You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2018/08/03 10:38:33 UTC
svn commit: r1837357 - in /httpd/httpd/trunk: CHANGES modules/md/md_reg.c
modules/md/md_reg.h modules/md/md_version.h
Author: icing
Date: Fri Aug 3 10:38:33 2018
New Revision: 1837357
URL: http://svn.apache.org/viewvc?rev=1837357&view=rev
Log:
On the trunk:
mod_md: When the last domain name from an MD is moved to another one,
that now empty MD gets moved to the store archive. PR 62572.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/md/md_reg.c
httpd/httpd/trunk/modules/md/md_reg.h
httpd/httpd/trunk/modules/md/md_version.h
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1837357&r1=1837356&r2=1837357&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Aug 3 10:38:33 2018
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_md: When the last domain name from an MD is moved to another one,
+ that now empty MD gets moved to the store archive. PR 62572. [Stefan Eissing]
+
*) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
redirects, subsequent ProxyPassReverse statements, whether they are
relative or absolute, may fail. PR 60408. [Peter Haworth <pmh1wheel gmail.com>]
Modified: httpd/httpd/trunk/modules/md/md_reg.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_reg.c?rev=1837357&r1=1837356&r2=1837357&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md_reg.c (original)
+++ httpd/httpd/trunk/modules/md/md_reg.c Fri Aug 3 10:38:33 2018
@@ -579,7 +579,7 @@ static apr_status_t creds_load(void *bat
md_reg_t *reg = baton;
md_pkey_t *privkey;
apr_array_header_t *pubcert;
- md_creds_t *creds = NULL, **pcreds;
+ md_creds_t *creds, **pcreds;
const md_t *md;
md_cert_state_t cert_state;
md_store_group_t group;
@@ -635,11 +635,10 @@ apr_status_t md_reg_creds_get(const md_c
typedef struct {
apr_pool_t *p;
- apr_array_header_t *conf_mds;
apr_array_header_t *store_mds;
} sync_ctx;
-static int find_changes(void *baton, md_store_t *store, md_t *md, apr_pool_t *ptemp)
+static int do_add_md(void *baton, md_store_t *store, md_t *md, apr_pool_t *ptemp)
{
sync_ctx *ctx = baton;
@@ -649,6 +648,18 @@ static int find_changes(void *baton, md_
return 1;
}
+static apr_status_t read_store_mds(md_reg_t *reg, sync_ctx *ctx)
+{
+ int rv;
+
+ apr_array_clear(ctx->store_mds);
+ rv = md_store_md_iter(do_add_md, ctx, reg->store, ctx->p, MD_SG_DOMAINS, "*");
+ if (APR_STATUS_IS_ENOENT(rv)) {
+ rv = APR_SUCCESS;
+ }
+ return rv;
+}
+
apr_status_t md_reg_set_props(md_reg_t *reg, apr_pool_t *p, int can_http, int can_https)
{
if (reg->can_http != can_http || reg->can_https != can_https) {
@@ -686,17 +697,11 @@ apr_status_t md_reg_sync(md_reg_t *reg,
apr_array_header_t *master_mds)
{
sync_ctx ctx;
- md_store_t *store = reg->store;
apr_status_t rv;
ctx.p = ptemp;
- ctx.conf_mds = master_mds;
- ctx.store_mds = apr_array_make(ptemp, 100, sizeof(md_t *));
-
- rv = md_store_md_iter(find_changes, &ctx, store, ptemp, MD_SG_DOMAINS, "*");
- if (APR_STATUS_IS_ENOENT(rv)) {
- rv = APR_SUCCESS;
- }
+ ctx.store_mds = apr_array_make(ptemp,100, sizeof(md_t *));
+ rv = read_store_mds(reg, &ctx);
md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p,
"sync: found %d mds in store", ctx.store_mds->nelts);
@@ -705,8 +710,8 @@ apr_status_t md_reg_sync(md_reg_t *reg,
md_t *md, *config_md, *smd, *omd;
const char *common;
- for (i = 0; i < ctx.conf_mds->nelts; ++i) {
- md = APR_ARRAY_IDX(ctx.conf_mds, i, md_t *);
+ for (i = 0; i < master_mds->nelts; ++i) {
+ md = APR_ARRAY_IDX(master_mds, i, md_t *);
/* find the store md that is closest match for the configured md */
smd = md_find_closest_match(ctx.store_mds, md);
@@ -734,7 +739,7 @@ apr_status_t md_reg_sync(md_reg_t *reg,
assert(common);
/* Is this md still configured or has it been abandoned in the config? */
- config_md = md_get_by_name(ctx.conf_mds, omd->name);
+ config_md = md_get_by_name(master_mds, omd->name);
if (config_md && md_contains(config_md, common, 0)) {
/* domain used in two configured mds, not allowed */
rv = APR_EINVAL;
@@ -742,21 +747,19 @@ apr_status_t md_reg_sync(md_reg_t *reg,
"domain %s used in md %s and %s",
common, md->name, omd->name);
}
- else if (config_md) {
- /* domain stored in omd, but no longer has the offending domain,
- remove it from the store md. */
- omd->domains = md_array_str_remove(ptemp, omd->domains, common, 0);
- rv = md_reg_update(reg, ptemp, omd->name, omd, MD_UPD_DOMAINS);
- }
else {
- /* domain in a store md that is no longer configured, warn about it.
- * Remove the domain here, so we can progress, but never save it. */
+ /* remove it from the other md and update store, or, if it
+ * is now empty, move it into the archive */
omd->domains = md_array_str_remove(ptemp, omd->domains, common, 0);
- md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, rv, p,
- "domain %s, configured in md %s, is part of the stored md %s."
- " That md however is no longer mentioned in the config. "
- "If you longer want it, remove the md from the store.",
- common, md->name, omd->name);
+ if (apr_is_empty_array(omd->domains)) {
+ md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, rv, p,
+ "All domains of the MD %s have moved elsewhere, "
+ " moving it to the archive. ", omd->name);
+ md_reg_remove(reg, ptemp, omd->name, 1); /* best effort */
+ }
+ else {
+ rv = md_reg_update(reg, ptemp, omd->name, omd, MD_UPD_DOMAINS);
+ }
}
}
@@ -841,6 +844,11 @@ apr_status_t md_reg_sync(md_reg_t *reg,
return rv;
}
+apr_status_t md_reg_remove(md_reg_t *reg, apr_pool_t *p, const char *name, int archive)
+{
+ return md_store_move(reg->store, p, MD_SG_DOMAINS, MD_SG_ARCHIVE, name, archive);
+}
+
/**************************************************************************************************/
/* driving */
Modified: httpd/httpd/trunk/modules/md/md_reg.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_reg.h?rev=1837357&r1=1837356&r2=1837357&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md_reg.h (original)
+++ httpd/httpd/trunk/modules/md/md_reg.h Fri Aug 3 10:38:33 2018
@@ -124,6 +124,8 @@ apr_status_t md_reg_get_cred_files(md_re
apr_status_t md_reg_sync(md_reg_t *reg, apr_pool_t *p, apr_pool_t *ptemp,
apr_array_header_t *master_mds);
+apr_status_t md_reg_remove(md_reg_t *reg, apr_pool_t *p, const char *name, int archive);
+
/**************************************************************************************************/
/* protocol drivers */
Modified: httpd/httpd/trunk/modules/md/md_version.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_version.h?rev=1837357&r1=1837356&r2=1837357&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md_version.h (original)
+++ httpd/httpd/trunk/modules/md/md_version.h Fri Aug 3 10:38:33 2018
@@ -27,7 +27,7 @@
* @macro
* Version number of the md module as c string
*/
-#define MOD_MD_VERSION "1.1.15"
+#define MOD_MD_VERSION "1.1.16"
/**
* @macro
@@ -35,7 +35,7 @@
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_MD_VERSION_NUM 0x01010f
+#define MOD_MD_VERSION_NUM 0x010110
#define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory"