On the trunk:

mod_md: fixed mem pool usage for auto-added server names. Added
     error logging of exact ACME response when challenges failed.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1818849 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index b2bf5ab623fb03d059db0a0bbd3b9c005acc87b8..998f4556deaac7318c359b5a1052343b6a650b5f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.1
 
+  *) mod_md: fixed mem pool usage for auto-added server names. Added
+     error logging of exact ACME response when challenges failed.
+     [Stefan Eissing]
+
   *) mpm_event: close connections not reported as handled by any module to
      avoid losing track of them and leaking scoreboard entries.  PR 61551.
      [Yann Ylavic]

diff --git a/modules/md/md_acme_authz.c b/modules/md/md_acme_authz.c
index 549abdb3be97b8e3c92d0c70b0d04a7c8a818448..68fdc36801e7027ef0cb5546fd2a44947db856f1 100644 (file)
--- a/modules/md/md_acme_authz.c
+++ b/modules/md/md_acme_authz.c
@@ -235,13 +235,25 @@ apr_status_t md_acme_authz_update(md_acme_authz_t *authz, md_acme_t *acme,
     }
     else if (s && !strcmp(s, "valid")) {
         authz->state = MD_ACME_AUTHZ_S_VALID;
+        if (md_log_is_level(p, MD_LOG_DEBUG)) {
+            md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, p, "ACME server validated challenge "
+                          "for %s in %s, ACME response is: %s", 
+                          authz->domain, authz->location, 
+                          md_json_writep(json, p, MD_JSON_FMT_COMPACT));
+        }
     }
     else if (s && !strcmp(s, "invalid")) {
         authz->state = MD_ACME_AUTHZ_S_INVALID;
+        md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "ACME server reports challenge "
+                      "for %s in %s as 'invalid', ACME response is: %s", 
+                      authz->domain, authz->location, 
+                      md_json_writep(json, p, MD_JSON_FMT_COMPACT));
     }
     else if (s) {
-        md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, 0, p, "unknown authz state '%s' "
-                      "for %s in %s", s, authz->domain, authz->location);
+        md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "ACME server reports unrecognized "
+                      "authz state '%s' for %s in %s, ACME response is: %s", 
+                      s, authz->domain, authz->location, 
+                      md_json_writep(json, p, MD_JSON_FMT_COMPACT));
         return APR_EINVAL;
     }
     return rv;

diff --git a/modules/md/md_version.h b/modules/md/md_version.h
index f11d130987d7437d08834f34f602a1750ca1d963..7b0b4286711966f478038c0f483a30149793e299 100644 (file)
--- a/modules/md/md_version.h
+++ b/modules/md/md_version.h
@@ -26,7 +26,7 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "1.1.2"
+#define MOD_MD_VERSION "1.1.4"
 
 /**
  * @macro
@@ -34,7 +34,7 @@
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x010102
+#define MOD_MD_VERSION_NUM 0x010104
 
 #define MD_ACME_DEF_URL    "https://acme-v01.api.letsencrypt.org/directory"
 

diff --git a/modules/md/mod_md.c b/modules/md/mod_md.c
index 996b5b93ce8974dcd57b74a9fdb08640a7a849b5..718b41d32d38a3b7631983ce343c12365e7dc1e8 100644 (file)
--- a/modules/md/mod_md.c
+++ b/modules/md/mod_md.c
@@ -250,7 +250,7 @@ static apr_status_t assign_to_servers(md_t *md, server_rec *base_server,
                  * If mode is "manual", a generated certificate will not match
                  * all necessary names. */
                 if ((!mc->local_80 || !uses_port_only(s, mc->local_80))
-                    && APR_SUCCESS != (rv = md_covers_server(md, s, ptemp))) {
+                    && APR_SUCCESS != (rv = md_covers_server(md, s, p))) {
                     return rv;
                 }