You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Yann Ylavic <yl...@gmail.com> on 2017/12/19 22:58:10 UTC
Re: svn commit: r1818725 - /httpd/httpd/trunk/modules/md/md_acme_drive.c
On Tue, Dec 19, 2017 at 11:39 PM, <yl...@apache.org> wrote:
>
> --- httpd/httpd/trunk/modules/md/md_acme_drive.c (original)
> +++ httpd/httpd/trunk/modules/md/md_acme_drive.c Tue Dec 19 22:39:03 2017
> @@ -566,18 +566,11 @@ static apr_status_t get_chain(void *bato
> {
> md_proto_driver_t *d = baton;
> md_acme_driver_t *ad = d->baton;
> - md_cert_t *cert;
> const char *prev_link = NULL;
> apr_status_t rv = APR_SUCCESS;
>
> while (APR_SUCCESS == rv && ad->chain->nelts < 10) {
> int nelts = ad->chain->nelts;
> - if (ad->chain && nelts > 0) {
> - cert = APR_ARRAY_IDX(ad->chain, nelts - 1, md_cert_t *);
> - }
> - else {
> - cert = ad->cert;
> - }
Stefan, was 'cert' intended for a particular (future) use or is it a
remainder of some deleted code?
In the latter case, I'd merge this commit in ^/branches/2.4.x-mod_md,
otherwise I'll let you take care of it :)
Regards,
Yann.
Re: svn commit: r1818725 -
/httpd/httpd/trunk/modules/md/md_acme_drive.c
Posted by Stefan Eissing <st...@greenbytes.de>.
Ah, had not merged it yet, but have now, including the license comment
work done by Jim. Thanks Jim and Yann.
> Am 20.12.2017 um 20:50 schrieb Stefan Eissing <st...@greenbytes.de>:
>
> Hi Yann,
>
> thanks for the cleanup, should already be merged to 2.4.x. The code
> was a leftover from earlier cert chain retrieval that actually looked
> at the cert issuer url.
>
> However, as Let's Encrypt pointed out to me, they offer a Link header
> for this which they hold back when the issuing cert that is trusted
> by clients has been reached. That gives shorter cert chains.
>
> Cheers,
>
> Stefan
>
>> Am 19.12.2017 um 23:58 schrieb Yann Ylavic <yl...@gmail.com>:
>>
>> On Tue, Dec 19, 2017 at 11:39 PM, <yl...@apache.org> wrote:
>>>
>>> --- httpd/httpd/trunk/modules/md/md_acme_drive.c (original)
>>> +++ httpd/httpd/trunk/modules/md/md_acme_drive.c Tue Dec 19 22:39:03 2017
>>> @@ -566,18 +566,11 @@ static apr_status_t get_chain(void *bato
>>> {
>>> md_proto_driver_t *d = baton;
>>> md_acme_driver_t *ad = d->baton;
>>> - md_cert_t *cert;
>>> const char *prev_link = NULL;
>>> apr_status_t rv = APR_SUCCESS;
>>>
>>> while (APR_SUCCESS == rv && ad->chain->nelts < 10) {
>>> int nelts = ad->chain->nelts;
>>> - if (ad->chain && nelts > 0) {
>>> - cert = APR_ARRAY_IDX(ad->chain, nelts - 1, md_cert_t *);
>>> - }
>>> - else {
>>> - cert = ad->cert;
>>> - }
>>
>> Stefan, was 'cert' intended for a particular (future) use or is it a
>> remainder of some deleted code?
>> In the latter case, I'd merge this commit in ^/branches/2.4.x-mod_md,
>> otherwise I'll let you take care of it :)
>>
>>
>> Regards,
>> Yann.
>
Re: svn commit: r1818725 -
/httpd/httpd/trunk/modules/md/md_acme_drive.c
Posted by Stefan Eissing <st...@greenbytes.de>.
Hi Yann,
thanks for the cleanup, should already be merged to 2.4.x. The code
was a leftover from earlier cert chain retrieval that actually looked
at the cert issuer url.
However, as Let's Encrypt pointed out to me, they offer a Link header
for this which they hold back when the issuing cert that is trusted
by clients has been reached. That gives shorter cert chains.
Cheers,
Stefan
> Am 19.12.2017 um 23:58 schrieb Yann Ylavic <yl...@gmail.com>:
>
> On Tue, Dec 19, 2017 at 11:39 PM, <yl...@apache.org> wrote:
>>
>> --- httpd/httpd/trunk/modules/md/md_acme_drive.c (original)
>> +++ httpd/httpd/trunk/modules/md/md_acme_drive.c Tue Dec 19 22:39:03 2017
>> @@ -566,18 +566,11 @@ static apr_status_t get_chain(void *bato
>> {
>> md_proto_driver_t *d = baton;
>> md_acme_driver_t *ad = d->baton;
>> - md_cert_t *cert;
>> const char *prev_link = NULL;
>> apr_status_t rv = APR_SUCCESS;
>>
>> while (APR_SUCCESS == rv && ad->chain->nelts < 10) {
>> int nelts = ad->chain->nelts;
>> - if (ad->chain && nelts > 0) {
>> - cert = APR_ARRAY_IDX(ad->chain, nelts - 1, md_cert_t *);
>> - }
>> - else {
>> - cert = ad->cert;
>> - }
>
> Stefan, was 'cert' intended for a particular (future) use or is it a
> remainder of some deleted code?
> In the latter case, I'd merge this commit in ^/branches/2.4.x-mod_md,
> otherwise I'll let you take care of it :)
>
>
> Regards,
> Yann.