diff options
| author | Stefan Eissing <icing@apache.org> | 2024-09-17 13:38:19 +0200 |
|---|---|---|
| committer | Stefan Eissing <icing@apache.org> | 2024-09-17 13:38:19 +0200 |
| commit | af10058840e024e6cf2bbdd50cc1dacfe236e6fc (patch) | |
| tree | 1bba86e6826aca4314c202ee7b643059d40c36f6 /modules | |
| parent | removed experimental mod_tls. source, documenation and test cases (diff) | |
| download | apache2-af10058840e024e6cf2bbdd50cc1dacfe236e6fc.tar.xz apache2-af10058840e024e6cf2bbdd50cc1dacfe236e6fc.zip | |
*) mod_md: update to version 2.4.28
- When the server starts, it looks for new, staged certificates to
activate. If the staged set of files in 'md/staging/<domain>' is messed
up, this could prevent further renewals to happen. Now, when the staging
set is present, but could not be activated due to an error, purge the
whole directory. [icing]
- Fix certificate retrieval on ACME renewal to not require a 'Location:'
header returned by the ACME CA. This was the way it was done in ACME
before it became an IETF standard. Let's Encrypt still supports this,
but other CAs do not. [icing]
- Restore compatibility with OpenSSL < 1.1. [ylavic]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1920747 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/md/md_acme_drive.c | 10 | ||||
| -rw-r--r-- | modules/md/md_reg.c | 6 | ||||
| -rw-r--r-- | modules/md/md_version.h | 4 |
3 files changed, 11 insertions, 9 deletions
diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c index 4bb04f321c..0ec409c863 100644 --- a/modules/md/md_acme_drive.c +++ b/modules/md/md_acme_drive.c @@ -305,11 +305,11 @@ static apr_status_t csr_req(md_acme_t *acme, const md_http_response_t *res, void (void)acme; location = apr_table_get(res->headers, "location"); - if (!location) { - md_log_perror(MD_LOG_MARK, MD_LOG_ERR, APR_EINVAL, d->p, - "cert created without giving its location header"); - return APR_EINVAL; - } + if (!location) + return rv; + + md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, d->p, + "cert created with location header (old ACMEv1 style)"); ad->order->certificate = apr_pstrdup(d->p, location); if (APR_SUCCESS != (rv = md_acme_order_save(d->store, d->p, MD_SG_STAGING, d->md->name, ad->order, 0))) { diff --git a/modules/md/md_reg.c b/modules/md/md_reg.c index 6aa7d78876..dc49446ae4 100644 --- a/modules/md/md_reg.c +++ b/modules/md/md_reg.c @@ -1194,7 +1194,7 @@ static apr_status_t run_load_staging(void *baton, apr_pool_t *p, apr_pool_t *pte result = va_arg(ap, md_result_t*); if (APR_STATUS_IS_ENOENT(rv = md_load(reg->store, MD_SG_STAGING, md->name, NULL, ptemp))) { - md_log_perror(MD_LOG_MARK, MD_LOG_TRACE2, 0, ptemp, "%s: nothing staged", md->name); + md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, ptemp, "%s: nothing staged", md->name); goto out; } @@ -1259,7 +1259,9 @@ apr_status_t md_reg_load_stagings(md_reg_t *reg, apr_array_header_t *mds, } else if (!APR_STATUS_IS_ENOENT(rv)) { md_log_perror(MD_LOG_MARK, MD_LOG_ERR, rv, p, APLOGNO(10069) - "%s: error loading staged set", md->name); + "%s: error loading staged set, purging it", md->name); + md_store_purge(reg->store, p, MD_SG_STAGING, md->name); + md_store_purge(reg->store, p, MD_SG_CHALLENGES, md->name); } } diff --git a/modules/md/md_version.h b/modules/md/md_version.h index cefbb8ded7..3e2914d6b6 100644 --- a/modules/md/md_version.h +++ b/modules/md/md_version.h @@ -27,7 +27,7 @@ * @macro * Version number of the md module as c string */ -#define MOD_MD_VERSION "2.4.26" +#define MOD_MD_VERSION "2.4.28" /** * @macro @@ -35,7 +35,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_MD_VERSION_NUM 0x02041a +#define MOD_MD_VERSION_NUM 0x02041c #define MD_ACME_DEF_URL "https://acme-v02.api.letsencrypt.org/directory" #define MD_TAILSCALE_DEF_URL "file://localhost/var/run/tailscale/tailscaled.sock" |