You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2022/02/08 12:28:37 UTC
svn commit: r1897865 - in /httpd/httpd/branches/2.4.x: ./ changes-entries/md_ignore_http_challenges.txt modules/md/mod_md.c
Author: icing
Date: Tue Feb 8 12:28:37 2022
New Revision: 1897865
URL: http://svn.apache.org/viewvc?rev=1897865&view=rev
Log:
* mod_md) do not interfere with requests to /.well-known/acme-challenge/
resources if challenge type 'http-01' is not configured for a domain.
Fixes <https://github.com/icing/mod_md/issues/279>.
Added:
httpd/httpd/branches/2.4.x/changes-entries/md_ignore_http_challenges.txt
- copied unchanged from r1897863, httpd/httpd/trunk/changes-entries/md_ignore_http_challenges.txt
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/modules/md/mod_md.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1897863
Modified: httpd/httpd/branches/2.4.x/modules/md/mod_md.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/mod_md.c?rev=1897865&r1=1897864&r2=1897865&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/mod_md.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/mod_md.c Tue Feb 8 12:28:37 2022
@@ -1359,6 +1359,15 @@ static int md_http_challenge_pr(request_
name = r->parsed_uri.path + sizeof(ACME_CHALLENGE_PREFIX)-1;
reg = sc && sc->mc? sc->mc->reg : NULL;
+ if (md && md->ca_challenges
+ && md_array_str_index(md->ca_challenges, MD_AUTHZ_CHA_HTTP_01, 0, 1) < 0) {
+ /* The MD this challenge is for does not allow http-01 challanges,
+ * we have to decline. See #279 for a setup example where this
+ * is necessary.
+ */
+ return DECLINED;
+ }
+
if (strlen(name) && !ap_strchr_c(name, '/') && reg) {
md_store_t *store = md_reg_store_get(reg);