You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2021/09/17 12:18:41 UTC
svn commit: r1893399 - in /httpd/httpd/trunk:
changes-entries/md_pkeys_challenge_setup.txt modules/md/md_acme_authz.c
modules/md/md_version.h modules/md/mod_md.c modules/md/mod_md_drive.c
Author: icing
Date: Fri Sep 17 12:18:41 2021
New Revision: 1893399
URL: http://svn.apache.org/viewvc?rev=1893399&view=rev
Log:
*) mod_md: when MDMessageCmd for a 'challenge-setup:<type>:<dnsname>'
fails (!= 0 exit), the renewal process is aborted and an error is
reported for the MDomain. This provides scripts that distribute
information in a cluster to abort early with bothering an ACME
server to validate a dns name that will not work. The common
retry logic will make another attempt in the future, as with
other failures.
Fixed a bug when adding private key specs to an already working
MDomain, see <https://github.com/icing/mod_md/issues/260>.
Added:
httpd/httpd/trunk/changes-entries/md_pkeys_challenge_setup.txt
Modified:
httpd/httpd/trunk/modules/md/md_acme_authz.c
httpd/httpd/trunk/modules/md/md_version.h
httpd/httpd/trunk/modules/md/mod_md.c
httpd/httpd/trunk/modules/md/mod_md_drive.c
Added: httpd/httpd/trunk/changes-entries/md_pkeys_challenge_setup.txt
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/changes-entries/md_pkeys_challenge_setup.txt?rev=1893399&view=auto
==============================================================================
--- httpd/httpd/trunk/changes-entries/md_pkeys_challenge_setup.txt (added)
+++ httpd/httpd/trunk/changes-entries/md_pkeys_challenge_setup.txt Fri Sep 17 12:18:41 2021
@@ -0,0 +1,10 @@
+ *) mod_md: when MDMessageCmd for a 'challenge-setup:<type>:<dnsname>'
+ fails (!= 0 exit), the renewal process is aborted and an error is
+ reported for the MDomain. This provides scripts that distribute
+ information in a cluster to abort early with bothering an ACME
+ server to validate a dns name that will not work. The common
+ retry logic will make another attempt in the future, as with
+ other failures.
+ Fixed a bug when adding private key specs to an already working
+ MDomain, see <https://github.com/icing/mod_md/issues/260>.
+ [Stefan Eissing]
Modified: httpd/httpd/trunk/modules/md/md_acme_authz.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_acme_authz.c?rev=1893399&r1=1893398&r2=1893399&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md_acme_authz.c (original)
+++ httpd/httpd/trunk/modules/md/md_acme_authz.c Fri Sep 17 12:18:41 2021
@@ -275,7 +275,13 @@ static apr_status_t cha_http_01_setup(md
/* Raise event that challenge data has been set up before we tell the
ACME server. Clusters might want to distribute it. */
event = apr_psprintf(p, "challenge-setup:%s:%s", MD_AUTHZ_TYPE_HTTP01, authz->domain);
- md_result_holler(result, event, p);
+ rv = md_result_raise(result, event, p);
+ if (APR_SUCCESS != rv) {
+ md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p,
+ "%s: event '%s' failed. aborting challenge setup",
+ authz->domain, event);
+ goto out;
+ }
/* challenge is setup or was changed from previous data, tell ACME server
* so it may (re)try verification */
authz_req_ctx_init(&ctx, acme, NULL, authz, p);
Modified: httpd/httpd/trunk/modules/md/md_version.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_version.h?rev=1893399&r1=1893398&r2=1893399&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md_version.h (original)
+++ httpd/httpd/trunk/modules/md/md_version.h Fri Sep 17 12:18:41 2021
@@ -27,7 +27,7 @@
* @macro
* Version number of the md module as c string
*/
-#define MOD_MD_VERSION "2.4.6"
+#define MOD_MD_VERSION "2.4.7"
/**
* @macro
@@ -35,7 +35,7 @@
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_MD_VERSION_NUM 0x020406
+#define MOD_MD_VERSION_NUM 0x020407
#define MD_ACME_DEF_URL "https://acme-v02.api.letsencrypt.org/directory"
Modified: httpd/httpd/trunk/modules/md/mod_md.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/mod_md.c?rev=1893399&r1=1893398&r2=1893399&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/mod_md.c (original)
+++ httpd/httpd/trunk/modules/md/mod_md.c Fri Sep 17 12:18:41 2021
@@ -1154,6 +1154,12 @@ static apr_status_t get_certificates(ser
APR_ARRAY_PUSH(key_files, const char*) = keyfile;
APR_ARRAY_PUSH(chain_files, const char*) = chainfile;
}
+ else if (APR_STATUS_IS_ENOENT(rv)) {
+ /* certificate for this pkey is not available, others might
+ * if pkeys have been added for a runnign mdomain.
+ * see issue #260 */
+ rv = APR_SUCCESS;
+ }
else if (!APR_STATUS_IS_ENOENT(rv)) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(10110)
"retrieving credentials for MD %s (%s)",
@@ -1202,6 +1208,9 @@ leave:
*pkey_files = key_files;
*pcert_files = chain_files;
}
+ else if (APR_SUCCESS == rv) {
+ rv = APR_ENOENT;
+ }
return rv;
}
Modified: httpd/httpd/trunk/modules/md/mod_md_drive.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/mod_md_drive.c?rev=1893399&r1=1893398&r2=1893399&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/mod_md_drive.c (original)
+++ httpd/httpd/trunk/modules/md/mod_md_drive.c Fri Sep 17 12:18:41 2021
@@ -137,6 +137,7 @@ static void process_drive_job(md_renew_c
}
if (!job->notified_renewed) {
+ md_job_save(job, result, ptemp);
md_job_notify(job, "renewed", result);
}
}