*) mod_md: fixed a bug leading to failed transfers for OCSP

author Stefan Eissing <icing@apache.org>

Fri, 6 May 2022 13:09:46 +0000 (13:09 +0000)

committer Stefan Eissing <icing@apache.org>

Fri, 6 May 2022 13:09:46 +0000 (13:09 +0000)
author Stefan Eissing <icing@apache.org>
Fri, 6 May 2022 13:09:46 +0000 (13:09 +0000)
committer Stefan Eissing <icing@apache.org>
Fri, 6 May 2022 13:09:46 +0000 (13:09 +0000)
diff --git a/changes-entries/md_ocsp_update.txt b/changes-entries/md_ocsp_update.txt

new file mode 100644 (file)

index 0000000..474cb90
--- /dev/null
+++ b/changes-entries/md_ocsp_update.txt
@@ -0,0 +1,3 @@
+  *) mod_md:  fixed a bug leading to failed transfers for OCSP
+     stapling information when more than 6 certificates needed
+     updates in the same run. [Stefan Eissing]
diff --git a/modules/md/md_curl.c b/modules/md/md_curl.c

index e3f32d35485178ae9bdc7b6be31ede3e9387ab93..3a69ad4d98df4d768f0816c7766686fe6e936954 100644 (file)
--- a/modules/md/md_curl.c
+++ b/modules/md/md_curl.c
@@ -251,17 +251,18 @@ static apr_status_t internals_setup(md_http_request_t *req)
              rv = APR_EGENERAL;
              goto leave;
          }
-        curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_cb);
-        curl_easy_setopt(curl, CURLOPT_HEADERDATA, NULL);
-        curl_easy_setopt(curl, CURLOPT_READFUNCTION, req_data_cb);
-        curl_easy_setopt(curl, CURLOPT_READDATA, NULL);
-        curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, resp_data_cb);
-        curl_easy_setopt(curl, CURLOPT_WRITEDATA, NULL);
      }
      else {
          md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, req->pool, "reusing curl instance from http");
      }
  
+    curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_cb);
+    curl_easy_setopt(curl, CURLOPT_HEADERDATA, NULL);
+    curl_easy_setopt(curl, CURLOPT_READFUNCTION, req_data_cb);
+    curl_easy_setopt(curl, CURLOPT_READDATA, NULL);
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, resp_data_cb);
+    curl_easy_setopt(curl, CURLOPT_WRITEDATA, NULL);
+
      internals = apr_pcalloc(req->pool, sizeof(*internals));
      internals->curl = curl;
          
@@ -354,6 +355,9 @@ static apr_status_t update_status(md_http_request_t *req)
          rv = curl_status(curl_easy_getinfo(internals->curl, CURLINFO_RESPONSE_CODE, &l));
          if (APR_SUCCESS == rv) {
              internals->response->status = (int)l;
+            md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, rv, req->pool,
+                          "req[%d]: http status is %d",
+                          req->id, internals->response->status);
          }
      }
      return rv;
@@ -579,19 +583,7 @@ static void md_curl_req_cleanup(md_http_request_t *req)
      md_curl_internals_t *internals = req->internals;
      if (internals) {
          if (internals->curl) {
-            CURL *curl = md_http_get_impl_data(req->http);
-            if (curl == internals->curl) {
-                /* NOP: we have this curl at the md_http_t already */
-            }
-            else if (!curl) {
-                /* no curl at the md_http_t yet, install this one */
-                md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, req->pool, "register curl instance at http");
-                md_http_set_impl_data(req->http, internals->curl);
-            }
-            else {
-                /* There already is a curl at the md_http_t and it's not this one. */
-                curl_easy_cleanup(internals->curl);
-            }
+            curl_easy_cleanup(internals->curl);
          }
          if (internals->req_hdrs) curl_slist_free_all(internals->req_hdrs);
          req->internals = NULL;
diff --git a/modules/md/md_ocsp.c b/modules/md/md_ocsp.c

index 6520c543a92188902dae2ec5e68d148bc255fb1e..67c6e12d800cb7f0f6f3a5e7825bd7cc6bfb7533 100644 (file)
--- a/modules/md/md_ocsp.c
+++ b/modules/md/md_ocsp.c
@@ -837,8 +837,8 @@ static apr_status_t next_todo(md_http_request_t **preq, void *baton,
              md_http_set_on_response_cb(req, ostat_on_resp, update);
              rv = APR_SUCCESS;
              md_log_perror(MD_LOG_MARK, MD_LOG_TRACE2, 0, req->pool,
-                          "scheduling OCSP request for %s, %d request in flight",
-                          ostat->md_name, in_flight);
+                          "scheduling OCSP request[%d] for %s, %d request in flight",
+                          req->id, ostat->md_name, in_flight);
          }
      }
  cleanup:
diff --git a/modules/md/md_version.h b/modules/md/md_version.h

index 92cad1b1cdccde0a2adc6dc64cd127c8315d31d2..d634538e1a3e529d69c08ed0446becfa180d97db 100644 (file)
--- a/modules/md/md_version.h
+++ b/modules/md/md_version.h
@@ -27,7 +27,7 @@
   * @macro
   * Version number of the md module as c string
   */
-#define MOD_MD_VERSION "2.4.14"
+#define MOD_MD_VERSION "2.4.15"
  
  /**
   * @macro
@@ -35,7 +35,7 @@
   * release. This is a 24 bit number with 8 bits for major number, 8 bits
   * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
   */
-#define MOD_MD_VERSION_NUM 0x02040e
+#define MOD_MD_VERSION_NUM 0x02040f
  
  #define MD_ACME_DEF_URL         "https://acme-v02.api.letsencrypt.org/directory"
  #define MD_TAILSCALE_DEF_URL    "file://localhost/var/run/tailscale/tailscaled.sock"
author	Stefan Eissing <icing@apache.org>
	Fri, 6 May 2022 13:09:46 +0000 (13:09 +0000)
committer	Stefan Eissing <icing@apache.org>
	Fri, 6 May 2022 13:09:46 +0000 (13:09 +0000)
changes-entries/md_ocsp_update.txt	[new file with mode: 0644]	patch \| blob
modules/md/md_curl.c		patch \| blob \| blame \| history
modules/md/md_ocsp.c		patch \| blob \| blame \| history
modules/md/md_version.h		patch \| blob \| blame \| history