mod_md: copy recent fixes, adding new sources to mod_md.dsp

  Adding module to CMakeLists, needs testing.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1862041 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 73bce70f605c0a48e7b79cac6fdf46fd6fc67665..ecf47d54b08aaff01721ea62708235498aa4f548 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -70,6 +70,18 @@ ELSE()
   SET(default_check_libraries)
 ENDIF()
 
+IF(EXISTS "${CMAKE_INSTALL_PREFIX}/lib/curl.lib")
+  SET(default_curl_libraries "${CMAKE_INSTALL_PREFIX}/lib/curl.lib")
+ELSE()
+  SET(default_curl_libraries)
+ENDIF()
+
+IF(EXISTS "${CMAKE_INSTALL_PREFIX}/lib/jansson.lib")
+  SET(default_jansson_libraries "${CMAKE_INSTALL_PREFIX}/lib/jansson.lib")
+ELSE()
+  SET(default_jansson_libraries)
+ENDIF()
+
 SET(APR_INCLUDE_DIR       "${CMAKE_INSTALL_PREFIX}/include" CACHE STRING "Directory with APR[-Util] include files")
 SET(APR_LIBRARIES         ${default_apr_libraries}       CACHE STRING "APR libraries to link with")
 SET(NGHTTP2_INCLUDE_DIR   "${CMAKE_INSTALL_PREFIX}/include" CACHE STRING "Directory with NGHTTP2 include files within nghttp2 subdirectory")
@@ -82,6 +94,8 @@ SET(BROTLI_INCLUDE_DIR    "${CMAKE_INSTALL_PREFIX}/include" CACHE STRING "Direct
 SET(BROTLI_LIBRARIES      ${default_brotli_libraries}    CACHE STRING "Brotli libraries to link with")
 SET(CHECK_INCLUDE_DIR     "${CMAKE_INSTALL_PREFIX}/include" CACHE STRING "Directory with include files for Check")
 SET(CHECK_LIBRARIES       "${default_check_libraries}"   CACHE STRING "Check libraries to link with")
+SET(CURL_LIBRARIES        "${default_curl_libraries}"    CACHE STRING "Curl libraries to link with")
+SET(JANSSON_LIBRARIES     "${default_jansson_libraries}" CACHE STRING "Jansson libraries to link with")
 # end support library configuration
 
 # Misc. options
@@ -231,6 +245,19 @@ ELSE()
   SET(CHECK_FOUND FALSE)
 ENDIF()
 
+# See if we have curl
+SET(CURL_FOUND TRUE)
+IF(EXISTS "${CURL_INCLUDE_DIR}/curl/curl.h")
+  FOREACH(onelib ${CURL_LIBRARIES})
+    IF(NOT EXISTS ${onelib})
+      SET(CURL_FOUND FALSE)
+    ENDIF()
+  ENDFOREACH()
+ELSE()
+  SET(CURL_FOUND FALSE)
+ENDIF()
+
+
 MESSAGE(STATUS "")
 MESSAGE(STATUS "Summary of feature detection:")
 MESSAGE(STATUS "")
@@ -240,6 +267,8 @@ MESSAGE(STATUS "NGHTTP2_FOUND ............ : ${NGHTTP2_FOUND}")
 MESSAGE(STATUS "OPENSSL_FOUND ............ : ${OPENSSL_FOUND}")
 MESSAGE(STATUS "ZLIB_FOUND ............... : ${ZLIB_FOUND}")
 MESSAGE(STATUS "BROTLI_FOUND ............. : ${BROTLI_FOUND}")
+MESSAGE(STATUS "CURL_FOUND ............... : ${CURL_FOUND}")
+MESSAGE(STATUS "JANSSON_FOUND ............ : ${JANSSON_FOUND}")
 MESSAGE(STATUS "CHECK_FOUND .............. : ${CHECK_FOUND}")
 MESSAGE(STATUS "APR_HAS_LDAP ............. : ${APR_HAS_LDAP}")
 MESSAGE(STATUS "APR_HAS_XLATE ............ : ${APR_HAS_XLATE}")
@@ -345,6 +374,7 @@ SET(MODULE_LIST
   "modules/loggers/mod_log_forensic+I+forensic logging"
   "modules/loggers/mod_logio+I+input and output logging"
   "modules/lua/mod_lua+i+Apache Lua Framework"
+  "modules/md/mod_md+i+Apache Managed Domains (Certificates)"
   "modules/mappers/mod_actions+I+Action triggering on requests"
   "modules/mappers/mod_alias+A+mapping of requests to different filesystem parts"
   "modules/mappers/mod_dir+A+directory request handling"
@@ -478,6 +508,24 @@ SET(mod_lua_extra_sources
   modules/lua/lua_vmprep.c           modules/lua/lua_dbd.c
 )
 SET(mod_lua_requires                 LUA51_FOUND)
+SET(mod_md_requires                  OPENSSL_FOUND CURL_FOUND JANSSON_FOUND HAVE_OPENSSL_102)
+SET(mod_md_extra_includes            ${OPENSSL_INCLUDE_DIR} ${CURL_INCLUDE_DIR} ${JANSSON_INCLUDE_DIR})
+SET(mod_md_extra_libs                ${OPENSSL_LIBRARIES} ${CURL_LIBRARIES} ${JANSSON_LIBRARIES} mod_watchdog)
+SET(mod_md_extra_sources
+  modules/md/md_acme.c               modules/md/md_acme_acct.c
+  modules/md/md_acme_authz.c         modules/md/md_acme_drive.c
+  modules/md/md_acmev1_drive.c       modules/md/md_acmev2_drive.c
+  modules/md/md_acme_order.c         modules/md/md_core.c
+  modules/md/md_curl.c               modules/md/md_crypt.c
+  modules/md/md_http.c               modules/md/md_json.c
+  modules/md/md_jws.c                modules/md/md_log.c
+  modules/md/md_result.c             modules/md/md_reg.c
+  modules/md/md_status.c             modules/md/md_store.c
+  modules/md/md_store_fs.c           modules/md/md_time.c
+  modules/md/md_util.c               
+  modules/md/mod_md_config.c         modules/md/mod_md_drive.c
+  modules/md/mod_md_os.c             modules/md/mod_md_status.c
+)
 SET(mod_optional_hook_export_extra_defines AP_DECLARE_EXPORT) # bogus reuse of core API prefix
 SET(mod_proxy_extra_defines          PROXY_DECLARE_EXPORT)
 SET(mod_proxy_extra_sources          modules/proxy/proxy_util.c)
@@ -1062,6 +1110,8 @@ MESSAGE(STATUS "  Brotli include directory......... : ${BROTLI_INCLUDE_DIR}")
 MESSAGE(STATUS "  Brotli libraries ................ : ${BROTLI_LIBRARIES}")
 MESSAGE(STATUS "  Check include directory.......... : ${CHECK_INCLUDE_DIR}")
 MESSAGE(STATUS "  Check libraries ................. : ${CHECK_LIBRARIES}")
+MESSAGE(STATUS "  Curl include directory........... : ${CURL_INCLUDE_DIR}")
+MESSAGE(STATUS "  Jansson libraries ............... : ${JANSSON_LIBRARIES}")
 MESSAGE(STATUS "  Extra include directories ....... : ${EXTRA_INCLUDES}")
 MESSAGE(STATUS "  Extra compile flags ............. : ${EXTRA_COMPILE_FLAGS}")
 MESSAGE(STATUS "  Extra libraries ................. : ${EXTRA_LIBS}")

diff --git a/build/apr_common.m4 b/build/apr_common.m4
index 6b5c0f033b9e2aca5343a44ef26086f4e4cf1a66..f4e2dfd0a7cbc406fe327585d1461d6bd79e72b6 100644 (file)
--- a/build/apr_common.m4
+++ b/build/apr_common.m4
@@ -511,9 +511,9 @@ AC_DEFUN([APR_TRY_COMPILE_NO_WARNING],
    [int main(int argc, const char *const *argv) {]
    [[$2]]
    [   return 0; }]
-  )],
-  [$3], [$4])
- CFLAGS=$apr_save_CFLAGS
+  )], [CFLAGS=$apr_save_CFLAGS
+$3],  [CFLAGS=$apr_save_CFLAGS
+$4])
 ])
 
 dnl
@@ -974,12 +974,45 @@ fi
 AC_SUBST(MKDEP)
 ])
 
+dnl
+dnl APR_CHECK_TYPES_FMT_COMPATIBLE(TYPE-1, TYPE-2, FMT-TAG, 
+dnl                                [ACTION-IF-TRUE], [ACTION-IF-FALSE])
+dnl
+dnl Try to determine whether two types are the same and accept the given
+dnl printf formatter (bare token, e.g. literal d, ld, etc).
+dnl
+AC_DEFUN([APR_CHECK_TYPES_FMT_COMPATIBLE], [
+define([apr_cvname], apr_cv_typematch_[]translit([$1], [ ], [_])_[]translit([$2], [ ], [_])_[][$3])
+AC_CACHE_CHECK([whether $1 and $2 use fmt %$3], apr_cvname, [
+APR_TRY_COMPILE_NO_WARNING([#include <sys/types.h>
+#include <stdio.h>
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
+], [
+    $1 chk1, *ptr1;
+    $2 chk2, *ptr2 = &chk1;
+    ptr1 = &chk2;
+    *ptr1 = *ptr2 = 0;
+    printf("%$3 %$3", chk1, chk2);
+], [apr_cvname=yes], [apr_cvname=no])])
+if test "$apr_cvname" = "yes"; then
+    :
+    $4
+else
+    :
+    $5
+fi
+])
+
 dnl
 dnl APR_CHECK_TYPES_COMPATIBLE(TYPE-1, TYPE-2, [ACTION-IF-TRUE])
 dnl
 dnl Try to determine whether two types are the same. Only works
 dnl for gcc and icc.
 dnl
+dnl @deprecated @see APR_CHECK_TYPES_FMT_COMPATIBLE
+dnl
 AC_DEFUN([APR_CHECK_TYPES_COMPATIBLE], [
 define([apr_cvname], apr_cv_typematch_[]translit([$1], [ ], [_])_[]translit([$2], [ ], [_]))
 AC_CACHE_CHECK([whether $1 and $2 are the same], apr_cvname, [

diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c
index 0e1d84602f09f31c7789afa78ee35c7efbde73ef..4b29e4b044bfe7fe2c0bf1ec21bfeeb08631e5cb 100644 (file)
--- a/modules/md/md_acme_drive.c
+++ b/modules/md/md_acme_drive.c
@@ -304,17 +304,9 @@ static apr_status_t csr_req(md_acme_t *acme, const md_http_response_t *res, void
     ad->next_up_link = NULL;
     if (APR_SUCCESS == (rv = md_cert_read_http(&cert, d->p, res))) {
         md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, d->p, "cert parsed");
-        if (ad->certs) {
-            apr_array_clear(ad->certs);
-        }
-        else {
-            ad->certs = apr_array_make(d->p, 5, sizeof(md_cert_t*));
-        }
+        apr_array_clear(ad->certs);
         APR_ARRAY_PUSH(ad->certs, md_cert_t*) = cert;
-        
-        if (APR_SUCCESS == rv) {
-            get_up_link(d, res->headers);
-        }
+        get_up_link(d, res->headers);
     }
     else if (APR_STATUS_IS_ENOENT(rv)) {
         rv = APR_SUCCESS;
@@ -454,9 +446,6 @@ static apr_status_t ad_chain_retrieve(md_proto_driver_t *d)
      *                          the link header with relation "up" gives us the location
      *                          for the next cert in the chain
      */
-    if (!ad->certs) {
-        ad->certs = apr_array_make(d->p, 5, sizeof(md_cert_t *));
-    }
     if (md_array_is_empty(ad->certs)) {
         /* Need to start at the order */
         ad->next_up_link = NULL;
@@ -499,15 +488,16 @@ static apr_status_t acme_driver_init(md_proto_driver_t *d, md_result_t *result)
     ad = apr_pcalloc(d->p, sizeof(*ad));
     
     d->baton = ad;
-    ad->driver = d;
     
+    ad->driver = d;
     ad->authz_monitor_timeout = apr_time_from_sec(30);
     ad->cert_poll_timeout = apr_time_from_sec(30);
+    ad->ca_challenges = apr_array_make(d->p, 3, sizeof(const char*));
+    ad->certs = apr_array_make(d->p, 5, sizeof(md_cert_t*));
     
     /* We can only support challenges if the server is reachable from the outside
      * via port 80 and/or 443. These ports might be mapped for httpd to something
      * else, but a mapping needs to exist. */
-    ad->ca_challenges = apr_array_make(d->p, 3, sizeof(const char *));
     challenge = apr_table_get(d->env, MD_KEY_CHALLENGE); 
     if (challenge) {
         APR_ARRAY_PUSH(ad->ca_challenges, const char*) = apr_pstrdup(d->p, challenge);
@@ -578,6 +568,7 @@ static apr_status_t acme_renew(md_proto_driver_t *d, md_result_t *result)
     int reset_staging = d->reset;
     apr_status_t rv = APR_SUCCESS;
     apr_time_t now;
+    apr_array_header_t *staged_certs;
     char ts[APR_RFC822_DATE_LEN];
 
     if (md_log_is_level(d->p, MD_LOG_DEBUG)) {
@@ -667,9 +658,10 @@ static apr_status_t acme_renew(md_proto_driver_t *d, md_result_t *result)
     if (!ad->domains) {
         ad->domains = md_dns_make_minimal(d->p, ad->md->domains);
     }
-    if (md_array_is_empty(ad->certs)) {
-        /* have we created this already? */
-        md_pubcert_load(d->store, MD_SG_STAGING, d->md->name, &ad->certs, d->p);
+    
+    if (md_array_is_empty(ad->certs)
+        && APR_SUCCESS == md_pubcert_load(d->store, MD_SG_STAGING, d->md->name, &staged_certs, d->p)) {
+        apr_array_cat(ad->certs, staged_certs);
     }
     
     if (md_array_is_empty(ad->certs)) {

diff --git a/modules/md/md_status.c b/modules/md/md_status.c
index 8aa1de2d5701161de30b81286f60a2850a8f65c9..4bdd508199eb9e6b0c37e2225394616c66ac4f5b 100644 (file)
--- a/modules/md/md_status.c
+++ b/modules/md/md_status.c
@@ -98,7 +98,7 @@ static apr_status_t get_staging_cert_json(md_json_t **pjson, apr_pool_t *p,
     apr_status_t rv = APR_SUCCESS;
     
     rv = md_pubcert_load(md_reg_store_get(reg), MD_SG_STAGING, md->name, &certs, p);
-    if (APR_STATUS_IS_ENOENT(rv) || certs->nelts == 0) {
+    if (APR_STATUS_IS_ENOENT(rv)) {
         rv = APR_SUCCESS;
         goto leave;
     }

diff --git a/modules/md/md_version.h b/modules/md/md_version.h
index 4a668bc38184f480e6fe606548fdb1bdd80f7465..21286a261610099cdc2dfe0b9a77b031d05bce4a 100644 (file)
--- a/modules/md/md_version.h
+++ b/modules/md/md_version.h
@@ -27,7 +27,7 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "2.0.6"
+#define MOD_MD_VERSION "2.0.7"
 
 /**
  * @macro
@@ -35,7 +35,7 @@
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x020006
+#define MOD_MD_VERSION_NUM 0x020007
 
 #define MD_ACME_DEF_URL    "https://acme-v02.api.letsencrypt.org/directory"
 

diff --git a/modules/md/mod_md.dsp b/modules/md/mod_md.dsp
index edc7f859c86fa964a89e051ab94115c595cb9ef7..250b2e9fb9845844a321b40a56415908f5d5dcbe 100644 (file)
--- a/modules/md/mod_md.dsp
+++ b/modules/md/mod_md.dsp
@@ -109,10 +109,46 @@ SOURCE=./mod_md_config.c
 # End Source File\r
 # Begin Source File\r
 \r
+SOURCE=./mod_md_drive.c\r
+# End Source File\r
+# Begin Source File\r
+\r
 SOURCE=./mod_md_os.c\r
 # End Source File\r
 # Begin Source File\r
 \r
+SOURCE=./mod_md_status.c\r
+# End Source File\r
+# Begin Source File\r
+\r
+SOURCE=./md_acme.c\r
+# End Source File\r
+# Begin Source File\r
+\r
+SOURCE=./md_acme_acct.c\r
+# End Source File\r
+# Begin Source File\r
+\r
+SOURCE=./md_acme_authz.c\r
+# End Source File\r
+# Begin Source File\r
+\r
+SOURCE=./md_acme_drive.c\r
+# End Source File\r
+# Begin Source File\r
+\r
+SOURCE=./md_acme_order.c\r
+# End Source File\r
+# Begin Source File\r
+\r
+SOURCE=./md_acmev1_drive.c\r
+# End Source File\r
+# Begin Source File\r
+\r
+SOURCE=./md_acmev2_drive.c\r
+# End Source File\r
+# Begin Source File\r
+\r
 SOURCE=./md_core.c\r
 # End Source File\r
 # Begin Source File\r
@@ -145,35 +181,30 @@ SOURCE=./md_reg.c
 # End Source File\r
 # Begin Source File\r
 \r
-SOURCE=./md_store.c\r
-# End Source File\r
-# Begin Source File\r
-\r
-SOURCE=./md_store_fs.c\r
+SOURCE=./md_result.c\r
 # End Source File\r
 # Begin Source File\r
 \r
-SOURCE=./md_util.c\r
+SOURCE=./md_status.c\r
 # End Source File\r
 # Begin Source File\r
 \r
-SOURCE=./md_acme.c\r
+SOURCE=./md_store.c\r
 # End Source File\r
 # Begin Source File\r
 \r
-SOURCE=./md_acme_acct.c\r
+SOURCE=./md_store_fs.c\r
 # End Source File\r
 # Begin Source File\r
 \r
-SOURCE=./md_acme_authz.c\r
+SOURCE=./md_time.c\r
 # End Source File\r
 # Begin Source File\r
 \r
-SOURCE=./md_acme_drive.c\r
+SOURCE=./md_util.c\r
 # End Source File\r
 # Begin Source File\r
 \r
-\r
 SOURCE=..\..\build\win32\httpd.rc\r
 # End Source File\r
 # End Target\r