From: Stefan Eissing Date: Wed, 20 Dec 2017 20:38:00 +0000 (+0000) Subject: On the trunk: X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7e26c33fb3aa7f038a37e1d308254ff005b9087e;p=apache On the trunk: mod_md: fixed mem pool usage for auto-added server names. Added error logging of exact ACME response when challenges failed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1818849 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index b2bf5ab623..998f4556de 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_md: fixed mem pool usage for auto-added server names. Added + error logging of exact ACME response when challenges failed. + [Stefan Eissing] + *) mpm_event: close connections not reported as handled by any module to avoid losing track of them and leaking scoreboard entries. PR 61551. [Yann Ylavic] diff --git a/modules/md/md_acme_authz.c b/modules/md/md_acme_authz.c index 549abdb3be..68fdc36801 100644 --- a/modules/md/md_acme_authz.c +++ b/modules/md/md_acme_authz.c @@ -235,13 +235,25 @@ apr_status_t md_acme_authz_update(md_acme_authz_t *authz, md_acme_t *acme, } else if (s && !strcmp(s, "valid")) { authz->state = MD_ACME_AUTHZ_S_VALID; + if (md_log_is_level(p, MD_LOG_DEBUG)) { + md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, p, "ACME server validated challenge " + "for %s in %s, ACME response is: %s", + authz->domain, authz->location, + md_json_writep(json, p, MD_JSON_FMT_COMPACT)); + } } else if (s && !strcmp(s, "invalid")) { authz->state = MD_ACME_AUTHZ_S_INVALID; + md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "ACME server reports challenge " + "for %s in %s as 'invalid', ACME response is: %s", + authz->domain, authz->location, + md_json_writep(json, p, MD_JSON_FMT_COMPACT)); } else if (s) { - md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, 0, p, "unknown authz state '%s' " - "for %s in %s", s, authz->domain, authz->location); + md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "ACME server reports unrecognized " + "authz state '%s' for %s in %s, ACME response is: %s", + s, authz->domain, authz->location, + md_json_writep(json, p, MD_JSON_FMT_COMPACT)); return APR_EINVAL; } return rv; diff --git a/modules/md/md_version.h b/modules/md/md_version.h index f11d130987..7b0b428671 100644 --- a/modules/md/md_version.h +++ b/modules/md/md_version.h @@ -26,7 +26,7 @@ * @macro * Version number of the md module as c string */ -#define MOD_MD_VERSION "1.1.2" +#define MOD_MD_VERSION "1.1.4" /** * @macro @@ -34,7 +34,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_MD_VERSION_NUM 0x010102 +#define MOD_MD_VERSION_NUM 0x010104 #define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory" diff --git a/modules/md/mod_md.c b/modules/md/mod_md.c index 996b5b93ce..718b41d32d 100644 --- a/modules/md/mod_md.c +++ b/modules/md/mod_md.c @@ -250,7 +250,7 @@ static apr_status_t assign_to_servers(md_t *md, server_rec *base_server, * If mode is "manual", a generated certificate will not match * all necessary names. */ if ((!mc->local_80 || !uses_port_only(s, mc->local_80)) - && APR_SUCCESS != (rv = md_covers_server(md, s, ptemp))) { + && APR_SUCCESS != (rv = md_covers_server(md, s, p))) { return rv; }