*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges

author Stefan Eissing <icing@apache.org>

Tue, 18 Dec 2018 13:45:25 +0000 (13:45 +0000)

committer Stefan Eissing <icing@apache.org>

Tue, 18 Dec 2018 13:45:25 +0000 (13:45 +0000)
author Stefan Eissing <icing@apache.org>
Tue, 18 Dec 2018 13:45:25 +0000 (13:45 +0000)
committer Stefan Eissing <icing@apache.org>
Tue, 18 Dec 2018 13:45:25 +0000 (13:45 +0000)
diff --git a/CHANGES b/CHANGES

index 032f68ac8dfe199ff245d289508b2522377ea304..bec6843bddde1072b336e4c0757ffce67e885f33 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                           -*- coding: utf-8 -*-
  Changes with Apache 2.5.1
  
+  *) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
+     have been fixed. [Michael Kaufmann, Stefan Eissing]
+  
    *) core: Incorrect values for environment variables are substituted when
       multiple environment variables are specified in a directive. [Hank Ibell]
  
diff --git a/modules/md/md_acme.c b/modules/md/md_acme.c

index f8c1936d731f67c336e471dbf907daadc76b8086..3fbd365f9c26ed897832b40b04a787a52faacb8d 100644 (file)
--- a/modules/md/md_acme.c
+++ b/modules/md/md_acme.c
@@ -153,6 +153,8 @@ apr_status_t md_acme_setup(md_acme_t *acme)
          if (acme->new_authz && acme->new_cert && acme->new_reg && acme->revoke_cert) {
              return APR_SUCCESS;
          }
+        md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, 0, acme->p,
+                      "Unable to understand ACME server response. Wrong ACME protocol version?");
          rv = APR_EINVAL;
      }
      else {
diff --git a/modules/md/md_acme_authz.c b/modules/md/md_acme_authz.c

index 3ff8405bea667efcb70837f3bd1ac874b2064620..2295745b7b4b0f1f874a109d6ce7029e6bd891f5 100644 (file)
--- a/modules/md/md_acme_authz.c
+++ b/modules/md/md_acme_authz.c
@@ -95,7 +95,7 @@ apr_status_t md_acme_authz_set_remove(md_acme_authz_set_t *set, const char *doma
              int n = i + 1;
              if (n < set->authzs->nelts) {
                  void **elems = (void **)set->authzs->elts;
-                memmove(elems + i, elems + n, (size_t)(set->authzs->nelts - n)); 
+                memmove(elems + i, elems + n, (size_t)(set->authzs->nelts - n) * sizeof(*elems));
              }
              --set->authzs->nelts;
              return APR_SUCCESS;
diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c

index b5592e69b8fbab354e8dae410756fa983807f6a0..34fd37e0919d3c98bccf972523336117c0ef3812 100644 (file)
--- a/modules/md/md_acme_drive.c
+++ b/modules/md/md_acme_drive.c
@@ -162,7 +162,8 @@ static apr_status_t ad_setup_authz(md_proto_driver_t *d)
      apr_status_t rv;
      md_t *md = ad->md;
      md_acme_authz_t *authz;
-    int i, changed;
+    int i;
+    int changed = 0;
      
      assert(ad->md);
      assert(ad->acme);
@@ -186,18 +187,20 @@ static apr_status_t ad_setup_authz(md_proto_driver_t *d)
      }
      
      /* Remove anything we no longer need */
-    for (i = 0; i < ad->authz_set->authzs->nelts; ++i) {
+    for (i = 0; i < ad->authz_set->authzs->nelts;) {
          authz = APR_ARRAY_IDX(ad->authz_set->authzs, i, md_acme_authz_t*);
          if (!md_contains(md, authz->domain, 0)) {
              md_acme_authz_set_remove(ad->authz_set, authz->domain);
              changed = 1;
          }
+        else {
+            ++i;
+        }
      }
      
      /* Add anything we do not already have */
      for (i = 0; i < md->domains->nelts && APR_SUCCESS == rv; ++i) {
          const char *domain = APR_ARRAY_IDX(md->domains, i, const char *);
-        changed = 0;
          authz = md_acme_authz_set_get(ad->authz_set, domain);
          if (authz) {
              /* check valid */
@@ -615,6 +618,7 @@ static apr_status_t acme_driver_init(md_proto_driver_t *d)
  {
      md_acme_driver_t *ad;
      apr_status_t rv = APR_SUCCESS;
+    int challenges_configured = 0;
  
      ad = apr_pcalloc(d->p, sizeof(*ad));
      
@@ -631,10 +635,12 @@ static apr_status_t acme_driver_init(md_proto_driver_t *d)
      if (d->challenge) {
          /* we have been told to use this type */
          APR_ARRAY_PUSH(ad->ca_challenges, const char*) = apr_pstrdup(d->p, d->challenge);
+        challenges_configured = 1;
      }
      else if (d->md->ca_challenges && d->md->ca_challenges->nelts > 0) {
          /* pre-configured set for this managed domain */
          apr_array_cat(ad->ca_challenges, d->md->ca_challenges);
+        challenges_configured = 1;
      }
      else {
          /* free to chose. Add all we support and see what we get offered */
diff --git a/modules/md/md_version.h b/modules/md/md_version.h

index 7a3af68d96243fc6318f6a450ef142167d892858..58a4afc1b5d656815073f9c9d4810d7499998705 100644 (file)
--- a/modules/md/md_version.h
+++ b/modules/md/md_version.h
@@ -27,7 +27,7 @@
   * @macro
   * Version number of the md module as c string
   */
-#define MOD_MD_VERSION "1.1.17-DEV"
+#define MOD_MD_VERSION "1.1.18-DEV"
  
  /**
   * @macro
@@ -35,7 +35,7 @@
   * release. This is a 24 bit number with 8 bits for major number, 8 bits
   * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
   */
-#define MOD_MD_VERSION_NUM 0x010111
+#define MOD_MD_VERSION_NUM 0x010112
  
  #define MD_ACME_DEF_URL    "https://acme-v01.api.letsencrypt.org/directory"
author	Stefan Eissing <icing@apache.org>
	Tue, 18 Dec 2018 13:45:25 +0000 (13:45 +0000)
committer	Stefan Eissing <icing@apache.org>
	Tue, 18 Dec 2018 13:45:25 +0000 (13:45 +0000)
CHANGES		patch \| blob \| history
modules/md/md_acme.c		patch \| blob \| history
modules/md/md_acme_authz.c		patch \| blob \| history
modules/md/md_acme_drive.c		patch \| blob \| history
modules/md/md_version.h		patch \| blob \| history