git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92123 13f79535-47bb-0310-9956-ffa450edef68

unless loglevel >= SSL_LOG_INFO
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92122 13f79535-47bb-0310-9956-ffa450edef68

- only look through the table once, rather than 2 apr_table_gets()
- case-sensitive and use strcmp() as little as possible
- only lookup once per-connection, as the flags will not change across
  keepalive requests
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92121 13f79535-47bb-0310-9956-ffa450edef68

else there are 5 (expensive!) calls made to ssl_var_lookup on every request
for info that will never be logged
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92119 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92114 13f79535-47bb-0310-9956-ffa450edef68

change app_data2 to be the request_rec itself.
if something needs per-request context in the future,
it can use r->request_config

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92113 13f79535-47bb-0310-9956-ffa450edef68

note: may actually be removed unless somebody can figure out why it is in
there to begin with
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92111 13f79535-47bb-0310-9956-ffa450edef68

writing to app_data2_idx, and another inside OpenSSL when calling
SSL_get_ex_new_index().
add SSL_init_app_data2_idx() to provide the same functionality but in
a safe place: called during ssl_init_Module
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92110 13f79535-47bb-0310-9956-ffa450edef68

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92109 13f79535-47bb-0310-9956-ffa450edef68

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92100 13f79535-47bb-0310-9956-ffa450edef68

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92094 13f79535-47bb-0310-9956-ffa450edef68

c->conn_config
PR:
Obtained from:
Submitted by:
Reviewed by: rbb, madhu


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92093 13f79535-47bb-0310-9956-ffa450edef68

thread mutex routines for when we don't have APR_HAS_THREADS.

Submitted by:	Justin Erenkrantz
Reviewed by:	Aaron Bannert


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92061 13f79535-47bb-0310-9956-ffa450edef68

interact badly with makefile dependency generators, too.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92059 13f79535-47bb-0310-9956-ffa450edef68

request data from the client.
PR:
Obtained from:
Submitted by:	dougm
Reviewed by:	wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@92043 13f79535-47bb-0310-9956-ffa450edef68

(only converting INTRAPROCESS locks at this time).

I don't see how this used to work, which also means I'm not entirely
sure if it works now. It really didn't look like it was allocating
the correct size before. It compiles and SSL still works in my limited
tests, but I'd appreciate a second opinion.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91979 13f79535-47bb-0310-9956-ffa450edef68

it does not actually do the reading and writing to the network.  By
moving that filter to in between CONNECTION and NETWORK filters, we ensure
that SSL is always called before the core.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91969 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91966 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91961 13f79535-47bb-0310-9956-ffa450edef68

I'm going to remove it until I or someone else can come up with a better
way to check for and link against libssl and libcrypto for mod_ssl.so.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91950 13f79535-47bb-0310-9956-ffa450edef68

need to set SSLFilterRec.pssl = NULL when ssl_hook_CloseConnection is called
otherwise, ap_lingering_close -> ap_flush_conn will call ssl_io_filter_Output
which thinks it can still use the SSLFilterRec.pssl
PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91886 13f79535-47bb-0310-9956-ffa450edef68

Submitted by:	Madhu Mathihalli <madhusudan_mathihalli@hp.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91791 13f79535-47bb-0310-9956-ffa450edef68

into a local buffer.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91781 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91774 13f79535-47bb-0310-9956-ffa450edef68

  Fix a nasty GP fault... stop testing buckets after they are passed!!!


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91610 13f79535-47bb-0310-9956-ffa450edef68

  It is absolutely invalid practice to test 'prot' bits to determine if a
  file is readable.  The only acceptable means of testing readability is to
  open it for reading, due to discrepancies between permissions, DACLs and
  SACLS.  Even Linux hackers are gonna need to learn that lesson if they
  plan to do any DOD or Gov work once DACL-enhanced Linux is adopted.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91516 13f79535-47bb-0310-9956-ffa450edef68

Place a big-ass comment there so that whomever comes next isn't stuck
at a cryptic call that they don't understand with a dinky comment.
Hopefully, this makes sense.  Someone more familiar with OpenSSL should
verify the comment.

This fix also requires the normalize call to be performed before
churn_input so that we don't enter churn_input with a 0-length ctx->b
brigade.

All httpd-test tests (except for the module/negotiation test) pass now.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91442 13f79535-47bb-0310-9956-ffa450edef68

we shouldn't delete it.

Thanks to Doug for pointing out that something broke.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91441 13f79535-47bb-0310-9956-ffa450edef68

Hey, I've never seen it in actual use anywhere, so I didn't know.

Thanks to Roy for pointing it out.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91440 13f79535-47bb-0310-9956-ffa450edef68

changed some of the style issues within the filtering code to conform to
the rest of the server.

Various incarnations of this patch have been posted to dev@httpd without
feedback.  Now that it passes all of the httpd-test cases (with the
exception of module/negotiation test which fails without mod_ssl anyway),
it is time to check it in.

Please review and test.  We are under C-T-R rules, so I'm going to take
advantage of that and commit it now.  I have tested this about as much
as I can and it seems to work from everything I can give to it.
Considering that mod_ssl was broken before this commit, this is an
improvement.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91414 13f79535-47bb-0310-9956-ffa450edef68

to match churn_output.  =)

Yes, I'm slowly working on fixing mod_ssl...


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91289 13f79535-47bb-0310-9956-ffa450edef68

  BIO_write returns an int.  Whacha gonna do?  Kill the last non-ab warning.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91220 13f79535-47bb-0310-9956-ffa450edef68

Submitted by:	 Cody Sherr <csherr@covalent.net>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91074 13f79535-47bb-0310-9956-ffa450edef68

  I don't seriously expect this solves the segfault ... but it does make
  the code more legible, and protects particularly ugly unset values.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@90979 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@90802 13f79535-47bb-0310-9956-ffa450edef68

over an HTTPS connection.  This also adds an ap_remove_input_filter
function, which should be used to remove the SSL input filter in this
case, as soon as this code is stressed a bit more.

For right now, we are sending the same message that we used to send in
mod_ssl for Apache 1.3.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@90724 13f79535-47bb-0310-9956-ffa450edef68

  Toggle the /Zi flag to allow all supportd versions of VC (5, 6, 7) to
  build 'out of the box' in debugging mode.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@90686 13f79535-47bb-0310-9956-ffa450edef68

get/set/delete sessions using mod_ssl's callbacks
PR:
Obtained from:
Submitted by:   Madhusudan Mathihalli <madhusudan_mathihalli@hp.com>
Reviewed by:    dougm


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@90654 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@90653 13f79535-47bb-0310-9956-ffa450edef68

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@90645 13f79535-47bb-0310-9956-ffa450edef68