From 316bd8cab0ab97335f2b0e36c3a240ff7967ed1a Mon Sep 17 00:00:00 2001
From: Paul Querna <chip@outoforder.cc>
Date: Fri, 22 Apr 2005 01:29:13 +0000
Subject: - remove more debug logging.

- fix a crash by changing the certificate structure *after* starting the handshake. 

---
diff --git a/src/gnutls_cache.c b/src/gnutls_cache.c
index 91e6ec9..eaeeea6 100644
--- a/src/gnutls_cache.c
+++ b/src/gnutls_cache.c
@@ -209,11 +209,12 @@ static gnutls_datum_t mc_cache_fetch(void* baton, gnutls_datum_t key)
                            &value, &value_len, NULL);
 
     if (rv != APR_SUCCESS) {
+#if MOD_GNUTLS_DEBUG
         ap_log_error(APLOG_MARK, APLOG_DEBUG, rv,
                      ctxt->c->base_server,
                      "[gnutls_cache] error fetching key '%s' ",
                      strkey);
-
+#endif
         data.size = 0;
         data.data = NULL;
         return data;
diff --git a/src/gnutls_io.c b/src/gnutls_io.c
index 5e0c4ef..dee2c4f 100644
--- a/src/gnutls_io.c
+++ b/src/gnutls_io.c
@@ -381,10 +381,15 @@ tryagain:
                       gnutls_strerror(ret));
             goto tryagain;
         }
-
-        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
+#if USING_2_1_RECENT
+        ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, ctxt->c,
                      "GnuTLS: Handshake Failed (%d) '%s'", ret,
                       gnutls_strerror(ret));
+#else
+        ap_log_error(APLOG_MARK, APLOG_ERR, 0, ctxt->c->base_server,
+                     "GnuTLS: Handshake Failed (%d) '%s'", ret,
+                     gnutls_strerror(ret));
+#endif
         ctxt->status = -1;
         gnutls_alert_send(ctxt->session, GNUTLS_AL_FATAL, 
                           gnutls_error_to_alert(ret, NULL));
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index cb81a26..681411b 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -294,7 +294,6 @@ static apr_port_t mod_gnutls_hook_default_port(const request_rec * r)
 
 static void mod_gnutls_changed_servers(mod_gnutls_handle_t *ctxt)
 {
-    gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, ctxt->sc->certs);
     gnutls_certificate_server_set_request(ctxt->session, ctxt->sc->client_verify_mode);
 }
 
@@ -479,9 +478,11 @@ static mod_gnutls_handle_t* create_gnutls_handle(apr_pool_t* pool, conn_rec * c)
     gnutls_certificate_type_set_priority(ctxt->session, sc->cert_types);
 
     mod_gnutls_cache_session_init(ctxt);
+    
+    gnutls_credentials_set(ctxt->session, GNUTLS_CRD_CERTIFICATE, ctxt->sc->certs);
 
     gnutls_certificate_server_set_retrieve_function(sc->certs, cert_retrieve_fn);
-
+    
     mod_gnutls_changed_servers(ctxt);
     return ctxt;
 }
@@ -838,7 +839,7 @@ int mod_gnutls_hook_authz(request_rec *r)
 
     if (dc->client_verify_mode == GNUTLS_CERT_IGNORE) {
         ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, 
-                      "GnuTLS: Ignoring Client Certificate!");
+                      "GnuTLS: Directory set to Ignore Client Certificate!");
         return DECLINED;
     }
 
@@ -855,8 +856,10 @@ int mod_gnutls_hook_authz(request_rec *r)
         }
     }
     else if (ctxt->sc->client_verify_mode == GNUTLS_CERT_IGNORE) {
+#if MOD_GNUTLS_DEBUG
         ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 
                       "GnuTLS: Peer is set to IGNORE");
+#endif
         return DECLINED;
     }
     
--
cgit v0.9.2