You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2022/04/27 12:08:19 UTC
svn commit: r1900316 - in /httpd/httpd/branches/2.4.x: ./ changes-entries/ docs/manual/mod/ modules/md/ test/modules/md/
Author: icing
Date: Wed Apr 27 12:08:18 2022
New Revision: 1900316
URL: http://svn.apache.org/viewvc?rev=1900316&view=rev
Log:
Merge /httpd/httpd/trunk:r1898962,1900039,1900145,1900313-1900314
Backport of all recent changes to experimental mod_md.
Added:
httpd/httpd/branches/2.4.x/changes-entries/md_auto_status.txt
- copied unchanged from r1900039, httpd/httpd/trunk/changes-entries/md_auto_status.txt
httpd/httpd/branches/2.4.x/changes-entries/md_tailscale.txt
- copied unchanged from r1900313, httpd/httpd/trunk/changes-entries/md_tailscale.txt
httpd/httpd/branches/2.4.x/changes-entries/md_timeperiod_null.txt
- copied unchanged from r1900145, httpd/httpd/trunk/changes-entries/md_timeperiod_null.txt
httpd/httpd/branches/2.4.x/modules/md/md_tailscale.c
- copied unchanged from r1900313, httpd/httpd/trunk/modules/md/md_tailscale.c
httpd/httpd/branches/2.4.x/modules/md/md_tailscale.h
- copied unchanged from r1900313, httpd/httpd/trunk/modules/md/md_tailscale.h
httpd/httpd/branches/2.4.x/test/modules/md/test_780_tailscale.py
- copied unchanged from r1900313, httpd/httpd/trunk/test/modules/md/test_780_tailscale.py
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/CMakeLists.txt
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_md.xml
httpd/httpd/branches/2.4.x/modules/md/config2.m4
httpd/httpd/branches/2.4.x/modules/md/md_acme_drive.c
httpd/httpd/branches/2.4.x/modules/md/md_core.c
httpd/httpd/branches/2.4.x/modules/md/md_crypt.c
httpd/httpd/branches/2.4.x/modules/md/md_crypt.h
httpd/httpd/branches/2.4.x/modules/md/md_curl.c
httpd/httpd/branches/2.4.x/modules/md/md_http.c
httpd/httpd/branches/2.4.x/modules/md/md_http.h
httpd/httpd/branches/2.4.x/modules/md/md_json.c
httpd/httpd/branches/2.4.x/modules/md/md_reg.c
httpd/httpd/branches/2.4.x/modules/md/md_reg.h
httpd/httpd/branches/2.4.x/modules/md/md_store_fs.c
httpd/httpd/branches/2.4.x/modules/md/md_util.c
httpd/httpd/branches/2.4.x/modules/md/md_util.h
httpd/httpd/branches/2.4.x/modules/md/md_version.h
httpd/httpd/branches/2.4.x/modules/md/mod_md.dsp
httpd/httpd/branches/2.4.x/modules/md/mod_md_config.c
httpd/httpd/branches/2.4.x/modules/md/mod_md_status.c
httpd/httpd/branches/2.4.x/test/modules/md/md_env.py
httpd/httpd/branches/2.4.x/test/modules/md/test_920_status.py
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1898962,1900039,1900145,1900313-1900314
Modified: httpd/httpd/branches/2.4.x/CMakeLists.txt
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CMakeLists.txt?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CMakeLists.txt (original)
+++ httpd/httpd/branches/2.4.x/CMakeLists.txt Wed Apr 27 12:08:18 2022
@@ -489,7 +489,7 @@ SET(mod_md_extra_sources
modules/md/md_ocsp.c modules/md/md_util.c
modules/md/mod_md_config.c modules/md/mod_md_drive.c
modules/md/mod_md_os.c modules/md/mod_md_status.c
- modules/md/mod_md_ocsp.c
+ modules/md/mod_md_ocsp.c modules/md/md_tailscale.c
)
SET(mod_optional_hook_export_extra_defines AP_DECLARE_EXPORT) # bogus reuse of core API prefix
SET(mod_proxy_extra_defines PROXY_DECLARE_EXPORT)
Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_md.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_md.xml?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_md.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_md.xml Wed Apr 27 12:08:18 2022
@@ -285,6 +285,44 @@ MDChallengeDns01 /usr/bin/acme-setup-dns
</p>
</note>
+ <note><title>tailscale</title>
+ <p>
+ Since version 2.4.14 of the module, you can use it to get certificates
+ for your <a href="https://tailscale.com">tailscale</a> domains.
+ </p>
+ <highlight language="config">
+<MDomain mydomain.some-thing.ts.net>
+ MDCertificateProtocol tailscale
+ MDCertificateAuthority file://localhost/var/run/tailscale/tailscaled.sock",
+</MDomain>
+ </highlight>
+ <p>
+ Tailscale provides secure networking between your machines, where ever
+ they are, and can provide domain names in the *.ts.net space for them.
+ For those, it will then provide Let's Encrypt certificates as well, so
+ you can open these domains in your browser securely.
+ </p>
+ <p>
+ The directives listed above tell Apache to contact the local tailscale
+ demon for obtaining and renewing certificates. This will only work for
+ the domain name that tailscale assigns to your machine.
+ </p>
+ <p>
+ Otherwise, these certificates work exactly like the ones retrieved
+ via the ACME protocol from Lets Encrypt. You see them in status reporting
+ and MDMessageCmd directives are executed for them as well.
+ </p>
+ <p>
+ More details are <a href="https://github.com/icing/mod_md#tailscale">
+ available at the mod_md github documentation</a>.
+ </p>
+ <p>
+ Note that this feature only works on machines where the tailscale
+ demon provides a unix domain socket. This, so far, seems only the
+ case on *nix systems.
+ </p>
+ </note>
+
</summary>
<directivesynopsis>
Modified: httpd/httpd/branches/2.4.x/modules/md/config2.m4
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/config2.m4?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/config2.m4 (original)
+++ httpd/httpd/branches/2.4.x/modules/md/config2.m4 Wed Apr 27 12:08:18 2022
@@ -264,6 +264,7 @@ md_reg.lo dnl
md_status.lo dnl
md_store.lo dnl
md_store_fs.lo dnl
+md_tailscale.lo dnl
md_time.lo dnl
md_util.lo dnl
mod_md.lo dnl
Modified: httpd/httpd/branches/2.4.x/modules/md/md_acme_drive.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_acme_drive.c?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_acme_drive.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_acme_drive.c Wed Apr 27 12:08:18 2022
@@ -1036,9 +1036,19 @@ static apr_status_t acme_driver_preload(
return rv;
}
+static apr_status_t acme_complete_md(md_t *md, apr_pool_t *p)
+{
+ (void)p;
+ if (!md->ca_url) {
+ md->ca_url = MD_ACME_DEF_URL;
+ }
+ return APR_SUCCESS;
+}
+
static md_proto_t ACME_PROTO = {
MD_PROTO_ACME, acme_driver_init, acme_driver_renew,
- acme_driver_preload_init, acme_driver_preload
+ acme_driver_preload_init, acme_driver_preload,
+ acme_complete_md,
};
apr_status_t md_acme_protos_add(apr_hash_t *protos, apr_pool_t *p)
Modified: httpd/httpd/branches/2.4.x/modules/md/md_core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_core.c?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_core.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_core.c Wed Apr 27 12:08:18 2022
@@ -427,7 +427,7 @@ apr_status_t md_get_ca_url_from_name(con
}
}
*purl = name;
- rv = md_util_abs_http_uri_check(p, name, &err);
+ rv = md_util_abs_uri_check(p, name, &err);
if (APR_SUCCESS != rv) {
apr_array_header_t *names;
Modified: httpd/httpd/branches/2.4.x/modules/md/md_crypt.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_crypt.c?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_crypt.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_crypt.c Wed Apr 27 12:08:18 2022
@@ -709,6 +709,53 @@ apr_status_t md_pkey_fsave(md_pkey_t *pk
return rv;
}
+apr_status_t md_pkey_read_http(md_pkey_t **ppkey, apr_pool_t *pool,
+ const struct md_http_response_t *res)
+{
+ apr_status_t rv;
+ apr_off_t data_len;
+ char *pem_data;
+ apr_size_t pem_len;
+ md_pkey_t *pkey;
+ BIO *bf;
+ passwd_ctx ctx;
+
+ rv = apr_brigade_length(res->body, 1, &data_len);
+ if (APR_SUCCESS != rv) goto leave;
+ if (data_len > 1024*1024) { /* certs usually are <2k each */
+ rv = APR_EINVAL;
+ goto leave;
+ }
+ rv = apr_brigade_pflatten(res->body, &pem_data, &pem_len, res->req->pool);
+ if (APR_SUCCESS != rv) goto leave;
+
+ if (NULL == (bf = BIO_new_mem_buf(pem_data, (int)pem_len))) {
+ rv = APR_ENOMEM;
+ goto leave;
+ }
+ pkey = make_pkey(pool);
+ ctx.pass_phrase = NULL;
+ ctx.pass_len = 0;
+ ERR_clear_error();
+ pkey->pkey = PEM_read_bio_PrivateKey(bf, NULL, NULL, &ctx);
+ BIO_free(bf);
+
+ if (pkey->pkey == NULL) {
+ unsigned long err = ERR_get_error();
+ rv = APR_EINVAL;
+ md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, rv, pool,
+ "error loading pkey from http response: %s",
+ ERR_error_string(err, NULL));
+ goto leave;
+ }
+ rv = APR_SUCCESS;
+ apr_pool_cleanup_register(pool, pkey, pkey_cleanup, apr_pool_cleanup_null);
+
+leave:
+ *ppkey = (APR_SUCCESS == rv)? pkey : NULL;
+ return rv;
+}
+
/* Determine the message digest used for signing with the given private key.
*/
static const EVP_MD *pkey_get_MD(md_pkey_t *pkey)
@@ -1137,6 +1184,11 @@ const char *md_cert_get_serial_number(co
return s;
}
+int md_certs_are_equal(const md_cert_t *a, const md_cert_t *b)
+{
+ return X509_cmp(a->x509, b->x509) == 0;
+}
+
int md_cert_is_valid_now(const md_cert_t *cert)
{
return ((X509_cmp_current_time(X509_get_notBefore(cert->x509)) < 0)
Modified: httpd/httpd/branches/2.4.x/modules/md/md_crypt.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_crypt.h?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_crypt.h (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_crypt.h Wed Apr 27 12:08:18 2022
@@ -117,6 +117,12 @@ void *md_pkey_get_EVP_PKEY(struct md_pke
apr_status_t md_crypt_hmac64(const char **pmac64, const struct md_data_t *hmac_key,
apr_pool_t *p, const char *d, size_t dlen);
+/**
+ * Read a private key from a http response.
+ */
+apr_status_t md_pkey_read_http(md_pkey_t **ppkey, apr_pool_t *pool,
+ const struct md_http_response_t *res);
+
/**************************************************************************************************/
/* X509 certificates */
@@ -179,6 +185,11 @@ apr_time_t md_cert_get_not_after(const m
apr_time_t md_cert_get_not_before(const md_cert_t *cert);
struct md_timeperiod_t md_cert_get_valid(const md_cert_t *cert);
+/**
+ * Return != 0 iff the hash values of the certificates are equal.
+ */
+int md_certs_are_equal(const md_cert_t *a, const md_cert_t *b);
+
apr_status_t md_cert_get_issuers_uri(const char **puri, const md_cert_t *cert, apr_pool_t *p);
apr_status_t md_cert_get_alt_names(apr_array_header_t **pnames, const md_cert_t *cert, apr_pool_t *p);
Modified: httpd/httpd/branches/2.4.x/modules/md/md_curl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_curl.c?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_curl.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_curl.c Wed Apr 27 12:08:18 2022
@@ -301,6 +301,9 @@ static apr_status_t internals_setup(md_h
if (req->ca_file) {
curl_easy_setopt(curl, CURLOPT_CAINFO, req->ca_file);
}
+ if (req->unix_socket_path) {
+ curl_easy_setopt(curl, CURLOPT_UNIX_SOCKET_PATH, req->unix_socket_path);
+ }
if (req->body_len >= 0) {
/* set the Content-Length */
Modified: httpd/httpd/branches/2.4.x/modules/md/md_http.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_http.c?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_http.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_http.c Wed Apr 27 12:08:18 2022
@@ -33,6 +33,7 @@ struct md_http_t {
void *impl_data; /* to be used by the implementation */
const char *user_agent;
const char *proxy_url;
+ const char *unix_socket_path;
md_http_timeouts_t timeout;
const char *ca_file;
};
@@ -143,6 +144,11 @@ void md_http_set_ca_file(md_http_t *http
http->ca_file = ca_file;
}
+void md_http_set_unix_socket_path(md_http_t *http, const char *path)
+{
+ http->unix_socket_path = path;
+}
+
static apr_status_t req_set_body(md_http_request_t *req, const char *content_type,
apr_bucket_brigade *body, apr_off_t body_len,
int detect_len)
@@ -211,6 +217,7 @@ static apr_status_t req_create(md_http_r
req->proxy_url = http->proxy_url;
req->timeout = http->timeout;
req->ca_file = http->ca_file;
+ req->unix_socket_path = http->unix_socket_path;
*preq = req;
return rv;
}
Modified: httpd/httpd/branches/2.4.x/modules/md/md_http.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_http.h?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_http.h (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_http.h Wed Apr 27 12:08:18 2022
@@ -65,6 +65,7 @@ struct md_http_request_t {
const char *user_agent;
const char *proxy_url;
const char *ca_file;
+ const char *unix_socket_path;
apr_table_t *headers;
struct apr_bucket_brigade *body;
apr_off_t body_len;
@@ -118,6 +119,12 @@ void md_http_set_stalling(md_http_reques
void md_http_set_ca_file(md_http_t *http, const char *ca_file);
/**
+ * Set the path of a unix domain socket for use instead of TCP
+ * in a connection. Disable by providing NULL as path.
+ */
+void md_http_set_unix_socket_path(md_http_t *http, const char *path);
+
+/**
* Perform the request. Then this function returns, the request and
* all its memory has been freed and must no longer be used.
*/
Modified: httpd/httpd/branches/2.4.x/modules/md/md_json.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_json.c?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_json.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_json.c Wed Apr 27 12:08:18 2022
@@ -176,7 +176,7 @@ static apr_status_t jselect_add(json_t *
aj = json_object_get(j, key);
if (!aj) {
aj = json_array();
- json_object_set(j, key, aj);
+ json_object_set_new(j, key, aj);
}
if (!json_is_array(aj)) {
@@ -202,7 +202,7 @@ static apr_status_t jselect_insert(json_
aj = json_object_get(j, key);
if (!aj) {
aj = json_array();
- json_object_set(j, key, aj);
+ json_object_set_new(j, key, aj);
}
if (!json_is_array(aj)) {
@@ -1264,7 +1264,7 @@ apr_status_t md_json_set_timeperiod(cons
const char *key;
apr_status_t rv;
- if (!tp || tp->start || tp->end) {
+ if (tp && tp->start && tp->end) {
jn = json_object();
apr_rfc822_date(ts, tp->start);
json_object_set_new(jn, "from", json_string(ts));
Modified: httpd/httpd/branches/2.4.x/modules/md/md_reg.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_reg.c?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_reg.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_reg.c Wed Apr 27 12:08:18 2022
@@ -33,6 +33,7 @@
#include "md_reg.h"
#include "md_store.h"
#include "md_status.h"
+#include "md_tailscale.h"
#include "md_util.h"
#include "md_acme.h"
@@ -98,7 +99,8 @@ apr_status_t md_reg_create(md_reg_t **pr
md_timeslice_create(®->renew_window, p, MD_TIME_LIFE_NORM, MD_TIME_RENEW_WINDOW_DEF);
md_timeslice_create(®->warn_window, p, MD_TIME_LIFE_NORM, MD_TIME_WARN_WINDOW_DEF);
- if (APR_SUCCESS == (rv = md_acme_protos_add(reg->protos, p))) {
+ if (APR_SUCCESS == (rv = md_acme_protos_add(reg->protos, p))
+ && APR_SUCCESS == (rv = md_tailscale_protos_add(reg->protos, p))) {
rv = load_props(reg, p);
}
@@ -901,12 +903,22 @@ apr_status_t md_reg_sync_finish(md_reg_t
md_t *old;
apr_status_t rv;
int changed = 1;
+ md_proto_t *proto;
- if (!md->ca_url) {
- md->ca_url = MD_ACME_DEF_URL;
- md->ca_proto = MD_PROTO_ACME;
+ if (!md->ca_proto) {
+ md->ca_proto = MD_PROTO_ACME;
}
-
+ proto = apr_hash_get(reg->protos, md->ca_proto, (apr_ssize_t)strlen(md->ca_proto));
+ if (!proto) {
+ rv = APR_ENOTIMPL;
+ md_log_perror(MD_LOG_MARK, MD_LOG_ERR, rv, ptemp,
+ "[%s] uses unknown CA protocol '%s'",
+ md->name, md->ca_proto);
+ goto leave;
+ }
+ rv = proto->complete_md(md, p);
+ if (APR_SUCCESS != rv) goto leave;
+
rv = state_init(reg, p, md);
if (APR_SUCCESS != rv) goto leave;
Modified: httpd/httpd/branches/2.4.x/modules/md/md_reg.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_reg.h?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_reg.h (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_reg.h Wed Apr 27 12:08:18 2022
@@ -220,6 +220,7 @@ typedef apr_status_t md_proto_renew_cb(m
typedef apr_status_t md_proto_init_preload_cb(md_proto_driver_t *driver, struct md_result_t *result);
typedef apr_status_t md_proto_preload_cb(md_proto_driver_t *driver,
md_store_group_t group, struct md_result_t *result);
+typedef apr_status_t md_proto_complete_md_cb(md_t *md, apr_pool_t *p);
struct md_proto_t {
const char *protocol;
@@ -227,6 +228,7 @@ struct md_proto_t {
md_proto_renew_cb *renew;
md_proto_init_preload_cb *init_preload;
md_proto_preload_cb *preload;
+ md_proto_complete_md_cb *complete_md;
};
/**
Modified: httpd/httpd/branches/2.4.x/modules/md/md_store_fs.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_store_fs.c?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_store_fs.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_store_fs.c Wed Apr 27 12:08:18 2022
@@ -503,6 +503,7 @@ static apr_status_t mk_group_dir(const c
perms = gperms(s_fs, group);
+ *pdir = NULL;
rv = fs_get_dname(pdir, &s_fs->s, group, name, p);
if ((APR_SUCCESS != rv) || (MD_SG_NONE == group)) goto cleanup;
@@ -521,7 +522,8 @@ static apr_status_t mk_group_dir(const c
}
cleanup:
if (APR_SUCCESS != rv) {
- md_log_perror(MD_LOG_MARK, MD_LOG_ERR, rv, p, "mk_group_dir %d %s", group, name);
+ md_log_perror(MD_LOG_MARK, MD_LOG_ERR, rv, p, "mk_group_dir %d %s",
+ group, (*pdir? *pdir : (name? name : "(null)")));
}
return rv;
}
Modified: httpd/httpd/branches/2.4.x/modules/md/md_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_util.c?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_util.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_util.c Wed Apr 27 12:08:18 2022
@@ -398,6 +398,16 @@ apr_status_t md_util_is_file(const char
return rv;
}
+apr_status_t md_util_is_unix_socket(const char *path, apr_pool_t *pool)
+{
+ apr_finfo_t info;
+ apr_status_t rv = apr_stat(&info, path, APR_FINFO_TYPE, pool);
+ if (rv == APR_SUCCESS) {
+ rv = (info.filetype == APR_SOCK)? APR_SUCCESS : APR_EINVAL;
+ }
+ return rv;
+}
+
int md_file_exists(const char *fname, apr_pool_t *p)
{
return (fname && *fname && APR_SUCCESS == md_util_is_file(fname, p));
Modified: httpd/httpd/branches/2.4.x/modules/md/md_util.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_util.h?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_util.h (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_util.h Wed Apr 27 12:08:18 2022
@@ -189,6 +189,7 @@ apr_status_t md_util_path_merge(const ch
apr_status_t md_util_is_dir(const char *path, apr_pool_t *pool);
apr_status_t md_util_is_file(const char *path, apr_pool_t *pool);
+apr_status_t md_util_is_unix_socket(const char *path, apr_pool_t *pool);
int md_file_exists(const char *fname, apr_pool_t *p);
typedef apr_status_t md_util_file_cb(void *baton, struct apr_file_t *f, apr_pool_t *p);
Modified: httpd/httpd/branches/2.4.x/modules/md/md_version.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_version.h?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_version.h (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_version.h Wed Apr 27 12:08:18 2022
@@ -27,7 +27,7 @@
* @macro
* Version number of the md module as c string
*/
-#define MOD_MD_VERSION "2.4.10"
+#define MOD_MD_VERSION "2.4.14"
/**
* @macro
@@ -35,8 +35,9 @@
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_MD_VERSION_NUM 0x02040a
+#define MOD_MD_VERSION_NUM 0x02040e
-#define MD_ACME_DEF_URL "https://acme-v02.api.letsencrypt.org/directory"
+#define MD_ACME_DEF_URL "https://acme-v02.api.letsencrypt.org/directory"
+#define MD_TAILSCALE_DEF_URL "file://localhost/var/run/tailscale/tailscaled.sock"
#endif /* mod_md_md_version_h */
Modified: httpd/httpd/branches/2.4.x/modules/md/mod_md.dsp
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/mod_md.dsp?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/mod_md.dsp (original)
+++ httpd/httpd/branches/2.4.x/modules/md/mod_md.dsp Wed Apr 27 12:08:18 2022
@@ -205,6 +205,10 @@ SOURCE=./md_store_fs.c
# End Source File
# Begin Source File
+SOURCE=./md_tailscale.c
+# End Source File
+# Begin Source File
+
SOURCE=./md_time.c
# End Source File
# Begin Source File
Modified: httpd/httpd/branches/2.4.x/modules/md/mod_md_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/mod_md_config.c?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/mod_md_config.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/mod_md_config.c Wed Apr 27 12:08:18 2022
@@ -26,6 +26,7 @@
#include <http_vhost.h>
#include "md.h"
+#include "md_acme.h"
#include "md_crypt.h"
#include "md_log.h"
#include "md_json.h"
@@ -108,7 +109,7 @@ static md_srv_conf_t defconf = {
&def_warn_window, /* warn window */
NULL, /* ca url */
NULL, /* ca contact (email) */
- "ACME", /* ca protocol */
+ MD_PROTO_ACME, /* ca protocol */
NULL, /* ca agreemnent */
NULL, /* ca challenges array */
NULL, /* ca eab kid */
Modified: httpd/httpd/branches/2.4.x/modules/md/mod_md_status.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/mod_md_status.c?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/mod_md_status.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/mod_md_status.c Wed Apr 27 12:08:18 2022
@@ -13,7 +13,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
+
#include <assert.h>
#include <apr_optional.h>
#include <apr_time.h>
@@ -55,6 +55,7 @@
#define APACHE_PREFIX "/.httpd/"
#define MD_STATUS_RESOURCE APACHE_PREFIX"certificate-status"
+#define HTML_STATUS(X) (!((X)->flags & AP_STATUS_SHORT))
int md_http_cert_status(request_rec *r)
{
@@ -66,13 +67,13 @@ int md_http_cert_status(request_rec *r)
const char *keyname;
apr_bucket_brigade *bb;
apr_status_t rv;
-
+
if (!r->parsed_uri.path || strcmp(MD_STATUS_RESOURCE, r->parsed_uri.path))
return DECLINED;
-
+
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"requesting status for: %s", r->hostname);
-
+
/* We are looking for information about a staged certificate */
sc = ap_get_module_config(r->server->module_config, &md_module);
if (!sc || !sc->mc || !sc->mc->reg || !sc->mc->certificate_status_enabled) return DECLINED;
@@ -84,7 +85,7 @@ int md_http_cert_status(request_rec *r)
"md(%s): status supports only GET", md->name);
return HTTP_NOT_IMPLEMENTED;
}
-
+
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"requesting status for MD: %s", md->name);
@@ -94,7 +95,7 @@ int md_http_cert_status(request_rec *r)
"loading md status for %s", md->name);
return HTTP_INTERNAL_SERVER_ERROR;
}
-
+
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r,
"status for MD: %s is %s", md->name, md_json_writep(mdj, r->pool, MD_JSON_FMT_INDENT));
@@ -124,23 +125,23 @@ int md_http_cert_status(request_rec *r)
}
md_json_setj(cj, resp, keyname, NULL );
}
-
+
if (md_json_has_key(mdj, MD_KEY_RENEWAL, NULL)) {
/* copy over the information we want to make public about this:
* - when not finished, add an empty object to indicate something is going on
* - when a certificate is staged, add the information from that */
cj = md_json_getj(mdj, MD_KEY_RENEWAL, MD_KEY_CERT, NULL);
- cj = cj? cj : md_json_create(r->pool);;
+ cj = cj? cj : md_json_create(r->pool);
md_json_setj(cj, resp, MD_KEY_RENEWAL, MD_KEY_CERT, NULL);
}
-
+
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "md[%s]: sending status", md->name);
- apr_table_set(r->headers_out, "Content-Type", "application/json");
+ apr_table_set(r->headers_out, "Content-Type", "application/json");
bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
md_json_writeb(resp, MD_JSON_FMT_INDENT, bb);
ap_pass_brigade(r->output_filters, bb);
apr_brigade_cleanup(bb);
-
+
return DONE;
}
@@ -151,10 +152,12 @@ typedef struct {
apr_pool_t *p;
const md_mod_conf_t *mc;
apr_bucket_brigade *bb;
+ int flags;
+ const char *prefix;
const char *separator;
} status_ctx;
-typedef struct status_info status_info;
+typedef struct status_info status_info;
static void add_json_val(status_ctx *ctx, md_json_t *j);
@@ -179,13 +182,19 @@ static void si_val_status(status_ctx *ct
case MD_S_EXPIRED_DEPRECATED:
case MD_S_COMPLETE:
until = md_json_get_time(mdj, MD_KEY_CERT, MD_KEY_VALID, MD_KEY_UNTIL, NULL);
- s = (!until || until > apr_time_now())? "good" : "expired";
+ s = (!until || until > apr_time_now())? "good" : "expired";
break;
case MD_S_ERROR: s = "error"; break;
case MD_S_MISSING_INFORMATION: s = "missing information"; break;
default: break;
}
- apr_brigade_puts(ctx->bb, NULL, NULL, s);
+ if (HTML_STATUS(ctx)) {
+ apr_brigade_puts(ctx->bb, NULL, NULL, s);
+ }
+ else {
+ apr_brigade_printf(ctx->bb, NULL, NULL, "%s%s: %s\n",
+ ctx->prefix, info->label, s);
+ }
}
static void si_val_url(status_ctx *ctx, md_json_t *mdj, const status_info *info)
@@ -195,19 +204,28 @@ static void si_val_url(status_ctx *ctx,
s = url = md_json_gets(mdj, info->key, NULL);
if (!url) return;
s = md_get_ca_name_from_url(ctx->p, url);
- apr_brigade_printf(ctx->bb, NULL, NULL, "<a href='%s'>%s</a>",
- ap_escape_html2(ctx->p, url, 1),
- ap_escape_html2(ctx->p, s, 1));
+ if (HTML_STATUS(ctx)) {
+ apr_brigade_printf(ctx->bb, NULL, NULL, "<a href='%s'>%s</a>",
+ ap_escape_html2(ctx->p, url, 1),
+ ap_escape_html2(ctx->p, s, 1));
+ }
+ else {
+ apr_brigade_printf(ctx->bb, NULL, NULL, "%s%sName: %s\n",
+ ctx->prefix, info->label, s);
+ apr_brigade_printf(ctx->bb, NULL, NULL, "%s%sURL: %s\n",
+ ctx->prefix, info->label, url);
+ }
}
-static void print_date(apr_bucket_brigade *bb, apr_time_t timestamp, const char *title)
+static void print_date(status_ctx *ctx, apr_time_t timestamp, const char *title)
{
+ apr_bucket_brigade *bb = ctx->bb;
if (timestamp > 0) {
char ts[128];
char ts2[128];
apr_time_exp_t texp;
apr_size_t len;
-
+
apr_time_exp_gmt(&texp, timestamp);
apr_strftime(ts, &len, sizeof(ts2)-1, "%Y-%m-%d", &texp);
ts[len] = '\0';
@@ -216,14 +234,21 @@ static void print_date(apr_bucket_brigad
ts2[len] = '\0';
title = ts2;
}
- apr_brigade_printf(bb, NULL, NULL,
- "<span title='%s' style='white-space: nowrap;'>%s</span>",
- ap_escape_html2(bb->p, title, 1), ts);
+ if (HTML_STATUS(ctx)) {
+ apr_brigade_printf(bb, NULL, NULL,
+ "<span title='%s' style='white-space: nowrap;'>%s</span>",
+ ap_escape_html2(bb->p, title, 1), ts);
+ }
+ else {
+ apr_brigade_printf(bb, NULL, NULL, "%s%s: %s\n",
+ ctx->prefix, title, ts);
+ }
}
}
-static void print_time(apr_bucket_brigade *bb, const char *label, apr_time_t t)
+static void print_time(status_ctx *ctx, const char *label, apr_time_t t)
{
+ apr_bucket_brigade *bb = ctx->bb;
apr_time_t now;
const char *pre, *post, *sep;
char ts[APR_RFC822_DATE_LEN];
@@ -231,7 +256,7 @@ static void print_time(apr_bucket_brigad
apr_time_exp_t texp;
apr_size_t len;
apr_interval_time_t delta;
-
+
if (t == 0) {
/* timestamp is 0, we use that for "not set" */
return;
@@ -241,25 +266,32 @@ static void print_time(apr_bucket_brigad
pre = post = "";
sep = (label && strlen(label))? " " : "";
delta = 0;
- apr_rfc822_date(ts, t);
- if (t > now) {
- delta = t - now;
- pre = "in ";
- }
- else {
- delta = now - t;
- post = " ago";
- }
- if (delta >= (4 * apr_time_from_sec(MD_SECS_PER_DAY))) {
- apr_strftime(ts2, &len, sizeof(ts2)-1, "%Y-%m-%d", &texp);
- ts2[len] = '\0';
- apr_brigade_printf(bb, NULL, NULL, "%s%s<span title='%s' "
- "style='white-space: nowrap;'>%s</span>",
- label, sep, ts, ts2);
+ if (HTML_STATUS(ctx)) {
+ apr_rfc822_date(ts, t);
+ if (t > now) {
+ delta = t - now;
+ pre = "in ";
+ }
+ else {
+ delta = now - t;
+ post = " ago";
+ }
+ if (delta >= (4 * apr_time_from_sec(MD_SECS_PER_DAY))) {
+ apr_strftime(ts2, &len, sizeof(ts2)-1, "%Y-%m-%d", &texp);
+ ts2[len] = '\0';
+ apr_brigade_printf(bb, NULL, NULL, "%s%s<span title='%s' "
+ "style='white-space: nowrap;'>%s</span>",
+ label, sep, ts, ts2);
+ }
+ else {
+ apr_brigade_printf(bb, NULL, NULL, "%s%s<span title='%s'>%s%s%s</span>",
+ label, sep, ts, pre, md_duration_roughly(bb->p, delta), post);
+ }
}
else {
- apr_brigade_printf(bb, NULL, NULL, "%s%s<span title='%s'>%s%s%s</span>",
- label, sep, ts, pre, md_duration_roughly(bb->p, delta), post);
+ delta = t - now;
+ apr_brigade_printf(bb, NULL, NULL, "%s%s: %" APR_TIME_T_FMT "\n",
+ ctx->prefix, label, apr_time_sec(delta));
}
}
@@ -267,37 +299,51 @@ static void si_val_valid_time(status_ctx
{
const char *sfrom, *suntil, *sep, *title;
apr_time_t from, until;
-
+
sep = NULL;
sfrom = md_json_gets(mdj, info->key, MD_KEY_FROM, NULL);
from = sfrom? apr_date_parse_rfc(sfrom) : 0;
suntil = md_json_gets(mdj, info->key, MD_KEY_UNTIL, NULL);
until = suntil?apr_date_parse_rfc(suntil) : 0;
-
- if (from > apr_time_now()) {
- apr_brigade_puts(ctx->bb, NULL, NULL, "from ");
- print_date(ctx->bb, from, sfrom);
- sep = " ";
- }
- if (until) {
- if (sep) apr_brigade_puts(ctx->bb, NULL, NULL, sep);
- apr_brigade_puts(ctx->bb, NULL, NULL, "until ");
- title = sfrom? apr_psprintf(ctx->p, "%s - %s", sfrom, suntil) : suntil;
- print_date(ctx->bb, until, title);
+
+ if (HTML_STATUS(ctx)) {
+ if (from > apr_time_now()) {
+ apr_brigade_puts(ctx->bb, NULL, NULL, "from ");
+ print_date(ctx, from, sfrom);
+ sep = " ";
+ }
+ if (until) {
+ if (sep) apr_brigade_puts(ctx->bb, NULL, NULL, sep);
+ apr_brigade_puts(ctx->bb, NULL, NULL, "until ");
+ title = sfrom? apr_psprintf(ctx->p, "%s - %s", sfrom, suntil) : suntil;
+ print_date(ctx, until, title);
+ }
+ }
+ else {
+ if (from > apr_time_now()) {
+ print_date(ctx, from,
+ apr_pstrcat(ctx->p, info->label, "From", NULL));
+ }
+ if (until) {
+ print_date(ctx, from,
+ apr_pstrcat(ctx->p, info->label, "Until", NULL));
+ }
}
}
static void si_add_header(status_ctx *ctx, const status_info *info)
{
- const char *html = ap_escape_html2(ctx->p, info->label, 1);
- apr_brigade_printf(ctx->bb, NULL, NULL, "<th class=\"%s\">%s</th>", html, html);
+ if (HTML_STATUS(ctx)) {
+ const char *html = ap_escape_html2(ctx->p, info->label, 1);
+ apr_brigade_printf(ctx->bb, NULL, NULL, "<th class=\"%s\">%s</th>", html, html);
+ }
}
static void si_val_cert_valid_time(status_ctx *ctx, md_json_t *mdj, const status_info *info)
{
md_json_t *jcert;
status_info sub = *info;
-
+
sub.key = MD_KEY_VALID;
jcert = md_json_getj(mdj, info->key, NULL);
if (jcert) si_val_valid_time(ctx, jcert, &sub);
@@ -306,11 +352,31 @@ static void si_val_cert_valid_time(statu
static void si_val_ca_url(status_ctx *ctx, md_json_t *mdj, const status_info *info)
{
md_json_t *jcert;
- status_info sub = *info;
-
- sub.key = MD_KEY_URL;
+
jcert = md_json_getj(mdj, info->key, NULL);
- if (jcert) si_val_url(ctx, jcert, &sub);
+ if (jcert) {
+ const char *proto, *s, *url;
+
+ proto = md_json_gets(jcert, MD_KEY_PROTO, NULL);
+ s = url = md_json_gets(jcert, MD_KEY_URL, NULL);
+ if (proto && !strcmp(proto, "tailscale")) {
+ s = "tailscale";
+ }
+ else if (url) {
+ s = md_get_ca_name_from_url(ctx->p, url);
+ }
+ if (HTML_STATUS(ctx)) {
+ apr_brigade_printf(ctx->bb, NULL, NULL, "<a href='%s'>%s</a>",
+ ap_escape_html2(ctx->p, url, 1),
+ ap_escape_html2(ctx->p, s, 1));
+ }
+ else {
+ apr_brigade_printf(ctx->bb, NULL, NULL, "%s%sName: %s\n",
+ ctx->prefix, info->label, s);
+ apr_brigade_printf(ctx->bb, NULL, NULL, "%s%sURL: %s\n",
+ ctx->prefix, info->label, url);
+ }
+ }
}
static int count_certs(void *baton, const char *key, md_json_t *json)
@@ -324,83 +390,139 @@ static int count_certs(void *baton, cons
return 1;
}
-static void print_job_summary(apr_bucket_brigade *bb, md_json_t *mdj, const char *key,
+static void print_job_summary(status_ctx *ctx, md_json_t *mdj, const char *key,
const char *separator)
{
+ apr_bucket_brigade *bb = ctx->bb;
char buffer[HUGE_STRING_LEN];
apr_status_t rv;
int finished, errors, cert_count;
apr_time_t t;
const char *s, *line;
-
+
if (!md_json_has_key(mdj, key, NULL)) {
return;
}
-
+
finished = md_json_getb(mdj, key, MD_KEY_FINISHED, NULL);
errors = (int)md_json_getl(mdj, key, MD_KEY_ERRORS, NULL);
rv = (apr_status_t)md_json_getl(mdj, key, MD_KEY_LAST, MD_KEY_STATUS, NULL);
-
+
line = separator? separator : "";
if (rv != APR_SUCCESS) {
+ char *errstr = apr_strerror(rv, buffer, sizeof(buffer));
s = md_json_gets(mdj, key, MD_KEY_LAST, MD_KEY_PROBLEM, NULL);
- line = apr_psprintf(bb->p, "%s Error[%s]: %s", line,
- apr_strerror(rv, buffer, sizeof(buffer)), s? s : "");
+ if (HTML_STATUS(ctx)) {
+ line = apr_psprintf(bb->p, "%s Error[%s]: %s", line,
+ errstr, s? s : "");
+ }
+ else {
+ apr_brigade_printf(bb, NULL, NULL, "%sLastStatus: %s\n", ctx->prefix, errstr);
+ apr_brigade_printf(bb, NULL, NULL, "%sLastProblem: %s\n", ctx->prefix, s);
+ }
+ }
+
+ if (!HTML_STATUS(ctx)) {
+ apr_brigade_printf(bb, NULL, NULL, "%sFinished: %s\n", ctx->prefix,
+ finished ? "yes" : "no");
}
-
if (finished) {
cert_count = 0;
md_json_iterkey(count_certs, &cert_count, mdj, key, MD_KEY_CERT, NULL);
- if (cert_count > 0) {
- line =apr_psprintf(bb->p, "%s finished, %d new certificate%s staged.",
- line, cert_count, cert_count > 1? "s" : "");
+ if (HTML_STATUS(ctx)) {
+ if (cert_count > 0) {
+ line =apr_psprintf(bb->p, "%s finished, %d new certificate%s staged.",
+ line, cert_count, cert_count > 1? "s" : "");
+ }
+ else {
+ line = apr_psprintf(bb->p, "%s finished successfully.", line);
+ }
}
else {
- line = apr_psprintf(bb->p, "%s finished successfully.", line);
+ apr_brigade_printf(bb, NULL, NULL, "%sNewStaged: %d\n", ctx->prefix, cert_count);
}
}
else {
s = md_json_gets(mdj, key, MD_KEY_LAST, MD_KEY_DETAIL, NULL);
- if (s) line = apr_psprintf(bb->p, "%s %s", line, s);
+ if (s) {
+ if (HTML_STATUS(ctx)) {
+ line = apr_psprintf(bb->p, "%s %s", line, s);
+ }
+ else {
+ apr_brigade_printf(bb, NULL, NULL, "%sLastDetail: %s\n", ctx->prefix, s);
+ }
+ }
}
-
+
errors = (int)md_json_getl(mdj, MD_KEY_ERRORS, NULL);
if (errors > 0) {
- line = apr_psprintf(bb->p, "%s (%d retr%s) ", line,
- errors, (errors > 1)? "y" : "ies");
- }
-
- apr_brigade_puts(bb, NULL, NULL, line);
+ if (HTML_STATUS(ctx)) {
+ line = apr_psprintf(bb->p, "%s (%d retr%s) ", line,
+ errors, (errors > 1)? "y" : "ies");
+ }
+ else {
+ apr_brigade_printf(bb, NULL, NULL, "%sRetries: %d\n", ctx->prefix, errors);
+ }
+ }
+
+ if (HTML_STATUS(ctx)) {
+ apr_brigade_puts(bb, NULL, NULL, line);
+ }
t = md_json_get_time(mdj, key, MD_KEY_NEXT_RUN, NULL);
if (t > apr_time_now() && !finished) {
- print_time(bb, "\nNext run", t);
- }
- else if (!strlen(line)) {
- apr_brigade_puts(bb, NULL, NULL, "\nOngoing...");
+ print_time(ctx,
+ HTML_STATUS(ctx) ? "\nNext run" : "NextRun",
+ t);
+ }
+ else if (line[0] != '\0') {
+ if (HTML_STATUS(ctx)) {
+ apr_brigade_puts(bb, NULL, NULL, "\nOngoing...");
+ }
+ else {
+ apr_brigade_printf(bb, NULL, NULL, "%s: Ongoing\n", ctx->prefix);
+ }
}
}
static void si_val_activity(status_ctx *ctx, md_json_t *mdj, const status_info *info)
{
apr_time_t t;
-
+ const char *prefix = ctx->prefix;
+
(void)info;
+ if (!HTML_STATUS(ctx)) {
+ ctx->prefix = apr_pstrcat(ctx->p, prefix, info->label, NULL);
+ }
+
if (md_json_has_key(mdj, MD_KEY_RENEWAL, NULL)) {
- print_job_summary(ctx->bb, mdj, MD_KEY_RENEWAL, NULL);
+ print_job_summary(ctx, mdj, MD_KEY_RENEWAL, NULL);
return;
}
-
+
t = md_json_get_time(mdj, MD_KEY_RENEW_AT, NULL);
if (t > apr_time_now()) {
- print_time(ctx->bb, "Renew", t);
+ print_time(ctx, "Renew", t);
}
else if (t) {
- apr_brigade_puts(ctx->bb, NULL, NULL, "Pending");
+ if (HTML_STATUS(ctx)) {
+ apr_brigade_puts(ctx->bb, NULL, NULL, "Pending");
+ }
+ else {
+ apr_brigade_printf(ctx->bb, NULL, NULL, "%s: %s", ctx->prefix, "Pending");
+ }
}
else if (MD_RENEW_MANUAL == md_json_getl(mdj, MD_KEY_RENEW_MODE, NULL)) {
- apr_brigade_puts(ctx->bb, NULL, NULL, "Manual renew");
+ if (HTML_STATUS(ctx)) {
+ apr_brigade_puts(ctx->bb, NULL, NULL, "Manual renew");
+ }
+ else {
+ apr_brigade_printf(ctx->bb, NULL, NULL, "%s: %s", ctx->prefix, "Manual renew");
+ }
+ }
+ if (!HTML_STATUS(ctx)) {
+ ctx->prefix = prefix;
}
}
@@ -408,13 +530,33 @@ static int cert_check_iter(void *baton,
{
status_ctx *ctx = baton;
const char *fingerprint;
-
+
fingerprint = md_json_gets(json, MD_KEY_SHA256_FINGERPRINT, NULL);
if (fingerprint) {
- apr_brigade_printf(ctx->bb, NULL, NULL,
- "<a href=\"%s%s\">%s[%s]</a><br>",
- ctx->mc->cert_check_url, fingerprint,
- ctx->mc->cert_check_name, key);
+ if (HTML_STATUS(ctx)) {
+ apr_brigade_printf(ctx->bb, NULL, NULL,
+ "<a href=\"%s%s\">%s[%s]</a><br>",
+ ctx->mc->cert_check_url, fingerprint,
+ ctx->mc->cert_check_name, key);
+ }
+ else {
+ apr_brigade_printf(ctx->bb, NULL, NULL,
+ "%sType: %s\n",
+ ctx->prefix,
+ key);
+ apr_brigade_printf(ctx->bb, NULL, NULL,
+ "%sName: %s\n",
+ ctx->prefix,
+ ctx->mc->cert_check_name);
+ apr_brigade_printf(ctx->bb, NULL, NULL,
+ "%sURL: %s%s\n",
+ ctx->prefix,
+ ctx->mc->cert_check_url, fingerprint);
+ apr_brigade_printf(ctx->bb, NULL, NULL,
+ "%sFingerprint: %s\n",
+ ctx->prefix,
+ fingerprint);
+ }
}
return 1;
}
@@ -423,7 +565,14 @@ static void si_val_remote_check(status_c
{
(void)info;
if (ctx->mc->cert_check_name && ctx->mc->cert_check_url) {
+ const char *prefix = ctx->prefix;
+ if (!HTML_STATUS(ctx)) {
+ ctx->prefix = apr_pstrcat(ctx->p, prefix, info->label, NULL);
+ }
md_json_iterkey(cert_check_iter, ctx, mdj, MD_KEY_CERT, NULL);
+ if (!HTML_STATUS(ctx)) {
+ ctx->prefix = prefix;
+ }
}
}
@@ -431,24 +580,43 @@ static void si_val_stapling(status_ctx *
{
(void)info;
if (!md_json_getb(mdj, MD_KEY_STAPLING, NULL)) return;
- apr_brigade_puts(ctx->bb, NULL, NULL, "on");
+ if (HTML_STATUS(ctx)) {
+ apr_brigade_puts(ctx->bb, NULL, NULL, "on");
+ }
+ else {
+ apr_brigade_printf(ctx->bb, NULL, NULL, "%s: on", ctx->prefix);
+ }
}
static int json_iter_val(void *data, size_t index, md_json_t *json)
{
status_ctx *ctx = data;
- if (index) apr_brigade_puts(ctx->bb, NULL, NULL, ctx->separator);
+ const char *prefix = ctx->prefix;
+ if (HTML_STATUS(ctx)) {
+ if (index) apr_brigade_puts(ctx->bb, NULL, NULL, ctx->separator);
+ }
+ else {
+ ctx->prefix = apr_pstrcat(ctx->p, prefix, apr_psprintf(ctx->p, "[%" APR_SIZE_T_FMT "]", index), NULL);
+ }
add_json_val(ctx, json);
+ if (!HTML_STATUS(ctx)) {
+ ctx->prefix = prefix;
+ }
return 1;
}
static void add_json_val(status_ctx *ctx, md_json_t *j)
{
if (!j) return;
- else if (md_json_is(MD_JSON_TYPE_ARRAY, j, NULL)) {
+ if (md_json_is(MD_JSON_TYPE_ARRAY, j, NULL)) {
md_json_itera(json_iter_val, ctx, j, NULL);
+ return;
+ }
+ if (!HTML_STATUS(ctx)) {
+ apr_brigade_puts(ctx->bb, NULL, NULL, ctx->prefix);
+ apr_brigade_puts(ctx->bb, NULL, NULL, ": ");
}
- else if (md_json_is(MD_JSON_TYPE_INT, j, NULL)) {
+ if (md_json_is(MD_JSON_TYPE_INT, j, NULL)) {
md_json_writeb(j, MD_JSON_FMT_COMPACT, ctx->bb);
}
else if (md_json_is(MD_JSON_TYPE_STRING, j, NULL)) {
@@ -460,13 +628,27 @@ static void add_json_val(status_ctx *ctx
else if (md_json_is(MD_JSON_TYPE_BOOL, j, NULL)) {
apr_brigade_puts(ctx->bb, NULL, NULL, md_json_getb(j, NULL)? "on" : "off");
}
+ if (!HTML_STATUS(ctx)) {
+ apr_brigade_puts(ctx->bb, NULL, NULL, "\n");
+ }
}
static void si_val_names(status_ctx *ctx, md_json_t *mdj, const status_info *info)
{
- apr_brigade_puts(ctx->bb, NULL, NULL, "<div style=\"max-width:400px;\">");
+ const char *prefix = ctx->prefix;
+ if (HTML_STATUS(ctx)) {
+ apr_brigade_puts(ctx->bb, NULL, NULL, "<div style=\"max-width:400px;\">");
+ }
+ else {
+ ctx->prefix = apr_pstrcat(ctx->p, prefix, info->label, NULL);
+ }
add_json_val(ctx, md_json_getj(mdj, info->key, NULL));
- apr_brigade_puts(ctx->bb, NULL, NULL, "</div>");
+ if (HTML_STATUS(ctx)) {
+ apr_brigade_puts(ctx->bb, NULL, NULL, "</div>");
+ }
+ else {
+ ctx->prefix = prefix;
+ }
}
static void add_status_cell(status_ctx *ctx, md_json_t *mdj, const status_info *info)
@@ -475,7 +657,14 @@ static void add_status_cell(status_ctx *
info->fn(ctx, mdj, info);
}
else {
+ const char *prefix = ctx->prefix;
+ if (!HTML_STATUS(ctx)) {
+ ctx->prefix = apr_pstrcat(ctx->p, prefix, info->label, NULL);
+ }
add_json_val(ctx, md_json_getj(mdj, info->key, NULL));
+ if (!HTML_STATUS(ctx)) {
+ ctx->prefix = prefix;
+ }
}
}
@@ -486,22 +675,31 @@ static const status_info status_infos[]
{ "Valid", MD_KEY_CERT, si_val_cert_valid_time },
{ "CA", MD_KEY_CA, si_val_ca_url },
{ "Stapling", MD_KEY_STAPLING, si_val_stapling },
- { "Check@", MD_KEY_SHA256_FINGERPRINT, si_val_remote_check },
- { "Activity", MD_KEY_NOTIFIED, si_val_activity },
+ { "CheckAt", MD_KEY_SHA256_FINGERPRINT, si_val_remote_check },
+ { "Activity", MD_KEY_NOTIFIED, si_val_activity },
};
static int add_md_row(void *baton, apr_size_t index, md_json_t *mdj)
{
status_ctx *ctx = baton;
+ const char *prefix = ctx->prefix;
int i;
-
- apr_brigade_printf(ctx->bb, NULL, NULL, "<tr class=\"%s\">", (index % 2)? "odd" : "even");
- for (i = 0; i < (int)(sizeof(status_infos)/sizeof(status_infos[0])); ++i) {
- apr_brigade_puts(ctx->bb, NULL, NULL, "<td>");
- add_status_cell(ctx, mdj, &status_infos[i]);
- apr_brigade_puts(ctx->bb, NULL, NULL, "</td>");
+
+ if (HTML_STATUS(ctx)) {
+ apr_brigade_printf(ctx->bb, NULL, NULL, "<tr class=\"%s\">", (index % 2)? "odd" : "even");
+ for (i = 0; i < (int)(sizeof(status_infos)/sizeof(status_infos[0])); ++i) {
+ apr_brigade_puts(ctx->bb, NULL, NULL, "<td>");
+ add_status_cell(ctx, mdj, &status_infos[i]);
+ apr_brigade_puts(ctx->bb, NULL, NULL, "</td>");
+ }
+ apr_brigade_puts(ctx->bb, NULL, NULL, "</tr>");
+ } else {
+ for (i = 0; i < (int)(sizeof(status_infos)/sizeof(status_infos[0])); ++i) {
+ ctx->prefix = apr_pstrcat(ctx->p, prefix, apr_psprintf(ctx->p, "[%" APR_SIZE_T_FMT "]", index), NULL);
+ add_status_cell(ctx, mdj, &status_infos[i]);
+ ctx->prefix = prefix;
+ }
}
- apr_brigade_puts(ctx->bb, NULL, NULL, "</tr>");
return 1;
}
@@ -514,96 +712,121 @@ int md_domains_status_hook(request_rec *
{
const md_srv_conf_t *sc;
const md_mod_conf_t *mc;
- int i, html;
+ int i;
status_ctx ctx;
apr_array_header_t *mds;
md_json_t *jstatus, *jstock;
-
+
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "server-status for managed domains, start");
sc = ap_get_module_config(r->server->module_config, &md_module);
if (!sc) return DECLINED;
mc = sc->mc;
if (!mc || !mc->server_status_enabled) return DECLINED;
- html = !(flags & AP_STATUS_SHORT);
ctx.p = r->pool;
ctx.mc = mc;
ctx.bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
+ ctx.flags = flags;
+ ctx.prefix = "ManagedCertificates";
ctx.separator = " ";
mds = apr_array_copy(r->pool, mc->mds);
qsort(mds->elts, (size_t)mds->nelts, sizeof(md_t *), md_name_cmp);
- if (!html) {
- ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "no-html summary");
- apr_brigade_puts(ctx.bb, NULL, NULL, "Managed Certificates: ");
+ if (!HTML_STATUS(&ctx)) {
+ int total = 0, complete = 0, renewing = 0, errored = 0, ready = 0;
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "no-html managed domain status summary");
if (mc->mds->nelts > 0) {
md_status_take_stock(&jstock, mds, mc->reg, r->pool);
- ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "got JSON summary");
- apr_brigade_printf(ctx.bb, NULL, NULL, "total=%d, ok=%d renew=%d errored=%d ready=%d",
- (int)md_json_getl(jstock, MD_KEY_TOTAL, NULL),
- (int)md_json_getl(jstock, MD_KEY_COMPLETE, NULL),
- (int)md_json_getl(jstock, MD_KEY_RENEWING, NULL),
- (int)md_json_getl(jstock, MD_KEY_ERRORED, NULL),
- (int)md_json_getl(jstock, MD_KEY_READY, NULL));
- }
- else {
- apr_brigade_puts(ctx.bb, NULL, NULL, "[]");
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "got JSON managed domain status summary");
+ total = (int)md_json_getl(jstock, MD_KEY_TOTAL, NULL);
+ complete = (int)md_json_getl(jstock, MD_KEY_COMPLETE, NULL);
+ renewing = (int)md_json_getl(jstock, MD_KEY_RENEWING, NULL);
+ errored = (int)md_json_getl(jstock, MD_KEY_ERRORED, NULL);
+ ready = (int)md_json_getl(jstock, MD_KEY_READY, NULL);
}
- apr_brigade_puts(ctx.bb, NULL, NULL, "\n");
+ apr_brigade_printf(ctx.bb, NULL, NULL, "%sTotal: %d\n", ctx.prefix, total);
+ apr_brigade_printf(ctx.bb, NULL, NULL, "%sOK: %d\n", ctx.prefix, complete);
+ apr_brigade_printf(ctx.bb, NULL, NULL, "%sRenew: %d\n", ctx.prefix, renewing);
+ apr_brigade_printf(ctx.bb, NULL, NULL, "%sErrored: %d\n", ctx.prefix, errored);
+ apr_brigade_printf(ctx.bb, NULL, NULL, "%sReady: %d\n", ctx.prefix, ready);
}
- else if (mc->mds->nelts > 0) {
- ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "html table");
+ if (mc->mds->nelts > 0) {
md_status_get_json(&jstatus, mds, mc->reg, mc->ocsp, r->pool);
- ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "got JSON status");
- apr_brigade_puts(ctx.bb, NULL, NULL,
- "<hr>\n<h3>Managed Certificates</h3>\n<table class='md_status'><thead><tr>\n");
- for (i = 0; i < (int)(sizeof(status_infos)/sizeof(status_infos[0])); ++i) {
- si_add_header(&ctx, &status_infos[i]);
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "got JSON managed domain status");
+ if (HTML_STATUS(&ctx)) {
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "html managed domain status table");
+ apr_brigade_puts(ctx.bb, NULL, NULL,
+ "<hr>\n<h3>Managed Certificates</h3>\n<table class='md_status'><thead><tr>\n");
+ for (i = 0; i < (int)(sizeof(status_infos)/sizeof(status_infos[0])); ++i) {
+ si_add_header(&ctx, &status_infos[i]);
+ }
+ apr_brigade_puts(ctx.bb, NULL, NULL, "</tr>\n</thead><tbody>");
+ }
+ else {
+ ctx.prefix = "ManagedDomain";
}
- apr_brigade_puts(ctx.bb, NULL, NULL, "</tr>\n</thead><tbody>");
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "iterating JSON managed domain status");
md_json_itera(add_md_row, &ctx, jstatus, MD_KEY_MDS, NULL);
- apr_brigade_puts(ctx.bb, NULL, NULL, "</td></tr>\n</tbody>\n</table>\n");
+ if (HTML_STATUS(&ctx)) {
+ apr_brigade_puts(ctx.bb, NULL, NULL, "</td></tr>\n</tbody>\n</table>\n");
+ }
}
ap_pass_brigade(r->output_filters, ctx.bb);
apr_brigade_cleanup(ctx.bb);
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "server-status for managed domains, end");
-
+
return OK;
}
static void si_val_ocsp_activity(status_ctx *ctx, md_json_t *mdj, const status_info *info)
{
apr_time_t t;
-
+ const char *prefix = ctx->prefix;
+
(void)info;
- t = md_json_get_time(mdj, MD_KEY_RENEW_AT, NULL);
- print_time(ctx->bb, "Refresh", t);
- print_job_summary(ctx->bb, mdj, MD_KEY_RENEWAL, ": ");
+ if (!HTML_STATUS(ctx)) {
+ ctx->prefix = apr_pstrcat(ctx->p, prefix, info->label, NULL);
+ }
+ t = md_json_get_time(mdj, MD_KEY_RENEW_AT, NULL);
+ print_time(ctx, "Refresh", t);
+ print_job_summary(ctx, mdj, MD_KEY_RENEWAL, ": ");
+ if (!HTML_STATUS(ctx)) {
+ ctx->prefix = prefix;
+ }
}
static const status_info ocsp_status_infos[] = {
{ "Domain", MD_KEY_DOMAIN, NULL },
- { "Certificate ID", MD_KEY_ID, NULL },
- { "OCSP Status", MD_KEY_STATUS, NULL },
- { "Stapling Valid", MD_KEY_VALID, si_val_valid_time },
+ { "CertificateID", MD_KEY_ID, NULL },
+ { "OCSPStatus", MD_KEY_STATUS, NULL },
+ { "StaplingValid", MD_KEY_VALID, si_val_valid_time },
{ "Responder", MD_KEY_URL, si_val_url },
- { "Activity", MD_KEY_NOTIFIED, si_val_ocsp_activity },
+ { "Activity", MD_KEY_NOTIFIED, si_val_ocsp_activity },
};
static int add_ocsp_row(void *baton, apr_size_t index, md_json_t *mdj)
{
status_ctx *ctx = baton;
+ const char *prefix = ctx->prefix;
int i;
-
- apr_brigade_printf(ctx->bb, NULL, NULL, "<tr class=\"%s\">", (index % 2)? "odd" : "even");
- for (i = 0; i < (int)(sizeof(ocsp_status_infos)/sizeof(ocsp_status_infos[0])); ++i) {
- apr_brigade_puts(ctx->bb, NULL, NULL, "<td>");
- add_status_cell(ctx, mdj, &ocsp_status_infos[i]);
- apr_brigade_puts(ctx->bb, NULL, NULL, "</td>");
+
+ if (HTML_STATUS(ctx)) {
+ apr_brigade_printf(ctx->bb, NULL, NULL, "<tr class=\"%s\">", (index % 2)? "odd" : "even");
+ for (i = 0; i < (int)(sizeof(ocsp_status_infos)/sizeof(ocsp_status_infos[0])); ++i) {
+ apr_brigade_puts(ctx->bb, NULL, NULL, "<td>");
+ add_status_cell(ctx, mdj, &ocsp_status_infos[i]);
+ apr_brigade_puts(ctx->bb, NULL, NULL, "</td>");
+ }
+ apr_brigade_puts(ctx->bb, NULL, NULL, "</tr>");
+ } else {
+ for (i = 0; i < (int)(sizeof(ocsp_status_infos)/sizeof(ocsp_status_infos[0])); ++i) {
+ ctx->prefix = apr_pstrcat(ctx->p, prefix, apr_psprintf(ctx->p, "[%" APR_SIZE_T_FMT "]", index), NULL);
+ add_status_cell(ctx, mdj, &ocsp_status_infos[i]);
+ ctx->prefix = prefix;
+ }
}
- apr_brigade_puts(ctx->bb, NULL, NULL, "</tr>");
return 1;
}
@@ -611,53 +834,65 @@ int md_ocsp_status_hook(request_rec *r,
{
const md_srv_conf_t *sc;
const md_mod_conf_t *mc;
- int i, html;
+ int i;
status_ctx ctx;
md_json_t *jstatus, *jstock;
-
+
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "server-status for ocsp stapling, start");
sc = ap_get_module_config(r->server->module_config, &md_module);
if (!sc) return DECLINED;
mc = sc->mc;
if (!mc || !mc->server_status_enabled) return DECLINED;
- html = !(flags & AP_STATUS_SHORT);
ctx.p = r->pool;
ctx.mc = mc;
ctx.bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
+ ctx.flags = flags;
+ ctx.prefix = "ManagedStaplings";
ctx.separator = " ";
- if (!html) {
- apr_brigade_puts(ctx.bb, NULL, NULL, "Managed Staplings: ");
+ if (!HTML_STATUS(&ctx)) {
+ int total = 0, good = 0, revoked = 0, unknown = 0;
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "no-html ocsp stapling status summary");
if (md_ocsp_count(mc->ocsp) > 0) {
md_ocsp_get_summary(&jstock, mc->ocsp, r->pool);
- apr_brigade_printf(ctx.bb, NULL, NULL, "total=%d, good=%d revoked=%d unknown=%d",
- (int)md_json_getl(jstock, MD_KEY_TOTAL, NULL),
- (int)md_json_getl(jstock, MD_KEY_GOOD, NULL),
- (int)md_json_getl(jstock, MD_KEY_REVOKED, NULL),
- (int)md_json_getl(jstock, MD_KEY_UNKNOWN, NULL));
- }
- else {
- apr_brigade_puts(ctx.bb, NULL, NULL, "[]");
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "got JSON ocsp stapling status summary");
+ total = (int)md_json_getl(jstock, MD_KEY_TOTAL, NULL);
+ good = (int)md_json_getl(jstock, MD_KEY_GOOD, NULL);
+ revoked = (int)md_json_getl(jstock, MD_KEY_REVOKED, NULL);
+ unknown = (int)md_json_getl(jstock, MD_KEY_UNKNOWN, NULL);
}
- apr_brigade_puts(ctx.bb, NULL, NULL, "\n");
+ apr_brigade_printf(ctx.bb, NULL, NULL, "%sTotal: %d\n", ctx.prefix, total);
+ apr_brigade_printf(ctx.bb, NULL, NULL, "%sOK: %d\n", ctx.prefix, good);
+ apr_brigade_printf(ctx.bb, NULL, NULL, "%sRenew: %d\n", ctx.prefix, revoked);
+ apr_brigade_printf(ctx.bb, NULL, NULL, "%sErrored: %d\n", ctx.prefix, unknown);
}
- else if (md_ocsp_count(mc->ocsp) > 0) {
+ if (md_ocsp_count(mc->ocsp) > 0) {
md_ocsp_get_status_all(&jstatus, mc->ocsp, r->pool);
- apr_brigade_puts(ctx.bb, NULL, NULL,
- "<hr>\n<h3>Managed Staplings</h3>\n<table class='md_ocsp_status'><thead><tr>\n");
- for (i = 0; i < (int)(sizeof(ocsp_status_infos)/sizeof(ocsp_status_infos[0])); ++i) {
- si_add_header(&ctx, &ocsp_status_infos[i]);
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "got JSON ocsp stapling status");
+ if (HTML_STATUS(&ctx)) {
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "html ocsp stapling status table");
+ apr_brigade_puts(ctx.bb, NULL, NULL,
+ "<hr>\n<h3>Managed Staplings</h3>\n<table class='md_ocsp_status'><thead><tr>\n");
+ for (i = 0; i < (int)(sizeof(ocsp_status_infos)/sizeof(ocsp_status_infos[0])); ++i) {
+ si_add_header(&ctx, &ocsp_status_infos[i]);
+ }
+ apr_brigade_puts(ctx.bb, NULL, NULL, "</tr>\n</thead><tbody>");
+ }
+ else {
+ ctx.prefix = "ManagedStapling";
}
- apr_brigade_puts(ctx.bb, NULL, NULL, "</tr>\n</thead><tbody>");
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "iterating JSON ocsp stapling status");
md_json_itera(add_ocsp_row, &ctx, jstatus, MD_KEY_OCSPS, NULL);
- apr_brigade_puts(ctx.bb, NULL, NULL, "</td></tr>\n</tbody>\n</table>\n");
+ if (HTML_STATUS(&ctx)) {
+ apr_brigade_puts(ctx.bb, NULL, NULL, "</td></tr>\n</tbody>\n</table>\n");
+ }
}
ap_pass_brigade(r->output_filters, ctx.bb);
apr_brigade_cleanup(ctx.bb);
ap_log_rerror(APLOG_MARK, APLOG_TRACE1, 0, r, "server-status for ocsp stapling, end");
-
+
return OK;
}
@@ -687,7 +922,7 @@ int md_status_handler(request_rec *r)
ap_log_rerror(APLOG_MARK, APLOG_TRACE2, 0, r, "md-status supports only GET");
return HTTP_NOT_IMPLEMENTED;
}
-
+
jstatus = NULL;
md = NULL;
if (r->path_info && r->path_info[0] == '/' && r->path_info[1] != '\0') {
@@ -695,7 +930,7 @@ int md_status_handler(request_rec *r)
md = md_get_by_name(mc->mds, name);
if (!md) md = md_get_by_domain(mc->mds, name);
}
-
+
if (md) {
md_status_get_md_json(&jstatus, md, mc->reg, mc->ocsp, r->pool);
}
@@ -706,12 +941,12 @@ int md_status_handler(request_rec *r)
}
if (jstatus) {
- apr_table_set(r->headers_out, "Content-Type", "application/json");
+ apr_table_set(r->headers_out, "Content-Type", "application/json");
bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
md_json_writeb(jstatus, MD_JSON_FMT_INDENT, bb);
ap_pass_brigade(r->output_filters, bb);
apr_brigade_cleanup(bb);
-
+
return DONE;
}
return DECLINED;
Modified: httpd/httpd/branches/2.4.x/test/modules/md/md_env.py
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/test/modules/md/md_env.py?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/test/modules/md/md_env.py (original)
+++ httpd/httpd/branches/2.4.x/test/modules/md/md_env.py Wed Apr 27 12:08:18 2022
@@ -111,6 +111,7 @@ class MDTestEnv(HttpdTestEnv):
self._a2md_bin = os.path.join(self.bin_dir, 'a2md')
self._default_domain = f"test1.{self.http_tld}"
+ self._tailscale_domain = "test.headless-chicken.ts.net"
self._store_dir = "./md"
self.set_store_dir_default()
@@ -119,6 +120,7 @@ class MDTestEnv(HttpdTestEnv):
valid_from=timedelta(days=-100),
valid_to=timedelta(days=-10)),
CertificateSpec(domains=["localhost"], key_type='rsa2048'),
+ CertificateSpec(domains=[self._tailscale_domain]),
])
def setup_httpd(self, setup: HttpdTestSetup = None):
@@ -168,6 +170,10 @@ class MDTestEnv(HttpdTestEnv):
def store_dir(self):
return self._store_dir
+ @property
+ def tailscale_domain(self):
+ return self._tailscale_domain
+
def get_request_domain(self, request):
name = request.node.originalname if request.node.originalname else request.node.name
return "%s-%s" % (re.sub(r'[_]', '-', name), MDTestEnv.DOMAIN_SUFFIX)
Modified: httpd/httpd/branches/2.4.x/test/modules/md/test_920_status.py
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/test/modules/md/test_920_status.py?rev=1900316&r1=1900315&r2=1900316&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/test/modules/md/test_920_status.py (original)
+++ httpd/httpd/branches/2.4.x/test/modules/md/test_920_status.py Wed Apr 27 12:08:18 2022
@@ -148,13 +148,17 @@ Protocols h2 http/1.1 acme-tls/1
assert re.search(r'<h3>Managed Certificates</h3>', status, re.MULTILINE)
# get the ascii summary
status = env.get_server_status(query="?auto", via_domain=env.http_addr, use_https=False)
- m = re.search(r'Managed Certificates: total=(\d+), ok=(\d+) renew=(\d+) errored=(\d+) ready=(\d+)',
- status, re.MULTILINE)
+ m = re.search(r'ManagedCertificatesTotal: (\d+)', status, re.MULTILINE)
+ assert m, status
+ assert int(m.group(1)) == 1
+ m = re.search(r'ManagedCertificatesOK: (\d+)', status, re.MULTILINE)
+ assert int(m.group(1)) == 0
+ m = re.search(r'ManagedCertificatesRenew: (\d+)', status, re.MULTILINE)
+ assert int(m.group(1)) == 1
+ m = re.search(r'ManagedCertificatesErrored: (\d+)', status, re.MULTILINE)
+ assert int(m.group(1)) == 0
+ m = re.search(r'ManagedCertificatesReady: (\d+)', status, re.MULTILINE)
assert int(m.group(1)) == 1
- assert int(m.group(2)) == 0
- assert int(m.group(3)) == 1
- assert int(m.group(4)) == 0
- assert int(m.group(5)) == 1
def test_md_920_011(self, env):
# MD with static cert files in base server, see issue #161