"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/md_acme_drive.c" between
mod_md-2.1.3.tar.gz and mod_md-2.1.4.tar.gz

About: mod_md is an Apache module that adds Let's Encrypt (ACME) support. Beta version (for Apache httpd 2.4.41 or later).

md_acme_drive.c  (mod_md-2.1.3):md_acme_drive.c  (mod_md-2.1.4)
skipping to change at line 536 skipping to change at line 536
} }
else if (d->md->ca_challenges && d->md->ca_challenges->nelts > 0) { else if (d->md->ca_challenges && d->md->ca_challenges->nelts > 0) {
/* pre-configured set for this managed domain */ /* pre-configured set for this managed domain */
apr_array_cat(ad->ca_challenges, d->md->ca_challenges); apr_array_cat(ad->ca_challenges, d->md->ca_challenges);
} }
else { else {
/* free to chose. Add all we support and see what we get offered */ /* free to chose. Add all we support and see what we get offered */
APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_HTTP01; APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_HTTP01;
APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_TLSALPN01 ; APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_TLSALPN01 ;
APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_DNS01; APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_DNS01;
}
if (!d->can_http && !d->can_https
&& md_array_str_index(ad->ca_challenges, MD_AUTHZ_TYPE_DNS01, 0, 0) < 0)
{
md_result_printf(result, APR_EGENERAL,
"the server seems neither reachable via http (port 80) nor https (po
rt 443). "
"Please look at the MDPortMap configuration directive on how to corr
ect this. "
"The ACME protocol needs at least one of those so the CA can talk to
the server "
"and verify a domain ownership. Alternatively, you may configure sup
port "
"for the %s challenge directive.", MD_AUTHZ_TYPE_DNS01);
goto leave;
}
dis_http = dis_https = dis_alpn_acme = dis_dns = 0;
if (!d->can_http && md_array_str_index(ad->ca_challenges, MD_AUTHZ_TYPE_HTTP
01, 0, 1) >= 0) {
ad->ca_challenges = md_array_str_remove(d->p, ad->ca_challenges, MD_AUTH
Z_TYPE_HTTP01, 0);
dis_http = 1;
}
if (!d->can_https && md_array_str_index(ad->ca_challenges, MD_AUTHZ_TYPE_TLS
ALPN01, 0, 1) >= 0) {
ad->ca_challenges = md_array_str_remove(d->p, ad->ca_challenges, MD_AUTH
Z_TYPE_TLSALPN01, 0);
dis_https = 1;
}
if (apr_is_empty_array(d->md->acme_tls_1_domains)
&& md_array_str_index(ad->ca_challenges, MD_AUTHZ_TYPE_TLSALPN01, 0, 1)
>= 0) {
ad->ca_challenges = md_array_str_remove(d->p, ad->ca_challenges, MD_AUTH
Z_TYPE_TLSALPN01, 0);
dis_alpn_acme = 1;
}
if (!apr_table_get(d->env, MD_KEY_CMD_DNS01) && md_array_str_index(ad->ca_ch
allenges, MD_AUTHZ_TYPE_DNS01, 0, 1) >= 0) {
ad->ca_challenges = md_array_str_remove(d->p, ad->ca_challenges, MD_AUTH
Z_TYPE_DNS01, 0);
dis_dns = 1;
}
if (apr_is_empty_array(ad->ca_challenges)) { if (!d->can_http && !d->can_https
md_result_printf(result, APR_EGENERAL, && md_array_str_index(ad->ca_challenges, MD_AUTHZ_TYPE_DNS01, 0, 0)
"None of the ACME challenge methods configured for this domain are s < 0) {
uitable.%s%s%s%s", md_result_printf(result, APR_EGENERAL,
dis_http? " The http: challenge 'http-01' is disabled because the se "the server seems neither reachable via http (port
rver seems not reachable on public port 80." : "", 80) nor https (port 443). "
dis_https? " The https: challenge 'tls-alpn-01' is disabled because "Please look at the MDPortMap configuration directi
the server seems not reachable on public port 443." : "", ve on how to correct this. "
dis_alpn_acme? " The https: challenge 'tls-alpn-01' is disabled beca "The ACME protocol needs at least one of those so t
use the Protocols configuration does not include the 'acme-tls/1' protocol." : " he CA can talk to the server "
", "and verify a domain ownership. Alternatively, you
dis_dns? "The DNS challenge 'dns-01' is disabled because the directi may configure support "
ve 'MDChallengeDns01' is not configured." : "" "for the %s challenge directive.", MD_AUTHZ_TYPE_DN
); S01);
goto leave; goto leave;
}
dis_http = dis_https = dis_alpn_acme = dis_dns = 0;
if (!d->can_http && md_array_str_index(ad->ca_challenges, MD_AUTHZ_TYPE_
HTTP01, 0, 1) >= 0) {
ad->ca_challenges = md_array_str_remove(d->p, ad->ca_challenges, MD_
AUTHZ_TYPE_HTTP01, 0);
dis_http = 1;
}
if (!d->can_https && md_array_str_index(ad->ca_challenges, MD_AUTHZ_TYPE
_TLSALPN01, 0, 1) >= 0) {
ad->ca_challenges = md_array_str_remove(d->p, ad->ca_challenges, MD_
AUTHZ_TYPE_TLSALPN01, 0);
dis_https = 1;
}
if (apr_is_empty_array(d->md->acme_tls_1_domains)
&& md_array_str_index(ad->ca_challenges, MD_AUTHZ_TYPE_TLSALPN01, 0,
1) >= 0) {
ad->ca_challenges = md_array_str_remove(d->p, ad->ca_challenges, MD_
AUTHZ_TYPE_TLSALPN01, 0);
dis_alpn_acme = 1;
}
if (!apr_table_get(d->env, MD_KEY_CMD_DNS01) && md_array_str_index(ad->c
a_challenges, MD_AUTHZ_TYPE_DNS01, 0, 1) >= 0) {
ad->ca_challenges = md_array_str_remove(d->p, ad->ca_challenges, MD_
AUTHZ_TYPE_DNS01, 0);
dis_dns = 1;
}
if (apr_is_empty_array(ad->ca_challenges)) {
md_result_printf(result, APR_EGENERAL,
"None of the ACME challenge methods configured for
this domain are suitable.%s%s%s%s",
dis_http? " The http: challenge 'http-01' is disabl
ed because the server seems not reachable on public port 80." : "",
dis_https? " The https: challenge 'tls-alpn-01' is
disabled because the server seems not reachable on public port 443." : "",
dis_alpn_acme? " The https: challenge 'tls-alpn-01'
is disabled because the Protocols configuration does not include the 'acme-tls/
1' protocol." : "",
dis_dns? "The DNS challenge 'dns-01' is disabled be
cause the directive 'MDChallengeDns01' is not configured." : ""
);
goto leave;
}
} }
leave: leave:
md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, result->status, d->p, "%s: init dr iver", d->md->name); md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, result->status, d->p, "%s: init dr iver", d->md->name);
return result->status; return result->status;
} }
/******************************************************************************* *******************/ /******************************************************************************* *******************/
/* ACME staging */ /* ACME staging */
skipping to change at line 598 skipping to change at line 598
{ {
md_acme_driver_t *ad = d->baton; md_acme_driver_t *ad = d->baton;
int reset_staging = d->reset; int reset_staging = d->reset;
apr_status_t rv = APR_SUCCESS; apr_status_t rv = APR_SUCCESS;
apr_time_t now; apr_time_t now;
apr_array_header_t *staged_certs; apr_array_header_t *staged_certs;
char ts[APR_RFC822_DATE_LEN]; char ts[APR_RFC822_DATE_LEN];
if (md_log_is_level(d->p, MD_LOG_DEBUG)) { if (md_log_is_level(d->p, MD_LOG_DEBUG)) {
md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, d->p, "%s: staging started, " md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, d->p, "%s: staging started, "
"state=%d, can_http=%d, can_https=%d, challenges='%s'", "state=%d, challenges='%s'", d->md->name, d->md->state,
d->md->name, d->md->state, d->can_http, d->can_https,
apr_array_pstrcat(d->p, ad->ca_challenges, ' ')); apr_array_pstrcat(d->p, ad->ca_challenges, ' '));
} }
/* When not explicitly told to reset, we check the existing data. If /* When not explicitly told to reset, we check the existing data. If
* it is incomplete or old, we trigger the reset for a clean start. */ * it is incomplete or old, we trigger the reset for a clean start. */
if (!reset_staging) { if (!reset_staging) {
md_result_activity_setn(result, "Checking staging area"); md_result_activity_setn(result, "Checking staging area");
rv = md_load(d->store, MD_SG_STAGING, d->md->name, &ad->md, d->p); rv = md_load(d->store, MD_SG_STAGING, d->md->name, &ad->md, d->p);
if (APR_SUCCESS == rv) { if (APR_SUCCESS == rv) {
/* So, we have a copy in staging, but is it a recent or an old one? */ /* So, we have a copy in staging, but is it a recent or an old one? */
 End of changes. 3 change blocks. 
61 lines changed or deleted 61 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)