Mailing List Archive

svn commit: r1893400 - in /httpd/httpd/branches/2.4.x: ./ changes-entries/md_pkeys_challenge_setup.txt modules/md/md_acme_authz.c modules/md/md_version.h modules/md/mod_md.c modules/md/mod_md_drive.c
Author: icing
Date: Fri Sep 17 12:41:45 2021
New Revision: 1893400

URL: http://svn.apache.org/viewvc?rev=1893400&view=rev
Log:
Merge of /httpd/httpd/trunk:r1893399

*) mod_md: when MDMessageCmd for a 'challenge-setup:<type>:<dnsname>'
fails (!= 0 exit), the renewal process is aborted and an error is
reported for the MDomain. This provides scripts that distribute
information in a cluster to abort early with bothering an ACME
server to validate a dns name that will not work. The common
retry logic will make another attempt in the future, as with
other failures.
Fixed a bug when adding private key specs to an already working
MDomain, see <https://github.com/icing/mod_md/issues/260>.


Added:
httpd/httpd/branches/2.4.x/changes-entries/md_pkeys_challenge_setup.txt
- copied unchanged from r1893399, httpd/httpd/trunk/changes-entries/md_pkeys_challenge_setup.txt
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/modules/md/md_acme_authz.c
httpd/httpd/branches/2.4.x/modules/md/md_version.h
httpd/httpd/branches/2.4.x/modules/md/mod_md.c
httpd/httpd/branches/2.4.x/modules/md/mod_md_drive.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1893399

Modified: httpd/httpd/branches/2.4.x/modules/md/md_acme_authz.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_acme_authz.c?rev=1893400&r1=1893399&r2=1893400&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_acme_authz.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_acme_authz.c Fri Sep 17 12:41:45 2021
@@ -275,7 +275,13 @@ static apr_status_t cha_http_01_setup(md
/* Raise event that challenge data has been set up before we tell the
ACME server. Clusters might want to distribute it. */
event = apr_psprintf(p, "challenge-setup:%s:%s", MD_AUTHZ_TYPE_HTTP01, authz->domain);
- md_result_holler(result, event, p);
+ rv = md_result_raise(result, event, p);
+ if (APR_SUCCESS != rv) {
+ md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p,
+ "%s: event '%s' failed. aborting challenge setup",
+ authz->domain, event);
+ goto out;
+ }
/* challenge is setup or was changed from previous data, tell ACME server
* so it may (re)try verification */
authz_req_ctx_init(&ctx, acme, NULL, authz, p);

Modified: httpd/httpd/branches/2.4.x/modules/md/md_version.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/md_version.h?rev=1893400&r1=1893399&r2=1893400&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/md_version.h (original)
+++ httpd/httpd/branches/2.4.x/modules/md/md_version.h Fri Sep 17 12:41:45 2021
@@ -27,7 +27,7 @@
* @macro
* Version number of the md module as c string
*/
-#define MOD_MD_VERSION "2.4.6"
+#define MOD_MD_VERSION "2.4.7"

/**
* @macro
@@ -35,7 +35,7 @@
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_MD_VERSION_NUM 0x020406
+#define MOD_MD_VERSION_NUM 0x020407

#define MD_ACME_DEF_URL "https://acme-v02.api.letsencrypt.org/directory"


Modified: httpd/httpd/branches/2.4.x/modules/md/mod_md.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/mod_md.c?rev=1893400&r1=1893399&r2=1893400&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/mod_md.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/mod_md.c Fri Sep 17 12:41:45 2021
@@ -1154,6 +1154,12 @@ static apr_status_t get_certificates(ser
APR_ARRAY_PUSH(key_files, const char*) = keyfile;
APR_ARRAY_PUSH(chain_files, const char*) = chainfile;
}
+ else if (APR_STATUS_IS_ENOENT(rv)) {
+ /* certificate for this pkey is not available, others might
+ * if pkeys have been added for a runnign mdomain.
+ * see issue #260 */
+ rv = APR_SUCCESS;
+ }
else if (!APR_STATUS_IS_ENOENT(rv)) {
ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(10110)
"retrieving credentials for MD %s (%s)",
@@ -1202,6 +1208,9 @@ leave:
*pkey_files = key_files;
*pcert_files = chain_files;
}
+ else if (APR_SUCCESS == rv) {
+ rv = APR_ENOENT;
+ }
return rv;
}


Modified: httpd/httpd/branches/2.4.x/modules/md/mod_md_drive.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/md/mod_md_drive.c?rev=1893400&r1=1893399&r2=1893400&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/md/mod_md_drive.c (original)
+++ httpd/httpd/branches/2.4.x/modules/md/mod_md_drive.c Fri Sep 17 12:41:45 2021
@@ -137,6 +137,7 @@ static void process_drive_job(md_renew_c
}

if (!job->notified_renewed) {
+ md_job_save(job, result, ptemp);
md_job_notify(job, "renewed", result);
}
}