You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2017/12/14 11:45:56 UTC
svn commit: r1818120 - in /httpd/httpd/trunk: CHANGES modules/md/md_acme.c
modules/md/md_version.h modules/md/mod_md_config.c
Author: icing
Date: Thu Dec 14 11:45:56 2017
New Revision: 1818120
URL: http://svn.apache.org/viewvc?rev=1818120&view=rev
Log:
On the trunk:
mod_md: fixed backward compatibility to old <ManagedDomain configuration.
Add higher level WARNING log when initial request to ACME server fails, mentioning
some advice.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/md/md_acme.c
httpd/httpd/trunk/modules/md/md_version.h
httpd/httpd/trunk/modules/md/mod_md_config.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1818120&r1=1818119&r2=1818120&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu Dec 14 11:45:56 2017
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_md: fixed backward compatibility to old <ManagedDomain configuration.
+ Add higher level WARNING log when initial request to ACME server fails, mentioning
+ some advice. [Stefan Eissing]
+
*) mod_ldap: Fix a case where a full LDAP cache would continually fail to
purge old entries and log AH01323. PR61891.
[Hendrik Harms <hendrik.harms gmail.com>]
Modified: httpd/httpd/trunk/modules/md/md_acme.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_acme.c?rev=1818120&r1=1818119&r2=1818120&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md_acme.c (original)
+++ httpd/httpd/trunk/modules/md/md_acme.c Thu Dec 14 11:45:56 2017
@@ -154,6 +154,16 @@ apr_status_t md_acme_setup(md_acme_t *ac
}
rv = APR_EINVAL;
}
+ else {
+ md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, 0, acme->p, "unsuccessful in contacting ACME "
+ "server at %s. If this problem persists, please check your network "
+ "connectivity from your Apache server to the ACME server. Also, older "
+ "servers might have trouble verifying the certificates of the ACME "
+ "server. You can check if you are able to contact it manually via the "
+ "curl command. Sometimes, the ACME server might be down for maintenance, "
+ "so failing to contact it is not an immediate problem. mod_md will "
+ "continue retrying this.", acme->url);
+ }
return rv;
}
@@ -379,6 +389,8 @@ static apr_status_t md_acme_req_send(md_
}
if (!acme->nonce) {
if (APR_SUCCESS != (rv = md_acme_new_nonce(acme))) {
+ md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, rv, req->p,
+ "error retrieving new nonce from ACME server");
return rv;
}
}
Modified: httpd/httpd/trunk/modules/md/md_version.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_version.h?rev=1818120&r1=1818119&r2=1818120&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md_version.h (original)
+++ httpd/httpd/trunk/modules/md/md_version.h Thu Dec 14 11:45:56 2017
@@ -26,7 +26,7 @@
* @macro
* Version number of the md module as c string
*/
-#define MOD_MD_VERSION "1.1.0-git"
+#define MOD_MD_VERSION "1.1.1"
/**
* @macro
@@ -34,7 +34,7 @@
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_MD_VERSION_NUM 0x010100
+#define MOD_MD_VERSION_NUM 0x010101
#define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory"
Modified: httpd/httpd/trunk/modules/md/mod_md_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/mod_md_config.c?rev=1818120&r1=1818119&r2=1818120&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/mod_md_config.c (original)
+++ httpd/httpd/trunk/modules/md/mod_md_config.c Thu Dec 14 11:45:56 2017
@@ -31,7 +31,9 @@
#include "mod_md_config.h"
#define MD_CMD_MD "MDomain"
+#define MD_CMD_OLD_MD "ManagedDomain"
#define MD_CMD_MD_SECTION "<MDomainSet"
+#define MD_CMD_MD_OLD_SECTION "<ManagedDomain"
#define MD_CMD_CA "MDCertificateAuthority"
#define MD_CMD_CAAGREEMENT "MDCertificateAgreement"
#define MD_CMD_CACHALLENGES "MDCAChallenges"
@@ -221,10 +223,14 @@ static int inside_section(cmd_parms *cmd
return 0;
}
-static const char *md_section_check(cmd_parms *cmd, const char *section) {
- if (!inside_section(cmd, section)) {
- return apr_pstrcat(cmd->pool, cmd->cmd->name, " is only valid inside a '",
- section, "' context, not here", NULL);
+static int inside_md_section(cmd_parms *cmd) {
+ return (inside_section(cmd, MD_CMD_MD_SECTION) || inside_section(cmd, MD_CMD_MD_OLD_SECTION));
+}
+
+static const char *md_section_check(cmd_parms *cmd) {
+ if (!inside_md_section(cmd)) {
+ return apr_pstrcat(cmd->pool, cmd->cmd->name, " is only valid inside a '",
+ MD_CMD_MD_SECTION, "' context, not here", NULL);
}
return NULL;
}
@@ -319,7 +325,7 @@ static const char *md_config_sec_add_mem
int i;
(void)dc;
- if (NULL != (err = md_section_check(cmd, MD_CMD_MD_SECTION))) {
+ if (NULL != (err = md_section_check(cmd))) {
if (argc == 1) {
/* only these values are allowed outside a section */
return set_transitive(&sc->transitive, argv[0]);
@@ -382,8 +388,7 @@ static const char *md_config_set_ca(cmd_
const char *err;
(void)dc;
- if (!inside_section(cmd, MD_CMD_MD_SECTION)
- && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
+ if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
}
sc->ca_url = value;
@@ -396,8 +401,7 @@ static const char *md_config_set_ca_prot
const char *err;
(void)dc;
- if (!inside_section(cmd, MD_CMD_MD_SECTION)
- && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
+ if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
}
config->ca_proto = value;
@@ -410,8 +414,7 @@ static const char *md_config_set_agreeme
const char *err;
(void)dc;
- if (!inside_section(cmd, MD_CMD_MD_SECTION)
- && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
+ if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
}
config->ca_agreement = value;
@@ -438,8 +441,7 @@ static const char *md_config_set_drive_m
return apr_pstrcat(cmd->pool, "unknown MDDriveMode ", value, NULL);
}
- if (!inside_section(cmd, MD_CMD_MD_SECTION)
- && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
+ if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
}
config->drive_mode = drive_mode;
@@ -452,8 +454,7 @@ static const char *md_config_set_must_st
const char *err;
(void)dc;
- if (!inside_section(cmd, MD_CMD_MD_SECTION)
- && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
+ if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
}
@@ -476,8 +477,7 @@ static const char *md_config_set_require
const char *err;
(void)dc;
- if (!inside_section(cmd, MD_CMD_MD_SECTION)
- && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
+ if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
}
@@ -559,7 +559,7 @@ static const char *md_config_set_renew_w
int percent = 0;
(void)dc;
- if (!inside_section(cmd, MD_CMD_MD_SECTION)
+ if (!inside_md_section(cmd)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
}
@@ -676,7 +676,7 @@ static const char *md_config_set_cha_tye
int i;
(void)dc;
- if (!inside_section(cmd, MD_CMD_MD_SECTION)
+ if (!inside_md_section(cmd)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
}
@@ -701,7 +701,7 @@ static const char *md_config_set_pkeys(c
apr_int64_t bits;
(void)dc;
- if (!inside_section(cmd, MD_CMD_MD_SECTION)
+ if (!inside_md_section(cmd)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
}
@@ -817,10 +817,10 @@ const command_rec md_cmds[] = {
"set the command to run when signup/renew of domain is complete."),
/* This will disappear soon */
- AP_INIT_TAKE_ARGV( "ManagedDomain", md_config_set_names_old, NULL, RSRC_CONF,
+ AP_INIT_TAKE_ARGV( MD_CMD_OLD_MD, md_config_set_names_old, NULL, RSRC_CONF,
"Deprecated, replace with 'MDomain'."),
- AP_INIT_RAW_ARGS( "<ManagedDomain", md_config_sec_start_old, NULL, RSRC_CONF,
- "Deprecated, replace with 'MDomainSet'."),
+ AP_INIT_RAW_ARGS( MD_CMD_MD_OLD_SECTION, md_config_sec_start_old, NULL, RSRC_CONF,
+ "Deprecated, replace with '<MDomainSet'."),
/* */
AP_INIT_TAKE1(NULL, NULL, NULL, RSRC_CONF, NULL)