You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Yann Ylavic <yl...@gmail.com> on 2017/12/19 22:58:10 UTC

Re: svn commit: r1818725 - /httpd/httpd/trunk/modules/md/md_acme_drive.c

On Tue, Dec 19, 2017 at 11:39 PM,  <yl...@apache.org> wrote:
>
> --- httpd/httpd/trunk/modules/md/md_acme_drive.c (original)
> +++ httpd/httpd/trunk/modules/md/md_acme_drive.c Tue Dec 19 22:39:03 2017
> @@ -566,18 +566,11 @@ static apr_status_t get_chain(void *bato
>  {
>      md_proto_driver_t *d = baton;
>      md_acme_driver_t *ad = d->baton;
> -    md_cert_t *cert;
>      const char *prev_link = NULL;
>      apr_status_t rv = APR_SUCCESS;
>
>      while (APR_SUCCESS == rv && ad->chain->nelts < 10) {
>          int nelts = ad->chain->nelts;
> -        if (ad->chain && nelts > 0) {
> -            cert = APR_ARRAY_IDX(ad->chain, nelts - 1, md_cert_t *);
> -        }
> -        else {
> -            cert = ad->cert;
> -        }

Stefan, was 'cert' intended for a particular (future) use or is it a
remainder of some deleted code?
In the latter case, I'd merge this commit in ^/branches/2.4.x-mod_md,
otherwise I'll let you take care of it :)


Regards,
Yann.

Re: svn commit: r1818725 - /httpd/httpd/trunk/modules/md/md_acme_drive.c

Posted by Stefan Eissing <st...@greenbytes.de>.

Ah, had not merged it yet, but have now, including the license comment
work done by Jim. Thanks Jim and Yann.

> Am 20.12.2017 um 20:50 schrieb Stefan Eissing <st...@greenbytes.de>:
> 
> Hi Yann,
> 
> thanks for the cleanup, should already be merged to 2.4.x. The code
> was a leftover from earlier cert chain retrieval that actually looked
> at the cert issuer url.
> 
> However, as Let's Encrypt pointed out to me, they offer a Link header
> for this which they hold back when the issuing cert that is trusted
> by clients has been reached. That gives shorter cert chains.
> 
> Cheers,
> 
> Stefan
> 
>> Am 19.12.2017 um 23:58 schrieb Yann Ylavic <yl...@gmail.com>:
>> 
>> On Tue, Dec 19, 2017 at 11:39 PM,  <yl...@apache.org> wrote:
>>> 
>>> --- httpd/httpd/trunk/modules/md/md_acme_drive.c (original)
>>> +++ httpd/httpd/trunk/modules/md/md_acme_drive.c Tue Dec 19 22:39:03 2017
>>> @@ -566,18 +566,11 @@ static apr_status_t get_chain(void *bato
>>> {
>>>    md_proto_driver_t *d = baton;
>>>    md_acme_driver_t *ad = d->baton;
>>> -    md_cert_t *cert;
>>>    const char *prev_link = NULL;
>>>    apr_status_t rv = APR_SUCCESS;
>>> 
>>>    while (APR_SUCCESS == rv && ad->chain->nelts < 10) {
>>>        int nelts = ad->chain->nelts;
>>> -        if (ad->chain && nelts > 0) {
>>> -            cert = APR_ARRAY_IDX(ad->chain, nelts - 1, md_cert_t *);
>>> -        }
>>> -        else {
>>> -            cert = ad->cert;
>>> -        }
>> 
>> Stefan, was 'cert' intended for a particular (future) use or is it a
>> remainder of some deleted code?
>> In the latter case, I'd merge this commit in ^/branches/2.4.x-mod_md,
>> otherwise I'll let you take care of it :)
>> 
>> 
>> Regards,
>> Yann.
>

Re: svn commit: r1818725 - /httpd/httpd/trunk/modules/md/md_acme_drive.c

Posted by Stefan Eissing <st...@greenbytes.de>.

Hi Yann,

thanks for the cleanup, should already be merged to 2.4.x. The code
was a leftover from earlier cert chain retrieval that actually looked
at the cert issuer url.

However, as Let's Encrypt pointed out to me, they offer a Link header
for this which they hold back when the issuing cert that is trusted
by clients has been reached. That gives shorter cert chains.

Cheers,

Stefan

> Am 19.12.2017 um 23:58 schrieb Yann Ylavic <yl...@gmail.com>:
> 
> On Tue, Dec 19, 2017 at 11:39 PM,  <yl...@apache.org> wrote:
>> 
>> --- httpd/httpd/trunk/modules/md/md_acme_drive.c (original)
>> +++ httpd/httpd/trunk/modules/md/md_acme_drive.c Tue Dec 19 22:39:03 2017
>> @@ -566,18 +566,11 @@ static apr_status_t get_chain(void *bato
>> {
>>     md_proto_driver_t *d = baton;
>>     md_acme_driver_t *ad = d->baton;
>> -    md_cert_t *cert;
>>     const char *prev_link = NULL;
>>     apr_status_t rv = APR_SUCCESS;
>> 
>>     while (APR_SUCCESS == rv && ad->chain->nelts < 10) {
>>         int nelts = ad->chain->nelts;
>> -        if (ad->chain && nelts > 0) {
>> -            cert = APR_ARRAY_IDX(ad->chain, nelts - 1, md_cert_t *);
>> -        }
>> -        else {
>> -            cert = ad->cert;
>> -        }
> 
> Stefan, was 'cert' intended for a particular (future) use or is it a
> remainder of some deleted code?
> In the latter case, I'd merge this commit in ^/branches/2.4.x-mod_md,
> otherwise I'll let you take care of it :)
> 
> 
> Regards,
> Yann.