On the 2.4.x-mod_md branch:

Merged r1816552 from trunk.

mod_md: v1.0.5, restricting post_config dry run to be more silent and performing
     only necessary work for mod_ssl to be also happy with the configuration.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-mod_md@1816553 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/md/md_store_fs.c b/modules/md/md_store_fs.c
index 1c310bda31d73b1b8d11642ccf9c547944e665d8..29c29650a8a9aca458adb5c583707c40354910e2 100644 (file)
--- a/modules/md/md_store_fs.c
+++ b/modules/md/md_store_fs.c
@@ -431,7 +431,7 @@ static apr_status_t fs_fload(void **pvalue, md_store_fs_t *s_fs, const char *fpa
                 rv = APR_ENOTIMPL;
                 break;
         }
-        md_log_perror(MD_LOG_MARK, MD_LOG_TRACE2, rv, ptemp, 
+        md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, rv, ptemp, 
                       "loading type %d from %s", vtype, fpath);
     }
     else { /* check for existence only */

diff --git a/modules/md/md_version.h b/modules/md/md_version.h
index 2e50abf8c8949f846c4a3f57aa690fe591c6b27e..f9ec5df549e36cef0e9b3c9e649c7dec04a45fac 100644 (file)
--- a/modules/md/md_version.h
+++ b/modules/md/md_version.h
@@ -26,7 +26,7 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "1.0.4"
+#define MOD_MD_VERSION "1.0.5"
 
 /**
  * @macro
@@ -34,7 +34,7 @@
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x010004
+#define MOD_MD_VERSION_NUM 0x010005
 
 #define MD_EXPERIMENTAL 0
 #define MD_ACME_DEF_URL    "https://acme-v01.api.letsencrypt.org/directory"

diff --git a/modules/md/mod_md.c b/modules/md/mod_md.c
index 87121a86f867639f1b807f9b4d2e1ec1e45a50ae..f1447995c4a4846f901da87d0df8dd401905abc1 100644 (file)
--- a/modules/md/mod_md.c
+++ b/modules/md/mod_md.c
@@ -983,54 +983,72 @@ static void load_stage_sets(apr_array_header_t *names, apr_pool_t *p,
     return;
 }
 
-static apr_status_t md_check_config(apr_pool_t *p, apr_pool_t *plog,
-                                    apr_pool_t *ptemp, server_rec *s)
+static apr_status_t md_post_config(apr_pool_t *p, apr_pool_t *plog,
+                                   apr_pool_t *ptemp, server_rec *s)
 {
-    const char *mod_md_init_key = "mod_md_init_counter";
     void *data = NULL;
-    
+    const char *mod_md_init_key = "mod_md_init_counter";
+    md_srv_conf_t *sc;
+    md_mod_conf_t *mc;
+    md_reg_t *reg;
+    const md_t *md;
+    apr_array_header_t *drive_names;
+    apr_status_t rv = APR_SUCCESS;
+    int i, dry_run = 0;
+
     apr_pool_userdata_get(&data, mod_md_init_key, s->process->pool);
     if (data == NULL) {
+        /* At the first start, httpd makes a config check dry run. It
+         * runs all config hooks to check if it can. If so, it does
+         * this all again and starts serving requests.
+         * 
+         * This is known.
+         *
+         * On a dry run, we therefore do all the cheap config things we
+         * need to do. Because otherwise mod_ssl fails because it calls
+         * us unprepared.
+         * But synching our configuration with the md store
+         * and determining which domains to drive and start a watchdog
+         * and all that, we do not.
+         */
         ap_log_error( APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(10070)
                      "initializing post config dry run");
         apr_pool_userdata_set((const void *)1, mod_md_init_key,
                               apr_pool_cleanup_null, s->process->pool);
+        dry_run = 1;
+    }
+    else {
+        ap_log_error( APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(10071)
+                     "mod_md (v%s), initializing...", MOD_MD_VERSION);
     }
-    
-    ap_log_error( APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(10071)
-                 "mod_md (v%s), initializing...", MOD_MD_VERSION);
 
+    (void)plog;
     init_setups(p, s);
     md_log_set(log_is_level, log_print, NULL);
 
     /* Check uniqueness of MDs, calculate global, configured MD list.
      * If successful, we have a list of MD definitions that do not overlap. */
     /* We also need to find out if we can be reached on 80/443 from the outside (e.g. the CA) */
-    return md_calc_md_list(p, plog, ptemp, s);
-}
-    
-static apr_status_t md_post_config(apr_pool_t *p, apr_pool_t *plog,
-                                   apr_pool_t *ptemp, server_rec *s)
-{
-    md_srv_conf_t *sc;
-    md_mod_conf_t *mc;
-    md_reg_t *reg;
-    const md_t *md;
-    apr_array_header_t *drive_names;
-    apr_status_t rv = APR_SUCCESS;
-    int i;
+    if (APR_SUCCESS != (rv =  md_calc_md_list(p, plog, ptemp, s))) {
+        return rv;
+    }
 
-    (void)plog;
     md_config_post_config(s, p);
     sc = md_config_get(s);
     mc = sc->mc;
-    
+
     /* Synchronize the definitions we now have with the store via a registry (reg). */
     if (APR_SUCCESS != (rv = setup_reg(&reg, p, s, mc->can_http, mc->can_https))) {
         ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(10072)
                      "setup md registry");
         goto out;
     }
+    
+    if (dry_run) {
+        /* enough done in this case */
+        return APR_SUCCESS;
+    }
+    
     if (APR_SUCCESS != (rv = md_reg_sync(reg, p, ptemp, mc->mds))) {
         ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(10073)
                      "synching %d mds to registry", mc->mds->nelts);
@@ -1368,7 +1386,6 @@ static void md_hooks(apr_pool_t *pool)
     
     /* Run once after configuration is set, before mod_ssl.
      */
-    ap_hook_check_config(md_check_config, NULL, mod_ssl, APR_HOOK_MIDDLE);
     ap_hook_post_config(md_post_config, NULL, mod_ssl, APR_HOOK_MIDDLE);
     
     /* Run once after a child process has been created.