You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2021/07/20 13:07:54 UTC
svn commit: r1891685 - in /httpd/httpd/branches/2.4.x: ./
changes-entries/md_2_4_4_fixes.txt modules/md/md_acme_authz.c
modules/md/md_acme_drive.c modules/md/md_acme_order.c
modules/md/md_version.h modules/md/mod_md.c modules/md/mod_md_config.c
Author: icing
Date: Tue Jul 20 13:07:54 2021
New Revision: 1891685
URL: http://svn.apache.org/viewvc?rev=1891685&view=rev
Log:
Merged /httpd/httpd/trunk:r1891683
*) mod_md:
- Domain names in `<MDomain ...>` can now appear in quoted form.
- Fixed a failure in ACME challenge selection that aborted further searches
when the tls-alpn-01 method did not seem to be suitable.
- Changed the tls-alpn-01 setup to only become unsuitable when none of the
dns names showed support for a configured 'Protocols ... acme-tls/1'. This
allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost.
Added:
httpd/httpd/branches/2.4.x/changes-entries/md_2_4_4_fixes.txt
- copied unchanged from r1891683, httpd/httpd/trunk/changes-entries/md_2_4_4_fixes.txt
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/modules/md/md_acme_authz.c
httpd/httpd/branches/2.4.x/modules/md/md_acme_drive.c
httpd/httpd/branches/2.4.x/modules/md/md_acme_order.c
httpd/httpd/branches/2.4.x/modules/md/md_version.h
httpd/httpd/branches/2.4.x/modules/md/mod_md.c
httpd/httpd/branches/2.4.x/modules/md/mod_md_config.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1891683
Modified: httpd/httpd/branches/2.4.x/modules/md/md_acme_authz.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_acme_authz.c?rev=1891685&r1=1891684&r2=1891685&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_acme_authz.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_acme_authz.c Tue Jul 20 13:07:54 2021
@@ -308,10 +308,19 @@ static apr_status_t cha_tls_alpn_01_setu
(void)mdomain;
if (md_array_str_index(acme_tls_1_domains, authz->domain, 0, 0) < 0) {
rv = APR_ENOTIMPL;
- md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p,
- "%s: protocol 'acme-tls/1' not enabled for this domain.",
- authz->domain);
- goto out;
+ if (acme_tls_1_domains->nelts) {
+ md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, p,
+ "%s: protocol 'acme-tls/1' seems not enabled for this domain, "
+ "but is enabled for other associated domains. "
+ "Continuing with fingers crossed.", authz->domain);
+ }
+ else {
+ md_log_perror(MD_LOG_MARK, MD_LOG_INFO, 0, p,
+ "%s: protocol 'acme-tls/1' seems not enabled for this or "
+ "any other associated domain. Not attempting challenge "
+ "type tls-alpn-01.", authz->domain);
+ goto out;
+ }
}
if (APR_SUCCESS != (rv = setup_key_authz(cha, authz, acme, p, ¬ify_server))) {
goto out;
@@ -557,7 +566,7 @@ apr_status_t md_acme_authz_respond(md_ac
md_result_t *result)
{
apr_status_t rv;
- int i;
+ int i, j;
cha_find_ctx fctx;
const char *challenge_setup;
@@ -578,18 +587,26 @@ apr_status_t md_acme_authz_respond(md_ac
* - if there was an overlap, but no setup was successful, report that. We
* will retry this, maybe the failure is temporary (e.g. command to setup DNS
*/
+ md_result_printf(result, 0, "%s: selecting suitable authorization challenge "
+ "type, this domain supports %s",
+ authz->domain, apr_array_pstrcat(p, challenges, ' '));
rv = APR_ENOTIMPL;
challenge_setup = NULL;
- for (i = 0; i < challenges->nelts && !fctx.accepted; ++i) {
+ for (i = 0; i < challenges->nelts; ++i) {
fctx.type = APR_ARRAY_IDX(challenges, i, const char *);
+ fctx.accepted = NULL;
md_json_itera(find_type, &fctx, authz->resource, MD_KEY_CHALLENGES, NULL);
+ md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, 0, p,
+ "%s: challenge type '%s' for %s: %s",
+ authz->domain, fctx.type, mdomain,
+ fctx.accepted? "maybe acceptable" : "not applicable");
if (fctx.accepted) {
- for (i = 0; i < (int)CHA_TYPES_LEN; ++i) {
- if (!apr_strnatcasecmp(CHA_TYPES[i].name, fctx.accepted->type)) {
+ for (j = 0; j < (int)CHA_TYPES_LEN; ++j) {
+ if (!apr_strnatcasecmp(CHA_TYPES[j].name, fctx.accepted->type)) {
md_result_activity_printf(result, "Setting up challenge '%s' for domain %s",
fctx.accepted->type, authz->domain);
- rv = CHA_TYPES[i].setup(fctx.accepted, authz, acme, store, key_specs,
+ rv = CHA_TYPES[j].setup(fctx.accepted, authz, acme, store, key_specs,
acme_tls_1_domains, mdomain, env, result, p);
if (APR_SUCCESS == rv) {
md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p,
Modified: httpd/httpd/branches/2.4.x/modules/md/md_acme_drive.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_acme_drive.c?rev=1891685&r1=1891684&r2=1891685&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_acme_drive.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_acme_drive.c Tue Jul 20 13:07:54 2021
@@ -591,7 +591,10 @@ static apr_status_t acme_driver_init(md_
goto leave;
}
}
-
+
+ md_result_printf(result, 0, "MDomain %s initialized with support for ACME challenges %s",
+ d->md->name, apr_array_pstrcat(d->p, ad->ca_challenges, ' '));
+
leave:
md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, result->status, d->p, "%s: init driver", d->md->name);
return result->status;
Modified: httpd/httpd/branches/2.4.x/modules/md/md_acme_order.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_acme_order.c?rev=1891685&r1=1891684&r2=1891685&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_acme_order.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_acme_order.c Tue Jul 20 13:07:54 2021
@@ -455,7 +455,10 @@ apr_status_t md_acme_order_start_challen
break;
case MD_ACME_AUTHZ_S_PENDING:
- rv = md_acme_authz_respond(authz, acme, store, challenge_types,
+ md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p,
+ "%s: authorization pending for %s",
+ md->name, authz->domain);
+ rv = md_acme_authz_respond(authz, acme, store, challenge_types,
md->pks,
md->acme_tls_1_domains, md->name,
env, p, &setup_token, result);
Modified: httpd/httpd/branches/2.4.x/modules/md/md_version.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_version.h?rev=1891685&r1=1891684&r2=1891685&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_version.h (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_version.h Tue Jul 20 13:07:54 2021
@@ -27,7 +27,7 @@
* @macro
* Version number of the md module as c string
*/
-#define MOD_MD_VERSION "2.4.3"
+#define MOD_MD_VERSION "2.4.4"
/**
* @macro
@@ -35,7 +35,7 @@
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_MD_VERSION_NUM 0x020403
+#define MOD_MD_VERSION_NUM 0x020404
#define MD_ACME_DEF_URL "https://acme-v02.api.letsencrypt.org/directory"
Modified: httpd/httpd/branches/2.4.x/modules/md/mod_md.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/mod_md.c?rev=1891685&r1=1891684&r2=1891685&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/mod_md.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/mod_md.c Tue Jul 20 13:07:54 2021
@@ -1276,7 +1276,7 @@ static int md_answer_challenge(conn_rec
sc = md_config_get(c->base_server);
if (!sc || !sc->mc->reg) goto cleanup;
- ap_log_cerror(APLOG_MARK, APLOG_TRACE6, 0, c,
+ ap_log_cerror(APLOG_MARK, APLOG_TRACE1, 0, c,
"Answer challenge[tls-alpn-01] for %s", servername);
store = md_reg_store_get(sc->mc->reg);
Modified: httpd/httpd/branches/2.4.x/modules/md/mod_md_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/mod_md_config.c?rev=1891685&r1=1891684&r2=1891685&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/mod_md_config.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/mod_md_config.c Tue Jul 20 13:07:54 2021
@@ -358,11 +358,11 @@ static const char *md_config_sec_start(c
return MD_CMD_MD_SECTION " > section must specify a unique domain name";
}
- name = ap_getword_white(cmd->pool, &arg);
+ name = ap_getword_conf(cmd->pool, &arg);
domains = apr_array_make(cmd->pool, 5, sizeof(const char *));
add_domain_name(domains, name, cmd->pool);
while (*arg != '\0') {
- name = ap_getword_white(cmd->pool, &arg);
+ name = ap_getword_conf(cmd->pool, &arg);
if (NULL != set_transitive(&transitive, name)) {
add_domain_name(domains, name, cmd->pool);
}