From 75a73cc612a0e4475e7059d485db2b5f3844bcf4 Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Tue, 5 Nov 2019 10:22:33 +0000 Subject: [PATCH] Merged /httpd/httpd/trunk:r1869392 *) mod_md v2.2.3: - Configuring MDCAChallenges replaces any previous existing challenge configuration. It had been additive before which was not the intended behaviour. [@mkauf] - Fixing order of ACME challenges used when nothing else configured. Code now behaves as documented for `MDCAChallenges`. Fixes #156. Thanks again to @mkauf for finding this. - Fixing a potential, low memory null pointer dereference [thanks to @uhliarik]. - Fixing an incompatibility with a change in libcurl v7.66.0 that added unwanted "transfer-encoding" to POST requests. This failed in directy communication with Let's Encrypt boulder server. Thanks to @mkauf for finding and fixing. [Stefan Eissing] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1869394 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 10 ++++++++++ modules/md/md_acme_drive.c | 2 +- modules/md/md_curl.c | 6 ++++++ modules/md/md_http.c | 16 +--------------- modules/md/md_version.h | 4 ++-- modules/md/mod_md_config.c | 5 ++++- 6 files changed, 24 insertions(+), 19 deletions(-) diff --git a/CHANGES b/CHANGES index d94344ed195..d2e959c1bac 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,15 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.42 + + *) mod_md v2.2.3: + - Configuring MDCAChallenges replaces any previous existing challenge configuration. It + had been additive before which was not the intended behaviour. [@mkauf] + - Fixing order of ACME challenges used when nothing else configured. Code now behaves as + documented for `MDCAChallenges`. Fixes #156. Thanks again to @mkauf for finding this. + - Fixing a potential, low memory null pointer dereference [thanks to @uhliarik]. + - Fixing an incompatibility with a change in libcurl v7.66.0 that added unwanted + "transfer-encoding" to POST requests. This failed in directy communication with + Let's Encrypt boulder server. Thanks to @mkauf for finding and fixing. [Stefan Eissing] *) mod_md: Adding the several new features. The module offers an implementation of OCSP Stapling that can replace fully or diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c index b9c0c6d1856..b1db503f966 100644 --- a/modules/md/md_acme_drive.c +++ b/modules/md/md_acme_drive.c @@ -530,8 +530,8 @@ static apr_status_t acme_driver_init(md_proto_driver_t *d, md_result_t *result) } else { /* free to chose. Add all we support and see what we get offered */ - APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_HTTP01; APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_TLSALPN01; + APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_HTTP01; APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_DNS01; if (!d->can_http && !d->can_https diff --git a/modules/md/md_curl.c b/modules/md/md_curl.c index 9c4be13b691..ed40e7604e8 100644 --- a/modules/md/md_curl.c +++ b/modules/md/md_curl.c @@ -294,6 +294,12 @@ static apr_status_t internals_setup(md_http_request_t *req) curl_easy_setopt(curl, CURLOPT_LOW_SPEED_TIME, timeout_sec(req->timeout.stalled)); } + if (req->body_len >= 0) { + /* set the Content-Length */ + curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t)req->body_len); + curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE_LARGE, (curl_off_t)req->body_len); + } + if (req->user_agent) { curl_easy_setopt(curl, CURLOPT_USERAGENT, req->user_agent); } diff --git a/modules/md/md_http.c b/modules/md/md_http.c index 027de593d5c..bafa5913fd3 100644 --- a/modules/md/md_http.c +++ b/modules/md/md_http.c @@ -207,19 +207,8 @@ void md_http_set_on_response_cb(md_http_request_t *req, md_http_response_cb *cb, req->cb.on_response_data = baton; } -static void req_init_cl(md_http_request_t *req) -{ - if (req->body_len == 0 && apr_strnatcasecmp("GET", req->method)) { - apr_table_setn(req->headers, "Content-Length", "0"); - } - else if (req->body_len > 0) { - apr_table_setn(req->headers, "Content-Length", apr_off_t_toa(req->pool, req->body_len)); - } -} - apr_status_t md_http_perform(md_http_request_t *req) { - req_init_cl(req); return req->http->impl->perform(req); } @@ -232,11 +221,8 @@ static apr_status_t proxy_nextreq(md_http_request_t **preq, void *baton, md_http_t *http, int in_flight) { nextreq_proxy_t *proxy = baton; - apr_status_t rv; - rv = proxy->nextreq(preq, proxy->baton, http, in_flight); - if (APR_SUCCESS == rv) req_init_cl(*preq); - return rv; + return proxy->nextreq(preq, proxy->baton, http, in_flight); } apr_status_t md_http_multi_perform(md_http_t *http, md_http_next_req *nextreq, void *baton) diff --git a/modules/md/md_version.h b/modules/md/md_version.h index bff92fcf5a1..331e403d721 100644 --- a/modules/md/md_version.h +++ b/modules/md/md_version.h @@ -27,7 +27,7 @@ * @macro * Version number of the md module as c string */ -#define MOD_MD_VERSION "2.2.1" +#define MOD_MD_VERSION "2.2.3" /** * @macro @@ -35,7 +35,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_MD_VERSION_NUM 0x020201 +#define MOD_MD_VERSION_NUM 0x020203 #define MD_ACME_DEF_URL "https://acme-v02.api.letsencrypt.org/directory" diff --git a/modules/md/mod_md_config.c b/modules/md/mod_md_config.c index baa20cc37fa..8d78af0c4b1 100644 --- a/modules/md/mod_md_config.c +++ b/modules/md/mod_md_config.c @@ -714,7 +714,10 @@ static const char *md_config_set_cha_tyes(cmd_parms *cmd, void *dc, pcha = &config->ca_challenges; ca_challenges = *pcha; - if (!ca_challenges) { + if (ca_challenges) { + apr_array_clear(ca_challenges); + } + else { *pcha = ca_challenges = apr_array_make(cmd->pool, 5, sizeof(const char *)); } for (i = 0; i < argc; ++i) { -- 2.47.3