mod_md: copy recent fixes, adding new sources to mod_md.dsp

Adding module to CMakeLists, needs testing. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1862041 13f79535-47bb-0310-9956-ffa450edef68
author: Stefan Eissing <icing@apache.org> 2019-06-25 10:56:57 +0200
committer: Stefan Eissing <icing@apache.org> 2019-06-25 10:56:57 +0200
commit: 5d2583a0f44ded24be9b19a657f6554b1a78a5ef (patch)
tree: fe48cec30f3e8a8d0d02c9251a47c965e2a82f64
parent: * modules/dav/main/props.c (dav_do_prop_subreq): Allocate escaped URI (diff)
download: apache2-5d2583a0f44ded24be9b19a657f6554b1a78a5ef.tar.xz
apache2-5d2583a0f44ded24be9b19a657f6554b1a78a5ef.zip
6 files changed, 141 insertions, 35 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 73bce70f60..ecf47d54b0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -70,6 +70,18 @@ ELSE()
   SET(default_check_libraries)
 ENDIF()
 
+IF(EXISTS "${CMAKE_INSTALL_PREFIX}/lib/curl.lib")
+  SET(default_curl_libraries "${CMAKE_INSTALL_PREFIX}/lib/curl.lib")
+ELSE()
+  SET(default_curl_libraries)
+ENDIF()
+
+IF(EXISTS "${CMAKE_INSTALL_PREFIX}/lib/jansson.lib")
+  SET(default_jansson_libraries "${CMAKE_INSTALL_PREFIX}/lib/jansson.lib")
+ELSE()
+  SET(default_jansson_libraries)
+ENDIF()
+
 SET(APR_INCLUDE_DIR       "${CMAKE_INSTALL_PREFIX}/include" CACHE STRING "Directory with APR[-Util] include files")
 SET(APR_LIBRARIES         ${default_apr_libraries}       CACHE STRING "APR libraries to link with")
 SET(NGHTTP2_INCLUDE_DIR   "${CMAKE_INSTALL_PREFIX}/include" CACHE STRING "Directory with NGHTTP2 include files within nghttp2 subdirectory")
@@ -82,6 +94,8 @@ SET(BROTLI_INCLUDE_DIR    "${CMAKE_INSTALL_PREFIX}/include" CACHE STRING "Direct
 SET(BROTLI_LIBRARIES      ${default_brotli_libraries}    CACHE STRING "Brotli libraries to link with")
 SET(CHECK_INCLUDE_DIR     "${CMAKE_INSTALL_PREFIX}/include" CACHE STRING "Directory with include files for Check")
 SET(CHECK_LIBRARIES       "${default_check_libraries}"   CACHE STRING "Check libraries to link with")
+SET(CURL_LIBRARIES        "${default_curl_libraries}"    CACHE STRING "Curl libraries to link with")
+SET(JANSSON_LIBRARIES     "${default_jansson_libraries}" CACHE STRING "Jansson libraries to link with")
 # end support library configuration
 
 # Misc. options
@@ -231,6 +245,19 @@ ELSE()
   SET(CHECK_FOUND FALSE)
 ENDIF()
 
+# See if we have curl
+SET(CURL_FOUND TRUE)
+IF(EXISTS "${CURL_INCLUDE_DIR}/curl/curl.h")
+  FOREACH(onelib ${CURL_LIBRARIES})
+    IF(NOT EXISTS ${onelib})
+      SET(CURL_FOUND FALSE)
+    ENDIF()
+  ENDFOREACH()
+ELSE()
+  SET(CURL_FOUND FALSE)
+ENDIF()
+
+
 MESSAGE(STATUS "")
 MESSAGE(STATUS "Summary of feature detection:")
 MESSAGE(STATUS "")
@@ -240,6 +267,8 @@ MESSAGE(STATUS "NGHTTP2_FOUND ............ : ${NGHTTP2_FOUND}")
 MESSAGE(STATUS "OPENSSL_FOUND ............ : ${OPENSSL_FOUND}")
 MESSAGE(STATUS "ZLIB_FOUND ............... : ${ZLIB_FOUND}")
 MESSAGE(STATUS "BROTLI_FOUND ............. : ${BROTLI_FOUND}")
+MESSAGE(STATUS "CURL_FOUND ............... : ${CURL_FOUND}")
+MESSAGE(STATUS "JANSSON_FOUND ............ : ${JANSSON_FOUND}")
 MESSAGE(STATUS "CHECK_FOUND .............. : ${CHECK_FOUND}")
 MESSAGE(STATUS "APR_HAS_LDAP ............. : ${APR_HAS_LDAP}")
 MESSAGE(STATUS "APR_HAS_XLATE ............ : ${APR_HAS_XLATE}")
@@ -345,6 +374,7 @@ SET(MODULE_LIST
   "modules/loggers/mod_log_forensic+I+forensic logging"
   "modules/loggers/mod_logio+I+input and output logging"
   "modules/lua/mod_lua+i+Apache Lua Framework"
+  "modules/md/mod_md+i+Apache Managed Domains (Certificates)"
   "modules/mappers/mod_actions+I+Action triggering on requests"
   "modules/mappers/mod_alias+A+mapping of requests to different filesystem parts"
   "modules/mappers/mod_dir+A+directory request handling"
@@ -478,6 +508,24 @@ SET(mod_lua_extra_sources
   modules/lua/lua_vmprep.c           modules/lua/lua_dbd.c
 )
 SET(mod_lua_requires                 LUA51_FOUND)
+SET(mod_md_requires                  OPENSSL_FOUND CURL_FOUND JANSSON_FOUND HAVE_OPENSSL_102)
+SET(mod_md_extra_includes            ${OPENSSL_INCLUDE_DIR} ${CURL_INCLUDE_DIR} ${JANSSON_INCLUDE_DIR})
+SET(mod_md_extra_libs                ${OPENSSL_LIBRARIES} ${CURL_LIBRARIES} ${JANSSON_LIBRARIES} mod_watchdog)
+SET(mod_md_extra_sources
+  modules/md/md_acme.c               modules/md/md_acme_acct.c
+  modules/md/md_acme_authz.c         modules/md/md_acme_drive.c
+  modules/md/md_acmev1_drive.c       modules/md/md_acmev2_drive.c
+  modules/md/md_acme_order.c         modules/md/md_core.c
+  modules/md/md_curl.c               modules/md/md_crypt.c
+  modules/md/md_http.c               modules/md/md_json.c
+  modules/md/md_jws.c                modules/md/md_log.c
+  modules/md/md_result.c             modules/md/md_reg.c
+  modules/md/md_status.c             modules/md/md_store.c
+  modules/md/md_store_fs.c           modules/md/md_time.c
+  modules/md/md_util.c               
+  modules/md/mod_md_config.c         modules/md/mod_md_drive.c
+  modules/md/mod_md_os.c             modules/md/mod_md_status.c
+)
 SET(mod_optional_hook_export_extra_defines AP_DECLARE_EXPORT) # bogus reuse of core API prefix
 SET(mod_proxy_extra_defines          PROXY_DECLARE_EXPORT)
 SET(mod_proxy_extra_sources          modules/proxy/proxy_util.c)
@@ -1062,6 +1110,8 @@ MESSAGE(STATUS "  Brotli include directory......... : ${BROTLI_INCLUDE_DIR}")
 MESSAGE(STATUS "  Brotli libraries ................ : ${BROTLI_LIBRARIES}")
 MESSAGE(STATUS "  Check include directory.......... : ${CHECK_INCLUDE_DIR}")
 MESSAGE(STATUS "  Check libraries ................. : ${CHECK_LIBRARIES}")
+MESSAGE(STATUS "  Curl include directory........... : ${CURL_INCLUDE_DIR}")
+MESSAGE(STATUS "  Jansson libraries ............... : ${JANSSON_LIBRARIES}")
 MESSAGE(STATUS "  Extra include directories ....... : ${EXTRA_INCLUDES}")
 MESSAGE(STATUS "  Extra compile flags ............. : ${EXTRA_COMPILE_FLAGS}")
 MESSAGE(STATUS "  Extra libraries ................. : ${EXTRA_LIBS}")
diff --git a/build/apr_common.m4 b/build/apr_common.m4
index 6b5c0f033b..f4e2dfd0a7 100644
--- a/build/apr_common.m4
+++ b/build/apr_common.m4
@@ -511,9 +511,9 @@ AC_DEFUN([APR_TRY_COMPILE_NO_WARNING],
    [int main(int argc, const char *const *argv) {]
    [[$2]]
    [   return 0; }]
-  )],
-  [$3], [$4])
- CFLAGS=$apr_save_CFLAGS
+  )], [CFLAGS=$apr_save_CFLAGS
+$3],  [CFLAGS=$apr_save_CFLAGS
+$4])
 ])
 
 dnl
@@ -975,11 +975,44 @@ AC_SUBST(MKDEP)
 ])
 
 dnl
+dnl APR_CHECK_TYPES_FMT_COMPATIBLE(TYPE-1, TYPE-2, FMT-TAG, 
+dnl                                [ACTION-IF-TRUE], [ACTION-IF-FALSE])
+dnl
+dnl Try to determine whether two types are the same and accept the given
+dnl printf formatter (bare token, e.g. literal d, ld, etc).
+dnl
+AC_DEFUN([APR_CHECK_TYPES_FMT_COMPATIBLE], [
+define([apr_cvname], apr_cv_typematch_[]translit([$1], [ ], [_])_[]translit([$2], [ ], [_])_[][$3])
+AC_CACHE_CHECK([whether $1 and $2 use fmt %$3], apr_cvname, [
+APR_TRY_COMPILE_NO_WARNING([#include <sys/types.h>
+#include <stdio.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+], [
+    $1 chk1, *ptr1;
+    $2 chk2, *ptr2 = &chk1;
+    ptr1 = &chk2;
+    *ptr1 = *ptr2 = 0;
+    printf("%$3 %$3", chk1, chk2);
+], [apr_cvname=yes], [apr_cvname=no])])
+if test "$apr_cvname" = "yes"; then
+    :
+    $4
+else
+    :
+    $5
+fi
+])
+
+dnl
 dnl APR_CHECK_TYPES_COMPATIBLE(TYPE-1, TYPE-2, [ACTION-IF-TRUE])
 dnl
 dnl Try to determine whether two types are the same. Only works
 dnl for gcc and icc.
 dnl
+dnl @deprecated @see APR_CHECK_TYPES_FMT_COMPATIBLE
+dnl
 AC_DEFUN([APR_CHECK_TYPES_COMPATIBLE], [
 define([apr_cvname], apr_cv_typematch_[]translit([$1], [ ], [_])_[]translit([$2], [ ], [_]))
 AC_CACHE_CHECK([whether $1 and $2 are the same], apr_cvname, [
diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c
index 0e1d84602f..4b29e4b044 100644
--- a/modules/md/md_acme_drive.c
+++ b/modules/md/md_acme_drive.c
@@ -304,17 +304,9 @@ static apr_status_t csr_req(md_acme_t *acme, const md_http_response_t *res, void
     ad->next_up_link = NULL;
     if (APR_SUCCESS == (rv = md_cert_read_http(&cert, d->p, res))) {
         md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, d->p, "cert parsed");
-        if (ad->certs) {
-            apr_array_clear(ad->certs);
-        }
-        else {
-            ad->certs = apr_array_make(d->p, 5, sizeof(md_cert_t*));
-        }
+        apr_array_clear(ad->certs);
         APR_ARRAY_PUSH(ad->certs, md_cert_t*) = cert;
-        
-        if (APR_SUCCESS == rv) {
-            get_up_link(d, res->headers);
-        }
+        get_up_link(d, res->headers);
     }
     else if (APR_STATUS_IS_ENOENT(rv)) {
         rv = APR_SUCCESS;
@@ -454,9 +446,6 @@ static apr_status_t ad_chain_retrieve(md_proto_driver_t *d)
      *                          the link header with relation "up" gives us the location
      *                          for the next cert in the chain
      */
-    if (!ad->certs) {
-        ad->certs = apr_array_make(d->p, 5, sizeof(md_cert_t *));
-    }
     if (md_array_is_empty(ad->certs)) {
         /* Need to start at the order */
         ad->next_up_link = NULL;
@@ -499,15 +488,16 @@ static apr_status_t acme_driver_init(md_proto_driver_t *d, md_result_t *result)
     ad = apr_pcalloc(d->p, sizeof(*ad));
     
     d->baton = ad;
-    ad->driver = d;
     
+    ad->driver = d;
     ad->authz_monitor_timeout = apr_time_from_sec(30);
     ad->cert_poll_timeout = apr_time_from_sec(30);
+    ad->ca_challenges = apr_array_make(d->p, 3, sizeof(const char*));
+    ad->certs = apr_array_make(d->p, 5, sizeof(md_cert_t*));
     
     /* We can only support challenges if the server is reachable from the outside
      * via port 80 and/or 443. These ports might be mapped for httpd to something
      * else, but a mapping needs to exist. */
-    ad->ca_challenges = apr_array_make(d->p, 3, sizeof(const char *));
     challenge = apr_table_get(d->env, MD_KEY_CHALLENGE); 
     if (challenge) {
         APR_ARRAY_PUSH(ad->ca_challenges, const char*) = apr_pstrdup(d->p, challenge);
@@ -578,6 +568,7 @@ static apr_status_t acme_renew(md_proto_driver_t *d, md_result_t *result)
     int reset_staging = d->reset;
     apr_status_t rv = APR_SUCCESS;
     apr_time_t now;
+    apr_array_header_t *staged_certs;
     char ts[APR_RFC822_DATE_LEN];
 
     if (md_log_is_level(d->p, MD_LOG_DEBUG)) {
@@ -667,9 +658,10 @@ static apr_status_t acme_renew(md_proto_driver_t *d, md_result_t *result)
     if (!ad->domains) {
         ad->domains = md_dns_make_minimal(d->p, ad->md->domains);
     }
-    if (md_array_is_empty(ad->certs)) {
-        /* have we created this already? */
-        md_pubcert_load(d->store, MD_SG_STAGING, d->md->name, &ad->certs, d->p);
+    
+    if (md_array_is_empty(ad->certs)
+        && APR_SUCCESS == md_pubcert_load(d->store, MD_SG_STAGING, d->md->name, &staged_certs, d->p)) {
+        apr_array_cat(ad->certs, staged_certs);
     }
     
     if (md_array_is_empty(ad->certs)) {
diff --git a/modules/md/md_status.c b/modules/md/md_status.c
index 8aa1de2d57..4bdd508199 100644
--- a/modules/md/md_status.c
+++ b/modules/md/md_status.c
@@ -98,7 +98,7 @@ static apr_status_t get_staging_cert_json(md_json_t **pjson, apr_pool_t *p,
     apr_status_t rv = APR_SUCCESS;
     
     rv = md_pubcert_load(md_reg_store_get(reg), MD_SG_STAGING, md->name, &certs, p);
-    if (APR_STATUS_IS_ENOENT(rv) || certs->nelts == 0) {
+    if (APR_STATUS_IS_ENOENT(rv)) {
         rv = APR_SUCCESS;
         goto leave;
     }
diff --git a/modules/md/md_version.h b/modules/md/md_version.h
index 4a668bc381..21286a2616 100644
--- a/modules/md/md_version.h
+++ b/modules/md/md_version.h
@@ -27,7 +27,7 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "2.0.6"
+#define MOD_MD_VERSION "2.0.7"
 
 /**
  * @macro
@@ -35,7 +35,7 @@
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x020006
+#define MOD_MD_VERSION_NUM 0x020007
 
 #define MD_ACME_DEF_URL    "https://acme-v02.api.letsencrypt.org/directory"
 
diff --git a/modules/md/mod_md.dsp b/modules/md/mod_md.dsp
index edc7f859c8..250b2e9fb9 100644
--- a/modules/md/mod_md.dsp
+++ b/modules/md/mod_md.dsp
@@ -109,10 +109,46 @@ SOURCE=./mod_md_config.c
 # End Source File
 # Begin Source File
 
+SOURCE=./mod_md_drive.c
+# End Source File
+# Begin Source File
+
 SOURCE=./mod_md_os.c
 # End Source File
 # Begin Source File
 
+SOURCE=./mod_md_status.c
+# End Source File
+# Begin Source File
+
+SOURCE=./md_acme.c
+# End Source File
+# Begin Source File
+
+SOURCE=./md_acme_acct.c
+# End Source File
+# Begin Source File
+
+SOURCE=./md_acme_authz.c
+# End Source File
+# Begin Source File
+
+SOURCE=./md_acme_drive.c
+# End Source File
+# Begin Source File
+
+SOURCE=./md_acme_order.c
+# End Source File
+# Begin Source File
+
+SOURCE=./md_acmev1_drive.c
+# End Source File
+# Begin Source File
+
+SOURCE=./md_acmev2_drive.c
+# End Source File
+# Begin Source File
+
 SOURCE=./md_core.c
 # End Source File
 # Begin Source File
@@ -145,35 +181,30 @@ SOURCE=./md_reg.c
 # End Source File
 # Begin Source File
 
-SOURCE=./md_store.c
-# End Source File
-# Begin Source File
-
-SOURCE=./md_store_fs.c
+SOURCE=./md_result.c
 # End Source File
 # Begin Source File
 
-SOURCE=./md_util.c
+SOURCE=./md_status.c
 # End Source File
 # Begin Source File
 
-SOURCE=./md_acme.c
+SOURCE=./md_store.c
 # End Source File
 # Begin Source File
 
-SOURCE=./md_acme_acct.c
+SOURCE=./md_store_fs.c
 # End Source File
 # Begin Source File
 
-SOURCE=./md_acme_authz.c
+SOURCE=./md_time.c
 # End Source File
 # Begin Source File
 
-SOURCE=./md_acme_drive.c
+SOURCE=./md_util.c
 # End Source File
 # Begin Source File
 
-
 SOURCE=..\..\build\win32\httpd.rc
 # End Source File
 # End Target
author	Stefan Eissing <icing@apache.org>	2019-06-25 10:56:57 +0200
committer	Stefan Eissing <icing@apache.org>	2019-06-25 10:56:57 +0200
commit	5d2583a0f44ded24be9b19a657f6554b1a78a5ef (patch)
tree	fe48cec30f3e8a8d0d02c9251a47c965e2a82f64
parent	* modules/dav/main/props.c (dav_do_prop_subreq): Allocate escaped URI (diff)
download	apache2-5d2583a0f44ded24be9b19a657f6554b1a78a5ef.tar.xz apache2-5d2583a0f44ded24be9b19a657f6554b1a78a5ef.zip