git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93846 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93845 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93824 13f79535-47bb-0310-9956-ffa450edef68

also provides a shorter shortcut for mod_ssl hooks to decline if ssl
is not enabled.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93823 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93799 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93785 13f79535-47bb-0310-9956-ffa450edef68

apr_exploded_time_t.

PR:
Obtained from:
Submitted by:	Thom May <thom@planetarytramp.net>
Reviewed by:	Ian Holsman


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93733 13f79535-47bb-0310-9956-ffa450edef68

types, not just builtin.  on win32 for example, a pipe dialog might
allocate a wintty for prompting, which results in 4 prompts at
startup, 2 for each child and 2 within each when httpd "restarts
itself".
update comments on this and wrap them a bit.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93679 13f79535-47bb-0310-9956-ffa450edef68

pointed out by gstein


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93653 13f79535-47bb-0310-9956-ffa450edef68

Reviewed by: OtherBill, Justin, Madhu


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93652 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93648 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93637 13f79535-47bb-0310-9956-ffa450edef68

SHARED_MODULE is no longer defined, so we were leaking.
plus we always do a full startup/teardown regardless of being a dso or
static.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93636 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93635 13f79535-47bb-0310-9956-ffa450edef68

- return value from apr_dir_read() was checking != APR_SUCCESS rather
  than == APR_SUCCESS, so no certs were ever loaded.

- wasn't checking return value of apr_dir_open(), now log an error and
  ssl_die() on failure.

- don't bother trying to load directories


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93634 13f79535-47bb-0310-9956-ffa450edef68

X509_NAME_oneline() used for trace logging was not freed.
now passes in a static buffer so no buffer is malloced.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93633 13f79535-47bb-0310-9956-ffa450edef68

ssl_init_PushCAList() function.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93632 13f79535-47bb-0310-9956-ffa450edef68

ssl_init_FindCAList().


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93626 13f79535-47bb-0310-9956-ffa450edef68

in ssl_init_FindCAList().  values are pushed into another stack which
gets freed when SSL context is destroyed.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93625 13f79535-47bb-0310-9956-ffa450edef68

is _not_ static and needs to be freed via DH_free().


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93624 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93623 13f79535-47bb-0310-9956-ffa450edef68

is encrypted and mtime stamp has not changed.  this prevents getting
prompted twice for passphrase on windows and elsewhere when server is
started with -DNO_DETACH.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93620 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93619 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93617 13f79535-47bb-0310-9956-ffa450edef68

of s->process->pool to prevent "leaking" each time we format
a vhost key.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93616 13f79535-47bb-0310-9956-ffa450edef68

leakage on restarts.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93615 13f79535-47bb-0310-9956-ffa450edef68

leakage on restarts.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93614 13f79535-47bb-0310-9956-ffa450edef68

to use it.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93613 13f79535-47bb-0310-9956-ffa450edef68

were allocated using apr_palloc out of s->process->pool and pushed
into an apr_array_header_t.
solve the problem by moving from apr_array_header_t's to an apr_hash_t.
also add ssl_asn1_table_{set,unset} wrappers to use malloc/free so we
do not "leak" from s->process->pool.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93612 13f79535-47bb-0310-9956-ffa450edef68

  Introduce PassPhraseDialog 'pipe' mechanism.  This builds on DougM's
  apr-ization of the 'tty', and changes his naming a bit so we clearly
  identify the pipe-to and pipe-from the user.

  This patch invokes a bidirectional piped dialog to the user.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93607 13f79535-47bb-0310-9956-ffa450edef68

  Introduce the PassPhraseDialog 'pipe' mechanism.

  This is the directive handling commit only, the mechanics patch will
  follow.  PassPhraseDialog "|/path/to/pipe" will use the bidirectional
  pipe to have a 'conversation', along the lines of the tty dialog with
  PassPhraseDialog 'builtin'.  This is entirely different than the 'exec'
  method, which simply runs once for each passphrase, and doesn't allow
  for failure/retries, and certainly doesn't offer any sensible 'dialog'.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93606 13f79535-47bb-0310-9956-ffa450edef68

and switch to using apr_file api for portability.
stderr has already been redirected to the error_log.
rather than attempting to temporarily rehook it to the terminal,
we print the prompt to stdout before EVP_read_pw_string turns
off tty echo.  which is also more portable.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93586 13f79535-47bb-0310-9956-ffa450edef68

than hack to only read passphrase on 1st round startup.  this change:
- fixes current segv on restarts (SHARED_MODULE is not defined)
- allows LoadModule ssl_module to be added to httpd.conf on restart
  (was core dumping previously)
- allows certs/keys to be changed on restart provided key is not
  encrypted or SSLPassPhraseDialog is exec.  if key is encrypted and
  SSLPassPhraseDialog is builtin, existing private keys will be reused
  on restart (which happens currently for any type of key/dialog).

note: mod_ssl currently leaks on restart; leaks more with this change.
      fixes to come.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93585 13f79535-47bb-0310-9956-ffa450edef68

Thanks Cliff for slapping me in the head.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93583 13f79535-47bb-0310-9956-ffa450edef68

platforms.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93582 13f79535-47bb-0310-9956-ffa450edef68

version 2.8.7-1.3.23.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93564 13f79535-47bb-0310-9956-ffa450edef68

(Why does mod_ssl insist on having its own logging levels?  Bad, bad, bad.)

PR: 9842


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93464 13f79535-47bb-0310-9956-ffa450edef68

If the file specified by SSLMutex cannot be created (because the directory      does not exist for example), children will segfault on init without giving      any reason that the user can figure out.  This happens because the module       init in the parent never checks to see if the mutex intialization succeded.     This patch adds this check and a user-friendly error message.

(Justin made one formatting change to this patch.)

Submitted by:	Adam Sussman <myddryn@vishnu.vidya.com>
Reviewed by:	Justin Erenkrantz


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93441 13f79535-47bb-0310-9956-ffa450edef68

  What happened?  0.9.6b built just dandy without the flags... 0.9.6c won't
  build for jack without these changes.  Of course they don't harm 0.9.6b
  builders either, unless they are outside of the states/EU/AU and find
  themselves free to ignore IP considerations.

  I'd really like to know _why_ 0.9.6c doesn't configure itself rationally.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93381 13f79535-47bb-0310-9956-ffa450edef68

acheived with the pre_connection hook.  I have added the socket to the
pre_connection phase to make this possible.
Reviewed by:	Bill Stoddard


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@93259 13f79535-47bb-0310-9956-ffa450edef68