platforms.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93582 13f79535-47bb-0310-9956-ffa450edef68

version 2.8.7-1.3.23.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93564 13f79535-47bb-0310-9956-ffa450edef68

(Why does mod_ssl insist on having its own logging levels?  Bad, bad, bad.)

PR: 9842


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93464 13f79535-47bb-0310-9956-ffa450edef68

If the file specified by SSLMutex cannot be created (because the directory      does not exist for example), children will segfault on init without giving      any reason that the user can figure out.  This happens because the module       init in the parent never checks to see if the mutex intialization succeded.     This patch adds this check and a user-friendly error message.

(Justin made one formatting change to this patch.)

Submitted by:	Adam Sussman <myddryn@vishnu.vidya.com>
Reviewed by:	Justin Erenkrantz


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93441 13f79535-47bb-0310-9956-ffa450edef68

  What happened?  0.9.6b built just dandy without the flags... 0.9.6c won't
  build for jack without these changes.  Of course they don't harm 0.9.6b
  builders either, unless they are outside of the states/EU/AU and find
  themselves free to ignore IP considerations.

  I'd really like to know _why_ 0.9.6c doesn't configure itself rationally.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93381 13f79535-47bb-0310-9956-ffa450edef68

acheived with the pre_connection hook.  I have added the socket to the
pre_connection phase to make this possible.
Reviewed by:	Bill Stoddard


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93259 13f79535-47bb-0310-9956-ffa450edef68

and constify it while I'm at it.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93188 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93130 13f79535-47bb-0310-9956-ffa450edef68

cause the server to bail out under error conditions.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93063 13f79535-47bb-0310-9956-ffa450edef68

If you need the length, you should be using apr_brigade_length.  This is
much more consistent.  Of all the places that call ap_get_brigade, only
one (ap_http_filter) needs the length.  This makes it now possible to
pass constants down without assigning them to a temporary variable first.

Also:
- Change proxy_ftp to use EXHAUSTIVE mode (didn't catch its -1 before)
- Fix buglet in mod_ssl that would cause it to return too much data in
  some circumstances


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93014 13f79535-47bb-0310-9956-ffa450edef68

- Protect mod_ssl from dealing with modes it doesn't recognize.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92968 13f79535-47bb-0310-9956-ffa450edef68

point at the end of the buffer with a length of 0.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92967 13f79535-47bb-0310-9956-ffa450edef68

separate from the input filter mode type.

We also no longer look at readbytes to determine the method of
filter operation.  This makes the use of filters more obvious and
allows a wider range of options for input filters modes.

To start with, the new input filter modes are:

AP_MODE_READBYTES (no more than *readbytes returned)
AP_MODE_GETLINE (old *readbytes == 0 case)
AP_MODE_EATCRLF (old AP_MODE_PEEK)
AP_MODE_SPECULATIVE (will be used in a future ap_getline rewrite)
AP_MODE_EXHAUSTIVE (old *readbytes == -1 case)
AP_MODE_INIT (special case for NNTP over SSL)

The block parameter is an apr_read_type_e: APR_BLOCK_READ, APR_NONBLOCK_READ

This also allows cleanup of mod_ssl's handling in the getline case.

Reviewed by:	Ryan Bloom (concept), Greg Stein (concept)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92928 13f79535-47bb-0310-9956-ffa450edef68

macros for OpenSSL in mod_ssl.h


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92918 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92897 13f79535-47bb-0310-9956-ffa450edef68

  Clean up several typesaftey (signedness and size) emits.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92889 13f79535-47bb-0310-9956-ffa450edef68

- avoid creating a new bucket brigade for each EOS or FLUSH bucket
- do not pass FLUSH bucket since BIO_bucket_flush() already does so
  if there is any data to flush.
- do not call apr_brigade_destroy(bb); since we will have either
  emptied it or passed it, in which case it will be destroyed further
  down the chain.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92885 13f79535-47bb-0310-9956-ffa450edef68

ssl_var_lookup_ssl_cipher()


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92883 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92881 13f79535-47bb-0310-9956-ffa450edef68

PR:
Obtained from:
Submitted by:
Reviewed by:	Justin Erenkrantz


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92873 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92829 13f79535-47bb-0310-9956-ffa450edef68

  The mutex must be pool-managed, not ssl managed.  We are encountering
  segfaults on Win32 when the cleanup of the mutex occurs after the pool
  was destroyed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92818 13f79535-47bb-0310-9956-ffa450edef68

     mod_so, mod_win32 and the winnt mpm] into individual loadable
     modules, so the administrator may individually disable the former
     compiled-in modules by simply commenting out their LoadModule
     directives.  [William Rowe]

  *) Saved Win32 module authors and porters many future headaches, by
     duplicating the appropriate .h files such as os.h into the include
     directory, including in the build tree.  [William Rowe]

  Also noticed that version stamp resources weren't generated for proxy
  modules, this too is now fixed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92804 13f79535-47bb-0310-9956-ffa450edef68

  Use SSL functions/macros instead of directly dereferencing SSL
  structures wherever possible.
  Add type-casts for the cases where functions return a generic pointer.
  Add $SSL/include to configure search path.
PR:
Obtained from:
Submitted by:	Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by:	dougm


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92800 13f79535-47bb-0310-9956-ffa450edef68

  This patch eliminated from the _SHARED_ segment of the scoreboard all
  pointer math.  This is required for portable scoreboards.

  vhost becomes the 'vhost name string' so it now survives ap_generation
  clicks.  next was apparently never used.

  This patch also accounts for the changes to the apr_shm api, and gives
  Win32 the magic of a shared scoreboard.

  Breakage aplenty on non-win32 platforms, I suspect, but this radical
  surgery, and culling of unused functions, was really, really needed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92791 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92789 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92788 13f79535-47bb-0310-9956-ffa450edef68

to apr_proc_create()
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92786 13f79535-47bb-0310-9956-ffa450edef68

apr_proc_mutex_create_np() and the new parameter to
apr_lock_create() and apr_proc_mutex_create()


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92653 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92650 13f79535-47bb-0310-9956-ffa450edef68

  Close a real GP fault.  This is the _wrong_solution_, but stops the
  segfaults against very odd RAND_seed errors given garbage in.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92646 13f79535-47bb-0310-9956-ffa450edef68

  Correct case comparison typematch


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92279 13f79535-47bb-0310-9956-ffa450edef68

when SSL needs to flush (e.g. during SSL_accept()) it will call BIO_flush()
which will trigger a call to bio_bucket_ctrl() -> BIO_bucket_flush().
so we only need to flush the output ourselves if we receive an EOS or
FLUSH bucket.

BIO_bucket_flush() and churn_output() had been turning up near the top
of the profile with gprof.  churn_output() of course has now vanished
and BIO_bucket_flush() has dropped, being called far less than before.

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92271 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92245 13f79535-47bb-0310-9956-ffa450edef68

is happening.  so avoid calling that unless needed and just stash a
pointer to the client cert for the boolean checks that the client
provided a cert.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92240 13f79535-47bb-0310-9956-ffa450edef68

ssl_callback_SSLVerify_CRL() unless SSLLogLevel >= info, otherwise the
expense is unused.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92238 13f79535-47bb-0310-9956-ffa450edef68

what should be done with a macro.  it was only used once anyhow.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92237 13f79535-47bb-0310-9956-ffa450edef68

function and free() of the return value twice each, for logging
regardless of SSLLogLevel.  changed to happen only if SSLLogLevel >= trace
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92236 13f79535-47bb-0310-9956-ffa450edef68

go back to using s->process->pool userdata, but just to store the
global module config during startup so we only create _one_ SSLModConfigRec.
(didn't realize this function was called in both ssl_init_Module and
ssl_config_server_create)
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92235 13f79535-47bb-0310-9956-ffa450edef68

in the gprof profile.  there's no need for the "global" SSLModConfigRec
to live in the s->process->pool userdata table.  we now just point the
SSLSrvConfigRec in each server_rec.module_config to the SSLModConfigRec
so we can access it directly which is much faster.
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92234 13f79535-47bb-0310-9956-ffa450edef68