You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Christophe JAILLET <ch...@wanadoo.fr> on 2018/12/19 06:09:14 UTC
Re: svn commit: r1849174 - in /httpd/httpd/trunk: CHANGES
modules/md/md_acme.c modules/md/md_acme_authz.c modules/md/md_acme_drive.c
modules/md/md_version.h
Le 18/12/2018 à 14:45, icing@apache.org a écrit :
> Author: icing
> Date: Tue Dec 18 13:45:25 2018
> New Revision: 1849174
>
> URL: http://svn.apache.org/viewvc?rev=1849174&view=rev
> Log:
> *) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
> have been fixed. [Michael Kaufmann, Stefan Eissing]
>
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/modules/md/md_acme.c
> httpd/httpd/trunk/modules/md/md_acme_authz.c
> httpd/httpd/trunk/modules/md/md_acme_drive.c
> httpd/httpd/trunk/modules/md/md_version.h
>
> Modified: httpd/httpd/trunk/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1849174&r1=1849173&r2=1849174&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Tue Dec 18 13:45:25 2018
> @@ -1,6 +1,9 @@
> -*- coding: utf-8 -*-
> Changes with Apache 2.5.1
>
> + *) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
> + have been fixed. [Michael Kaufmann, Stefan Eissing]
> +
> *) core: Incorrect values for environment variables are substituted when
> multiple environment variables are specified in a directive. [Hank Ibell]
>
>
> Modified: httpd/httpd/trunk/modules/md/md_acme.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_acme.c?rev=1849174&r1=1849173&r2=1849174&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/md/md_acme.c (original)
> +++ httpd/httpd/trunk/modules/md/md_acme.c Tue Dec 18 13:45:25 2018
> @@ -153,6 +153,8 @@ apr_status_t md_acme_setup(md_acme_t *ac
> if (acme->new_authz && acme->new_cert && acme->new_reg && acme->revoke_cert) {
> return APR_SUCCESS;
> }
> + md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, 0, acme->p,
> + "Unable to understand ACME server response. Wrong ACME protocol version?");
> rv = APR_EINVAL;
> }
> else {
>
> Modified: httpd/httpd/trunk/modules/md/md_acme_authz.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_acme_authz.c?rev=1849174&r1=1849173&r2=1849174&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/md/md_acme_authz.c (original)
> +++ httpd/httpd/trunk/modules/md/md_acme_authz.c Tue Dec 18 13:45:25 2018
> @@ -95,7 +95,7 @@ apr_status_t md_acme_authz_set_remove(md
> int n = i + 1;
> if (n < set->authzs->nelts) {
> void **elems = (void **)set->authzs->elts;
> - memmove(elems + i, elems + n, (size_t)(set->authzs->nelts - n));
> + memmove(elems + i, elems + n, (size_t)(set->authzs->nelts - n) * sizeof(*elems));
> }
> --set->authzs->nelts;
> return APR_SUCCESS;
>
> Modified: httpd/httpd/trunk/modules/md/md_acme_drive.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_acme_drive.c?rev=1849174&r1=1849173&r2=1849174&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/md/md_acme_drive.c (original)
> +++ httpd/httpd/trunk/modules/md/md_acme_drive.c Tue Dec 18 13:45:25 2018
> @@ -162,7 +162,8 @@ static apr_status_t ad_setup_authz(md_pr
> apr_status_t rv;
> md_t *md = ad->md;
> md_acme_authz_t *authz;
> - int i, changed;
> + int i;
> + int changed = 0;
>
> assert(ad->md);
> assert(ad->acme);
> @@ -186,18 +187,20 @@ static apr_status_t ad_setup_authz(md_pr
> }
>
> /* Remove anything we no longer need */
> - for (i = 0; i < ad->authz_set->authzs->nelts; ++i) {
> + for (i = 0; i < ad->authz_set->authzs->nelts;) {
> authz = APR_ARRAY_IDX(ad->authz_set->authzs, i, md_acme_authz_t*);
> if (!md_contains(md, authz->domain, 0)) {
> md_acme_authz_set_remove(ad->authz_set, authz->domain);
> changed = 1;
> }
> + else {
> + ++i;
> + }
> }
>
> /* Add anything we do not already have */
> for (i = 0; i < md->domains->nelts && APR_SUCCESS == rv; ++i) {
> const char *domain = APR_ARRAY_IDX(md->domains, i, const char *);
> - changed = 0;
> authz = md_acme_authz_set_get(ad->authz_set, domain);
> if (authz) {
> /* check valid */
> @@ -615,6 +618,7 @@ static apr_status_t acme_driver_init(md_
> {
> md_acme_driver_t *ad;
> apr_status_t rv = APR_SUCCESS;
> + int challenges_configured = 0;
>
> ad = apr_pcalloc(d->p, sizeof(*ad));
>
> @@ -631,10 +635,12 @@ static apr_status_t acme_driver_init(md_
> if (d->challenge) {
> /* we have been told to use this type */
> APR_ARRAY_PUSH(ad->ca_challenges, const char*) = apr_pstrdup(d->p, d->challenge);
> + challenges_configured = 1;
> }
> else if (d->md->ca_challenges && d->md->ca_challenges->nelts > 0) {
> /* pre-configured set for this managed domain */
> apr_array_cat(ad->ca_challenges, d->md->ca_challenges);
> + challenges_configured = 1;
> }
> else {
> /* free to chose. Add all we support and see what we get offered */
What is the use of this new 'challenges_configured'?
It looks useless. (i.e. only written)
CJ
> Modified: httpd/httpd/trunk/modules/md/md_version.h
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_version.h?rev=1849174&r1=1849173&r2=1849174&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/md/md_version.h (original)
> +++ httpd/httpd/trunk/modules/md/md_version.h Tue Dec 18 13:45:25 2018
> @@ -27,7 +27,7 @@
> * @macro
> * Version number of the md module as c string
> */
> -#define MOD_MD_VERSION "1.1.17-DEV"
> +#define MOD_MD_VERSION "1.1.18-DEV"
>
> /**
> * @macro
> @@ -35,7 +35,7 @@
> * release. This is a 24 bit number with 8 bits for major number, 8 bits
> * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
> */
> -#define MOD_MD_VERSION_NUM 0x010111
> +#define MOD_MD_VERSION_NUM 0x010112
>
> #define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory"
>
>
>
>