summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorStefan Eissing <icing@apache.org>2017-09-26 10:33:35 +0200
committerStefan Eissing <icing@apache.org>2017-09-26 10:33:35 +0200
commitc2f7c7a31f22fd026eff35701174811428327704 (patch)
tree296b4072f874f991988fb62c0ead6020218581e3 /modules
parentOn the trunk: (diff)
downloadapache2-c2f7c7a31f22fd026eff35701174811428327704.tar.xz
apache2-c2f7c7a31f22fd026eff35701174811428327704.zip
On the trunk:
mod_md: v0.9.7 - Use of the new module flag - Removed obsolete function from interface to mod_ssl. - Fallback certificates has version set and no longer claims to be a CA. (re issue #32) - MDRequireHttps now happens before any Redirect. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809719 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules')
-rw-r--r--modules/md/md_acme.c7
-rw-r--r--modules/md/md_acme.h2
-rw-r--r--modules/md/md_acme_acct.c43
-rw-r--r--modules/md/md_acme_authz.c33
-rw-r--r--modules/md/md_acme_authz.h2
-rw-r--r--modules/md/md_acme_drive.c20
-rw-r--r--modules/md/md_cmd_acme.c8
-rw-r--r--modules/md/md_cmd_main.c3
-rw-r--r--modules/md/md_cmd_reg.c6
-rw-r--r--modules/md/md_cmd_store.c5
-rw-r--r--modules/md/md_crypt.c40
-rw-r--r--modules/md/md_curl.c1
-rw-r--r--modules/md/md_http.c2
-rw-r--r--modules/md/md_log.c5
-rw-r--r--modules/md/md_reg.c7
-rw-r--r--modules/md/md_store.c3
-rw-r--r--modules/md/md_store_fs.c15
-rw-r--r--modules/md/md_util.c6
-rw-r--r--modules/md/md_version.h4
-rw-r--r--modules/md/mod_md.c36
-rw-r--r--modules/md/mod_md.h7
-rw-r--r--modules/md/mod_md_config.c20
-rw-r--r--modules/md/mod_md_os.c6
23 files changed, 190 insertions, 91 deletions
diff --git a/modules/md/md_acme.c b/modules/md/md_acme.c
index efde431eea..c4569fbf4f 100644
--- a/modules/md/md_acme.c
+++ b/modules/md/md_acme.c
@@ -67,7 +67,7 @@ static acme_problem_status_t Problems[] = {
};
static apr_status_t problem_status_get(const char *type) {
- int i;
+ size_t i;
if (strstr(type, "urn:ietf:params:") == type) {
type += strlen("urn:ietf:params:");
@@ -492,7 +492,10 @@ static apr_status_t on_got_json(md_acme_t *acme, apr_pool_t *p, const apr_table_
md_json_t *jbody, void *baton)
{
json_ctx *ctx = baton;
-
+
+ (void)acme;
+ (void)p;
+ (void)headers;
ctx->json = md_json_clone(ctx->pool, jbody);
return APR_SUCCESS;
}
diff --git a/modules/md/md_acme.h b/modules/md/md_acme.h
index ec130a0755..1a3540f1bb 100644
--- a/modules/md/md_acme.h
+++ b/modules/md/md_acme.h
@@ -113,7 +113,7 @@ apr_status_t md_acme_use_acct_staged(md_acme_t *acme, struct md_store_t *store,
* Get the local name of the account currently used by the acme instance.
* Will be NULL if no account has been setup successfully.
*/
-const char *md_acme_get_acct(md_acme_t *acme, apr_pool_t *p);
+const char *md_acme_get_acct_id(md_acme_t *acme);
/**
* Agree to the given Terms-of-Service url for the current account.
diff --git a/modules/md/md_acme_acct.c b/modules/md/md_acme_acct.c
index 5ad419ff63..8b1906b5ec 100644
--- a/modules/md/md_acme_acct.c
+++ b/modules/md/md_acme_acct.c
@@ -58,10 +58,6 @@ static apr_status_t acct_make(md_acme_acct_t **pacct, apr_pool_t *p,
}
-static void md_acme_acct_free(md_acme_acct_t *acct)
-{
-}
-
static const char *mk_acct_id(apr_pool_t *p, md_acme_t *acme, int i)
{
return apr_psprintf(p, "ACME-%s-%04d", acme->sname, i);
@@ -225,20 +221,25 @@ static int find_acct(void *baton, const char *name, const char *aspect,
md_store_vtype_t vtype, void *value, apr_pool_t *ptemp)
{
find_ctx *ctx = baton;
- md_json_t *json = value;
int disabled;
const char *ca_url, *id;
- id = md_json_gets(json, MD_KEY_ID, NULL);
- disabled = md_json_getb(json, MD_KEY_DISABLED, NULL);
- ca_url = md_json_gets(json, MD_KEY_CA_URL, NULL);
-
- if (!disabled && ca_url && !strcmp(ctx->acme->url, ca_url)) {
- md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, ctx->p,
- "found account %s for %s: %s, disabled=%d, ca-url=%s",
- name, ctx->acme->url, id, disabled, ca_url);
- ctx->id = id;
- return 0;
+ (void)aspect;
+ (void)ptemp;
+ if (MD_SV_JSON == vtype) {
+ md_json_t *json = value;
+
+ id = md_json_gets(json, MD_KEY_ID, NULL);
+ disabled = md_json_getb(json, MD_KEY_DISABLED, NULL);
+ ca_url = md_json_gets(json, MD_KEY_CA_URL, NULL);
+
+ if (!disabled && ca_url && !strcmp(ctx->acme->url, ca_url)) {
+ md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, ctx->p,
+ "found account %s for %s: %s, disabled=%d, ca-url=%s",
+ name, ctx->acme->url, id, disabled, ca_url);
+ ctx->id = id;
+ return 0;
+ }
}
return 1;
}
@@ -371,7 +372,6 @@ static apr_status_t acct_register(md_acme_t *acme, apr_pool_t *p,
out:
if (APR_SUCCESS != rv && acme->acct) {
- md_acme_acct_free(acme->acct);
acme->acct = NULL;
}
return rv;
@@ -384,6 +384,7 @@ static apr_status_t on_init_acct_valid(md_acme_req_t *req, void *baton)
{
md_json_t *jpayload;
+ (void)baton;
jpayload = md_json_create(req->p);
md_json_sets("reg", jpayload, MD_KEY_RESOURCE, NULL);
@@ -398,6 +399,8 @@ static apr_status_t acct_valid(md_acme_t *acme, apr_pool_t *p, const apr_table_t
const char *body_str;
const char *tos_required;
+ (void)p;
+ (void)baton;
apr_array_clear(acct->contacts);
md_json_getsa(acct->contacts, body, MD_KEY_CONTACT, NULL);
acct->registration = md_json_clone(acme->p, body);
@@ -493,7 +496,7 @@ apr_status_t md_acme_use_acct_staged(md_acme_t *acme, struct md_store_t *store,
return rv;
}
-const char *md_acme_get_acct(md_acme_t *acme, apr_pool_t *p)
+const char *md_acme_get_acct_id(md_acme_t *acme)
{
return acme->acct? acme->acct->id : NULL;
}
@@ -553,6 +556,7 @@ static apr_status_t on_init_acct_del(md_acme_req_t *req, void *baton)
{
md_json_t *jpayload;
+ (void)baton;
jpayload = md_json_create(req->p);
md_json_sets("reg", jpayload, MD_KEY_RESOURCE, NULL);
md_json_setb(1, jpayload, "delete", NULL);
@@ -565,7 +569,9 @@ static apr_status_t acct_del(md_acme_t *acme, apr_pool_t *p,
{
md_store_t *store = baton;
apr_status_t rv = APR_SUCCESS;
-
+
+ (void)hdrs;
+ (void)body;
md_log_perror(MD_LOG_MARK, MD_LOG_INFO, 0, p, "deleted account %s", acme->acct->url);
if (store) {
rv = md_acme_unstore_acct(store, p, acme->acct->id);
@@ -579,6 +585,7 @@ apr_status_t md_acme_delete_acct(md_acme_t *acme, md_store_t *store, apr_pool_t
{
md_acme_acct_t *acct = acme->acct;
+ (void)p;
if (!acct) {
return APR_EINVAL;
}
diff --git a/modules/md/md_acme_authz.c b/modules/md/md_acme_authz.c
index 2a854f95b3..aaca6ebf88 100644
--- a/modules/md/md_acme_authz.c
+++ b/modules/md/md_acme_authz.c
@@ -45,7 +45,7 @@ md_acme_authz_t *md_acme_authz_create(apr_pool_t *p)
return authz;
}
-md_acme_authz_set_t *md_acme_authz_set_create(apr_pool_t *p, md_acme_t *acme)
+md_acme_authz_set_t *md_acme_authz_set_create(apr_pool_t *p)
{
md_acme_authz_set_t *authz_set;
@@ -152,6 +152,8 @@ static apr_status_t authz_created(md_acme_t *acme, apr_pool_t *p, const apr_tabl
const char *location = apr_table_get(hdrs, "location");
apr_status_t rv = APR_SUCCESS;
+ (void)acme;
+ (void)p;
if (location) {
ctx->authz = md_acme_authz_create(ctx->p);
ctx->authz->domain = apr_pstrdup(ctx->p, ctx->domain);
@@ -172,6 +174,7 @@ apr_status_t md_acme_authz_register(struct md_acme_authz_t **pauthz, md_acme_t *
apr_status_t rv;
authz_req_ctx ctx;
+ (void)store;
authz_req_ctx_init(&ctx, acme, domain, NULL, p);
md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, acme->p, "create new authz");
@@ -191,6 +194,7 @@ apr_status_t md_acme_authz_update(md_acme_authz_t *authz, md_acme_t *acme,
const char *s;
apr_status_t rv;
+ (void)store;
assert(acme);
assert(acme->http);
assert(authz);
@@ -261,6 +265,10 @@ static apr_status_t authz_http_set(md_acme_t *acme, apr_pool_t *p, const apr_tab
{
authz_req_ctx *ctx = baton;
+ (void)acme;
+ (void)p;
+ (void)hdrs;
+ (void)body;
md_log_perror(MD_LOG_MARK, MD_LOG_INFO, 0, ctx->p, "updated authz %s", ctx->authz->location);
return APR_SUCCESS;
}
@@ -271,6 +279,7 @@ static apr_status_t setup_key_authz(md_acme_authz_cha_t *cha, md_acme_authz_t *a
const char *thumb64, *key_authz;
apr_status_t rv;
+ (void)authz;
assert(cha);
assert(cha->token);
@@ -299,6 +308,7 @@ static apr_status_t cha_http_01_setup(md_acme_authz_cha_t *cha, md_acme_authz_t
apr_status_t rv;
int notify_server;
+ (void)key_spec;
if (APR_SUCCESS != (rv = setup_key_authz(cha, authz, acme, p, &notify_server))) {
goto out;
}
@@ -434,9 +444,10 @@ typedef struct {
static apr_status_t collect_offered(void *baton, size_t index, md_json_t *json)
{
cha_find_ctx *ctx = baton;
+ const char *ctype;
- const char *ctype = md_json_gets(json, MD_KEY_TYPE, NULL);
- if (ctype) {
+ (void)index;
+ if ((ctype = md_json_gets(json, MD_KEY_TYPE, NULL))) {
APR_ARRAY_PUSH(ctx->offered, const char*) = apr_pstrdup(ctx->p, ctype);
}
return 1;
@@ -459,7 +470,7 @@ apr_status_t md_acme_authz_respond(md_acme_authz_t *authz, md_acme_t *acme, md_s
md_pkey_spec_t *key_spec, apr_pool_t *p)
{
apr_status_t rv;
- unsigned int i;
+ int i;
cha_find_ctx fctx;
assert(acme);
@@ -490,7 +501,7 @@ apr_status_t md_acme_authz_respond(md_acme_authz_t *authz, md_acme_t *acme, md_s
return rv;
}
- for (i = 0; i < CHA_TYPES_LEN; ++i) {
+ for (i = 0; i < (int)CHA_TYPES_LEN; ++i) {
if (!apr_strnatcasecmp(CHA_TYPES[i].name, fctx.accepted->type)) {
return CHA_TYPES[i].start(fctx.accepted, authz, acme, store, key_spec, p);
}
@@ -515,6 +526,7 @@ static apr_status_t on_init_authz_del(md_acme_req_t *req, void *baton)
{
md_json_t *jpayload;
+ (void)baton;
jpayload = md_json_create(req->p);
md_json_sets("deactivated", jpayload, MD_KEY_STATUS, NULL);
@@ -526,6 +538,9 @@ static apr_status_t authz_del(md_acme_t *acme, apr_pool_t *p, const apr_table_t
{
authz_req_ctx *ctx = baton;
+ (void)p;
+ (void)body;
+ (void)hdrs;
md_log_perror(MD_LOG_MARK, MD_LOG_INFO, 0, ctx->p, "deleted authz %s", ctx->authz->location);
acme->acct = NULL;
return APR_SUCCESS;
@@ -536,6 +551,7 @@ apr_status_t md_acme_authz_del(md_acme_authz_t *authz, md_acme_t *acme,
{
authz_req_ctx ctx;
+ (void)store;
ctx.p = p;
ctx.authz = authz;
@@ -581,11 +597,13 @@ md_acme_authz_t *md_acme_authz_from_json(struct md_json_t *json, apr_pool_t *p)
static apr_status_t authz_to_json(void *value, md_json_t *json, apr_pool_t *p, void *baton)
{
+ (void)baton;
return md_json_setj(md_acme_authz_to_json(value, p), json, NULL);
}
static apr_status_t authz_from_json(void **pvalue, md_json_t *json, apr_pool_t *p, void *baton)
{
+ (void)baton;
*pvalue = md_acme_authz_from_json(json, p);
return (*pvalue)? APR_SUCCESS : APR_EINVAL;
}
@@ -602,7 +620,7 @@ md_json_t *md_acme_authz_set_to_json(md_acme_authz_set_t *set, apr_pool_t *p)
md_acme_authz_set_t *md_acme_authz_set_from_json(md_json_t *json, apr_pool_t *p)
{
- md_acme_authz_set_t *set = md_acme_authz_set_create(p, NULL);
+ md_acme_authz_set_t *set = md_acme_authz_set_create(p);
if (set) {
md_json_geta(set->authzs, authz_from_json, NULL, json, MD_KEY_AUTHZS, NULL);
return set;
@@ -637,7 +655,8 @@ static apr_status_t p_save(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_lis
md_acme_authz_set_t *set;
const char *md_name;
int create;
-
+
+ (void)p;
group = (md_store_group_t)va_arg(ap, int);
md_name = va_arg(ap, const char *);
set = va_arg(ap, md_acme_authz_set_t *);
diff --git a/modules/md/md_acme_authz.h b/modules/md/md_acme_authz.h
index 817d6fe830..3b083a95f0 100644
--- a/modules/md/md_acme_authz.h
+++ b/modules/md/md_acme_authz.h
@@ -82,7 +82,7 @@ struct md_acme_authz_set_t {
struct apr_array_header_t *authzs;
};
-md_acme_authz_set_t *md_acme_authz_set_create(apr_pool_t *p, struct md_acme_t *acme);
+md_acme_authz_set_t *md_acme_authz_set_create(apr_pool_t *p);
md_acme_authz_t *md_acme_authz_set_get(md_acme_authz_set_t *set, const char *domain);
apr_status_t md_acme_authz_set_add(md_acme_authz_set_t *set, md_acme_authz_t *authz);
apr_status_t md_acme_authz_set_remove(md_acme_authz_set_t *set, const char *domain);
diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c
index e4b01b757a..13cff46c50 100644
--- a/modules/md/md_acme_drive.c
+++ b/modules/md/md_acme_drive.c
@@ -107,7 +107,7 @@ static apr_status_t ad_set_acct(md_proto_driver_t *d)
md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, d->p, "%s: looking at existing accounts",
d->proto->protocol);
if (APR_SUCCESS == md_acme_find_acct(ad->acme, d->store, d->p)) {
- md->ca_account = md_acme_get_acct(ad->acme, d->p);
+ md->ca_account = md_acme_get_acct_id(ad->acme);
update = 1;
}
}
@@ -176,7 +176,7 @@ static apr_status_t ad_setup_authz(md_proto_driver_t *d)
*/
rv = md_acme_authz_set_load(d->store, MD_SG_STAGING, md->name, &ad->authz_set, d->p);
if (!ad->authz_set || APR_STATUS_IS_ENOENT(rv)) {
- ad->authz_set = md_acme_authz_set_create(d->p, ad->acme);
+ ad->authz_set = md_acme_authz_set_create(d->p);
rv = APR_SUCCESS;
}
else if (APR_SUCCESS != rv) {
@@ -292,7 +292,7 @@ static apr_status_t ad_start_challenges(md_proto_driver_t *d)
return rv;
}
-static apr_status_t check_challenges(void *baton, int attemmpt)
+static apr_status_t check_challenges(void *baton, int attempt)
{
md_proto_driver_t *d = baton;
md_acme_driver_t *ad = d->baton;
@@ -302,8 +302,8 @@ static apr_status_t check_challenges(void *baton, int attemmpt)
for (i = 0; i < ad->authz_set->authzs->nelts && APR_SUCCESS == rv; ++i) {
authz = APR_ARRAY_IDX(ad->authz_set->authzs, i, md_acme_authz_t*);
- md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, d->p, "%s: check AUTHZ for %s",
- ad->md->name, authz->domain);
+ md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, d->p, "%s: check AUTHZ for %s(%d. attempt)",
+ ad->md->name, authz->domain, attempt);
if (APR_SUCCESS == (rv = md_acme_authz_update(authz, ad->acme, d->store, d->p))) {
switch (authz->state) {
case MD_ACME_AUTHZ_S_VALID:
@@ -366,7 +366,7 @@ static apr_status_t on_got_cert(md_acme_t *acme, const md_http_response_t *res,
md_acme_driver_t *ad = d->baton;
apr_status_t rv = APR_SUCCESS;
-
+ (void)acme;
if (APR_SUCCESS == (rv = read_http_cert(&ad->cert, d->p, res))) {
rv = md_store_save(d->store, d->p, MD_SG_STAGING, ad->md->name, MD_FN_CERT,
MD_SV_CERT, ad->cert, 0);
@@ -380,6 +380,7 @@ static apr_status_t get_cert(void *baton, int attempt)
md_proto_driver_t *d = baton;
md_acme_driver_t *ad = d->baton;
+ (void)attempt;
return md_acme_GET(ad->acme, ad->md->cert_url, NULL, NULL, on_got_cert, d);
}
@@ -426,6 +427,7 @@ static apr_status_t csr_req(md_acme_t *acme, const md_http_response_t *res, void
md_acme_driver_t *ad = d->baton;
apr_status_t rv = APR_SUCCESS;
+ (void)acme;
ad->md->cert_url = apr_table_get(res->headers, "location");
if (!ad->md->cert_url) {
md_log_perror(MD_LOG_MARK, MD_LOG_ERR, APR_EINVAL, d->p,
@@ -511,6 +513,7 @@ static apr_status_t on_add_chain(md_acme_t *acme, const md_http_response_t *res,
md_cert_t *cert;
const char *ct;
+ (void)acme;
ct = apr_table_get(res->headers, "Content-Type");
if (ct && !strcmp("application/x-pkcs7-mime", ct)) {
/* root cert most likely, end it here */
@@ -531,7 +534,7 @@ static apr_status_t get_chain(void *baton, int attempt)
md_cert_t *cert;
const char *url, *last_url = NULL;
apr_status_t rv = APR_SUCCESS;
-
+
while (APR_SUCCESS == rv && ad->chain->nelts < 10) {
int nelts = ad->chain->nelts;
if (ad->chain && nelts > 0) {
@@ -569,7 +572,7 @@ static apr_status_t get_chain(void *baton, int attempt)
}
}
md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, rv, d->p,
- "got chain with %d certs", ad->chain->nelts);
+ "got chain with %d certs (%d. attempt)", ad->chain->nelts, attempt);
return rv;
}
@@ -979,6 +982,7 @@ static md_proto_t ACME_PROTO = {
apr_status_t md_acme_protos_add(apr_hash_t *protos, apr_pool_t *p)
{
+ (void)p;
apr_hash_set(protos, MD_PROTO_ACME, sizeof(MD_PROTO_ACME)-1, &ACME_PROTO);
return APR_SUCCESS;
}
diff --git a/modules/md/md_cmd_acme.c b/modules/md/md_cmd_acme.c
index 650fb4e469..0fa10a9e9a 100644
--- a/modules/md/md_cmd_acme.c
+++ b/modules/md/md_cmd_acme.c
@@ -54,7 +54,7 @@ static apr_status_t cmd_acme_newreg(md_cmd_ctx *ctx, const md_cmd_t *cmd)
if (APR_SUCCESS == (rv = md_acme_create_acct(ctx->acme, ctx->p, contacts, ctx->tos))) {
md_acme_save(ctx->acme, ctx->store, ctx->p);
- fprintf(stdout, "registered: %s\n", md_acme_get_acct(ctx->acme, ctx->p));
+ fprintf(stdout, "registered: %s\n", md_acme_get_acct_id(ctx->acme));
}
else {
md_log_perror(MD_LOG_MARK, MD_LOG_ERR, rv, ctx->p, "register new account");
@@ -106,6 +106,7 @@ static apr_status_t cmd_acme_agree(md_cmd_ctx *ctx, const md_cmd_t *cmd)
apr_status_t rv = APR_SUCCESS;
int i;
+ (void)cmd;
for (i = 0; i < ctx->argc; ++i) {
rv = acct_agree_tos(ctx, ctx->argv[i], ctx->tos, ctx->p);
if (rv != APR_SUCCESS) {
@@ -146,6 +147,7 @@ static apr_status_t cmd_acme_validate(md_cmd_ctx *ctx, const md_cmd_t *cmd)
apr_status_t rv = APR_SUCCESS;
int i;
+ (void)cmd;
for (i = 0; i < ctx->argc; ++i) {
rv = acct_validate(ctx, ctx->argv[i], ctx->p);
if (rv != APR_SUCCESS) {
@@ -200,6 +202,7 @@ static apr_status_t cmd_acme_delreg(md_cmd_ctx *ctx, const md_cmd_t *cmd)
apr_status_t rv = APR_SUCCESS;
int i;
+ (void)cmd;
for (i = 0; i < ctx->argc; ++i) {
rv = acme_delreg(ctx, ctx->argv[i], ctx->p);
if (rv != APR_SUCCESS) {
@@ -223,7 +226,8 @@ static apr_status_t acme_newauthz(md_cmd_ctx *ctx, md_acme_acct_t *acct, const c
{
apr_status_t rv;
md_acme_authz_t *authz;
-
+
+ (void)acct;
rv = md_acme_authz_register(&authz, ctx->acme, ctx->store, domain, ctx->p);
if (rv == APR_SUCCESS) {
diff --git a/modules/md/md_cmd_main.c b/modules/md/md_cmd_main.c
index bff4e13ad3..865d6def99 100644
--- a/modules/md/md_cmd_main.c
+++ b/modules/md/md_cmd_main.c
@@ -232,6 +232,8 @@ static md_log_level_t active_level = MD_LOG_INFO;
static int log_is_level(void *baton, apr_pool_t *p, md_log_level_t level)
{
+ (void)baton;
+ (void)p;
return level <= active_level;
}
@@ -286,6 +288,7 @@ void md_cmd_print_md(md_cmd_ctx *ctx, const md_t *md)
static int pool_abort(int rv)
{
+ (void)rv;
abort();
}
diff --git a/modules/md/md_cmd_reg.c b/modules/md/md_cmd_reg.c
index 1b1278ac46..e8cb11725c 100644
--- a/modules/md/md_cmd_reg.c
+++ b/modules/md/md_cmd_reg.c
@@ -41,6 +41,7 @@ static apr_status_t cmd_reg_add(md_cmd_ctx *ctx, const md_cmd_t *cmd)
md_t *md;
apr_status_t rv;
+ (void)cmd;
md = md_create(ctx->p, md_cmd_gather_args(ctx, 0));
if (md->domains->nelts == 0) {
return APR_EINVAL;
@@ -70,6 +71,7 @@ static int list_add_md(void *baton, md_reg_t *reg, md_t *md)
{
apr_array_header_t *mdlist = baton;
+ (void)reg;
APR_ARRAY_PUSH(mdlist, const md_t *) = md;
return 1;
}
@@ -86,6 +88,7 @@ static apr_status_t cmd_reg_list(md_cmd_ctx *ctx, const md_cmd_t *cmd)
const md_t *md;
int i;
+ (void)cmd;
if (ctx->argc > 0) {
for (i = 0; i < ctx->argc; ++i) {
name = ctx->argv[i];
@@ -304,6 +307,7 @@ static apr_status_t cmd_reg_drive(md_cmd_ctx *ctx, const md_cmd_t *cmd)
apr_status_t rv;
int i;
+ (void)cmd;
md_log_perror(MD_LOG_MARK, MD_LOG_TRACE4, 0, ctx->p, "drive do");
if (ctx->argc > 0) {
for (i = 0; i < ctx->argc; ++i) {
@@ -322,7 +326,7 @@ static apr_status_t cmd_reg_drive(md_cmd_ctx *ctx, const md_cmd_t *cmd)
rv = APR_SUCCESS;
for (i = 0; i < mdlist->nelts; ++i) {
- md_t *md = APR_ARRAY_IDX(mdlist, i, md_t*);
+ md = APR_ARRAY_IDX(mdlist, i, md_t*);
if (APR_SUCCESS != (rv = assess_and_drive(ctx, md))) {
break;
}
diff --git a/modules/md/md_cmd_store.c b/modules/md/md_cmd_store.c
index 56c4f2712f..6fd5953b20 100644
--- a/modules/md/md_cmd_store.c
+++ b/modules/md/md_cmd_store.c
@@ -41,6 +41,7 @@ static apr_status_t cmd_add(md_cmd_ctx *ctx, const md_cmd_t *cmd)
md_t *md, *nmd;
apr_status_t rv;
+ (void)cmd;
md = md_create(ctx->p, md_cmd_gather_args(ctx, 0));
if (md->domains->nelts == 0) {
return APR_EINVAL;
@@ -92,6 +93,7 @@ static apr_status_t cmd_remove(md_cmd_ctx *ctx, const md_cmd_t *cmd)
static apr_status_t opts_remove(md_cmd_ctx *ctx, int option, const char *optarg)
{
+ (void)optarg;
switch (option) {
case 'f':
md_cmd_ctx_set_option(ctx, "force", "1");
@@ -120,12 +122,15 @@ static md_cmd_t RemoveCmd = {
static int list_md(void *baton, md_store_t *store, md_t *md, apr_pool_t *ptemp)
{
+ (void)store;
+ (void)ptemp;
md_cmd_print_md(baton, md);
return 1;
}
static apr_status_t cmd_list(md_cmd_ctx *ctx, const md_cmd_t *cmd)
{
+ (void)cmd;
return md_store_md_iter(list_md, ctx, ctx->store, ctx->p, MD_SG_DOMAINS, "*");
}
diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c
index 8084c53e6b..626274edf1 100644
--- a/modules/md/md_crypt.c
+++ b/modules/md/md_crypt.c
@@ -61,6 +61,8 @@ struct md_pkey_t {
static void seed_RAND(int pid)
{
char seed[128];
+
+ (void)pid;
arc4random_buf(seed, sizeof(seed));
RAND_seed(seed, sizeof(seed));
}
@@ -105,11 +107,6 @@ static void seed_RAND(int pid)
/*
* seed in some current state of the run-time stack (128 bytes)
*/
-#if HAVE_VALGRIND && 0
- if (ssl_running_on_valgrind) {
- VALGRIND_MAKE_MEM_DEFINED(stackdata, sizeof(stackdata));
- }
-#endif
n = rand_choosenum(0, sizeof(stackdata)-128-1);
RAND_seed(stackdata+n, 128);
}
@@ -140,11 +137,13 @@ apr_status_t md_crypt_init(apr_pool_t *pool)
typedef struct {
char *data;
apr_size_t len;
-} buffer;
+} buffer_rec;
static apr_status_t fwrite_buffer(void *baton, apr_file_t *f, apr_pool_t *p)
{
- buffer *buf = baton;
+ buffer_rec *buf = baton;
+
+ (void)p;
return apr_file_write_full(f, buf->data, buf->len, &buf->len);
}
@@ -169,6 +168,8 @@ typedef struct {
static int pem_passwd(char *buf, int size, int rwflag, void *baton)
{
passwd_ctx *ctx = baton;
+
+ (void)rwflag;
if (ctx->pass_len > 0) {
if (ctx->pass_len < size) {
size = (int)ctx->pass_len;
@@ -252,7 +253,7 @@ md_json_t *md_pkey_spec_to_json(const md_pkey_spec_t *spec, apr_pool_t *p)
case MD_PKEY_TYPE_RSA:
md_json_sets("RSA", json, MD_KEY_TYPE, NULL);
if (spec->params.rsa.bits >= MD_PKEY_RSA_BITS_MIN) {
- md_json_setl(spec->params.rsa.bits, json, MD_KEY_BITS, NULL);
+ md_json_setl((long)spec->params.rsa.bits, json, MD_KEY_BITS, NULL);
}
break;
default:
@@ -368,7 +369,7 @@ apr_status_t md_pkey_fload(md_pkey_t **ppkey, apr_pool_t *p,
return rv;
}
-static apr_status_t pkey_to_buffer(buffer *buffer, md_pkey_t *pkey, apr_pool_t *p,
+static apr_status_t pkey_to_buffer(buffer_rec *buffer, md_pkey_t *pkey, apr_pool_t *p,
const char *pass, apr_size_t pass_len)
{
BIO *bio = BIO_new(BIO_s_mem());
@@ -420,7 +421,7 @@ apr_status_t md_pkey_fsave(md_pkey_t *pkey, apr_pool_t *p,
const char *pass_phrase, apr_size_t pass_len,
const char *fname, apr_fileperms_t perms)
{
- buffer buffer;
+ buffer_rec buffer;
apr_status_t rv;
if (APR_SUCCESS == (rv = pkey_to_buffer(&buffer, pkey, p, pass_phrase, pass_len))) {
@@ -649,7 +650,7 @@ apr_status_t md_crypt_sha256_digest_hex(const char **pdigesthex, apr_pool_t *p,
unsigned char *buffer;
size_t blen;
apr_status_t rv;
- int i;
+ unsigned int i;
if (APR_SUCCESS == (rv = sha256_digest(&buffer, &blen, p, d, dlen))) {
cp = dhex = apr_pcalloc(p, 2 * blen + 1);
@@ -852,7 +853,7 @@ apr_status_t md_cert_fload(md_cert_t **pcert, apr_pool_t *p, const char *fname)
return rv;
}
-static apr_status_t cert_to_buffer(buffer *buffer, md_cert_t *cert, apr_pool_t *p)
+static apr_status_t cert_to_buffer(buffer_rec *buffer, md_cert_t *cert, apr_pool_t *p)
{
BIO *bio = BIO_new(BIO_s_mem());
int i;
@@ -882,7 +883,7 @@ static apr_status_t cert_to_buffer(buffer *buffer, md_cert_t *cert, apr_pool_t *
apr_status_t md_cert_fsave(md_cert_t *cert, apr_pool_t *p,
const char *fname, apr_fileperms_t perms)
{
- buffer buffer;
+ buffer_rec buffer;
apr_status_t rv;
if (APR_SUCCESS == (rv = cert_to_buffer(&buffer, cert, p))) {
@@ -893,7 +894,7 @@ apr_status_t md_cert_fsave(md_cert_t *cert, apr_pool_t *p,
apr_status_t md_cert_to_base64url(const char **ps64, md_cert_t *cert, apr_pool_t *p)
{
- buffer buffer;
+ buffer_rec buffer;
apr_status_t rv;
if (APR_SUCCESS == (rv = cert_to_buffer(&buffer, cert, p))) {
@@ -1011,6 +1012,7 @@ apr_status_t md_chain_fsave(apr_array_header_t *certs, apr_pool_t *p,
unsigned long err = 0;
int i;
+ (void)p;
rv = md_util_fopen(&f, fname, "w");
if (rv == APR_SUCCESS) {
apr_file_perms_set(fname, perms);
@@ -1217,7 +1219,13 @@ apr_status_t md_cert_self_sign(md_cert_t **pcert, const char *cn,
|| !(asn1_rnd = BN_to_ASN1_INTEGER(big_rnd, NULL))) {
md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "%s: setup random serial", cn);
rv = APR_EGENERAL; goto out;
- }
+ }
+
+ if (1 != X509_set_version(x, 2L)) {
+ md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "%s: setting x.509v3", cn);
+ rv = APR_EGENERAL; goto out;
+ }
+
if (!X509_set_serialNumber(x, asn1_rnd)) {
md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "%s: set serial number", cn);
rv = APR_EGENERAL; goto out;
@@ -1230,7 +1238,7 @@ apr_status_t md_cert_self_sign(md_cert_t **pcert, const char *cn,
rv = APR_EGENERAL; goto out;
}
/* cert are uncontrained (but not very trustworthy) */
- if (APR_SUCCESS != (rv = add_ext(x, NID_basic_constraints, "CA:TRUE, pathlen:0", p))) {
+ if (APR_SUCCESS != (rv = add_ext(x, NID_basic_constraints, "CA:FALSE, pathlen:0", p))) {
md_log_perror(MD_LOG_MARK, MD_LOG_ERR, rv, p, "%s: set basic constraints ext", cn);
goto out;
}
diff --git a/modules/md/md_curl.c b/modules/md/md_curl.c
index cb3b4d91f3..adcae4f784 100644
--- a/modules/md/md_curl.c
+++ b/modules/md/md_curl.c
@@ -300,6 +300,7 @@ static md_http_impl_t impl = {
md_http_impl_t * md_curl_get_impl(apr_pool_t *p)
{
/* trigger early global curl init, before we are down a rabbit hole */
+ (void)p;
md_curl_init();
return &impl;
}
diff --git a/modules/md/md_http.c b/modules/md/md_http.c
index f1c88e8e28..6c784fc984 100644
--- a/modules/md/md_http.c
+++ b/modules/md/md_http.c
@@ -236,6 +236,8 @@ apr_status_t md_http_POSTd(md_http_t *http, const char *url,
apr_status_t md_http_await(md_http_t *http, long req_id)
{
+ (void)http;
+ (void)req_id;
return APR_SUCCESS;
}
diff --git a/modules/md/md_log.c b/modules/md/md_log.c
index de2bcbdca5..c62b69d191 100644
--- a/modules/md/md_log.c
+++ b/modules/md/md_log.c
@@ -42,10 +42,7 @@ static const char *level_names[] = {
const char *md_log_level_name(md_log_level_t level)
{
- if ((int)level < (sizeof(level_names)/sizeof(level_names[0]))) {
- return level_names[level];
- }
- return "???";
+ return level_names[level];
}
static md_log_print_cb *log_printv;
diff --git a/modules/md/md_reg.c b/modules/md/md_reg.c
index 7d45f1ef18..95e32a70d1 100644
--- a/modules/md/md_reg.c
+++ b/modules/md/md_reg.c
@@ -237,6 +237,7 @@ apr_status_t md_reg_assess(md_reg_t *reg, md_t *md, int *perrored, int *prenew,
int renew = 0;
int errored = 0;
+ (void)reg;
switch (md->state) {
case MD_S_UNKNOWN:
md_log_perror( MD_LOG_MARK, MD_LOG_ERR, 0, p, "md(%s): in unkown state.", md->name);
@@ -292,6 +293,7 @@ static int reg_md_iter(void *baton, md_store_t *store, md_t *md, apr_pool_t *pte
{
reg_do_ctx *ctx = baton;
+ (void)store;
if (!ctx->exclude || strcmp(ctx->exclude, md->name)) {
state_init(ctx->reg, ptemp, (md_t*)md, 1);
return ctx->cb(ctx->baton, ctx->reg, md);
@@ -339,6 +341,7 @@ static int find_domain(void *baton, md_reg_t *reg, md_t *md)
{
find_domain_ctx *ctx = baton;
+ (void)reg;
if (md_contains(md, ctx->domain, 0)) {
ctx->md = md;
return 0;
@@ -371,6 +374,7 @@ static int find_overlap(void *baton, md_reg_t *reg, md_t *md)
find_overlap_ctx *ctx = baton;
const char *overlap;
+ (void)reg;
if ((overlap = md_common_name(ctx->md_checked, md))) {
ctx->md = md;
ctx->s = overlap;
@@ -608,6 +612,8 @@ static int find_changes(void *baton, md_store_t *store, md_t *md, apr_pool_t *pt
{
sync_ctx *ctx = baton;
+ (void)store;
+ (void)ptemp;
APR_ARRAY_PUSH(ctx->store_mds, const md_t*) = md_clone(ctx->p, md);
return 1;
}
@@ -866,6 +872,7 @@ static apr_status_t run_stage(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_
apr_time_t *pvalid_from;
apr_status_t rv;
+ (void)p;
proto = va_arg(ap, const md_proto_t *);
md = va_arg(ap, const md_t *);
challenge = va_arg(ap, const char *);
diff --git a/modules/md/md_store.c b/modules/md/md_store.c
index 04e265cbea..801d69e3d6 100644
--- a/modules/md/md_store.c
+++ b/modules/md/md_store.c
@@ -59,7 +59,7 @@ static const char *GROUP_NAME[] = {
const char *md_store_group_name(int group)
{
- if (group < sizeof(GROUP_NAME)/sizeof(GROUP_NAME[0])) {
+ if ((size_t)group < sizeof(GROUP_NAME)/sizeof(GROUP_NAME[0])) {
return GROUP_NAME[group];
}
return "UNKNOWN";
@@ -200,6 +200,7 @@ static apr_status_t p_remove(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_l
const char *name;
int force;
+ (void)p;
name = va_arg(ap, const char *);
force = va_arg(ap, int);
diff --git a/modules/md/md_store_fs.c b/modules/md/md_store_fs.c
index 73ed62e849..1c310bda31 100644
--- a/modules/md/md_store_fs.c
+++ b/modules/md/md_store_fs.c
@@ -122,6 +122,8 @@ static apr_status_t rename_pkey(void *baton, apr_pool_t *p, apr_pool_t *ptemp,
const char *from, *to;
apr_status_t rv = APR_SUCCESS;
+ (void)baton;
+ (void)ftype;
if (APR_SUCCESS == (rv = md_util_path_merge(&from, ptemp, dir, name, NULL))
&& APR_SUCCESS == (rv = md_util_path_merge(&to, ptemp, dir, MD_FN_PRIVKEY, NULL))) {
md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, p, "renaming %s/%s to %s",
@@ -140,6 +142,9 @@ static apr_status_t mk_pubcert(void *baton, apr_pool_t *p, apr_pool_t *ptemp,
const char *fname, *fpubcert;
apr_status_t rv = APR_SUCCESS;
+ (void)baton;
+ (void)ftype;
+ (void)p;
if ( APR_SUCCESS == (rv = md_util_path_merge(&fpubcert, ptemp, dir, MD_FN_PUBCERT, NULL))
&& APR_STATUS_IS_ENOENT((rv = md_chain_fload(&pubcert, ptemp, fpubcert)))
&& APR_SUCCESS == (rv = md_util_path_merge(&fname, ptemp, dir, name, NULL))
@@ -166,6 +171,7 @@ static apr_status_t upgrade_from_1_0(md_store_fs_t *s_fs, apr_pool_t *p, apr_poo
md_store_group_t g;
apr_status_t rv = APR_SUCCESS;
+ (void)ptemp;
/* Migrate pkey.pem -> privkey.pem */
for (g = MD_SG_NONE; g < MD_SG_COUNT && APR_SUCCESS == rv; ++g) {
rv = md_util_files_do(rename_pkey, s_fs, p, s_fs->base,
@@ -240,6 +246,7 @@ static apr_status_t setup_store_file(void *baton, apr_pool_t *p, apr_pool_t *pte
const char *fname;
apr_status_t rv;
+ (void)ap;
s_fs->plain_pkey[MD_SG_DOMAINS] = 1;
s_fs->plain_pkey[MD_SG_TMP] = 1;
@@ -458,6 +465,7 @@ static apr_status_t pfs_load(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_l
static apr_status_t dispatch(md_store_fs_t *s_fs, md_store_fs_ev_t ev, int group,
const char *fname, apr_filetype_e ftype, apr_pool_t *p)
{
+ (void)ev;
if (s_fs->event_cb) {
return s_fs->event_cb(s_fs->event_baton, &s_fs->s, MD_S_FS_EV_CREATED,
group, fname, ftype, p);
@@ -506,6 +514,7 @@ static apr_status_t pfs_is_newer(void *baton, apr_pool_t *p, apr_pool_t *ptemp,
int *pnewer;
apr_status_t rv;
+ (void)p;
group1 = (md_store_group_t)va_arg(ap, int);
group2 = (md_store_group_t)va_arg(ap, int);
name = va_arg(ap, const char*);
@@ -608,6 +617,7 @@ static apr_status_t pfs_remove(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va
apr_finfo_t info;
md_store_group_t group;
+ (void)p;
group = (md_store_group_t)va_arg(ap, int);
name = va_arg(ap, const char*);
aspect = va_arg(ap, const char *);
@@ -667,6 +677,7 @@ static apr_status_t pfs_purge(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_
md_store_group_t group;
apr_status_t rv;
+ (void)p;
group = (md_store_group_t)va_arg(ap, int);
name = va_arg(ap, const char*);
@@ -707,7 +718,8 @@ static apr_status_t insp(void *baton, apr_pool_t *p, apr_pool_t *ptemp,
apr_status_t rv;
void *value;
const char *fpath;
-
+
+ (void)ftype;
md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, ptemp, "inspecting value at: %s/%s", dir, name);
if (APR_SUCCESS == (rv = md_util_path_merge(&fpath, ptemp, dir, name, NULL))) {
rv = fs_fload(&value, ctx->s_fs, fpath, ctx->group, ctx->vtype, p, ptemp);
@@ -752,6 +764,7 @@ static apr_status_t pfs_move(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_l
int archive;
apr_status_t rv;
+ (void)p;
from = (md_store_group_t)va_arg(ap, int);
to = (md_store_group_t)va_arg(ap, int);
name = va_arg(ap, const char*);
diff --git a/modules/md/md_util.c b/modules/md/md_util.c
index 875cef61fc..ddaedbfe70 100644
--- a/modules/md/md_util.c
+++ b/modules/md/md_util.c
@@ -297,6 +297,8 @@ static apr_status_t write_text(void *baton, struct apr_file_t *f, apr_pool_t *p)
{
const char *text = baton;
apr_size_t len = strlen(text);
+
+ (void)p;
return apr_file_write_full(f, text, len, &len);
}
@@ -374,6 +376,8 @@ static apr_status_t rm_recursive(const char *fpath, apr_pool_t *p, int max_level
static apr_status_t prm_recursive(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap)
{
int max_level = va_arg(ap, int);
+
+ (void)p;
return rm_recursive(baton, ptemp, max_level);
}
@@ -567,6 +571,8 @@ static apr_status_t rm_cb(void *baton, apr_pool_t *p, apr_pool_t *ptemp,
apr_status_t rv;
const char *fpath;
+ (void)baton;
+ (void)p;
rv = md_util_path_merge(&fpath, ptemp, path, name, NULL);
if (APR_SUCCESS == rv) {
if (APR_DIR == ftype) {
diff --git a/modules/md/md_version.h b/modules/md/md_version.h
index c60f48a09e..e32ab23b50 100644
--- a/modules/md/md_version.h
+++ b/modules/md/md_version.h
@@ -26,7 +26,7 @@
* @macro
* Version number of the md module as c string
*/
-#define MOD_MD_VERSION "0.9.6"
+#define MOD_MD_VERSION "0.9.7-git"
/**
* @macro
@@ -34,7 +34,7 @@
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_MD_VERSION_NUM 0x000906
+#define MOD_MD_VERSION_NUM 0x000907
#define MD_EXPERIMENTAL 0
#define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory"
diff --git a/modules/md/mod_md.c b/modules/md/mod_md.c
index 06fccb1438..e1845ca80c 100644
--- a/modules/md/mod_md.c
+++ b/modules/md/mod_md.c
@@ -18,6 +18,9 @@
#include <apr_strings.h>
#include <ap_release.h>
+#ifndef AP_ENABLE_EXCEPTION_HOOK
+#define AP_ENABLE_EXCEPTION_HOOK 0
+#endif
#include <mpm_common.h>
#include <httpd.h>
#include <http_core.h>
@@ -55,7 +58,10 @@ AP_DECLARE_MODULE(md) = {
md_config_create_svr, /* func to create per server config */
md_config_merge_svr, /* func to merge per server config */
md_cmds, /* command handlers */
- md_hooks
+ md_hooks,
+#if defined(AP_MODULE_FLAG_NONE)
+ AP_MODULE_FLAG_ALWAYS_MERGE
+#endif
};
static void md_merge_srv(md_t *md, md_srv_conf_t *base_sc, apr_pool_t *p)
@@ -300,6 +306,7 @@ static apr_status_t md_calc_md_list(apr_pool_t *p, apr_pool_t *plog,
apr_sockaddr_t *sa;
int i, j;
+ (void)plog;
sc = md_config_get(base_server);
mc = sc->mc;
@@ -371,6 +378,7 @@ static apr_status_t store_file_ev(void *baton, struct md_store_t *store,
server_rec *s = baton;
apr_status_t rv;
+ (void)store;
ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s, "store event=%d on %s %s (group %d)",
ev, (ftype == APR_DIR)? "dir" : "file", fname, group);
@@ -467,8 +475,10 @@ static server_rec *log_server;
static int log_is_level(void *baton, apr_pool_t *p, md_log_level_t level)
{
+ (void)baton;
+ (void)p;
if (log_server) {
- return APLOG_IS_LEVEL(log_server, level);
+ return APLOG_IS_LEVEL(log_server, (int)level);
}
return level <= MD_LOG_INFO;
}
@@ -856,10 +866,9 @@ static apr_status_t md_check_config(apr_pool_t *p, apr_pool_t *plog,
apr_pool_userdata_set((const void *)1, mod_md_init_key,
apr_pool_cleanup_null, s->process->pool);
}
- else {
- ap_log_error( APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(10071)
- "mod_md (v%s), initializing...", MOD_MD_VERSION);
- }
+
+ ap_log_error( APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(10071)
+ "mod_md (v%s), initializing...", MOD_MD_VERSION);
init_setups(p, s);
md_log_set(log_is_level, log_print, NULL);
@@ -881,6 +890,7 @@ static apr_status_t md_post_config(apr_pool_t *p, apr_pool_t *plog,
apr_status_t rv = APR_SUCCESS;
int i;
+ (void)plog;
md_config_post_config(s, p);
sc = md_config_get(s);
mc = sc->mc;
@@ -1053,14 +1063,6 @@ static apr_status_t md_get_certificate(server_rec *s, apr_pool_t *p,
return rv;
}
-static apr_status_t md_get_credentials(server_rec *s, apr_pool_t *p,
- const char **pkeyfile, const char **pcertfile,
- const char **pchainfile)
-{
- *pchainfile = NULL;
- return md_get_certificate(s, p, pkeyfile, pcertfile);
-}
-
static int md_is_challenge(conn_rec *c, const char *servername,
X509 **pcert, EVP_PKEY **pkey)
{
@@ -1220,6 +1222,8 @@ static int md_require_https_maybe(request_rec *r)
*/
static void md_child_init(apr_pool_t *pool, server_rec *s)
{
+ (void)pool;
+ (void)s;
}
/* Install this module into the apache2 infrastructure.
@@ -1242,12 +1246,10 @@ static void md_hooks(apr_pool_t *pool)
ap_hook_child_init(md_child_init, NULL, mod_ssl, APR_HOOK_MIDDLE);
/* answer challenges *very* early, before any configured authentication may strike */
+ ap_hook_post_read_request(md_require_https_maybe, NULL, NULL, APR_HOOK_FIRST);
ap_hook_post_read_request(md_http_challenge_pr, NULL, NULL, APR_HOOK_MIDDLE);
- /* redirect to https if configured */
- ap_hook_fixups(md_require_https_maybe, NULL, NULL, APR_HOOK_LAST);
APR_REGISTER_OPTIONAL_FN(md_is_managed);
APR_REGISTER_OPTIONAL_FN(md_get_certificate);
- APR_REGISTER_OPTIONAL_FN(md_get_credentials);
APR_REGISTER_OPTIONAL_FN(md_is_challenge);
}
diff --git a/modules/md/mod_md.h b/modules/md/mod_md.h
index 860616808b..421e5c5f17 100644
--- a/modules/md/mod_md.h
+++ b/modules/md/mod_md.h
@@ -34,13 +34,6 @@ APR_DECLARE_OPTIONAL_FN(apr_status_t,
const char **pkeyfile,
const char **pcertfile));
-/* previous version for md_get_certificate, to be phased out soon */
-APR_DECLARE_OPTIONAL_FN(apr_status_t,
- md_get_credentials, (struct server_rec *, apr_pool_t *,
- const char **pkeyfile,
- const char **pcertfile,
- const char **pchainfile));
-
APR_DECLARE_OPTIONAL_FN(int,
md_is_challenge, (struct conn_rec *, const char *,
X509 **pcert, EVP_PKEY **pkey));
diff --git a/modules/md/mod_md_config.c b/modules/md/mod_md_config.c
index 63f11930d4..75926d4da1 100644
--- a/modules/md/mod_md_config.c
+++ b/modules/md/mod_md_config.c
@@ -182,6 +182,8 @@ static void *md_config_merge(apr_pool_t *pool, void *basev, void *addv)
nsc = (md_srv_conf_t *)apr_pcalloc(pool, sizeof(md_srv_conf_t));
nsc->name = name;
+ nsc->mc = add->mc? add->mc : base->mc;
+ nsc->assigned = add->assigned? add->assigned : base->assigned;
nsc->transitive = (add->transitive != DEF_VAL)? add->transitive : base->transitive;
nsc->require_https = (add->require_https != MD_REQUIRE_UNSET)? add->require_https : base->require_https;
@@ -254,7 +256,8 @@ static const char *md_config_sec_start(cmd_parms *cmd, void *mconfig, const char
apr_array_header_t *domains;
md_t *md;
int transitive = -1;
-
+
+ (void)mconfig;
if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
}
@@ -313,6 +316,7 @@ static const char *md_config_sec_add_members(cmd_parms *cmd, void *dc,
const char *err;
int i;
+ (void)dc;
if (NULL != (err = md_section_check(cmd, MD_CMD_MD_SECTION))) {
if (argc == 1) {
/* only these values are allowed outside a section */
@@ -330,7 +334,7 @@ static const char *md_config_sec_add_members(cmd_parms *cmd, void *dc,
return NULL;
}
-static const char *md_config_set_names(cmd_parms *cmd, void *arg,
+static const char *md_config_set_names(cmd_parms *cmd, void *dc,
int argc, char *const argv[])
{
md_srv_conf_t *sc = md_config_get(cmd->server);
@@ -339,6 +343,7 @@ static const char *md_config_set_names(cmd_parms *cmd, void *arg,
md_t *md;
int i, transitive = -1;
+ (void)dc;
err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE);
if (err) {
return err;
@@ -374,6 +379,7 @@ static const char *md_config_set_ca(cmd_parms *cmd, void *dc, const char *value)
md_srv_conf_t *sc = md_config_get(cmd->server);
const char *err;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
@@ -387,6 +393,7 @@ static const char *md_config_set_ca_proto(cmd_parms *cmd, void *dc, const char *
md_srv_conf_t *config = md_config_get(cmd->server);
const char *err;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
@@ -400,6 +407,7 @@ static const char *md_config_set_agreement(cmd_parms *cmd, void *dc, const char
md_srv_conf_t *config = md_config_get(cmd->server);
const char *err;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
@@ -414,6 +422,7 @@ static const char *md_config_set_drive_mode(cmd_parms *cmd, void *dc, const char
const char *err;
md_drive_mode_t drive_mode;
+ (void)dc;
if (!apr_strnatcasecmp("auto", value) || !apr_strnatcasecmp("automatic", value)) {
drive_mode = MD_DRIVE_AUTO;
}
@@ -440,6 +449,7 @@ static const char *md_config_set_must_staple(cmd_parms *cmd, void *dc, const cha
md_srv_conf_t *config = md_config_get(cmd->server);
const char *err;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
@@ -463,6 +473,7 @@ static const char *md_config_set_require_https(cmd_parms *cmd, void *dc, const c
md_srv_conf_t *config = md_config_get(cmd->server);
const char *err;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
@@ -545,6 +556,7 @@ static const char *md_config_set_renew_window(cmd_parms *cmd, void *dc, const ch
apr_interval_time_t timeout;
int percent;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
@@ -661,6 +673,7 @@ static const char *md_config_set_cha_tyes(cmd_parms *cmd, void *dc,
const char *err;
int i;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
@@ -678,13 +691,14 @@ static const char *md_config_set_cha_tyes(cmd_parms *cmd, void *dc,
return NULL;
}
-static const char *md_config_set_pkeys(cmd_parms *cmd, void *arg,
+static const char *md_config_set_pkeys(cmd_parms *cmd, void *dc,
int argc, char *const argv[])
{
md_srv_conf_t *config = md_config_get(cmd->server);
const char *err, *ptype;
apr_int64_t bits;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
diff --git a/modules/md/mod_md_os.c b/modules/md/mod_md_os.c
index 4b7cae7bab..8799735a61 100644
--- a/modules/md/mod_md_os.c
+++ b/modules/md/mod_md_os.c
@@ -16,6 +16,10 @@
#include <assert.h>
#include <apr_strings.h>
+#ifndef AP_ENABLE_EXCEPTION_HOOK
+#define AP_ENABLE_EXCEPTION_HOOK 0
+#endif
+
#include <mpm_common.h>
#include <httpd.h>
#include <http_log.h>
@@ -73,6 +77,8 @@ apr_status_t md_server_graceful(apr_pool_t *p, server_rec *s)
{
apr_status_t rv;
+ (void)p;
+ (void)s;
rv = (kill(getppid(), AP_SIG_GRACEFUL) < 0)? APR_ENOTIMPL : APR_SUCCESS;
ap_log_error(APLOG_MARK, APLOG_TRACE1, errno, NULL, "sent signal to parent");
return rv;