summaryrefslogtreecommitdiffstats
path: root/modules/md (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Include for mod_status.h Steffen Land2019-08-111-2/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864924 13f79535-47bb-0310-9956-ffa450edef68
* * mod_md: fix compiler warningsStefan Eissing2019-08-058-28/+23
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864425 13f79535-47bb-0310-9956-ffa450edef68
* don't mess with AP_ENABLE_EXCEPTION_HOOK on trunkEric Covener2019-08-012-11/+0
| | | | | | | | | | | | | mpm_common defines it later anyway: In file included from mod_md.c:25: In file included from /Users/covener/SRC/httpd-trunk/include/mpm_common.h:40: In file included from /Users/covener/SRC/httpd-trunk/include/ap_config.h:184: /Users/covener/SRC/httpd-trunk/include/ap_config_auto.h:11:9: error: 'AP_ENABLE_EXCEPTION_HOOK' macro redefined [-Werror,-Wmacro-redefined] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864153 13f79535-47bb-0310-9956-ffa450edef68
* Wrap get_ct_scts_nid() in preproc in order to avoid error: unused function ↵Jim Jagielski2019-07-231-0/+2
| | | | | | 'get_ct_scts_nid' [-Werror,-Wunused-function] in maint mode git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1863635 13f79535-47bb-0310-9956-ffa450edef68
* * using mod_ssl_openssl.h to see hooks in new placeStefan Eissing2019-07-091-3/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1862822 13f79535-47bb-0310-9956-ffa450edef68
* mod_md: adding log tag numbersStefan Eissing2019-07-092-8/+8
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1862785 13f79535-47bb-0310-9956-ffa450edef68
* mod_md: silencing unsed warnings when no mod_ssl hooks are not availableStefan Eissing2019-06-261-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1862110 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_ssl/mod_md: reversing dependency by letting mod_ssl offer hooks forStefan Eissing2019-06-252-36/+90
| | | | | | | | | adding certificates and keys to a virtual host. An additional hook allows answering special TLS connections as used in ACME challenges. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1862075 13f79535-47bb-0310-9956-ffa450edef68
* mod_md: copy recent fixes, adding new sources to mod_md.dspStefan Eissing2019-06-254-32/+55
| | | | | | | | Adding module to CMakeLists, needs testing. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1862041 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: bringing over v2.0.6 from github.Stefan Eissing2019-06-2448-3397/+7518
| | | | | | | | | | | | | | | | | | | | | | | | | - supports the ACMEv2 protocol - supports the new challenge method 'tls-alpn-01' - supports command configuration to setup/teardown 'dns-01' challenges - supports wildcard certificates when dns challenges are configured - ACMEv2 is the new default and will be used on the next certificate renewal, unless another MDCertificateAuthority is configured - challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer - a domain exposes its status at https://<domain>/.httpd/certificate-status - Managed Domains are now in Apache's 'server-status' page - A new handler 'md-status' exposes verbose status information in JSON format - new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a Managed Domain that uses static files. Auto-renewal is turned off for those. - new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and 'errored'. New 'MDWarnWindow' directive to configure when expiration warnings shall be issued. - ACMEv2 endpoints use the GET via empty POST way of accessing resources, see announcement by Let's Encrypt: https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1862013 13f79535-47bb-0310-9956-ffa450edef68
* Fix use of StateDir directive after r1852982:Joe Orton2019-04-181-5/+6
| | | | | | | | | | | | | | | | * server/core.c (reset_config): Rename from reset_config_defines; tie core_state_dir to pconf lifetime in this cleanup. (core_pre_config): Adjust accordingly. * modules/md/mod_md_config.c (md_config_post_config): Pick up base_dir from statedir in post-config phase so StateDir can influence it. * modules/dav/fs/mod_dav_fs.c (dav_fs_create_server_config): Don't init lockdb_path here. (dav_fs_post_config): New function; set lockdb_path based on configured statedir. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1857731 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: Store permissions are enforced on file creation, enforcing ↵Stefan Eissing2019-03-262-11/+16
| | | | | | | | | | restrictions in spite of umask. Fixes <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1856297 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: Explicitly setting file permissions to break out of umasks. We ↵Stefan Eissing2019-03-181-0/+7
| | | | | | | | | | | want our non-privilegded apache user to be able to read them. See github issue <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1855777 13f79535-47bb-0310-9956-ffa450edef68
* * modules/md/mod_md_config.c (md_mod_conf_get): Use state-dir-relativeJoe Orton2019-02-151-1/+14
| | | | | | | default base_dir. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853631 13f79535-47bb-0310-9956-ffa450edef68
* * modules/md/md_acme_drive.c (acme_driver_init):Joe Orton2019-01-091-3/+0
| | | | | | | Remove written-but-not-read variable (gcc 8.x warning). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1850834 13f79535-47bb-0310-9956-ffa450edef68
* *) mod_md: incorrect behaviour when synchronizing ongoing ACME challengesStefan Eissing2018-12-184-6/+14
| | | | | | | | have been fixed. [Michael Kaufmann, Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1849174 13f79535-47bb-0310-9956-ffa450edef68
* * modules/md/md_acme_authz.c (md_acme_authz_update): Fix typo in logJoe Orton2018-10-191-1/+1
| | | | | | | message. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1844343 13f79535-47bb-0310-9956-ffa450edef68
* md_acme_drive.c: remove unused variableLuca Toscano2018-10-131-3/+0
| | | | | | | | | | | Compiling in maintainer mode leads to a failure due to challenges_configured initialized but not used. Removing it seems harmless, Stefan please let me know if this is not the case. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843743 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-10-116-11/+19
| | | | | | | | | | mod_md: eliminating compiler warnings re signedness and unused. Adding a APLOG_WARNING when the only available ACME challenge is "tls-sni-01" since Let's Encrypt will disable that completely beginning of 2019. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843543 13f79535-47bb-0310-9956-ffa450edef68
* don't use workaround on trunkEric Covener2018-08-142-0/+6
| | | | | | | it breaks the build w/ maintainer mode. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1838054 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-08-033-29/+39
| | | | | | | | mod_md: When the last domain name from an MD is moved to another one, that now empty MD gets moved to the store archive. PR 62572. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837357 13f79535-47bb-0310-9956-ffa450edef68
* * using the, hopefully correct, ever elusive libressl version numbering ↵Stefan Eissing2018-07-171-1/+1
| | | | | | check for the new openssl API calls, fixes PR 62548. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1836095 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-07-051-1/+1
| | | | | | | | Silencing a gcc uninitialized warning. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1835117 13f79535-47bb-0310-9956-ffa450edef68
* mod_md: more robust handling of http-01 challenges and hands-off when moduleStefan Eissing2018-06-293-46/+53
| | | | | | | should not be involved, e.g. challenge setup by another ACME client. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1834667 13f79535-47bb-0310-9956-ffa450edef68
* mod_ssl: build with LibreSSL.Yann Ylavic2018-06-151-1/+2
| | | | | | | | | | | | | | | LibreSSL seems to be openssl-1.1 API compatible only in version 2.8 (master). So use that for MODSSL_USE_OPENSSL_PRE_1_1_API instead of 2.7, the two 2.7 compatibility-exceptions are handled explicitely but overall it's simpler. Regarding CRYPTO_malloc_init vs OPENSSL_malloc_init, libreSSL uses none, the former used to be a no-op but depends is LIBRESSL_INTERNAL in latest versions, while the latter has never been (and will never be) defined. So don't call any with LibreSSL. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833598 13f79535-47bb-0310-9956-ffa450edef68
* * integrating latest changes from microgritStefan Eissing2018-06-053-10/+15
| | | | | | | * MDNotifyCmd can now specify arguments to the command git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1832935 13f79535-47bb-0310-9956-ffa450edef68
* * modules/md/config2.m4: Only export "md_module" symbolJoe Orton2018-05-021-1/+4
| | | | | | | for a DSO build. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830747 13f79535-47bb-0310-9956-ffa450edef68
* Move APACHE_CHECK_JANSSON m4 macro to general includes so additional modules ↵Paul Querna2018-04-231-108/+0
| | | | | | can use it. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829895 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-04-031-1/+1
| | | | | | | | | mod_ssl: proper checks for libressl 2.07/8 and its TLSv1_3 support, see PR 62236. [Bernard Spil <brnrd@freebsd.org>] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828222 13f79535-47bb-0310-9956-ffa450edef68
* Ignore jansson.h's -Wunused-function for GCC too.Yann Ylavic2018-03-201-0/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1827373 13f79535-47bb-0310-9956-ffa450edef68
* #pragma GCC diagnostic push/pop exist in gcc >= 4.6 only.Yann Ylavic2018-03-201-3/+5
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1827372 13f79535-47bb-0310-9956-ffa450edef68
* mod_md: fixes error in renew window calculation that may lead to mod_md runningStefan Eissing2018-03-191-3/+3
| | | | | | | watchdog in a tight loop until actual renewal becomes necessary. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1827180 13f79535-47bb-0310-9956-ffa450edef68
* mod_md: /.well-known/acme-challenge requests that cannot be answered for ↵Stefan Eissing2018-03-192-37/+50
| | | | | | | | | | | | | | hostnames outside the configured MDs are free to be answered by other handlers. This allows co-existance between mod_md and other ACME clients on the same server (implements PR62189). [Stefan Eissing, Arkadiusz Miskiewicz <arekm@maven.pl>] Fixes PR62189. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1827175 13f79535-47bb-0310-9956-ffa450edef68
* mod_md: Fix compilation with OpenSSL before version 1.0.2.Rainer Jung2018-03-161-1/+1
| | | | | | | | | Symbol ASN1_TIME_diff is only available for 1.0.2+, but luckily alternative code we can use is already available, originally written for the LibreSSL case. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1826973 13f79535-47bb-0310-9956-ffa450edef68
* Instrument 'md_log_perror' and fix corresponding errors reported by gcc.Christophe Jaillet2018-03-144-10/+10
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1826686 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-01-1737-398/+149
| | | | | | | | mod_md: removing comments that documented that greenbytes has untransferable copyright to the sources. The rights, of course, remain unaffected, but maybe some people can sleep better. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1821374 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-01-054-4/+34
| | | | | | | | | | mod_md v1.1.8: new configuration directive "MDBaseServer on|off" to allow/inhibit management of the base server domains outside VirtualHosts. By default, this is "off", e.g. mod_md will not manage certificates or perform https: redirections on the base server. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1820310 13f79535-47bb-0310-9956-ffa450edef68
* Add missing APLOGNO.Christophe Jaillet2018-01-041-4/+4
| | | | | | 10112 is wasted because it is in my tree only. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1820036 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-01-032-2/+2
| | | | | | | | Fixed gcc warnings in latest mod_md version. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1819943 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2018-01-0210-202/+285
| | | | | | | mod_md v1.1.7 changes git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1819854 13f79535-47bb-0310-9956-ffa450edef68
* mod_md: fix leaks in md_cert_get_issuers_uri() and md_cert_get_alt_names().Yann Ylavic2018-01-021-20/+17
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1819799 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-12-203-5/+17
| | | | | | | | | mod_md: fixed mem pool usage for auto-added server names. Added error logging of exact ACME response when challenges failed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1818849 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-12-205-15/+19
| | | | | | | | | mod_md: reverses most of v1.0.5 optimization of post_config init, so that mod_ssl can ask for certiticates without crashing. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1818792 13f79535-47bb-0310-9956-ffa450edef68
* md: fix warning about unused variable 'cert'.Yann Ylavic2017-12-191-7/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1818725 13f79535-47bb-0310-9956-ffa450edef68
* "It is better to light a candle than curse the darkness."Jim Jagielski2017-12-1518-0/+288
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1818308 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-12-143-25/+37
| | | | | | | | | mod_md: fixed backward compatibility to old <ManagedDomain configuration. Add higher level WARNING log when initial request to ACME server fails, mentioning some advice. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1818120 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-12-131-6/+6
| | | | | | | | updated missing log tags. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1818030 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-12-115-29/+75
| | | | | | | | | | | | | mod_md: name change in configuration directives. The Apache team decided that the current names would confuse you, the users, and asked for a change. The old names are still working in this version, so you can safely upgrade. They will give warnings in the log and will disappear in the immediate future. * ManagedDomain is now MDomain * <ManagedDomain> is now <MDomainSet> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1817777 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-12-021-0/+4
| | | | | | | | mod_md: check for arc4random_buf in configure and use if available. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1816970 13f79535-47bb-0310-9956-ffa450edef68
* On the trunk:Stefan Eissing2017-11-283-26/+43
| | | | | | | | | mod_md: v1.0.5, restricting post_config dry run to be more silent and performing only necessary work for mod_ssl to be also happy with the configuration. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1816552 13f79535-47bb-0310-9956-ffa450edef68
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 03:16:02 +0100