]> git.ipfire.org Git - thirdparty/apache/httpd.git/commitdiff
projects / thirdparty / apache / httpd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 47d179a)
*) mod_md: update to version 2.4.31
authorStefan Eissing <icing@apache.org>
Wed, 15 Jan 2025 12:48:52 +0000 (12:48 +0000)
committerStefan Eissing <icing@apache.org>
Wed, 15 Jan 2025 12:48:52 +0000 (12:48 +0000)
     - Improved error reporting when waiting for ACME server to verify domains
       or finalizing the order fails, e.g. times out.
     - Increasing the timeouts to wait for ACME server to verify domain names
       and issue the certificate from 30 seconds to 5 minutes.
     - Change a log level from error to debug when Stapling is enabled but a
       certificate carries no OCSP responder URL.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1923148 13f79535-47bb-0310-9956-ffa450edef68

changes-entries/md_v2.4.31.txt [new file with mode: 0644] patch | blob
modules/md/md_acme_drive.c patch | blob | blame | history
modules/md/md_acmev2_drive.c patch | blob | blame | history
modules/md/md_version.h patch | blob | blame | history

diff --git a/changes-entries/md_v2.4.31.txt b/changes-entries/md_v2.4.31.txt
new file mode 100644 (file)
index 0000000..38d226f
--- /dev/null
+++ b/changes-entries/md_v2.4.31.txt
@@ -0,0 +1,7 @@
+  *) mod_md: update to version 2.4.31
+     - Improved error reporting when waiting for ACME server to verify domains
+       or finalizing the order fails, e.g. times out.
+     - Increasing the timeouts to wait for ACME server to verify domain names
+       and issue the certificate from 30 seconds to 5 minutes.
+     - Change a log level from error to debug when Stapling is enabled but a
+       certificate carries no OCSP responder URL.
diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c
index 0ec409c8637b2d20a4d6ec3a037979e8f280109e..45c39b37ad1959a5ddd38f57e3939f27191301a9 100644 (file)
--- a/modules/md/md_acme_drive.c
+++ b/modules/md/md_acme_drive.c
@@ -515,8 +515,8 @@ static apr_status_t acme_driver_preload_init(md_proto_driver_t *d, md_result_t *
     d->baton = ad;
     
     ad->driver = d;
-    ad->authz_monitor_timeout = apr_time_from_sec(30);
-    ad->cert_poll_timeout = apr_time_from_sec(30);
+    ad->authz_monitor_timeout = apr_time_from_sec(300);
+    ad->cert_poll_timeout = apr_time_from_sec(300);
     ad->ca_challenges = apr_array_make(d->p, 3, sizeof(const char*));
     
     /* We want to obtain credentials (key+certificate) for every key spec in this MD */
diff --git a/modules/md/md_acmev2_drive.c b/modules/md/md_acmev2_drive.c
index 9dfca96714e723ebdd7db2d5983ac388834dee3d..1eda1dc15bfda0bd011000473c3f8549faf2f86e 100644 (file)
--- a/modules/md/md_acmev2_drive.c
+++ b/modules/md/md_acmev2_drive.c
@@ -152,11 +152,17 @@ retry:
     
     rv = md_acme_order_monitor_authzs(ad->order, ad->acme, d->md,
                                       ad->authz_monitor_timeout, result, d->p);
-    if (APR_SUCCESS != rv) goto leave;
+    if (APR_SUCCESS != rv) {
+      md_result_set(result, rv, "Error waiting on domain names to be validated");
+      goto leave;
+    }
 
     rv = md_acme_order_await_ready(ad->order, ad->acme, d->md,
                                    ad->authz_monitor_timeout, result, d->p);
-    if (APR_SUCCESS != rv) goto leave;
+    if (APR_SUCCESS != rv) {
+      md_result_set(result, rv, "Error waiting for order to become ready");
+      goto leave;
+    }
 
     if (MD_ACME_ORDER_ST_READY == ad->order->status) {
         rv = md_acme_drive_setup_cred_chain(d, result);
@@ -166,7 +172,10 @@ retry:
 
     rv = md_acme_order_await_valid(ad->order, ad->acme, d->md, 
                                    ad->authz_monitor_timeout, result, d->p);
-    if (APR_SUCCESS != rv) goto leave;
+    if (APR_SUCCESS != rv) {
+      md_result_set(result, rv, "Error waiting for order to become valid.");
+      goto leave;
+    }
     
     if (!ad->order->certificate) {
         md_result_set(result, APR_EINVAL, "Order valid, but certificate url is missing.");
diff --git a/modules/md/md_version.h b/modules/md/md_version.h
index 2304194b9931752d3bec0977cc8926b55ed80919..2c3b66bc28e946bf599cb7b4250283ed168d16c8 100644 (file)
--- a/modules/md/md_version.h
+++ b/modules/md/md_version.h
@@ -27,7 +27,7 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "2.4.30"
+#define MOD_MD_VERSION "2.4.31"
 
 /**
  * @macro
@@ -35,7 +35,7 @@
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x02041e
+#define MOD_MD_VERSION_NUM 0x02041f
 
 #define MD_ACME_DEF_URL         "https://acme-v02.api.letsencrypt.org/directory"
 #define MD_TAILSCALE_DEF_URL    "file://localhost/var/run/tailscale/tailscaled.sock"
Mirror of https://github.com/apache/httpd.git