- Apr 05, 2003
-
-
William A. Rowe Jr authored
Have some consistency! Fixes logic I introduced in 1.37. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99253 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Reapply the fix *intended* by rev 1.79 in a safer manner. Prior to all assignments and the final SSL_free(), free ssl_conn->client_cert to avoid leaks of this refcounted X509*. Prereleasing refcounted objects is unsafe programming; fix applied to both branches. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99252 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
EVP_PKEY_free() is refcounted on OpenSSL, but NOT under RSA SSL-C. Eliminate a number of test failures by conditionally reverting rev 1.79 pubkey handling in ssl_engine_kernel.c, except under OpenSSL. Also revert a rev 1.79 bogisity for all toolkits; it's entirely bogus to release a refcount after setting aside the results in a persistant structure, in this case sslconn->client_cert from SSL_get_peer_certificate() mustn't be freed while sslconn is still in play. The proper patch (not written yet) is to invoke the X509_free(sslconn->client_cert) when we cleanup the sslconn structure. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99250 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
A cosmetic change to 1.79 - a real X509 *cert is in play, don't use that same variable to retrieve/release the quick lookup and discard of the peercert. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99244 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 04, 2003
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99202 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
(e.g., OpenSSL 0.9.7a and xlc_r on AIX). The OpenSSL info callback field changed recently from a generic function pointer to a specific one, and ssl_callback_LogTracingState wasn't quite right. old: ssl.h: void (*info_callback)(); new: ssl.h: void (*info_callback)(const SSL *ssl,int type,int val); git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99201 13f79535-47bb-0310-9956-ffa450edef68
-
- Apr 03, 2003
-
-
William A. Rowe Jr authored
Introduce a number of SSLC hints to mod_ssl, including the following type overrides; MODSSL_CLIENT_CERT_CB_ARG_TYPE MODSSL_PCHAR_CAST (for a host of non-void/const sslc values) modssl_read_bio_cb_fn (for several callbacks with same prototypes) Declare callback functions appropriately. And protect us from indetermineant toolkits with #error "Unrecognized SSL Toolkit!" git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99183 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
We presume to HAVE_OPENSSL - we were falling into the SSLC path :-( Win32 is non-autoconf git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99182 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
HAVE_SSL_SET_STATE=1 is a product of autoconf for OpenSSL, which we are missing on Win32. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99180 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 31, 2003
-
-
Jim Jagielski authored
chown junk, which we know is safe and works, and more directly handles the issue with chown (agreed that a macro is needed eventually) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99148 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
sysv mutexes with an APR_USE_ test... we have to look at the choice! Reviewed by: Brian Pane, Justin Erenkrantz git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99146 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 29, 2003
-
-
Andre Malo authored
NO_MD5, NO_IDEA and NO_MDC2 (won't compile otherwise with 0.9.7+ and restricted crypto algorithms) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99107 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
locks have the correct perms so that the child process can access them git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99104 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 28, 2003
-
-
William A. Rowe Jr authored
Per JimJ's review - we prefer posix over semv, fcntl over flock, and semv requires no file. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99100 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Addendum to r1.74; Keep only the resulting filename in the global pool, toss the temporary strings away. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99097 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 27, 2003
-
-
William A. Rowe Jr authored
Addendum to r1.21... I missed the fact that we blew away the init complete state too early in ssl_init_Module(). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99096 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Fix a serious bug where the 'next' generation of the server would open a brand new mutex. This patch creates a single mutex in the first config phase that survives for the life of the server (server->process->pool). Now one server generation to the next will respect the same mutex between one another, while the previous generation is still mopping up. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99095 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
Allow any mutex to accept a 'filename' ... and always root it to the server root unless we are using posixsem, which can't handle big paths. This reorganization should make the code much more readable because all of the common code is at the beginning and end of the function, simplifing the long conditional test case block. This patch allows SSLMutex default:logs/ssl_mutex syntax. It also removes the mod_ssl historical '.pid' suffixes - that isn't how Apache2 specifies files. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99094 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 26, 2003
-
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99069 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 14, 2003
-
-
Madhusudan Mathihalli authored
INCLUDE path to be defined properly) PR: 11310 Submitted by: Geoff Thrope <geoff@geoffthrope.net> Reviewed by: Madhusudan Mathihalli git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@99008 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 13, 2003
-
-
Madhusudan Mathihalli authored
autoconf tools (AC_CHECK_HEADER, AC_CHECK_LIB etc). Submitted by: Geoff Thorpe <geoff@geoffthorpe.net> Reviewed by: Madhu, Justin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98999 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 12, 2003
-
-
Madhusudan Mathihalli authored
The porting of the code from mod_ssl 1.3.x was still incomplete, and depended upon a complete implentation of apr_shm (hence pieces of code was #if 0'ed out). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98990 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 11, 2003
-
-
William A. Rowe Jr authored
After discussions at length on dev@apr/httpd, it is determined that the older .dbg format symbols are not worth the interference with generating complete .pdb symbolic debugging databases. This patch further eliminates pdbtype:sept flags that interfere with deciphering local symbols and type information. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98970 13f79535-47bb-0310-9956-ffa450edef68
-
- Mar 06, 2003
-
-
William A. Rowe Jr authored
DougM confirms Madhu's suspicions, this change was inadvertent. Reverting to no longer skip the first cert in the chain. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98896 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 23, 2003
-
-
Jim Jagielski authored
matter what. We now allow for the full range of APR mutex locking mechanims to be used, while maintaining backwards compatibility. PR: 8122 Obtained from: Submitted by: Reviewed by: William Rowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98771 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 21, 2003
-
-
Madhusudan Mathihalli authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98747 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 20, 2003
-
-
William A. Rowe Jr authored
After consultations on the APR list, it was decided that /map files are fairly redundant when you retain rich .pdb debugging symbol files. We have rarely used them, and generally .dbg and .pdb files prove much more useful for the cases we have. While eliminating /map files, we are also shrinking the size of the .dbg files by stripping 'private' symbol information. Really this means less rich diagnostics from Dr. Watson on NT or Win9x when they query the .dbg symbols in creating a DrWatson log file. But it's more than compensated for on newer OS'es where Dr. Watson will query the .pdb symbols, on all Win32 flavors when WinDbg is used with the .pdb symbols, and the fact that the distribution of binary symbols will use less bandwidth when less information is duplicated from the .pdb format into the .dbg files. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98743 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 18, 2003
-
-
William A. Rowe Jr authored
foo.dbgmark turned out to be the same 8.3 name as foo.dbg itself, which was badness. Twist this puppy to .dbr, the only name I could invent that doesn't look like any database file extension I recall. It stands for .dbg rebased. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98712 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 07, 2003
-
-
William A. Rowe Jr authored
and .dbg files (older debuggers and Dr. Watson-type utilities on WinNT or Win9x don't support the newer .pdb flavor.) [Allen Edwards, William Rowe] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98596 13f79535-47bb-0310-9956-ffa450edef68
-
- Feb 03, 2003
-
-
Andre Malo authored
update license to 2003. Happy New Year! ;-)) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98573 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 21, 2003
-
-
William A. Rowe Jr authored
Omitted the commit log message from the last commit, sorry; Fix a nasty segfault, that there's a stack buffer we are trying to free! Revert this 'memory leak' patch from the 1.79 rev. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98430 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98429 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 20, 2003
-
-
William A. Rowe Jr authored
Catch up with the changes to apr/build/win32ver.awk and name all loadable httpd modules as .so, internally. Credit to Mladen Turk for identifing the issue. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98380 13f79535-47bb-0310-9956-ffa450edef68
-
- Jan 13, 2003
-
-
William A. Rowe Jr authored
After introducing tests in the cmds, we lose the absolute authority of the CRYPTO_malloc_init() which must happen the moment we load the module and prior to *any* ssl library fn invocation. Moved the CRYPTO_malloc_init() into the ssl_register_hooks() function, the absolute first call made into any loaded module. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98252 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 23, 2002
-
-
William A. Rowe Jr authored
All we care about is the type and name, just ask for the type and name. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@98090 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 14, 2002
-
-
William A. Rowe Jr authored
After some productive feedback and no negative feedback, introduce SSLEngine upgrade so that we can begin and continue to support these facilities. This makes it simpler to keep this effort (while we have no known clients that support Connection: upgrade at this time), and begin refactoring more of SSL into smaller and tighter (and then optional) components. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97913 13f79535-47bb-0310-9956-ffa450edef68
-
William A. Rowe Jr authored
After some productive feedback and no negative feedback, introduce SSLEngine upgrade so that we can begin and continue to support these facilities. This makes it simpler to keep this effort (while we have no known clients that support Connection: upgrade at this time), and begin refactoring more of SSL into smaller and tighter (and then optional) components. Submitted by: Ryan Bloom Reviewed by: William Rowe, Joe Orton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97912 13f79535-47bb-0310-9956-ffa450edef68
-
- Dec 08, 2002
-
-
Wilfredo Sanchez authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97800 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 23, 2002
-
-
Cliff Woolley authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97617 13f79535-47bb-0310-9956-ffa450edef68
-
- Nov 11, 2002
-
-
Jeff Trawick authored
redirection on crypto accelerator. Submitted by: Frederic DONNAT <frederic.donnat@zencod.com> Reviewed by: Jeff Trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@97482 13f79535-47bb-0310-9956-ffa450edef68
-