submitted by:
Reviewed by:	Justin Erenkrantz


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92873 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92829 13f79535-47bb-0310-9956-ffa450edef68

  The mutex must be pool-managed, not ssl managed.  We are encountering
  segfaults on Win32 when the cleanup of the mutex occurs after the pool
  was destroyed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92818 13f79535-47bb-0310-9956-ffa450edef68

     mod_so, mod_win32 and the winnt mpm] into individual loadable
     modules, so the administrator may individually disable the former
     compiled-in modules by simply commenting out their LoadModule
     directives.  [William Rowe]

  *) Saved Win32 module authors and porters many future headaches, by
     duplicating the appropriate .h files such as os.h into the include
     directory, including in the build tree.  [William Rowe]

  Also noticed that version stamp resources weren't generated for proxy
  modules, this too is now fixed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92804 13f79535-47bb-0310-9956-ffa450edef68

  Use SSL functions/macros instead of directly dereferencing SSL
  structures wherever possible.
  Add type-casts for the cases where functions return a generic pointer.
  Add $SSL/include to configure search path.
PR:
Obtained from:
Submitted by:	Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by:	dougm


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92800 13f79535-47bb-0310-9956-ffa450edef68

  This patch eliminated from the _SHARED_ segment of the scoreboard all
  pointer math.  This is required for portable scoreboards.

  vhost becomes the 'vhost name string' so it now survives ap_generation
  clicks.  next was apparently never used.

  This patch also accounts for the changes to the apr_shm api, and gives
  Win32 the magic of a shared scoreboard.

  Breakage aplenty on non-win32 platforms, I suspect, but this radical
  surgery, and culling of unused functions, was really, really needed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92791 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92789 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92788 13f79535-47bb-0310-9956-ffa450edef68

to apr_proc_create()
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92786 13f79535-47bb-0310-9956-ffa450edef68

apr_proc_mutex_create_np() and the new parameter to
apr_lock_create() and apr_proc_mutex_create()


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92653 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92650 13f79535-47bb-0310-9956-ffa450edef68

  Close a real GP fault.  This is the _wrong_solution_, but stops the
  segfaults against very odd RAND_seed errors given garbage in.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92646 13f79535-47bb-0310-9956-ffa450edef68

  Correct case comparison typematch


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92279 13f79535-47bb-0310-9956-ffa450edef68

when SSL needs to flush (e.g. during SSL_accept()) it will call BIO_flush()
which will trigger a call to bio_bucket_ctrl() -> BIO_bucket_flush().
so we only need to flush the output ourselves if we receive an EOS or
FLUSH bucket.

BIO_bucket_flush() and churn_output() had been turning up near the top
of the profile with gprof.  churn_output() of course has now vanished
and BIO_bucket_flush() has dropped, being called far less than before.

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92271 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92245 13f79535-47bb-0310-9956-ffa450edef68

is happening.  so avoid calling that unless needed and just stash a
pointer to the client cert for the boolean checks that the client
provided a cert.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92240 13f79535-47bb-0310-9956-ffa450edef68

ssl_callback_SSLVerify_CRL() unless SSLLogLevel >= info, otherwise the
expense is unused.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92238 13f79535-47bb-0310-9956-ffa450edef68

what should be done with a macro.  it was only used once anyhow.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92237 13f79535-47bb-0310-9956-ffa450edef68

function and free() of the return value twice each, for logging
regardless of SSLLogLevel.  changed to happen only if SSLLogLevel >= trace
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92236 13f79535-47bb-0310-9956-ffa450edef68

go back to using s->process->pool userdata, but just to store the
global module config during startup so we only create _one_ SSLModConfigRec.
(didn't realize this function was called in both ssl_init_Module and
ssl_config_server_create)
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92235 13f79535-47bb-0310-9956-ffa450edef68

in the gprof profile.  there's no need for the "global" SSLModConfigRec
to live in the s->process->pool userdata table.  we now just point the
SSLSrvConfigRec in each server_rec.module_config to the SSLModConfigRec
so we can access it directly which is much faster.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92234 13f79535-47bb-0310-9956-ffa450edef68

two calls that seed pid and time into one.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92233 13f79535-47bb-0310-9956-ffa450edef68

this was being called twice per-connection with 'SSLRandom connect builtin'
configured (which is in the default config)

this also gets rid of two time() syscalls per-connection

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92232 13f79535-47bb-0310-9956-ffa450edef68

to avoid getpid() calls at request time
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92231 13f79535-47bb-0310-9956-ffa450edef68

Submitted by:	Ryan Morgan <rmorgan@covalent.net>
Reviewed by:	Aaron Bannert


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92229 13f79535-47bb-0310-9956-ffa450edef68

change ap_md5() call in ssl_hook_pre_connection() to ap_md5_binary()
that uses the precalculated sc->nVHostID_length to avoid a strlen() call.

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92216 13f79535-47bb-0310-9956-ffa450edef68

request time by calling it at startup time and saving the value in the
SSLSrvConfigRec.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92215 13f79535-47bb-0310-9956-ffa450edef68

since we know the string returned by ap_md5() will always be that length
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92213 13f79535-47bb-0310-9956-ffa450edef68

(core handles all timeouts)
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92211 13f79535-47bb-0310-9956-ffa450edef68

these notes are unused, they handled by hooks.

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92210 13f79535-47bb-0310-9956-ffa450edef68

ssl_io_filter_Output() to a new ssl_filter_write() function.
this will make it easier to optimize how we deal with file buckets
than cannot be mmaped.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92209 13f79535-47bb-0310-9956-ffa450edef68

an apr_bucket_brigade and use transient buckets with the SSL
malloc-ed buffer, rather than copying into a mem BIO.

also allows us to pass the brigade as data is being written
rather than buffering up the entire response in the mem BIO.

PR:
Obtained from:
Submitted by:
Reviewed by:	Justin Erenkrantz, Ryan Bloom


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92206 13f79535-47bb-0310-9956-ffa450edef68

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92151 13f79535-47bb-0310-9956-ffa450edef68

causing the server not to start.
previous method was to call exit(1) which would not fail
gracefully

PR:
Obtained from:
Submitted by:
Reviewed by:	(Idea only Jeff Trawick)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92144 13f79535-47bb-0310-9956-ffa450edef68