autoconf tools (AC_CHECK_HEADER, AC_CHECK_LIB etc).

Submitted by: Geoff Thorpe <geoff@geoffthorpe.net>
Reviewed by: Madhu, Justin


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98999 13f79535-47bb-0310-9956-ffa450edef68

The porting of the code from mod_ssl 1.3.x was still incomplete, and depended
upon a complete implentation of apr_shm (hence pieces of code was #if 0'ed out).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98990 13f79535-47bb-0310-9956-ffa450edef68

  After discussions at length on dev@apr/httpd, it is determined that
  the older .dbg format symbols are not worth the interference with
  generating complete .pdb symbolic debugging databases.

  This patch further eliminates pdbtype:sept flags that interfere with
  deciphering local symbols and type information.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98970 13f79535-47bb-0310-9956-ffa450edef68

  DougM confirms Madhu's suspicions, this change was inadvertent.
  Reverting to no longer skip the first cert in the chain.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98896 13f79535-47bb-0310-9956-ffa450edef68

matter what. We now allow for the full range of APR mutex
locking mechanims to be used, while maintaining backwards
compatibility.

PR: 8122
Obtained from:
Submitted by:
Reviewed by:	William Rowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98771 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98747 13f79535-47bb-0310-9956-ffa450edef68

  After consultations on the APR list, it was decided that /map files are
  fairly redundant when you retain rich .pdb debugging symbol files.  We
  have rarely used them, and generally .dbg and .pdb files prove much more
  useful for the cases we have.

  While eliminating /map files, we are also shrinking the size of the .dbg
  files by stripping 'private' symbol information.  Really this means less
  rich diagnostics from Dr. Watson on NT or Win9x when they query the .dbg
  symbols in creating a DrWatson log file.  But it's more than compensated
  for on newer OS'es where Dr. Watson will query the .pdb symbols, on all
  Win32 flavors when WinDbg is used with the .pdb symbols, and the fact that
  the distribution of binary symbols will use less bandwidth when less
  information is duplicated from the .pdb format into the .dbg files.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98743 13f79535-47bb-0310-9956-ffa450edef68

  foo.dbgmark turned out to be the same 8.3 name as foo.dbg itself, which
  was badness.  Twist this puppy to .dbr, the only name I could invent that
  doesn't look like any database file extension I recall.

  It stands for .dbg rebased.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98712 13f79535-47bb-0310-9956-ffa450edef68

     and .dbg files (older debuggers and Dr. Watson-type utilities
     on WinNT or Win9x don't support the newer .pdb flavor.)
     [Allen Edwards, William Rowe]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98596 13f79535-47bb-0310-9956-ffa450edef68

update license to 2003.

Happy New Year! ;-))


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98573 13f79535-47bb-0310-9956-ffa450edef68

  Omitted the commit log message from the last commit, sorry;

  Fix a nasty segfault, that there's a stack buffer we are trying to free!
  Revert this 'memory leak' patch from the 1.79 rev.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98430 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98429 13f79535-47bb-0310-9956-ffa450edef68

  Catch up with the changes to apr/build/win32ver.awk and name all loadable
  httpd modules as .so, internally.  Credit to Mladen Turk for identifing
  the issue.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98380 13f79535-47bb-0310-9956-ffa450edef68

  After introducing tests in the cmds, we lose the absolute authority
  of the CRYPTO_malloc_init() which must happen the moment we load the
  module and prior to *any* ssl library fn invocation.

  Moved the CRYPTO_malloc_init() into the ssl_register_hooks() function,
  the absolute first call made into any loaded module.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98252 13f79535-47bb-0310-9956-ffa450edef68

  All we care about is the type and name, just ask for the type and name.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98090 13f79535-47bb-0310-9956-ffa450edef68

  After some productive feedback and no negative feedback, introduce
  SSLEngine upgrade so that we can begin and continue to support these
  facilities.  This makes it simpler to keep this effort (while we have
  no known clients that support Connection: upgrade at this time), and
  begin refactoring more of SSL into smaller and tighter (and then optional)
  components.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97913 13f79535-47bb-0310-9956-ffa450edef68

  After some productive feedback and no negative feedback, introduce
  SSLEngine upgrade so that we can begin and continue to support these
  facilities.  This makes it simpler to keep this effort (while we have
  no known clients that support Connection: upgrade at this time), and
  begin refactoring more of SSL into smaller and tighter (and then optional)
  components.

  Submitted by: Ryan Bloom
  Reviewed by: William Rowe, Joe Orton


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97912 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97800 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97617 13f79535-47bb-0310-9956-ffa450edef68

redirection on crypto accelerator.

Submitted by:     Frederic DONNAT <frederic.donnat@zencod.com>
Reviewed by:	  Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97482 13f79535-47bb-0310-9956-ffa450edef68

  Turn DOWN the volume of these errors... they are low enough level notes
  to land at loglevel INFO


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97439 13f79535-47bb-0310-9956-ffa450edef68

  Per Justin's feedback, this still needed a little work to get the
  four cases (block/nonblock read/nodata) straight.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97424 13f79535-47bb-0310-9956-ffa450edef68

  Rule one of winsock and other one-offs (even unix EINTR) ... blocking
  isn't necessarily blocking.  Should not have changed this in the prior
  commit, and adding the same retry to the -1/EAGAIN|EINTR case.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97423 13f79535-47bb-0310-9956-ffa450edef68

  errno?  EINTR?  what planet was this code on :-?  Normalize the
  ssl_io_filter_connect code to follow the filter read and write.
  Notice that it's buck ugly, but we will extract an rc first from
  the input BIO if it was written, and then try the output bio if
  it was APR_SUCCESS, during _connect processing.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97422 13f79535-47bb-0310-9956-ffa450edef68

  Merge the last of the 'filtering' functions into ssl_engine_io.c, merge
  ssl_abort into what was ssl_hook_CloseConnection, clean out a bunch of
  now-static or private headers from mod_ssl.h, and final fix a very small
  but potent segfault if ->pssl is destroyed within our read loop.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97411 13f79535-47bb-0310-9956-ffa450edef68

  Actually, the APR_ECONNABORTED (EOS-only brigade) is the direction we
  are contemplating for the next release, not the prior behavior
  (which was APR_SUCCESS for c->aborted.)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97401 13f79535-47bb-0310-9956-ffa450edef68

  With a last little bit of help from Justin, this should cause the
  appropriate amount of tumolt and turmoil if our client has 'gone away'
  on us, sparing us of further processing (and potential 'renegotiations'
  with a non-existant client.)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97400 13f79535-47bb-0310-9956-ffa450edef68

  At least one doc I've seen says EOF+bytes is valid.  This was a typo.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97399 13f79535-47bb-0310-9956-ffa450edef68

  Appears we forgot to check the possibility of errors coming from the
  write brigade passed down from the content generator through the body
  and protocol filters.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97397 13f79535-47bb-0310-9956-ffa450edef68

  Rename the many flavors of filter_ctx (pRec, fctx etc) to filter_ctx,
  wbio to bio_out, BIO new and free to create and destroy (to match OpenSSL),
  refactor the bio write code to stash errors in outctx->rc,
  fix the blocking read at EOF if we have some data to return,
  and preempt the nonblock read on GETLINE if we have the newline already.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97393 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97374 13f79535-47bb-0310-9956-ffa450edef68

in mod_ssl.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97373 13f79535-47bb-0310-9956-ffa450edef68

Stick a comment in there as a 'Waldo was here' so that if I ever see this
again, I realize that I've actually thought about it and didn't think >
was necessary.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97372 13f79535-47bb-0310-9956-ffa450edef68

  Clean up the read pattern for cases when some data already exists.
  Also return APR_SUCCESS once we've gathered any decrypted bytes.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97371 13f79535-47bb-0310-9956-ffa450edef68

  Distinguish inctx, outctx, frec [and b ??? looked like bucket to me!!!]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97370 13f79535-47bb-0310-9956-ffa450edef68

  More nits spotted by Justin, and catch all the errors except SYSCALL
  in the SSL logging section.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97369 13f79535-47bb-0310-9956-ffa450edef68

  Suggestions by Justin, implemention by Will.  Rename away all bogisity,
  especially eliminating all of 'our' capitalized identifiers that were
  easily confused with library symbols; go with APR_STATUS_IS_EOF() just
  in case there is a platform result; fix a bogus *len = 0; reassignment
  and fold the two flavors of input context tracking into one.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97368 13f79535-47bb-0310-9956-ffa450edef68

  Completely refactor the BIO-side client input handling for the SSL library.
  Should eliminate many false spurious interrupt detected errors.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97367 13f79535-47bb-0310-9956-ffa450edef68

  Fix memory leak in mod_ssl from internal SSL library allocations
  within SSL_get_peer_certificate and X509_get_pubkey.

Submitted by:	Zvi Har'El <rl@math.technion.ac.il>
Reviewed by:	Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97344 13f79535-47bb-0310-9956-ffa450edef68

  Close several small leaks in SSL.

Submitted by: Zvi Har'El <rl@math.technion.ac.il>
Reviewed by: Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97340 13f79535-47bb-0310-9956-ffa450edef68