On Mon, May 17, 2021 at 8:47 AM Stefan Eissing <[email protected]> wrote: > > With possibly multiple SSL modules active in our server, I am looking what to > do about the logging configuration. > > The current situation: mod_ssl registers log handler for tags "x" and "c". > Those do > - "x" does a lookup of the SSL_* variable name > - "c" does a shorthand translation of 6 variables names to the ones available > via "x". In addition it gives "-" as value for "errcode" and the client > verification error for "errstr". > > The problem is that there can only be one(!) handler registered for a tag. > > Now "x" can be easily done in mod_log_config itself now what we have > ap_ssl_var_lookup() in the core server. This means we can move that code from > mod_ssl to mod_log_config.
+1 > To make the "c" handler work in core, we can also move the code from mod_ssl > to mod_log_config. But we need to define a variable name for the "errstr", > for example as "SSL_CLIENT_VERIFY_ERRSTR" which mod_ssl needs to supply then. If you mean ssl_var_lookup would handle "SSL_CLIENT_VERIFY_ERRSTR" +1
