On Wed, May 15, 2002 at 08:11:07AM -0400, Jeff Trawick wrote:
> If you look at ssl_log(), you'll find some pretty extensive support
> for special features that ap_log_[r]error() and apr_strerror()
> probably shouldn't ever have to know about.
>
> Consider the SSL_ADD_SSLERR flag... It leads to a lookup and log
True. I was looking at it last night and the SSL_ADD_SSLERR flag
is the one that worries me the most. Perhaps we should add a
helper function that just logs the SSL error and annotation via
ap_log_error()? So, the module could do:
ap_log_error(APLOG_MARK, APLOG_ERR, rv, c->base_server,
"Something bad happened. Details follow.");
ssl_log_sslerr(c->base_server);
where ssl_log_ssl_err() does something like:
{
unsigned long e;
char *err, *annotation;
e = ERR_get_error();
err = ERR_error_string(e, NULL);
annotation = ssl_log_annotation(e);
ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s,
"SSL Library Error: %ld %s %s", e, err, annotation);
}
(BTW, ssl_log_annotation should be modified to return the static
string "" if it can't find an annotation.)
I'd much prefer splitting it out in some manner like this rather
than keeping the ssl_log function. The ssl_log function is horrific.
What do you think? -- justin
