From 7250b0dccde402cc5d5e1ac8e8b5685da2ec9f34 Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Thu, 14 Dec 2017 12:44:44 +0000 Subject: [PATCH] On the 2.4.x-mod_md branch: Merge of r1818120 from trunk. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-mod_md@1818123 13f79535-47bb-0310-9956-ffa450edef68 --- modules/md/md_acme.c | 12 ++++++++++ modules/md/md_version.h | 4 ++-- modules/md/mod_md_config.c | 46 +++++++++++++++++++------------------- 3 files changed, 37 insertions(+), 25 deletions(-) diff --git a/modules/md/md_acme.c b/modules/md/md_acme.c index 90bdf3ce32..cf0589d683 100644 --- a/modules/md/md_acme.c +++ b/modules/md/md_acme.c @@ -154,6 +154,16 @@ apr_status_t md_acme_setup(md_acme_t *acme) } rv = APR_EINVAL; } + else { + md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, 0, acme->p, "unsuccessful in contacting ACME " + "server at %s. If this problem persists, please check your network " + "connectivity from your Apache server to the ACME server. Also, older " + "servers might have trouble verifying the certificates of the ACME " + "server. You can check if you are able to contact it manually via the " + "curl command. Sometimes, the ACME server might be down for maintenance, " + "so failing to contact it is not an immediate problem. mod_md will " + "continue retrying this.", acme->url); + } return rv; } @@ -379,6 +389,8 @@ static apr_status_t md_acme_req_send(md_acme_req_t *req) } if (!acme->nonce) { if (APR_SUCCESS != (rv = md_acme_new_nonce(acme))) { + md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, rv, req->p, + "error retrieving new nonce from ACME server"); return rv; } } diff --git a/modules/md/md_version.h b/modules/md/md_version.h index 16b60025df..d08b927ab4 100644 --- a/modules/md/md_version.h +++ b/modules/md/md_version.h @@ -26,7 +26,7 @@ * @macro * Version number of the md module as c string */ -#define MOD_MD_VERSION "1.1.0-git" +#define MOD_MD_VERSION "1.1.1" /** * @macro @@ -34,7 +34,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_MD_VERSION_NUM 0x010100 +#define MOD_MD_VERSION_NUM 0x010101 #define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory" diff --git a/modules/md/mod_md_config.c b/modules/md/mod_md_config.c index 46464ccb20..aa3c13f203 100644 --- a/modules/md/mod_md_config.c +++ b/modules/md/mod_md_config.c @@ -31,7 +31,9 @@ #include "mod_md_config.h" #define MD_CMD_MD "MDomain" +#define MD_CMD_OLD_MD "ManagedDomain" #define MD_CMD_MD_SECTION "pool, cmd->cmd->name, " is only valid inside a '", - section, "' context, not here", NULL); +static int inside_md_section(cmd_parms *cmd) { + return (inside_section(cmd, MD_CMD_MD_SECTION) || inside_section(cmd, MD_CMD_MD_OLD_SECTION)); +} + +static const char *md_section_check(cmd_parms *cmd) { + if (!inside_md_section(cmd)) { + return apr_pstrcat(cmd->pool, cmd->cmd->name, " is only valid inside a '", + MD_CMD_MD_SECTION, "' context, not here", NULL); } return NULL; } @@ -319,7 +325,7 @@ static const char *md_config_sec_add_members(cmd_parms *cmd, void *dc, int i; (void)dc; - if (NULL != (err = md_section_check(cmd, MD_CMD_MD_SECTION))) { + if (NULL != (err = md_section_check(cmd))) { if (argc == 1) { /* only these values are allowed outside a section */ return set_transitive(&sc->transitive, argv[0]); @@ -382,8 +388,7 @@ static const char *md_config_set_ca(cmd_parms *cmd, void *dc, const char *value) const char *err; (void)dc; - if (!inside_section(cmd, MD_CMD_MD_SECTION) - && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { + if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; } sc->ca_url = value; @@ -396,8 +401,7 @@ static const char *md_config_set_ca_proto(cmd_parms *cmd, void *dc, const char * const char *err; (void)dc; - if (!inside_section(cmd, MD_CMD_MD_SECTION) - && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { + if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; } config->ca_proto = value; @@ -410,8 +414,7 @@ static const char *md_config_set_agreement(cmd_parms *cmd, void *dc, const char const char *err; (void)dc; - if (!inside_section(cmd, MD_CMD_MD_SECTION) - && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { + if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; } config->ca_agreement = value; @@ -438,8 +441,7 @@ static const char *md_config_set_drive_mode(cmd_parms *cmd, void *dc, const char return apr_pstrcat(cmd->pool, "unknown MDDriveMode ", value, NULL); } - if (!inside_section(cmd, MD_CMD_MD_SECTION) - && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { + if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; } config->drive_mode = drive_mode; @@ -452,8 +454,7 @@ static const char *md_config_set_must_staple(cmd_parms *cmd, void *dc, const cha const char *err; (void)dc; - if (!inside_section(cmd, MD_CMD_MD_SECTION) - && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { + if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; } @@ -476,8 +477,7 @@ static const char *md_config_set_require_https(cmd_parms *cmd, void *dc, const c const char *err; (void)dc; - if (!inside_section(cmd, MD_CMD_MD_SECTION) - && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { + if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; } @@ -559,7 +559,7 @@ static const char *md_config_set_renew_window(cmd_parms *cmd, void *dc, const ch int percent = 0; (void)dc; - if (!inside_section(cmd, MD_CMD_MD_SECTION) + if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; } @@ -676,7 +676,7 @@ static const char *md_config_set_cha_tyes(cmd_parms *cmd, void *dc, int i; (void)dc; - if (!inside_section(cmd, MD_CMD_MD_SECTION) + if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; } @@ -701,7 +701,7 @@ static const char *md_config_set_pkeys(cmd_parms *cmd, void *dc, apr_int64_t bits; (void)dc; - if (!inside_section(cmd, MD_CMD_MD_SECTION) + if (!inside_md_section(cmd) && (err = ap_check_cmd_context(cmd, GLOBAL_ONLY))) { return err; } @@ -817,10 +817,10 @@ const command_rec md_cmds[] = { "set the command to run when signup/renew of domain is complete."), /* This will disappear soon */ - AP_INIT_TAKE_ARGV( "ManagedDomain", md_config_set_names_old, NULL, RSRC_CONF, + AP_INIT_TAKE_ARGV( MD_CMD_OLD_MD, md_config_set_names_old, NULL, RSRC_CONF, "Deprecated, replace with 'MDomain'."), - AP_INIT_RAW_ARGS( "