-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_md: v0.9.7
+ - Use of the new module flag
+ - Removed obsolete function from interface to mod_ssl.
+ - Fallback certificates has version set and no longer claims to be a CA. (re issue #32)
+ - MDRequireHttps now happens before any Redirect.
+ [Stefan Eissing]
+
*) mod_authz_dbd: fix a segmentation fault if AuthzDBDQuery is not set.
PR 61546 [Lubos Uhliarik <luhliari redhat.com>]
};
static apr_status_t problem_status_get(const char *type) {
- int i;
+ size_t i;
if (strstr(type, "urn:ietf:params:") == type) {
type += strlen("urn:ietf:params:");
md_json_t *jbody, void *baton)
{
json_ctx *ctx = baton;
-
+
+ (void)acme;
+ (void)p;
+ (void)headers;
ctx->json = md_json_clone(ctx->pool, jbody);
return APR_SUCCESS;
}
* Get the local name of the account currently used by the acme instance.
* Will be NULL if no account has been setup successfully.
*/
-const char *md_acme_get_acct(md_acme_t *acme, apr_pool_t *p);
+const char *md_acme_get_acct_id(md_acme_t *acme);
/**
* Agree to the given Terms-of-Service url for the current account.
}
-static void md_acme_acct_free(md_acme_acct_t *acct)
-{
-}
-
static const char *mk_acct_id(apr_pool_t *p, md_acme_t *acme, int i)
{
return apr_psprintf(p, "ACME-%s-%04d", acme->sname, i);
md_store_vtype_t vtype, void *value, apr_pool_t *ptemp)
{
find_ctx *ctx = baton;
- md_json_t *json = value;
int disabled;
const char *ca_url, *id;
- id = md_json_gets(json, MD_KEY_ID, NULL);
- disabled = md_json_getb(json, MD_KEY_DISABLED, NULL);
- ca_url = md_json_gets(json, MD_KEY_CA_URL, NULL);
-
- if (!disabled && ca_url && !strcmp(ctx->acme->url, ca_url)) {
- md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, ctx->p,
- "found account %s for %s: %s, disabled=%d, ca-url=%s",
- name, ctx->acme->url, id, disabled, ca_url);
- ctx->id = id;
- return 0;
+ (void)aspect;
+ (void)ptemp;
+ if (MD_SV_JSON == vtype) {
+ md_json_t *json = value;
+
+ id = md_json_gets(json, MD_KEY_ID, NULL);
+ disabled = md_json_getb(json, MD_KEY_DISABLED, NULL);
+ ca_url = md_json_gets(json, MD_KEY_CA_URL, NULL);
+
+ if (!disabled && ca_url && !strcmp(ctx->acme->url, ca_url)) {
+ md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, ctx->p,
+ "found account %s for %s: %s, disabled=%d, ca-url=%s",
+ name, ctx->acme->url, id, disabled, ca_url);
+ ctx->id = id;
+ return 0;
+ }
}
return 1;
}
out:
if (APR_SUCCESS != rv && acme->acct) {
- md_acme_acct_free(acme->acct);
acme->acct = NULL;
}
return rv;
{
md_json_t *jpayload;
+ (void)baton;
jpayload = md_json_create(req->p);
md_json_sets("reg", jpayload, MD_KEY_RESOURCE, NULL);
const char *body_str;
const char *tos_required;
+ (void)p;
+ (void)baton;
apr_array_clear(acct->contacts);
md_json_getsa(acct->contacts, body, MD_KEY_CONTACT, NULL);
acct->registration = md_json_clone(acme->p, body);
return rv;
}
-const char *md_acme_get_acct(md_acme_t *acme, apr_pool_t *p)
+const char *md_acme_get_acct_id(md_acme_t *acme)
{
return acme->acct? acme->acct->id : NULL;
}
{
md_json_t *jpayload;
+ (void)baton;
jpayload = md_json_create(req->p);
md_json_sets("reg", jpayload, MD_KEY_RESOURCE, NULL);
md_json_setb(1, jpayload, "delete", NULL);
{
md_store_t *store = baton;
apr_status_t rv = APR_SUCCESS;
-
+
+ (void)hdrs;
+ (void)body;
md_log_perror(MD_LOG_MARK, MD_LOG_INFO, 0, p, "deleted account %s", acme->acct->url);
if (store) {
rv = md_acme_unstore_acct(store, p, acme->acct->id);
{
md_acme_acct_t *acct = acme->acct;
+ (void)p;
if (!acct) {
return APR_EINVAL;
}
return authz;
}
-md_acme_authz_set_t *md_acme_authz_set_create(apr_pool_t *p, md_acme_t *acme)
+md_acme_authz_set_t *md_acme_authz_set_create(apr_pool_t *p)
{
md_acme_authz_set_t *authz_set;
const char *location = apr_table_get(hdrs, "location");
apr_status_t rv = APR_SUCCESS;
+ (void)acme;
+ (void)p;
if (location) {
ctx->authz = md_acme_authz_create(ctx->p);
ctx->authz->domain = apr_pstrdup(ctx->p, ctx->domain);
apr_status_t rv;
authz_req_ctx ctx;
+ (void)store;
authz_req_ctx_init(&ctx, acme, domain, NULL, p);
md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, acme->p, "create new authz");
const char *s;
apr_status_t rv;
+ (void)store;
assert(acme);
assert(acme->http);
assert(authz);
{
authz_req_ctx *ctx = baton;
+ (void)acme;
+ (void)p;
+ (void)hdrs;
+ (void)body;
md_log_perror(MD_LOG_MARK, MD_LOG_INFO, 0, ctx->p, "updated authz %s", ctx->authz->location);
return APR_SUCCESS;
}
const char *thumb64, *key_authz;
apr_status_t rv;
+ (void)authz;
assert(cha);
assert(cha->token);
apr_status_t rv;
int notify_server;
+ (void)key_spec;
if (APR_SUCCESS != (rv = setup_key_authz(cha, authz, acme, p, ¬ify_server))) {
goto out;
}
static apr_status_t collect_offered(void *baton, size_t index, md_json_t *json)
{
cha_find_ctx *ctx = baton;
+ const char *ctype;
- const char *ctype = md_json_gets(json, MD_KEY_TYPE, NULL);
- if (ctype) {
+ (void)index;
+ if ((ctype = md_json_gets(json, MD_KEY_TYPE, NULL))) {
APR_ARRAY_PUSH(ctx->offered, const char*) = apr_pstrdup(ctx->p, ctype);
}
return 1;
md_pkey_spec_t *key_spec, apr_pool_t *p)
{
apr_status_t rv;
- unsigned int i;
+ int i;
cha_find_ctx fctx;
assert(acme);
return rv;
}
- for (i = 0; i < CHA_TYPES_LEN; ++i) {
+ for (i = 0; i < (int)CHA_TYPES_LEN; ++i) {
if (!apr_strnatcasecmp(CHA_TYPES[i].name, fctx.accepted->type)) {
return CHA_TYPES[i].start(fctx.accepted, authz, acme, store, key_spec, p);
}
{
md_json_t *jpayload;
+ (void)baton;
jpayload = md_json_create(req->p);
md_json_sets("deactivated", jpayload, MD_KEY_STATUS, NULL);
{
authz_req_ctx *ctx = baton;
+ (void)p;
+ (void)body;
+ (void)hdrs;
md_log_perror(MD_LOG_MARK, MD_LOG_INFO, 0, ctx->p, "deleted authz %s", ctx->authz->location);
acme->acct = NULL;
return APR_SUCCESS;
{
authz_req_ctx ctx;
+ (void)store;
ctx.p = p;
ctx.authz = authz;
static apr_status_t authz_to_json(void *value, md_json_t *json, apr_pool_t *p, void *baton)
{
+ (void)baton;
return md_json_setj(md_acme_authz_to_json(value, p), json, NULL);
}
static apr_status_t authz_from_json(void **pvalue, md_json_t *json, apr_pool_t *p, void *baton)
{
+ (void)baton;
*pvalue = md_acme_authz_from_json(json, p);
return (*pvalue)? APR_SUCCESS : APR_EINVAL;
}
md_acme_authz_set_t *md_acme_authz_set_from_json(md_json_t *json, apr_pool_t *p)
{
- md_acme_authz_set_t *set = md_acme_authz_set_create(p, NULL);
+ md_acme_authz_set_t *set = md_acme_authz_set_create(p);
if (set) {
md_json_geta(set->authzs, authz_from_json, NULL, json, MD_KEY_AUTHZS, NULL);
return set;
md_acme_authz_set_t *set;
const char *md_name;
int create;
-
+
+ (void)p;
group = (md_store_group_t)va_arg(ap, int);
md_name = va_arg(ap, const char *);
set = va_arg(ap, md_acme_authz_set_t *);
struct apr_array_header_t *authzs;
};
-md_acme_authz_set_t *md_acme_authz_set_create(apr_pool_t *p, struct md_acme_t *acme);
+md_acme_authz_set_t *md_acme_authz_set_create(apr_pool_t *p);
md_acme_authz_t *md_acme_authz_set_get(md_acme_authz_set_t *set, const char *domain);
apr_status_t md_acme_authz_set_add(md_acme_authz_set_t *set, md_acme_authz_t *authz);
apr_status_t md_acme_authz_set_remove(md_acme_authz_set_t *set, const char *domain);
md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, d->p, "%s: looking at existing accounts",
d->proto->protocol);
if (APR_SUCCESS == md_acme_find_acct(ad->acme, d->store, d->p)) {
- md->ca_account = md_acme_get_acct(ad->acme, d->p);
+ md->ca_account = md_acme_get_acct_id(ad->acme);
update = 1;
}
}
*/
rv = md_acme_authz_set_load(d->store, MD_SG_STAGING, md->name, &ad->authz_set, d->p);
if (!ad->authz_set || APR_STATUS_IS_ENOENT(rv)) {
- ad->authz_set = md_acme_authz_set_create(d->p, ad->acme);
+ ad->authz_set = md_acme_authz_set_create(d->p);
rv = APR_SUCCESS;
}
else if (APR_SUCCESS != rv) {
return rv;
}
-static apr_status_t check_challenges(void *baton, int attemmpt)
+static apr_status_t check_challenges(void *baton, int attempt)
{
md_proto_driver_t *d = baton;
md_acme_driver_t *ad = d->baton;
for (i = 0; i < ad->authz_set->authzs->nelts && APR_SUCCESS == rv; ++i) {
authz = APR_ARRAY_IDX(ad->authz_set->authzs, i, md_acme_authz_t*);
- md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, d->p, "%s: check AUTHZ for %s",
- ad->md->name, authz->domain);
+ md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, d->p, "%s: check AUTHZ for %s(%d. attempt)",
+ ad->md->name, authz->domain, attempt);
if (APR_SUCCESS == (rv = md_acme_authz_update(authz, ad->acme, d->store, d->p))) {
switch (authz->state) {
case MD_ACME_AUTHZ_S_VALID:
md_acme_driver_t *ad = d->baton;
apr_status_t rv = APR_SUCCESS;
-
+ (void)acme;
if (APR_SUCCESS == (rv = read_http_cert(&ad->cert, d->p, res))) {
rv = md_store_save(d->store, d->p, MD_SG_STAGING, ad->md->name, MD_FN_CERT,
MD_SV_CERT, ad->cert, 0);
md_proto_driver_t *d = baton;
md_acme_driver_t *ad = d->baton;
+ (void)attempt;
return md_acme_GET(ad->acme, ad->md->cert_url, NULL, NULL, on_got_cert, d);
}
md_acme_driver_t *ad = d->baton;
apr_status_t rv = APR_SUCCESS;
+ (void)acme;
ad->md->cert_url = apr_table_get(res->headers, "location");
if (!ad->md->cert_url) {
md_log_perror(MD_LOG_MARK, MD_LOG_ERR, APR_EINVAL, d->p,
md_cert_t *cert;
const char *ct;
+ (void)acme;
ct = apr_table_get(res->headers, "Content-Type");
if (ct && !strcmp("application/x-pkcs7-mime", ct)) {
/* root cert most likely, end it here */
md_cert_t *cert;
const char *url, *last_url = NULL;
apr_status_t rv = APR_SUCCESS;
-
+
while (APR_SUCCESS == rv && ad->chain->nelts < 10) {
int nelts = ad->chain->nelts;
if (ad->chain && nelts > 0) {
}
}
md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, rv, d->p,
- "got chain with %d certs", ad->chain->nelts);
+ "got chain with %d certs (%d. attempt)", ad->chain->nelts, attempt);
return rv;
}
apr_status_t md_acme_protos_add(apr_hash_t *protos, apr_pool_t *p)
{
+ (void)p;
apr_hash_set(protos, MD_PROTO_ACME, sizeof(MD_PROTO_ACME)-1, &ACME_PROTO);
return APR_SUCCESS;
}
if (APR_SUCCESS == (rv = md_acme_create_acct(ctx->acme, ctx->p, contacts, ctx->tos))) {
md_acme_save(ctx->acme, ctx->store, ctx->p);
- fprintf(stdout, "registered: %s\n", md_acme_get_acct(ctx->acme, ctx->p));
+ fprintf(stdout, "registered: %s\n", md_acme_get_acct_id(ctx->acme));
}
else {
md_log_perror(MD_LOG_MARK, MD_LOG_ERR, rv, ctx->p, "register new account");
apr_status_t rv = APR_SUCCESS;
int i;
+ (void)cmd;
for (i = 0; i < ctx->argc; ++i) {
rv = acct_agree_tos(ctx, ctx->argv[i], ctx->tos, ctx->p);
if (rv != APR_SUCCESS) {
apr_status_t rv = APR_SUCCESS;
int i;
+ (void)cmd;
for (i = 0; i < ctx->argc; ++i) {
rv = acct_validate(ctx, ctx->argv[i], ctx->p);
if (rv != APR_SUCCESS) {
apr_status_t rv = APR_SUCCESS;
int i;
+ (void)cmd;
for (i = 0; i < ctx->argc; ++i) {
rv = acme_delreg(ctx, ctx->argv[i], ctx->p);
if (rv != APR_SUCCESS) {
{
apr_status_t rv;
md_acme_authz_t *authz;
-
+
+ (void)acct;
rv = md_acme_authz_register(&authz, ctx->acme, ctx->store, domain, ctx->p);
if (rv == APR_SUCCESS) {
static int log_is_level(void *baton, apr_pool_t *p, md_log_level_t level)
{
+ (void)baton;
+ (void)p;
return level <= active_level;
}
static int pool_abort(int rv)
{
+ (void)rv;
abort();
}
md_t *md;
apr_status_t rv;
+ (void)cmd;
md = md_create(ctx->p, md_cmd_gather_args(ctx, 0));
if (md->domains->nelts == 0) {
return APR_EINVAL;
{
apr_array_header_t *mdlist = baton;
+ (void)reg;
APR_ARRAY_PUSH(mdlist, const md_t *) = md;
return 1;
}
const md_t *md;
int i;
+ (void)cmd;
if (ctx->argc > 0) {
for (i = 0; i < ctx->argc; ++i) {
name = ctx->argv[i];
apr_status_t rv;
int i;
+ (void)cmd;
md_log_perror(MD_LOG_MARK, MD_LOG_TRACE4, 0, ctx->p, "drive do");
if (ctx->argc > 0) {
for (i = 0; i < ctx->argc; ++i) {
rv = APR_SUCCESS;
for (i = 0; i < mdlist->nelts; ++i) {
- md_t *md = APR_ARRAY_IDX(mdlist, i, md_t*);
+ md = APR_ARRAY_IDX(mdlist, i, md_t*);
if (APR_SUCCESS != (rv = assess_and_drive(ctx, md))) {
break;
}
md_t *md, *nmd;
apr_status_t rv;
+ (void)cmd;
md = md_create(ctx->p, md_cmd_gather_args(ctx, 0));
if (md->domains->nelts == 0) {
return APR_EINVAL;
static apr_status_t opts_remove(md_cmd_ctx *ctx, int option, const char *optarg)
{
+ (void)optarg;
switch (option) {
case 'f':
md_cmd_ctx_set_option(ctx, "force", "1");
static int list_md(void *baton, md_store_t *store, md_t *md, apr_pool_t *ptemp)
{
+ (void)store;
+ (void)ptemp;
md_cmd_print_md(baton, md);
return 1;
}
static apr_status_t cmd_list(md_cmd_ctx *ctx, const md_cmd_t *cmd)
{
+ (void)cmd;
return md_store_md_iter(list_md, ctx, ctx->store, ctx->p, MD_SG_DOMAINS, "*");
}
static void seed_RAND(int pid)
{
char seed[128];
+
+ (void)pid;
arc4random_buf(seed, sizeof(seed));
RAND_seed(seed, sizeof(seed));
}
/*
* seed in some current state of the run-time stack (128 bytes)
*/
-#if HAVE_VALGRIND && 0
- if (ssl_running_on_valgrind) {
- VALGRIND_MAKE_MEM_DEFINED(stackdata, sizeof(stackdata));
- }
-#endif
n = rand_choosenum(0, sizeof(stackdata)-128-1);
RAND_seed(stackdata+n, 128);
}
typedef struct {
char *data;
apr_size_t len;
-} buffer;
+} buffer_rec;
static apr_status_t fwrite_buffer(void *baton, apr_file_t *f, apr_pool_t *p)
{
- buffer *buf = baton;
+ buffer_rec *buf = baton;
+
+ (void)p;
return apr_file_write_full(f, buf->data, buf->len, &buf->len);
}
static int pem_passwd(char *buf, int size, int rwflag, void *baton)
{
passwd_ctx *ctx = baton;
+
+ (void)rwflag;
if (ctx->pass_len > 0) {
if (ctx->pass_len < size) {
size = (int)ctx->pass_len;
case MD_PKEY_TYPE_RSA:
md_json_sets("RSA", json, MD_KEY_TYPE, NULL);
if (spec->params.rsa.bits >= MD_PKEY_RSA_BITS_MIN) {
- md_json_setl(spec->params.rsa.bits, json, MD_KEY_BITS, NULL);
+ md_json_setl((long)spec->params.rsa.bits, json, MD_KEY_BITS, NULL);
}
break;
default:
return rv;
}
-static apr_status_t pkey_to_buffer(buffer *buffer, md_pkey_t *pkey, apr_pool_t *p,
+static apr_status_t pkey_to_buffer(buffer_rec *buffer, md_pkey_t *pkey, apr_pool_t *p,
const char *pass, apr_size_t pass_len)
{
BIO *bio = BIO_new(BIO_s_mem());
const char *pass_phrase, apr_size_t pass_len,
const char *fname, apr_fileperms_t perms)
{
- buffer buffer;
+ buffer_rec buffer;
apr_status_t rv;
if (APR_SUCCESS == (rv = pkey_to_buffer(&buffer, pkey, p, pass_phrase, pass_len))) {
unsigned char *buffer;
size_t blen;
apr_status_t rv;
- int i;
+ unsigned int i;
if (APR_SUCCESS == (rv = sha256_digest(&buffer, &blen, p, d, dlen))) {
cp = dhex = apr_pcalloc(p, 2 * blen + 1);
return rv;
}
-static apr_status_t cert_to_buffer(buffer *buffer, md_cert_t *cert, apr_pool_t *p)
+static apr_status_t cert_to_buffer(buffer_rec *buffer, md_cert_t *cert, apr_pool_t *p)
{
BIO *bio = BIO_new(BIO_s_mem());
int i;
apr_status_t md_cert_fsave(md_cert_t *cert, apr_pool_t *p,
const char *fname, apr_fileperms_t perms)
{
- buffer buffer;
+ buffer_rec buffer;
apr_status_t rv;
if (APR_SUCCESS == (rv = cert_to_buffer(&buffer, cert, p))) {
apr_status_t md_cert_to_base64url(const char **ps64, md_cert_t *cert, apr_pool_t *p)
{
- buffer buffer;
+ buffer_rec buffer;
apr_status_t rv;
if (APR_SUCCESS == (rv = cert_to_buffer(&buffer, cert, p))) {
unsigned long err = 0;
int i;
+ (void)p;
rv = md_util_fopen(&f, fname, "w");
if (rv == APR_SUCCESS) {
apr_file_perms_set(fname, perms);
|| !(asn1_rnd = BN_to_ASN1_INTEGER(big_rnd, NULL))) {
md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "%s: setup random serial", cn);
rv = APR_EGENERAL; goto out;
- }
+ }
+
+ if (1 != X509_set_version(x, 2L)) {
+ md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "%s: setting x.509v3", cn);
+ rv = APR_EGENERAL; goto out;
+ }
+
if (!X509_set_serialNumber(x, asn1_rnd)) {
md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "%s: set serial number", cn);
rv = APR_EGENERAL; goto out;
rv = APR_EGENERAL; goto out;
}
/* cert are uncontrained (but not very trustworthy) */
- if (APR_SUCCESS != (rv = add_ext(x, NID_basic_constraints, "CA:TRUE, pathlen:0", p))) {
+ if (APR_SUCCESS != (rv = add_ext(x, NID_basic_constraints, "CA:FALSE, pathlen:0", p))) {
md_log_perror(MD_LOG_MARK, MD_LOG_ERR, rv, p, "%s: set basic constraints ext", cn);
goto out;
}
md_http_impl_t * md_curl_get_impl(apr_pool_t *p)
{
/* trigger early global curl init, before we are down a rabbit hole */
+ (void)p;
md_curl_init();
return &impl;
}
apr_status_t md_http_await(md_http_t *http, long req_id)
{
+ (void)http;
+ (void)req_id;
return APR_SUCCESS;
}
const char *md_log_level_name(md_log_level_t level)
{
- if ((int)level < (sizeof(level_names)/sizeof(level_names[0]))) {
- return level_names[level];
- }
- return "???";
+ return level_names[level];
}
static md_log_print_cb *log_printv;
int renew = 0;
int errored = 0;
+ (void)reg;
switch (md->state) {
case MD_S_UNKNOWN:
md_log_perror( MD_LOG_MARK, MD_LOG_ERR, 0, p, "md(%s): in unkown state.", md->name);
{
reg_do_ctx *ctx = baton;
+ (void)store;
if (!ctx->exclude || strcmp(ctx->exclude, md->name)) {
state_init(ctx->reg, ptemp, (md_t*)md, 1);
return ctx->cb(ctx->baton, ctx->reg, md);
{
find_domain_ctx *ctx = baton;
+ (void)reg;
if (md_contains(md, ctx->domain, 0)) {
ctx->md = md;
return 0;
find_overlap_ctx *ctx = baton;
const char *overlap;
+ (void)reg;
if ((overlap = md_common_name(ctx->md_checked, md))) {
ctx->md = md;
ctx->s = overlap;
{
sync_ctx *ctx = baton;
+ (void)store;
+ (void)ptemp;
APR_ARRAY_PUSH(ctx->store_mds, const md_t*) = md_clone(ctx->p, md);
return 1;
}
apr_time_t *pvalid_from;
apr_status_t rv;
+ (void)p;
proto = va_arg(ap, const md_proto_t *);
md = va_arg(ap, const md_t *);
challenge = va_arg(ap, const char *);
const char *md_store_group_name(int group)
{
- if (group < sizeof(GROUP_NAME)/sizeof(GROUP_NAME[0])) {
+ if ((size_t)group < sizeof(GROUP_NAME)/sizeof(GROUP_NAME[0])) {
return GROUP_NAME[group];
}
return "UNKNOWN";
const char *name;
int force;
+ (void)p;
name = va_arg(ap, const char *);
force = va_arg(ap, int);
const char *from, *to;
apr_status_t rv = APR_SUCCESS;
+ (void)baton;
+ (void)ftype;
if (APR_SUCCESS == (rv = md_util_path_merge(&from, ptemp, dir, name, NULL))
&& APR_SUCCESS == (rv = md_util_path_merge(&to, ptemp, dir, MD_FN_PRIVKEY, NULL))) {
md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, p, "renaming %s/%s to %s",
const char *fname, *fpubcert;
apr_status_t rv = APR_SUCCESS;
+ (void)baton;
+ (void)ftype;
+ (void)p;
if ( APR_SUCCESS == (rv = md_util_path_merge(&fpubcert, ptemp, dir, MD_FN_PUBCERT, NULL))
&& APR_STATUS_IS_ENOENT((rv = md_chain_fload(&pubcert, ptemp, fpubcert)))
&& APR_SUCCESS == (rv = md_util_path_merge(&fname, ptemp, dir, name, NULL))
md_store_group_t g;
apr_status_t rv = APR_SUCCESS;
+ (void)ptemp;
/* Migrate pkey.pem -> privkey.pem */
for (g = MD_SG_NONE; g < MD_SG_COUNT && APR_SUCCESS == rv; ++g) {
rv = md_util_files_do(rename_pkey, s_fs, p, s_fs->base,
const char *fname;
apr_status_t rv;
+ (void)ap;
s_fs->plain_pkey[MD_SG_DOMAINS] = 1;
s_fs->plain_pkey[MD_SG_TMP] = 1;
static apr_status_t dispatch(md_store_fs_t *s_fs, md_store_fs_ev_t ev, int group,
const char *fname, apr_filetype_e ftype, apr_pool_t *p)
{
+ (void)ev;
if (s_fs->event_cb) {
return s_fs->event_cb(s_fs->event_baton, &s_fs->s, MD_S_FS_EV_CREATED,
group, fname, ftype, p);
int *pnewer;
apr_status_t rv;
+ (void)p;
group1 = (md_store_group_t)va_arg(ap, int);
group2 = (md_store_group_t)va_arg(ap, int);
name = va_arg(ap, const char*);
apr_finfo_t info;
md_store_group_t group;
+ (void)p;
group = (md_store_group_t)va_arg(ap, int);
name = va_arg(ap, const char*);
aspect = va_arg(ap, const char *);
md_store_group_t group;
apr_status_t rv;
+ (void)p;
group = (md_store_group_t)va_arg(ap, int);
name = va_arg(ap, const char*);
apr_status_t rv;
void *value;
const char *fpath;
-
+
+ (void)ftype;
md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, ptemp, "inspecting value at: %s/%s", dir, name);
if (APR_SUCCESS == (rv = md_util_path_merge(&fpath, ptemp, dir, name, NULL))) {
rv = fs_fload(&value, ctx->s_fs, fpath, ctx->group, ctx->vtype, p, ptemp);
int archive;
apr_status_t rv;
+ (void)p;
from = (md_store_group_t)va_arg(ap, int);
to = (md_store_group_t)va_arg(ap, int);
name = va_arg(ap, const char*);
{
const char *text = baton;
apr_size_t len = strlen(text);
+
+ (void)p;
return apr_file_write_full(f, text, len, &len);
}
static apr_status_t prm_recursive(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap)
{
int max_level = va_arg(ap, int);
+
+ (void)p;
return rm_recursive(baton, ptemp, max_level);
}
apr_status_t rv;
const char *fpath;
+ (void)baton;
+ (void)p;
rv = md_util_path_merge(&fpath, ptemp, path, name, NULL);
if (APR_SUCCESS == rv) {
if (APR_DIR == ftype) {
* @macro
* Version number of the md module as c string
*/
-#define MOD_MD_VERSION "0.9.6"
+#define MOD_MD_VERSION "0.9.7-git"
/**
* @macro
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_MD_VERSION_NUM 0x000906
+#define MOD_MD_VERSION_NUM 0x000907
#define MD_EXPERIMENTAL 0
#define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory"
#include <apr_strings.h>
#include <ap_release.h>
+#ifndef AP_ENABLE_EXCEPTION_HOOK
+#define AP_ENABLE_EXCEPTION_HOOK 0
+#endif
#include <mpm_common.h>
#include <httpd.h>
#include <http_core.h>
md_config_create_svr, /* func to create per server config */
md_config_merge_svr, /* func to merge per server config */
md_cmds, /* command handlers */
- md_hooks
+ md_hooks,
+#if defined(AP_MODULE_FLAG_NONE)
+ AP_MODULE_FLAG_ALWAYS_MERGE
+#endif
};
static void md_merge_srv(md_t *md, md_srv_conf_t *base_sc, apr_pool_t *p)
apr_sockaddr_t *sa;
int i, j;
+ (void)plog;
sc = md_config_get(base_server);
mc = sc->mc;
server_rec *s = baton;
apr_status_t rv;
+ (void)store;
ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s, "store event=%d on %s %s (group %d)",
ev, (ftype == APR_DIR)? "dir" : "file", fname, group);
static int log_is_level(void *baton, apr_pool_t *p, md_log_level_t level)
{
+ (void)baton;
+ (void)p;
if (log_server) {
- return APLOG_IS_LEVEL(log_server, level);
+ return APLOG_IS_LEVEL(log_server, (int)level);
}
return level <= MD_LOG_INFO;
}
apr_pool_userdata_set((const void *)1, mod_md_init_key,
apr_pool_cleanup_null, s->process->pool);
}
- else {
- ap_log_error( APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(10071)
- "mod_md (v%s), initializing...", MOD_MD_VERSION);
- }
+
+ ap_log_error( APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(10071)
+ "mod_md (v%s), initializing...", MOD_MD_VERSION);
init_setups(p, s);
md_log_set(log_is_level, log_print, NULL);
apr_status_t rv = APR_SUCCESS;
int i;
+ (void)plog;
md_config_post_config(s, p);
sc = md_config_get(s);
mc = sc->mc;
return rv;
}
-static apr_status_t md_get_credentials(server_rec *s, apr_pool_t *p,
- const char **pkeyfile, const char **pcertfile,
- const char **pchainfile)
-{
- *pchainfile = NULL;
- return md_get_certificate(s, p, pkeyfile, pcertfile);
-}
-
static int md_is_challenge(conn_rec *c, const char *servername,
X509 **pcert, EVP_PKEY **pkey)
{
*/
static void md_child_init(apr_pool_t *pool, server_rec *s)
{
+ (void)pool;
+ (void)s;
}
/* Install this module into the apache2 infrastructure.
ap_hook_child_init(md_child_init, NULL, mod_ssl, APR_HOOK_MIDDLE);
/* answer challenges *very* early, before any configured authentication may strike */
+ ap_hook_post_read_request(md_require_https_maybe, NULL, NULL, APR_HOOK_FIRST);
ap_hook_post_read_request(md_http_challenge_pr, NULL, NULL, APR_HOOK_MIDDLE);
- /* redirect to https if configured */
- ap_hook_fixups(md_require_https_maybe, NULL, NULL, APR_HOOK_LAST);
APR_REGISTER_OPTIONAL_FN(md_is_managed);
APR_REGISTER_OPTIONAL_FN(md_get_certificate);
- APR_REGISTER_OPTIONAL_FN(md_get_credentials);
APR_REGISTER_OPTIONAL_FN(md_is_challenge);
}
const char **pkeyfile,
const char **pcertfile));
-/* previous version for md_get_certificate, to be phased out soon */
-APR_DECLARE_OPTIONAL_FN(apr_status_t,
- md_get_credentials, (struct server_rec *, apr_pool_t *,
- const char **pkeyfile,
- const char **pcertfile,
- const char **pchainfile));
-
APR_DECLARE_OPTIONAL_FN(int,
md_is_challenge, (struct conn_rec *, const char *,
X509 **pcert, EVP_PKEY **pkey));
nsc = (md_srv_conf_t *)apr_pcalloc(pool, sizeof(md_srv_conf_t));
nsc->name = name;
+ nsc->mc = add->mc? add->mc : base->mc;
+ nsc->assigned = add->assigned? add->assigned : base->assigned;
nsc->transitive = (add->transitive != DEF_VAL)? add->transitive : base->transitive;
nsc->require_https = (add->require_https != MD_REQUIRE_UNSET)? add->require_https : base->require_https;
apr_array_header_t *domains;
md_t *md;
int transitive = -1;
-
+
+ (void)mconfig;
if ((err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
}
const char *err;
int i;
+ (void)dc;
if (NULL != (err = md_section_check(cmd, MD_CMD_MD_SECTION))) {
if (argc == 1) {
/* only these values are allowed outside a section */
return NULL;
}
-static const char *md_config_set_names(cmd_parms *cmd, void *arg,
+static const char *md_config_set_names(cmd_parms *cmd, void *dc,
int argc, char *const argv[])
{
md_srv_conf_t *sc = md_config_get(cmd->server);
md_t *md;
int i, transitive = -1;
+ (void)dc;
err = ap_check_cmd_context(cmd, NOT_IN_DIR_LOC_FILE);
if (err) {
return err;
md_srv_conf_t *sc = md_config_get(cmd->server);
const char *err;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
md_srv_conf_t *config = md_config_get(cmd->server);
const char *err;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
md_srv_conf_t *config = md_config_get(cmd->server);
const char *err;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
const char *err;
md_drive_mode_t drive_mode;
+ (void)dc;
if (!apr_strnatcasecmp("auto", value) || !apr_strnatcasecmp("automatic", value)) {
drive_mode = MD_DRIVE_AUTO;
}
md_srv_conf_t *config = md_config_get(cmd->server);
const char *err;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
md_srv_conf_t *config = md_config_get(cmd->server);
const char *err;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
apr_interval_time_t timeout;
int percent;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
const char *err;
int i;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
return NULL;
}
-static const char *md_config_set_pkeys(cmd_parms *cmd, void *arg,
+static const char *md_config_set_pkeys(cmd_parms *cmd, void *dc,
int argc, char *const argv[])
{
md_srv_conf_t *config = md_config_get(cmd->server);
const char *err, *ptype;
apr_int64_t bits;
+ (void)dc;
if (!inside_section(cmd, MD_CMD_MD_SECTION)
&& (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) {
return err;
#include <assert.h>
#include <apr_strings.h>
+#ifndef AP_ENABLE_EXCEPTION_HOOK
+#define AP_ENABLE_EXCEPTION_HOOK 0
+#endif
+
#include <mpm_common.h>
#include <httpd.h>
#include <http_log.h>
{
apr_status_t rv;
+ (void)p;
+ (void)s;
rv = (kill(getppid(), AP_SIG_GRACEFUL) < 0)? APR_ENOTIMPL : APR_SUCCESS;
ap_log_error(APLOG_MARK, APLOG_TRACE1, errno, NULL, "sent signal to parent");
return rv;
projects / apache / commitdiff