diff options
| author | Stefan Eissing <icing@apache.org> | 2017-09-26 10:33:35 +0200 |
|---|---|---|
| committer | Stefan Eissing <icing@apache.org> | 2017-09-26 10:33:35 +0200 |
| commit | c2f7c7a31f22fd026eff35701174811428327704 (patch) | |
| tree | 296b4072f874f991988fb62c0ead6020218581e3 /modules/md | |
| parent | On the trunk: (diff) | |
| download | apache2-c2f7c7a31f22fd026eff35701174811428327704.tar.xz apache2-c2f7c7a31f22fd026eff35701174811428327704.zip | |
On the trunk:
mod_md: v0.9.7
- Use of the new module flag
- Removed obsolete function from interface to mod_ssl.
- Fallback certificates has version set and no longer claims to be a CA. (re issue #32)
- MDRequireHttps now happens before any Redirect.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809719 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/md')
| -rw-r--r-- | modules/md/md_acme.c | 7 | ||||
| -rw-r--r-- | modules/md/md_acme.h | 2 | ||||
| -rw-r--r-- | modules/md/md_acme_acct.c | 43 | ||||
| -rw-r--r-- | modules/md/md_acme_authz.c | 33 | ||||
| -rw-r--r-- | modules/md/md_acme_authz.h | 2 | ||||
| -rw-r--r-- | modules/md/md_acme_drive.c | 20 | ||||
| -rw-r--r-- | modules/md/md_cmd_acme.c | 8 | ||||
| -rw-r--r-- | modules/md/md_cmd_main.c | 3 | ||||
| -rw-r--r-- | modules/md/md_cmd_reg.c | 6 | ||||
| -rw-r--r-- | modules/md/md_cmd_store.c | 5 | ||||
| -rw-r--r-- | modules/md/md_crypt.c | 40 | ||||
| -rw-r--r-- | modules/md/md_curl.c | 1 | ||||
| -rw-r--r-- | modules/md/md_http.c | 2 | ||||
| -rw-r--r-- | modules/md/md_log.c | 5 | ||||
| -rw-r--r-- | modules/md/md_reg.c | 7 | ||||
| -rw-r--r-- | modules/md/md_store.c | 3 | ||||
| -rw-r--r-- | modules/md/md_store_fs.c | 15 | ||||
| -rw-r--r-- | modules/md/md_util.c | 6 | ||||
| -rw-r--r-- | modules/md/md_version.h | 4 | ||||
| -rw-r--r-- | modules/md/mod_md.c | 36 | ||||
| -rw-r--r-- | modules/md/mod_md.h | 7 | ||||
| -rw-r--r-- | modules/md/mod_md_config.c | 20 | ||||
| -rw-r--r-- | modules/md/mod_md_os.c | 6 |
23 files changed, 190 insertions, 91 deletions
diff --git a/modules/md/md_acme.c b/modules/md/md_acme.c index efde431eea..c4569fbf4f 100644 --- a/modules/md/md_acme.c +++ b/modules/md/md_acme.c @@ -67,7 +67,7 @@ static acme_problem_status_t Problems[] = { }; static apr_status_t problem_status_get(const char *type) { - int i; + size_t i; if (strstr(type, "urn:ietf:params:") == type) { type += strlen("urn:ietf:params:"); @@ -492,7 +492,10 @@ static apr_status_t on_got_json(md_acme_t *acme, apr_pool_t *p, const apr_table_ md_json_t *jbody, void *baton) { json_ctx *ctx = baton; - + + (void)acme; + (void)p; + (void)headers; ctx->json = md_json_clone(ctx->pool, jbody); return APR_SUCCESS; } diff --git a/modules/md/md_acme.h b/modules/md/md_acme.h index ec130a0755..1a3540f1bb 100644 --- a/modules/md/md_acme.h +++ b/modules/md/md_acme.h @@ -113,7 +113,7 @@ apr_status_t md_acme_use_acct_staged(md_acme_t *acme, struct md_store_t *store, * Get the local name of the account currently used by the acme instance. * Will be NULL if no account has been setup successfully. */ -const char *md_acme_get_acct(md_acme_t *acme, apr_pool_t *p); +const char *md_acme_get_acct_id(md_acme_t *acme); /** * Agree to the given Terms-of-Service url for the current account. diff --git a/modules/md/md_acme_acct.c b/modules/md/md_acme_acct.c index 5ad419ff63..8b1906b5ec 100644 --- a/modules/md/md_acme_acct.c +++ b/modules/md/md_acme_acct.c @@ -58,10 +58,6 @@ static apr_status_t acct_make(md_acme_acct_t **pacct, apr_pool_t *p, } -static void md_acme_acct_free(md_acme_acct_t *acct) -{ -} - static const char *mk_acct_id(apr_pool_t *p, md_acme_t *acme, int i) { return apr_psprintf(p, "ACME-%s-%04d", acme->sname, i); @@ -225,20 +221,25 @@ static int find_acct(void *baton, const char *name, const char *aspect, md_store_vtype_t vtype, void *value, apr_pool_t *ptemp) { find_ctx *ctx = baton; - md_json_t *json = value; int disabled; const char *ca_url, *id; - id = md_json_gets(json, MD_KEY_ID, NULL); - disabled = md_json_getb(json, MD_KEY_DISABLED, NULL); - ca_url = md_json_gets(json, MD_KEY_CA_URL, NULL); - - if (!disabled && ca_url && !strcmp(ctx->acme->url, ca_url)) { - md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, ctx->p, - "found account %s for %s: %s, disabled=%d, ca-url=%s", - name, ctx->acme->url, id, disabled, ca_url); - ctx->id = id; - return 0; + (void)aspect; + (void)ptemp; + if (MD_SV_JSON == vtype) { + md_json_t *json = value; + + id = md_json_gets(json, MD_KEY_ID, NULL); + disabled = md_json_getb(json, MD_KEY_DISABLED, NULL); + ca_url = md_json_gets(json, MD_KEY_CA_URL, NULL); + + if (!disabled && ca_url && !strcmp(ctx->acme->url, ca_url)) { + md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, ctx->p, + "found account %s for %s: %s, disabled=%d, ca-url=%s", + name, ctx->acme->url, id, disabled, ca_url); + ctx->id = id; + return 0; + } } return 1; } @@ -371,7 +372,6 @@ static apr_status_t acct_register(md_acme_t *acme, apr_pool_t *p, out: if (APR_SUCCESS != rv && acme->acct) { - md_acme_acct_free(acme->acct); acme->acct = NULL; } return rv; @@ -384,6 +384,7 @@ static apr_status_t on_init_acct_valid(md_acme_req_t *req, void *baton) { md_json_t *jpayload; + (void)baton; jpayload = md_json_create(req->p); md_json_sets("reg", jpayload, MD_KEY_RESOURCE, NULL); @@ -398,6 +399,8 @@ static apr_status_t acct_valid(md_acme_t *acme, apr_pool_t *p, const apr_table_t const char *body_str; const char *tos_required; + (void)p; + (void)baton; apr_array_clear(acct->contacts); md_json_getsa(acct->contacts, body, MD_KEY_CONTACT, NULL); acct->registration = md_json_clone(acme->p, body); @@ -493,7 +496,7 @@ apr_status_t md_acme_use_acct_staged(md_acme_t *acme, struct md_store_t *store, return rv; } -const char *md_acme_get_acct(md_acme_t *acme, apr_pool_t *p) +const char *md_acme_get_acct_id(md_acme_t *acme) { return acme->acct? acme->acct->id : NULL; } @@ -553,6 +556,7 @@ static apr_status_t on_init_acct_del(md_acme_req_t *req, void *baton) { md_json_t *jpayload; + (void)baton; jpayload = md_json_create(req->p); md_json_sets("reg", jpayload, MD_KEY_RESOURCE, NULL); md_json_setb(1, jpayload, "delete", NULL); @@ -565,7 +569,9 @@ static apr_status_t acct_del(md_acme_t *acme, apr_pool_t *p, { md_store_t *store = baton; apr_status_t rv = APR_SUCCESS; - + + (void)hdrs; + (void)body; md_log_perror(MD_LOG_MARK, MD_LOG_INFO, 0, p, "deleted account %s", acme->acct->url); if (store) { rv = md_acme_unstore_acct(store, p, acme->acct->id); @@ -579,6 +585,7 @@ apr_status_t md_acme_delete_acct(md_acme_t *acme, md_store_t *store, apr_pool_t { md_acme_acct_t *acct = acme->acct; + (void)p; if (!acct) { return APR_EINVAL; } diff --git a/modules/md/md_acme_authz.c b/modules/md/md_acme_authz.c index 2a854f95b3..aaca6ebf88 100644 --- a/modules/md/md_acme_authz.c +++ b/modules/md/md_acme_authz.c @@ -45,7 +45,7 @@ md_acme_authz_t *md_acme_authz_create(apr_pool_t *p) return authz; } -md_acme_authz_set_t *md_acme_authz_set_create(apr_pool_t *p, md_acme_t *acme) +md_acme_authz_set_t *md_acme_authz_set_create(apr_pool_t *p) { md_acme_authz_set_t *authz_set; @@ -152,6 +152,8 @@ static apr_status_t authz_created(md_acme_t *acme, apr_pool_t *p, const apr_tabl const char *location = apr_table_get(hdrs, "location"); apr_status_t rv = APR_SUCCESS; + (void)acme; + (void)p; if (location) { ctx->authz = md_acme_authz_create(ctx->p); ctx->authz->domain = apr_pstrdup(ctx->p, ctx->domain); @@ -172,6 +174,7 @@ apr_status_t md_acme_authz_register(struct md_acme_authz_t **pauthz, md_acme_t * apr_status_t rv; authz_req_ctx ctx; + (void)store; authz_req_ctx_init(&ctx, acme, domain, NULL, p); md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, acme->p, "create new authz"); @@ -191,6 +194,7 @@ apr_status_t md_acme_authz_update(md_acme_authz_t *authz, md_acme_t *acme, const char *s; apr_status_t rv; + (void)store; assert(acme); assert(acme->http); assert(authz); @@ -261,6 +265,10 @@ static apr_status_t authz_http_set(md_acme_t *acme, apr_pool_t *p, const apr_tab { authz_req_ctx *ctx = baton; + (void)acme; + (void)p; + (void)hdrs; + (void)body; md_log_perror(MD_LOG_MARK, MD_LOG_INFO, 0, ctx->p, "updated authz %s", ctx->authz->location); return APR_SUCCESS; } @@ -271,6 +279,7 @@ static apr_status_t setup_key_authz(md_acme_authz_cha_t *cha, md_acme_authz_t *a const char *thumb64, *key_authz; apr_status_t rv; + (void)authz; assert(cha); assert(cha->token); @@ -299,6 +308,7 @@ static apr_status_t cha_http_01_setup(md_acme_authz_cha_t *cha, md_acme_authz_t apr_status_t rv; int notify_server; + (void)key_spec; if (APR_SUCCESS != (rv = setup_key_authz(cha, authz, acme, p, ¬ify_server))) { goto out; } @@ -434,9 +444,10 @@ typedef struct { static apr_status_t collect_offered(void *baton, size_t index, md_json_t *json) { cha_find_ctx *ctx = baton; + const char *ctype; - const char *ctype = md_json_gets(json, MD_KEY_TYPE, NULL); - if (ctype) { + (void)index; + if ((ctype = md_json_gets(json, MD_KEY_TYPE, NULL))) { APR_ARRAY_PUSH(ctx->offered, const char*) = apr_pstrdup(ctx->p, ctype); } return 1; @@ -459,7 +470,7 @@ apr_status_t md_acme_authz_respond(md_acme_authz_t *authz, md_acme_t *acme, md_s md_pkey_spec_t *key_spec, apr_pool_t *p) { apr_status_t rv; - unsigned int i; + int i; cha_find_ctx fctx; assert(acme); @@ -490,7 +501,7 @@ apr_status_t md_acme_authz_respond(md_acme_authz_t *authz, md_acme_t *acme, md_s return rv; } - for (i = 0; i < CHA_TYPES_LEN; ++i) { + for (i = 0; i < (int)CHA_TYPES_LEN; ++i) { if (!apr_strnatcasecmp(CHA_TYPES[i].name, fctx.accepted->type)) { return CHA_TYPES[i].start(fctx.accepted, authz, acme, store, key_spec, p); } @@ -515,6 +526,7 @@ static apr_status_t on_init_authz_del(md_acme_req_t *req, void *baton) { md_json_t *jpayload; + (void)baton; jpayload = md_json_create(req->p); md_json_sets("deactivated", jpayload, MD_KEY_STATUS, NULL); @@ -526,6 +538,9 @@ static apr_status_t authz_del(md_acme_t *acme, apr_pool_t *p, const apr_table_t { authz_req_ctx *ctx = baton; + (void)p; + (void)body; + (void)hdrs; md_log_perror(MD_LOG_MARK, MD_LOG_INFO, 0, ctx->p, "deleted authz %s", ctx->authz->location); acme->acct = NULL; return APR_SUCCESS; @@ -536,6 +551,7 @@ apr_status_t md_acme_authz_del(md_acme_authz_t *authz, md_acme_t *acme, { authz_req_ctx ctx; + (void)store; ctx.p = p; ctx.authz = authz; @@ -581,11 +597,13 @@ md_acme_authz_t *md_acme_authz_from_json(struct md_json_t *json, apr_pool_t *p) static apr_status_t authz_to_json(void *value, md_json_t *json, apr_pool_t *p, void *baton) { + (void)baton; return md_json_setj(md_acme_authz_to_json(value, p), json, NULL); } static apr_status_t authz_from_json(void **pvalue, md_json_t *json, apr_pool_t *p, void *baton) { + (void)baton; *pvalue = md_acme_authz_from_json(json, p); return (*pvalue)? APR_SUCCESS : APR_EINVAL; } @@ -602,7 +620,7 @@ md_json_t *md_acme_authz_set_to_json(md_acme_authz_set_t *set, apr_pool_t *p) md_acme_authz_set_t *md_acme_authz_set_from_json(md_json_t *json, apr_pool_t *p) { - md_acme_authz_set_t *set = md_acme_authz_set_create(p, NULL); + md_acme_authz_set_t *set = md_acme_authz_set_create(p); if (set) { md_json_geta(set->authzs, authz_from_json, NULL, json, MD_KEY_AUTHZS, NULL); return set; @@ -637,7 +655,8 @@ static apr_status_t p_save(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_lis md_acme_authz_set_t *set; const char *md_name; int create; - + + (void)p; group = (md_store_group_t)va_arg(ap, int); md_name = va_arg(ap, const char *); set = va_arg(ap, md_acme_authz_set_t *); diff --git a/modules/md/md_acme_authz.h b/modules/md/md_acme_authz.h index 817d6fe830..3b083a95f0 100644 --- a/modules/md/md_acme_authz.h +++ b/modules/md/md_acme_authz.h @@ -82,7 +82,7 @@ struct md_acme_authz_set_t { struct apr_array_header_t *authzs; }; -md_acme_authz_set_t *md_acme_authz_set_create(apr_pool_t *p, struct md_acme_t *acme); +md_acme_authz_set_t *md_acme_authz_set_create(apr_pool_t *p); md_acme_authz_t *md_acme_authz_set_get(md_acme_authz_set_t *set, const char *domain); apr_status_t md_acme_authz_set_add(md_acme_authz_set_t *set, md_acme_authz_t *authz); apr_status_t md_acme_authz_set_remove(md_acme_authz_set_t *set, const char *domain); diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c index e4b01b757a..13cff46c50 100644 --- a/modules/md/md_acme_drive.c +++ b/modules/md/md_acme_drive.c @@ -107,7 +107,7 @@ static apr_status_t ad_set_acct(md_proto_driver_t *d) md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, d->p, "%s: looking at existing accounts", d->proto->protocol); if (APR_SUCCESS == md_acme_find_acct(ad->acme, d->store, d->p)) { - md->ca_account = md_acme_get_acct(ad->acme, d->p); + md->ca_account = md_acme_get_acct_id(ad->acme); update = 1; } } @@ -176,7 +176,7 @@ static apr_status_t ad_setup_authz(md_proto_driver_t *d) */ rv = md_acme_authz_set_load(d->store, MD_SG_STAGING, md->name, &ad->authz_set, d->p); if (!ad->authz_set || APR_STATUS_IS_ENOENT(rv)) { - ad->authz_set = md_acme_authz_set_create(d->p, ad->acme); + ad->authz_set = md_acme_authz_set_create(d->p); rv = APR_SUCCESS; } else if (APR_SUCCESS != rv) { @@ -292,7 +292,7 @@ static apr_status_t ad_start_challenges(md_proto_driver_t *d) return rv; } -static apr_status_t check_challenges(void *baton, int attemmpt) +static apr_status_t check_challenges(void *baton, int attempt) { md_proto_driver_t *d = baton; md_acme_driver_t *ad = d->baton; @@ -302,8 +302,8 @@ static apr_status_t check_challenges(void *baton, int attemmpt) for (i = 0; i < ad->authz_set->authzs->nelts && APR_SUCCESS == rv; ++i) { authz = APR_ARRAY_IDX(ad->authz_set->authzs, i, md_acme_authz_t*); - md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, d->p, "%s: check AUTHZ for %s", - ad->md->name, authz->domain); + md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, d->p, "%s: check AUTHZ for %s(%d. attempt)", + ad->md->name, authz->domain, attempt); if (APR_SUCCESS == (rv = md_acme_authz_update(authz, ad->acme, d->store, d->p))) { switch (authz->state) { case MD_ACME_AUTHZ_S_VALID: @@ -366,7 +366,7 @@ static apr_status_t on_got_cert(md_acme_t *acme, const md_http_response_t *res, md_acme_driver_t *ad = d->baton; apr_status_t rv = APR_SUCCESS; - + (void)acme; if (APR_SUCCESS == (rv = read_http_cert(&ad->cert, d->p, res))) { rv = md_store_save(d->store, d->p, MD_SG_STAGING, ad->md->name, MD_FN_CERT, MD_SV_CERT, ad->cert, 0); @@ -380,6 +380,7 @@ static apr_status_t get_cert(void *baton, int attempt) md_proto_driver_t *d = baton; md_acme_driver_t *ad = d->baton; + (void)attempt; return md_acme_GET(ad->acme, ad->md->cert_url, NULL, NULL, on_got_cert, d); } @@ -426,6 +427,7 @@ static apr_status_t csr_req(md_acme_t *acme, const md_http_response_t *res, void md_acme_driver_t *ad = d->baton; apr_status_t rv = APR_SUCCESS; + (void)acme; ad->md->cert_url = apr_table_get(res->headers, "location"); if (!ad->md->cert_url) { md_log_perror(MD_LOG_MARK, MD_LOG_ERR, APR_EINVAL, d->p, @@ -511,6 +513,7 @@ static apr_status_t on_add_chain(md_acme_t *acme, const md_http_response_t *res, md_cert_t *cert; const char *ct; + (void)acme; ct = apr_table_get(res->headers, "Content-Type"); if (ct && !strcmp("application/x-pkcs7-mime", ct)) { /* root cert most likely, end it here */ @@ -531,7 +534,7 @@ static apr_status_t get_chain(void *baton, int attempt) md_cert_t *cert; const char *url, *last_url = NULL; apr_status_t rv = APR_SUCCESS; - + while (APR_SUCCESS == rv && ad->chain->nelts < 10) { int nelts = ad->chain->nelts; if (ad->chain && nelts > 0) { @@ -569,7 +572,7 @@ static apr_status_t get_chain(void *baton, int attempt) } } md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, rv, d->p, - "got chain with %d certs", ad->chain->nelts); + "got chain with %d certs (%d. attempt)", ad->chain->nelts, attempt); return rv; } @@ -979,6 +982,7 @@ static md_proto_t ACME_PROTO = { apr_status_t md_acme_protos_add(apr_hash_t *protos, apr_pool_t *p) { + (void)p; apr_hash_set(protos, MD_PROTO_ACME, sizeof(MD_PROTO_ACME)-1, &ACME_PROTO); return APR_SUCCESS; } diff --git a/modules/md/md_cmd_acme.c b/modules/md/md_cmd_acme.c index 650fb4e469..0fa10a9e9a 100644 --- a/modules/md/md_cmd_acme.c +++ b/modules/md/md_cmd_acme.c @@ -54,7 +54,7 @@ static apr_status_t cmd_acme_newreg(md_cmd_ctx *ctx, const md_cmd_t *cmd) if (APR_SUCCESS == (rv = md_acme_create_acct(ctx->acme, ctx->p, contacts, ctx->tos))) { md_acme_save(ctx->acme, ctx->store, ctx->p); - fprintf(stdout, "registered: %s\n", md_acme_get_acct(ctx->acme, ctx->p)); + fprintf(stdout, "registered: %s\n", md_acme_get_acct_id(ctx->acme)); } else { md_log_perror(MD_LOG_MARK, MD_LOG_ERR, rv, ctx->p, "register new account"); @@ -106,6 +106,7 @@ static apr_status_t cmd_acme_agree(md_cmd_ctx *ctx, const md_cmd_t *cmd) apr_status_t rv = APR_SUCCESS; int i; + (void)cmd; for (i = 0; i < ctx->argc; ++i) { rv = acct_agree_tos(ctx, ctx->argv[i], ctx->tos, ctx->p); if (rv != APR_SUCCESS) { @@ -146,6 +147,7 @@ static apr_status_t cmd_acme_validate(md_cmd_ctx *ctx, const md_cmd_t *cmd) apr_status_t rv = APR_SUCCESS; int i; + (void)cmd; for (i = 0; i < ctx->argc; ++i) { rv = acct_validate(ctx, ctx->argv[i], ctx->p); if (rv != APR_SUCCESS) { @@ -200,6 +202,7 @@ static apr_status_t cmd_acme_delreg(md_cmd_ctx *ctx, const md_cmd_t *cmd) apr_status_t rv = APR_SUCCESS; int i; + (void)cmd; for (i = 0; i < ctx->argc; ++i) { rv = acme_delreg(ctx, ctx->argv[i], ctx->p); if (rv != APR_SUCCESS) { @@ -223,7 +226,8 @@ static apr_status_t acme_newauthz(md_cmd_ctx *ctx, md_acme_acct_t *acct, const c { apr_status_t rv; md_acme_authz_t *authz; - + + (void)acct; rv = md_acme_authz_register(&authz, ctx->acme, ctx->store, domain, ctx->p); if (rv == APR_SUCCESS) { diff --git a/modules/md/md_cmd_main.c b/modules/md/md_cmd_main.c index bff4e13ad3..865d6def99 100644 --- a/modules/md/md_cmd_main.c +++ b/modules/md/md_cmd_main.c @@ -232,6 +232,8 @@ static md_log_level_t active_level = MD_LOG_INFO; static int log_is_level(void *baton, apr_pool_t *p, md_log_level_t level) { + (void)baton; + (void)p; return level <= active_level; } @@ -286,6 +288,7 @@ void md_cmd_print_md(md_cmd_ctx *ctx, const md_t *md) static int pool_abort(int rv) { + (void)rv; abort(); } diff --git a/modules/md/md_cmd_reg.c b/modules/md/md_cmd_reg.c index 1b1278ac46..e8cb11725c 100644 --- a/modules/md/md_cmd_reg.c +++ b/modules/md/md_cmd_reg.c @@ -41,6 +41,7 @@ static apr_status_t cmd_reg_add(md_cmd_ctx *ctx, const md_cmd_t *cmd) md_t *md; apr_status_t rv; + (void)cmd; md = md_create(ctx->p, md_cmd_gather_args(ctx, 0)); if (md->domains->nelts == 0) { return APR_EINVAL; @@ -70,6 +71,7 @@ static int list_add_md(void *baton, md_reg_t *reg, md_t *md) { apr_array_header_t *mdlist = baton; + (void)reg; APR_ARRAY_PUSH(mdlist, const md_t *) = md; return 1; } @@ -86,6 +88,7 @@ static apr_status_t cmd_reg_list(md_cmd_ctx *ctx, const md_cmd_t *cmd) const md_t *md; int i; + (void)cmd; if (ctx->argc > 0) { for (i = 0; i < ctx->argc; ++i) { name = ctx->argv[i]; @@ -304,6 +307,7 @@ static apr_status_t cmd_reg_drive(md_cmd_ctx *ctx, const md_cmd_t *cmd) apr_status_t rv; int i; + (void)cmd; md_log_perror(MD_LOG_MARK, MD_LOG_TRACE4, 0, ctx->p, "drive do"); if (ctx->argc > 0) { for (i = 0; i < ctx->argc; ++i) { @@ -322,7 +326,7 @@ static apr_status_t cmd_reg_drive(md_cmd_ctx *ctx, const md_cmd_t *cmd) rv = APR_SUCCESS; for (i = 0; i < mdlist->nelts; ++i) { - md_t *md = APR_ARRAY_IDX(mdlist, i, md_t*); + md = APR_ARRAY_IDX(mdlist, i, md_t*); if (APR_SUCCESS != (rv = assess_and_drive(ctx, md))) { break; } diff --git a/modules/md/md_cmd_store.c b/modules/md/md_cmd_store.c index 56c4f2712f..6fd5953b20 100644 --- a/modules/md/md_cmd_store.c +++ b/modules/md/md_cmd_store.c @@ -41,6 +41,7 @@ static apr_status_t cmd_add(md_cmd_ctx *ctx, const md_cmd_t *cmd) md_t *md, *nmd; apr_status_t rv; + (void)cmd; md = md_create(ctx->p, md_cmd_gather_args(ctx, 0)); if (md->domains->nelts == 0) { return APR_EINVAL; @@ -92,6 +93,7 @@ static apr_status_t cmd_remove(md_cmd_ctx *ctx, const md_cmd_t *cmd) static apr_status_t opts_remove(md_cmd_ctx *ctx, int option, const char *optarg) { + (void)optarg; switch (option) { case 'f': md_cmd_ctx_set_option(ctx, "force", "1"); @@ -120,12 +122,15 @@ static md_cmd_t RemoveCmd = { static int list_md(void *baton, md_store_t *store, md_t *md, apr_pool_t *ptemp) { + (void)store; + (void)ptemp; md_cmd_print_md(baton, md); return 1; } static apr_status_t cmd_list(md_cmd_ctx *ctx, const md_cmd_t *cmd) { + (void)cmd; return md_store_md_iter(list_md, ctx, ctx->store, ctx->p, MD_SG_DOMAINS, "*"); } diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c index 8084c53e6b..626274edf1 100644 --- a/modules/md/md_crypt.c +++ b/modules/md/md_crypt.c @@ -61,6 +61,8 @@ struct md_pkey_t { static void seed_RAND(int pid) { char seed[128]; + + (void)pid; arc4random_buf(seed, sizeof(seed)); RAND_seed(seed, sizeof(seed)); } @@ -105,11 +107,6 @@ static void seed_RAND(int pid) /* * seed in some current state of the run-time stack (128 bytes) */ -#if HAVE_VALGRIND && 0 - if (ssl_running_on_valgrind) { - VALGRIND_MAKE_MEM_DEFINED(stackdata, sizeof(stackdata)); - } -#endif n = rand_choosenum(0, sizeof(stackdata)-128-1); RAND_seed(stackdata+n, 128); } @@ -140,11 +137,13 @@ apr_status_t md_crypt_init(apr_pool_t *pool) typedef struct { char *data; apr_size_t len; -} buffer; +} buffer_rec; static apr_status_t fwrite_buffer(void *baton, apr_file_t *f, apr_pool_t *p) { - buffer *buf = baton; + buffer_rec *buf = baton; + + (void)p; return apr_file_write_full(f, buf->data, buf->len, &buf->len); } @@ -169,6 +168,8 @@ typedef struct { static int pem_passwd(char *buf, int size, int rwflag, void *baton) { passwd_ctx *ctx = baton; + + (void)rwflag; if (ctx->pass_len > 0) { if (ctx->pass_len < size) { size = (int)ctx->pass_len; @@ -252,7 +253,7 @@ md_json_t *md_pkey_spec_to_json(const md_pkey_spec_t *spec, apr_pool_t *p) case MD_PKEY_TYPE_RSA: md_json_sets("RSA", json, MD_KEY_TYPE, NULL); if (spec->params.rsa.bits >= MD_PKEY_RSA_BITS_MIN) { - md_json_setl(spec->params.rsa.bits, json, MD_KEY_BITS, NULL); + md_json_setl((long)spec->params.rsa.bits, json, MD_KEY_BITS, NULL); } break; default: @@ -368,7 +369,7 @@ apr_status_t md_pkey_fload(md_pkey_t **ppkey, apr_pool_t *p, return rv; } -static apr_status_t pkey_to_buffer(buffer *buffer, md_pkey_t *pkey, apr_pool_t *p, +static apr_status_t pkey_to_buffer(buffer_rec *buffer, md_pkey_t *pkey, apr_pool_t *p, const char *pass, apr_size_t pass_len) { BIO *bio = BIO_new(BIO_s_mem()); @@ -420,7 +421,7 @@ apr_status_t md_pkey_fsave(md_pkey_t *pkey, apr_pool_t *p, const char *pass_phrase, apr_size_t pass_len, const char *fname, apr_fileperms_t perms) { - buffer buffer; + buffer_rec buffer; apr_status_t rv; if (APR_SUCCESS == (rv = pkey_to_buffer(&buffer, pkey, p, pass_phrase, pass_len))) { @@ -649,7 +650,7 @@ apr_status_t md_crypt_sha256_digest_hex(const char **pdigesthex, apr_pool_t *p, unsigned char *buffer; size_t blen; apr_status_t rv; - int i; + unsigned int i; if (APR_SUCCESS == (rv = sha256_digest(&buffer, &blen, p, d, dlen))) { cp = dhex = apr_pcalloc(p, 2 * blen + 1); @@ -852,7 +853,7 @@ apr_status_t md_cert_fload(md_cert_t **pcert, apr_pool_t *p, const char *fname) return rv; } -static apr_status_t cert_to_buffer(buffer *buffer, md_cert_t *cert, apr_pool_t *p) +static apr_status_t cert_to_buffer(buffer_rec *buffer, md_cert_t *cert, apr_pool_t *p) { BIO *bio = BIO_new(BIO_s_mem()); int i; @@ -882,7 +883,7 @@ static apr_status_t cert_to_buffer(buffer *buffer, md_cert_t *cert, apr_pool_t * apr_status_t md_cert_fsave(md_cert_t *cert, apr_pool_t *p, const char *fname, apr_fileperms_t perms) { - buffer buffer; + buffer_rec buffer; apr_status_t rv; if (APR_SUCCESS == (rv = cert_to_buffer(&buffer, cert, p))) { @@ -893,7 +894,7 @@ apr_status_t md_cert_fsave(md_cert_t *cert, apr_pool_t *p, apr_status_t md_cert_to_base64url(const char **ps64, md_cert_t *cert, apr_pool_t *p) { - buffer buffer; + buffer_rec buffer; apr_status_t rv; if (APR_SUCCESS == (rv = cert_to_buffer(&buffer, cert, p))) { @@ -1011,6 +1012,7 @@ apr_status_t md_chain_fsave(apr_array_header_t *certs, apr_pool_t *p, unsigned long err = 0; int i; + (void)p; rv = md_util_fopen(&f, fname, "w"); if (rv == APR_SUCCESS) { apr_file_perms_set(fname, perms); @@ -1217,7 +1219,13 @@ apr_status_t md_cert_self_sign(md_cert_t **pcert, const char *cn, || !(asn1_rnd = BN_to_ASN1_INTEGER(big_rnd, NULL))) { md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "%s: setup random serial", cn); rv = APR_EGENERAL; goto out; - } + } + + if (1 != X509_set_version(x, 2L)) { + md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "%s: setting x.509v3", cn); + rv = APR_EGENERAL; goto out; + } + if (!X509_set_serialNumber(x, asn1_rnd)) { md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "%s: set serial number", cn); rv = APR_EGENERAL; goto out; @@ -1230,7 +1238,7 @@ apr_status_t md_cert_self_sign(md_cert_t **pcert, const char *cn, rv = APR_EGENERAL; goto out; } /* cert are uncontrained (but not very trustworthy) */ - if (APR_SUCCESS != (rv = add_ext(x, NID_basic_constraints, "CA:TRUE, pathlen:0", p))) { + if (APR_SUCCESS != (rv = add_ext(x, NID_basic_constraints, "CA:FALSE, pathlen:0", p))) { md_log_perror(MD_LOG_MARK, MD_LOG_ERR, rv, p, "%s: set basic constraints ext", cn); goto out; } diff --git a/modules/md/md_curl.c b/modules/md/md_curl.c index cb3b4d91f3..adcae4f784 100644 --- a/modules/md/md_curl.c +++ b/modules/md/md_curl.c @@ -300,6 +300,7 @@ static md_http_impl_t impl = { md_http_impl_t * md_curl_get_impl(apr_pool_t *p) { /* trigger early global curl init, before we are down a rabbit hole */ + (void)p; md_curl_init(); return &impl; } diff --git a/modules/md/md_http.c b/modules/md/md_http.c index f1c88e8e28..6c784fc984 100644 --- a/modules/md/md_http.c +++ b/modules/md/md_http.c @@ -236,6 +236,8 @@ apr_status_t md_http_POSTd(md_http_t *http, const char *url, apr_status_t md_http_await(md_http_t *http, long req_id) { + (void)http; + (void)req_id; return APR_SUCCESS; } diff --git a/modules/md/md_log.c b/modules/md/md_log.c index de2bcbdca5..c62b69d191 100644 --- a/modules/md/md_log.c +++ b/modules/md/md_log.c @@ -42,10 +42,7 @@ static const char *level_names[] = { const char *md_log_level_name(md_log_level_t level) { - if ((int)level < (sizeof(level_names)/sizeof(level_names[0]))) { - return level_names[level]; - } - return "???"; + return level_names[level]; } static md_log_print_cb *log_printv; diff --git a/modules/md/md_reg.c b/modules/md/md_reg.c index 7d45f1ef18..95e32a70d1 100644 --- a/modules/md/md_reg.c +++ b/modules/md/md_reg.c @@ -237,6 +237,7 @@ apr_status_t md_reg_assess(md_reg_t *reg, md_t *md, int *perrored, int *prenew, int renew = 0; int errored = 0; + (void)reg; switch (md->state) { case MD_S_UNKNOWN: md_log_perror( MD_LOG_MARK, MD_LOG_ERR, 0, p, "md(%s): in unkown state.", md->name); @@ -292,6 +293,7 @@ static int reg_md_iter(void *baton, md_store_t *store, md_t *md, apr_pool_t *pte { reg_do_ctx *ctx = baton; + (void)store; if (!ctx->exclude || strcmp(ctx->exclude, md->name)) { state_init(ctx->reg, ptemp, (md_t*)md, 1); return ctx->cb(ctx->baton, ctx->reg, md); @@ -339,6 +341,7 @@ static int find_domain(void *baton, md_reg_t *reg, md_t *md) { find_domain_ctx *ctx = baton; + (void)reg; if (md_contains(md, ctx->domain, 0)) { ctx->md = md; return 0; @@ -371,6 +374,7 @@ static int find_overlap(void *baton, md_reg_t *reg, md_t *md) find_overlap_ctx *ctx = baton; const char *overlap; + (void)reg; if ((overlap = md_common_name(ctx->md_checked, md))) { ctx->md = md; ctx->s = overlap; @@ -608,6 +612,8 @@ static int find_changes(void *baton, md_store_t *store, md_t *md, apr_pool_t *pt { sync_ctx *ctx = baton; + (void)store; + (void)ptemp; APR_ARRAY_PUSH(ctx->store_mds, const md_t*) = md_clone(ctx->p, md); return 1; } @@ -866,6 +872,7 @@ static apr_status_t run_stage(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_ apr_time_t *pvalid_from; apr_status_t rv; + (void)p; proto = va_arg(ap, const md_proto_t *); md = va_arg(ap, const md_t *); challenge = va_arg(ap, const char *); diff --git a/modules/md/md_store.c b/modules/md/md_store.c index 04e265cbea..801d69e3d6 100644 --- a/modules/md/md_store.c +++ b/modules/md/md_store.c @@ -59,7 +59,7 @@ static const char *GROUP_NAME[] = { const char *md_store_group_name(int group) { - if (group < sizeof(GROUP_NAME)/sizeof(GROUP_NAME[0])) { + if ((size_t)group < sizeof(GROUP_NAME)/sizeof(GROUP_NAME[0])) { return GROUP_NAME[group]; } return "UNKNOWN"; @@ -200,6 +200,7 @@ static apr_status_t p_remove(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_l const char *name; int force; + (void)p; name = va_arg(ap, const char *); force = va_arg(ap, int); diff --git a/modules/md/md_store_fs.c b/modules/md/md_store_fs.c index 73ed62e849..1c310bda31 100644 --- a/modules/md/md_store_fs.c +++ b/modules/md/md_store_fs.c @@ -122,6 +122,8 @@ static apr_status_t rename_pkey(void *baton, apr_pool_t *p, apr_pool_t *ptemp, const char *from, *to; apr_status_t rv = APR_SUCCESS; + (void)baton; + (void)ftype; if (APR_SUCCESS == (rv = md_util_path_merge(&from, ptemp, dir, name, NULL)) && APR_SUCCESS == (rv = md_util_path_merge(&to, ptemp, dir, MD_FN_PRIVKEY, NULL))) { md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, p, "renaming %s/%s to %s", @@ -140,6 +142,9 @@ static apr_status_t mk_pubcert(void *baton, apr_pool_t *p, apr_pool_t *ptemp, const char *fname, *fpubcert; apr_status_t rv = APR_SUCCESS; + (void)baton; + (void)ftype; + (void)p; if ( APR_SUCCESS == (rv = md_util_path_merge(&fpubcert, ptemp, dir, MD_FN_PUBCERT, NULL)) && APR_STATUS_IS_ENOENT((rv = md_chain_fload(&pubcert, ptemp, fpubcert))) && APR_SUCCESS == (rv = md_util_path_merge(&fname, ptemp, dir, name, NULL)) @@ -166,6 +171,7 @@ static apr_status_t upgrade_from_1_0(md_store_fs_t *s_fs, apr_pool_t *p, apr_poo md_store_group_t g; apr_status_t rv = APR_SUCCESS; + (void)ptemp; /* Migrate pkey.pem -> privkey.pem */ for (g = MD_SG_NONE; g < MD_SG_COUNT && APR_SUCCESS == rv; ++g) { rv = md_util_files_do(rename_pkey, s_fs, p, s_fs->base, @@ -240,6 +246,7 @@ static apr_status_t setup_store_file(void *baton, apr_pool_t *p, apr_pool_t *pte const char *fname; apr_status_t rv; + (void)ap; s_fs->plain_pkey[MD_SG_DOMAINS] = 1; s_fs->plain_pkey[MD_SG_TMP] = 1; @@ -458,6 +465,7 @@ static apr_status_t pfs_load(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_l static apr_status_t dispatch(md_store_fs_t *s_fs, md_store_fs_ev_t ev, int group, const char *fname, apr_filetype_e ftype, apr_pool_t *p) { + (void)ev; if (s_fs->event_cb) { return s_fs->event_cb(s_fs->event_baton, &s_fs->s, MD_S_FS_EV_CREATED, group, fname, ftype, p); @@ -506,6 +514,7 @@ static apr_status_t pfs_is_newer(void *baton, apr_pool_t *p, apr_pool_t *ptemp, int *pnewer; apr_status_t rv; + (void)p; group1 = (md_store_group_t)va_arg(ap, int); group2 = (md_store_group_t)va_arg(ap, int); name = va_arg(ap, const char*); @@ -608,6 +617,7 @@ static apr_status_t pfs_remove(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va apr_finfo_t info; md_store_group_t group; + (void)p; group = (md_store_group_t)va_arg(ap, int); name = va_arg(ap, const char*); aspect = va_arg(ap, const char *); @@ -667,6 +677,7 @@ static apr_status_t pfs_purge(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_ md_store_group_t group; apr_status_t rv; + (void)p; group = (md_store_group_t)va_arg(ap, int); name = va_arg(ap, const char*); @@ -707,7 +718,8 @@ static apr_status_t insp(void *baton, apr_pool_t *p, apr_pool_t *ptemp, apr_status_t rv; void *value; const char *fpath; - + + (void)ftype; md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, ptemp, "inspecting value at: %s/%s", dir, name); if (APR_SUCCESS == (rv = md_util_path_merge(&fpath, ptemp, dir, name, NULL))) { rv = fs_fload(&value, ctx->s_fs, fpath, ctx->group, ctx->vtype, p, ptemp); @@ -752,6 +764,7 @@ static apr_status_t pfs_move(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_l int archive; apr_status_t rv; + (void)p; from = (md_store_group_t)va_arg(ap, int); to = (md_store_group_t)va_arg(ap, int); name = va_arg(ap, const char*); diff --git a/modules/md/md_util.c b/modules/md/md_util.c index 875cef61fc..ddaedbfe70 100644 --- a/modules/md/md_util.c +++ b/modules/md/md_util.c @@ -297,6 +297,8 @@ static apr_status_t write_text(void *baton, struct apr_file_t *f, apr_pool_t *p) { const char *text = baton; apr_size_t len = strlen(text); + + (void)p; return apr_file_write_full(f, text, len, &len); } @@ -374,6 +376,8 @@ static apr_status_t rm_recursive(const char *fpath, apr_pool_t *p, int max_level static apr_status_t prm_recursive(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap) { int max_level = va_arg(ap, int); + + (void)p; return rm_recursive(baton, ptemp, max_level); } @@ -567,6 +571,8 @@ static apr_status_t rm_cb(void *baton, apr_pool_t *p, apr_pool_t *ptemp, apr_status_t rv; const char *fpath; + (void)baton; + (void)p; rv = md_util_path_merge(&fpath, ptemp, path, name, NULL); if (APR_SUCCESS == rv) { if (APR_DIR == ftype) { diff --git a/modules/md/md_version.h b/modules/md/md_version.h index c60f48a09e..e32ab23b50 100644 --- a/modules/md/md_version.h +++ b/modules/md/md_version.h @@ -26,7 +26,7 @@ * @macro * Version number of the md module as c string */ -#define MOD_MD_VERSION "0.9.6" +#define MOD_MD_VERSION "0.9.7-git" /** * @macro @@ -34,7 +34,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_MD_VERSION_NUM 0x000906 +#define MOD_MD_VERSION_NUM 0x000907 #define MD_EXPERIMENTAL 0 #define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory" diff --git a/modules/md/mod_md.c b/modules/md/mod_md.c index 06fccb1438..e1845ca80c 100644 --- a/modules/md/mod_md.c +++ b/modules/md/mod_md.c @@ -18,6 +18,9 @@ #include <apr_strings.h> #include <ap_release.h> +#ifndef AP_ENABLE_EXCEPTION_HOOK +#define AP_ENABLE_EXCEPTION_HOOK 0 +#endif #include <mpm_common.h> #include <httpd.h> #include <http_core.h> @@ -55,7 +58,10 @@ AP_DECLARE_MODULE(md) = { md_config_create_svr, /* func to create per server config */ md_config_merge_svr, /* func to merge per server config */ md_cmds, /* command handlers */ - md_hooks + md_hooks, +#if defined(AP_MODULE_FLAG_NONE) + AP_MODULE_FLAG_ALWAYS_MERGE +#endif }; static void md_merge_srv(md_t *md, md_srv_conf_t *base_sc, apr_pool_t *p) @@ -300,6 +306,7 @@ static apr_status_t md_calc_md_list(apr_pool_t *p, apr_pool_t *plog, apr_sockaddr_t *sa; int i, j; + (void)plog; sc = md_config_get(base_server); mc = sc->mc; @@ -371,6 +378,7 @@ static apr_status_t store_file_ev(void *baton, struct md_store_t *store, server_rec *s = baton; apr_status_t rv; + (void)store; ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s, "store event=%d on %s %s (group %d)", ev, (ftype == APR_DIR)? "dir" : "file", fname, group); @@ -467,8 +475,10 @@ static server_rec *log_server; static int log_is_level(void *baton, apr_pool_t *p, md_log_level_t level) { + (void)baton; + (void)p; if (log_server) { - return APLOG_IS_LEVEL(log_server, level); + return APLOG_IS_LEVEL(log_server, (int)level); } return level <= MD_LOG_INFO; } @@ -856,10 +866,9 @@ static apr_status_t md_check_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_userdata_set((const void *)1, mod_md_init_key, apr_pool_cleanup_null, s->process->pool); } - else { - ap_log_error( APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(10071) - "mod_md (v%s), initializing...", MOD_MD_VERSION); - } + + ap_log_error( APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(10071) + "mod_md (v%s), initializing...", MOD_MD_VERSION); init_setups(p, s); md_log_set(log_is_level, log_print, NULL); @@ -881,6 +890,7 @@ static apr_status_t md_post_config(apr_pool_t *p, apr_pool_t *plog, apr_status_t rv = APR_SUCCESS; int i; + (void)plog; md_config_post_config(s, p); sc = md_config_get(s); mc = sc->mc; @@ -1053,14 +1063,6 @@ static apr_status_t md_get_certificate(server_rec *s, apr_pool_t *p, return rv; } -static apr_status_t md_get_credentials(server_rec *s, apr_pool_t *p, - const char **pkeyfile, const char **pcertfile, - const char **pchainfile) -{ - *pchainfile = NULL; - return md_get_certificate(s, p, pkeyfile, pcertfile); -} - static int md_is_challenge(conn_rec *c, const char *servername, X509 **pcert, EVP_PKEY **pkey) { @@ -1220,6 +1222,8 @@ static int md_require_https_maybe(request_rec *r) */ static void md_child_init(apr_pool_t *pool, server_rec *s) { + (void)pool; + (void)s; } /* Install this module into the apache2 infrastructure. @@ -1242,12 +1246,10 @@ static void md_hooks(apr_pool_t *pool) ap_hook_child_init(md_child_init, NULL, mod_ssl, APR_HOOK_MIDDLE); /* answer challenges *very* early, before any configured authentication may strike */ + ap_hook_post_read_request(md_require_https_maybe, NULL, NULL, APR_HOOK_FIRST); ap_hook_post_read_request(md_http_challenge_pr, NULL, NULL, APR_HOOK_MIDDLE); - /* redirect to https if configured */ - ap_hook_fixups(md_require_https_maybe, NULL, NULL, APR_HOOK_LAST); APR_REGISTER_OPTIONAL_FN(md_is_managed); APR_REGISTER_OPTIONAL_FN(md_get_certificate); - APR_REGISTER_OPTIONAL_FN(md_get_credentials); APR_REGISTER_OPTIONAL_FN(md_is_challenge); } diff --git a/modules/md/mod_md.h b/modules/md/mod_md.h index 860616808b..421e5c5f17 100644 --- a/modules/md/mod_md.h +++ b/modules/md/mod_md.h @@ -34,13 +34,6 @@ APR_DECLARE_OPTIONAL_FN(apr_status_t, const char **pkeyfile, const char **pcertfile)); -/* previous version for md_get_certificate, to be phased out soon */ -APR_DECLARE_OPTIONAL_FN(apr_status_t, - md_get_credentials, (struct server_rec *, apr_pool_t *, - const char **pkeyfile, - const char **pcertfile, - const char **pchainfile)); - APR_DECLARE_OPTIONAL_FN(int, md_is_challenge, (struct conn_rec *, const char *, X509 **pcert, EVP_PKEY **pkey)); diff --git a/modules/md/mod_md_config.c b/modules/md/mod_md_config.c index 63f11930d4..75926d4da1 100644 --- a/modules/md/mod_md_config.c +++ b/modules/md/mod_md_config.c @@ -182,6 +182,8 @@ static void *md_config_merge(apr_pool_t *pool, void *basev, void *addv) nsc = (md_srv_conf_t *)apr_pcalloc(pool, sizeof(md_srv_conf_t)); nsc->name = name; + nsc->mc = add->mc? add->mc : base->mc; + nsc->assigned = add->assigned? add->assigned : base->assigned; nsc->transitive = (add->transitive != DEF_VAL)? add->transitive : base->transitive; nsc->require_https = (add->require_https != MD_REQUIRE_UNSET)? add->require_https : base->require_https; @@ -254,7 +256,8 @@ static const char *md_config_sec_start(cmd_parms *cmd, void *mconfig, const char apr_array_header_t *domains; md_t *md; int transitive = -1; - + + (void)mconfig; if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; } @@ -313,6 +316,7 @@ static const char *md_config_sec_add_members(cmd_parms *cmd, void *dc, const char *err; int i; + (void)dc; if (NULL != (err = md_section_check(cmd, MD_CMD_MD_SECTION))) { if (argc == 1) { /* only these values are allowed outside a section */ @@ -330,7 +334,7 @@ static const char *md_config_sec_add_members(cmd_parms *cmd, void *dc, return NULL; } -static const char *md_config_set_names(cmd_parms *cmd, void *arg, +static const char *md_config_set_names(cmd_parms *cmd, void *dc, int argc, char *const argv[]) { md_srv_conf_t *sc = md_config_get(cmd->server); @@ -339,6 +343,7 @@ static const char *md_config_set_names(cmd_parms *cmd, void *arg, md_t *md; int i, transitive = -1; + (void)dc; err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE); if (err) { return err; @@ -374,6 +379,7 @@ static const char *md_config_set_ca(cmd_parms *cmd, void *dc, const char *value) md_srv_conf_t *sc = md_config_get(cmd->server); const char *err; + (void)dc; if (!inside_section(cmd, MD_CMD_MD_SECTION) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; @@ -387,6 +393,7 @@ static const char *md_config_set_ca_proto(cmd_parms *cmd, void *dc, const char * md_srv_conf_t *config = md_config_get(cmd->server); const char *err; + (void)dc; if (!inside_section(cmd, MD_CMD_MD_SECTION) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; @@ -400,6 +407,7 @@ static const char *md_config_set_agreement(cmd_parms *cmd, void *dc, const char md_srv_conf_t *config = md_config_get(cmd->server); const char *err; + (void)dc; if (!inside_section(cmd, MD_CMD_MD_SECTION) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; @@ -414,6 +422,7 @@ static const char *md_config_set_drive_mode(cmd_parms *cmd, void *dc, const char const char *err; md_drive_mode_t drive_mode; + (void)dc; if (!apr_strnatcasecmp("auto", value) || !apr_strnatcasecmp("automatic", value)) { drive_mode = MD_DRIVE_AUTO; } @@ -440,6 +449,7 @@ static const char *md_config_set_must_staple(cmd_parms *cmd, void *dc, const cha md_srv_conf_t *config = md_config_get(cmd->server); const char *err; + (void)dc; if (!inside_section(cmd, MD_CMD_MD_SECTION) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; @@ -463,6 +473,7 @@ static const char *md_config_set_require_https(cmd_parms *cmd, void *dc, const c md_srv_conf_t *config = md_config_get(cmd->server); const char *err; + (void)dc; if (!inside_section(cmd, MD_CMD_MD_SECTION) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; @@ -545,6 +556,7 @@ static const char *md_config_set_renew_window(cmd_parms *cmd, void *dc, const ch apr_interval_time_t timeout; int percent; + (void)dc; if (!inside_section(cmd, MD_CMD_MD_SECTION) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; @@ -661,6 +673,7 @@ static const char *md_config_set_cha_tyes(cmd_parms *cmd, void *dc, const char *err; int i; + (void)dc; if (!inside_section(cmd, MD_CMD_MD_SECTION) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; @@ -678,13 +691,14 @@ static const char *md_config_set_cha_tyes(cmd_parms *cmd, void *dc, return NULL; } -static const char *md_config_set_pkeys(cmd_parms *cmd, void *arg, +static const char *md_config_set_pkeys(cmd_parms *cmd, void *dc, int argc, char *const argv[]) { md_srv_conf_t *config = md_config_get(cmd->server); const char *err, *ptype; apr_int64_t bits; + (void)dc; if (!inside_section(cmd, MD_CMD_MD_SECTION) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; diff --git a/modules/md/mod_md_os.c b/modules/md/mod_md_os.c index 4b7cae7bab..8799735a61 100644 --- a/modules/md/mod_md_os.c +++ b/modules/md/mod_md_os.c @@ -16,6 +16,10 @@ #include <assert.h> #include <apr_strings.h> +#ifndef AP_ENABLE_EXCEPTION_HOOK +#define AP_ENABLE_EXCEPTION_HOOK 0 +#endif + #include <mpm_common.h> #include <httpd.h> #include <http_log.h> @@ -73,6 +77,8 @@ apr_status_t md_server_graceful(apr_pool_t *p, server_rec *s) { apr_status_t rv; + (void)p; + (void)s; rv = (kill(getppid(), AP_SIG_GRACEFUL) < 0)? APR_ENOTIMPL : APR_SUCCESS; ap_log_error(APLOG_MARK, APLOG_TRACE1, errno, NULL, "sent signal to parent"); return rv; |