Re: Bug#269499: apache-ssl: SSL log directives don't work?
tag 269499 moreinfo
stop
On Wed, 1 Sep 2004, Rafael D'Halleweyn wrote:
Package: apache-ssl
Version: 1.3.31-5
Severity: important
The SSL log directives don't work for me, I only get a '+' in the logs.
Looking at the source in src/modules/standard/mod_log_config.c, I see
that the '%{clientcert}c' log directive is actually handled by
log_connection_status since it appears in the log_item_keys array before
log_ssl_info (and find_log_func matches on the first entry).
So, as far as I understand, the '+' in the logs is the 'status of the
connection'.
Since '%c' is the same as '%X', the '%c' directive should probably be
removed.
please attach you config files.
Fabio
--
user fajita: step one
fajita Whatever the problem, step one is always to look in the error log.
user fajita: step two
fajita When in danger or in doubt, step two is to scream and shout.
Processed: Re: Bug#269499: apache-ssl: SSL log directives don't work?
Processing commands for [EMAIL PROTECTED]: tag 269499 moreinfo Bug#269499: apache-ssl: SSL log directives don't work? There were no tags set. Tags added: moreinfo stop Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Re: Bug#269499: apache-ssl: SSL log directives don't work?
On Thu, 2004-09-02 at 06:41 +0200, Fabio Massimo Di Nitto wrote:
please attach you config files.
See attached. conf.d only contains the configlet for gallery.
I am looking at the contents of the ssl.log file, which contains:
[31/Aug/2004:17:52:43 -0400] + + +
ssl.log is defined as:
CustomLog /var/log/apache-ssl/ssl.log %t %{version}c %{cipher}c %
{clientcert}c
BTW. I removed { 'c', log_connection_status, 0 } from the
log_item_keys array in mod_log_config.c and I am now getting the logs
that I expect.
Thanks,
Raf.
##
## httpd.conf -- Apache HTTP server configuration file
##
ServerType standalone
ServerRoot /etc/apache-ssl
LockFile /var/lock/apache-ssl.lock
PidFile /var/run/apache-ssl.pid
ScoreBoardFile /var/run/apache-ssl.scoreboard
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 100
Listen 563
Port 563
#BindAddress *
Include /etc/apache-ssl/modules.conf
User www-data
Group www-data
ServerAdmin [EMAIL PROTECTED]
ServerName .
#SSLNoV2
SSLRandomFile file /dev/urandom 1024
SSLRandomFilePerConnection file /dev/urandom 1024
SSLEnable
SSLCacheServerPath /usr/lib/apache-ssl/gcache
SSLCacheServerPort /var/run/gcache_port
SSLSessionCacheTimeout 15
SSLCACertificatePath /etc/apache-ssl/ssl
SSLCACertificateFile /etc/apache-ssl/ssl/cacert.pem
SSLCertificateFile /etc/apache-ssl/ssl/cert.pem
SSLCertificateKeyFile /etc/apache-ssl/ssl/key.pem
SSLVerifyClient 2
SSLVerifyDepth 2
#SSLFakeBasicAuth
#SSLUseCRL
#SSLCRLCheckAll
SSLRequiredCiphers RC4-MD5:RC4-SHA:IDEA-CBC-MD5:DES-CBC3-SHA
DocumentRoot /home/www
Directory /
#Options SymLinksIfOwnerMatch
AllowOverride All
/Directory
Directory /home/www/
#Options Indexes Includes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
/Directory
IfModule mod_dir.c
DirectoryIndex index.html index.htm index.shtml index.php
/IfModule
AccessFileName .htaccess
Files ~ ^\.ht
Order allow,deny
Deny from all
/Files
UseCanonicalName Off
TypesConfig /etc/mime.types
DefaultType text/plain
HostnameLookups Off
ErrorLog /var/log/apache-ssl/error.log
LogLevel warn
LogFormat %h %l \%u\ %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\
\%{forensic-id}n\ %T %v full
LogFormat %h %l \%u\ %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\
\%{forensic-id}n\ %P %T debug
LogFormat %h %l \%u\ %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\
\%{forensic-id}n\ \%{clientcert}c\ combined
LogFormat %h %l \%u\ %t \%r\ %s %b \%{forensic-id}n forensic
LogFormat %h %l \%u\ %t \%r\ %s %b common
LogFormat %{Referer}i - %U referer
LogFormat %{User-agent}i agent
CustomLog /var/log/apache-ssl/access.log combined
ServerSignature Off
ServerTokens Prod
IfModule mod_mime.c
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz
AddType application/x-tar .tgz
AddType image/bmp .bmp
AddType text/x-hdml .hdml
/IfModule
IfModule mod_bandwidth.c
# BandWidthDataDir /var/lib/apache/mod-bandwidth/
BandWidthModule On
BandWidth 172.18.43.4 0
BandWidth all 40960
LargeFileLimit 25 20480
LargeFileLimit 250 10240
/IfModule
AddDefaultCharset on
CustomLog /var/log/apache-ssl/ssl.log %t %{version}c %{cipher}c %{clientcert}c
Include /etc/apache-ssl/conf.d
# Autogenerated file - do not edit!
# This file is maintained by the apache-ssl package.
# To update it, run the command:
#/usr/sbin/apache-modconf apache-ssl
ClearModuleList
AddModule mod_so.c
AddModule mod_macro.c
LoadModule config_log_module /usr/lib/apache/1.3/mod_log_config_ssl.so
LoadModule agent_log_module /usr/lib/apache/1.3/mod_log_agent.so
LoadModule referer_log_module /usr/lib/apache/1.3/mod_log_referer.so
LoadModule mime_module /usr/lib/apache/1.3/mod_mime_ssl.so
LoadModule dir_module /usr/lib/apache/1.3/mod_dir.so
LoadModule alias_module /usr/lib/apache/1.3/mod_alias.so
LoadModule access_module /usr/lib/apache/1.3/mod_access.so
LoadModule expires_module /usr/lib/apache/1.3/mod_expires.so
LoadModule apache_ssl_module /usr/lib/apache/1.3/libssl.so
LoadModule auth_module /usr/lib/apache/1.3/mod_auth_ssl.so
LoadModule bandwidth_module /usr/lib/apache/1.3/mod_bandwidth.so
LoadModule php4_module /usr/lib/apache/1.3/libphp4.so
Bug#269499: apache-ssl: SSL log directives don't work?
Package: apache-ssl
Version: 1.3.31-5
Severity: important
The SSL log directives don't work for me, I only get a '+' in the logs.
Looking at the source in src/modules/standard/mod_log_config.c, I see
that the '%{clientcert}c' log directive is actually handled by
log_connection_status since it appears in the log_item_keys array before
log_ssl_info (and find_log_func matches on the first entry).
So, as far as I understand, the '+' in the logs is the 'status of the
connection'.
Since '%c' is the same as '%X', the '%c' directive should probably be
removed.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-rc1+bigboy
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8
Versions of packages apache-ssl depends on:
ii apache-common 1.3.31-5 Support files for all Apache webse
ii debconf 1.4.32 Debian configuration management sy
ii dpkg1.10.23 Package maintenance system for Deb
ii libc6 2.3.2.ds1-16 GNU C Library: Shared libraries an
ii libdb4.24.2.52-17Berkeley v4.2 Database Libraries [
ii libexpat1 1.95.6-8 XML parsing C library - runtime li
ii libmagic1 4.10-3 File type determination library us
ii libssl0.9.7 0.9.7d-5 SSL shared libraries
ii logrotate 3.7-2Log rotation utility
ii mime-support3.28-1 MIME files 'mime.types' 'mailcap
ii openssl 0.9.7d-5 Secure Socket Layer (SSL) binary a
ii perl5.8.4-2 Larry Wall's Practical Extraction
ii ssl-cert1.0-8Simple debconf wrapper for openssl
-- debconf information:
* apache-ssl/server-name: www.dhalleweyn.com
* apache-ssl/server-admin: [EMAIL PROTECTED]
* apache-ssl/enable-suexec: false
* apache-ssl/init: true
* apache-ssl/document-root: /home/www
