From: Stefan Eissing Date: Tue, 5 Nov 2019 10:06:15 +0000 (+0000) Subject: *) mod_md v2.2.3: X-Git-Tag: 2.5.0-alpha2-ci-test-only~1830 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=489d4719df979f4d119bdc87cd02e8476e231331;p=thirdparty%2Fapache%2Fhttpd.git *) mod_md v2.2.3: - Configuring MDCAChallenges replaces any previous existing challenge configuration. It had been additive before which was not the intended behaviour. [@mkauf] - Fixing order of ACME challenges used when nothing else configured. Code now behaves as documented for `MDCAChallenges`. Fixes #156. Thanks again to @mkauf for finding this. - Fixing a potential, low memory null pointer dereference [thanks to @uhliarik]. - Fixing an incompatibility with a change in libcurl v7.66.0 that added unwanted "transfer-encoding" to POST requests. This failed in directy communication with Let's Encrypt boulder server. Thanks to @mkauf for finding and fixing. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1869392 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index cd933c8bf6a..1d70effd028 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,15 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + + *) mod_md v2.2.3: + - Configuring MDCAChallenges replaces any previous existing challenge configuration. It + had been additive before which was not the intended behaviour. [@mkauf] + - Fixing order of ACME challenges used when nothing else configured. Code now behaves as + documented for `MDCAChallenges`. Fixes #156. Thanks again to @mkauf for finding this. + - Fixing a potential, low memory null pointer dereference [thanks to @uhliarik]. + - Fixing an incompatibility with a change in libcurl v7.66.0 that added unwanted + "transfer-encoding" to POST requests. This failed in directy communication with + Let's Encrypt boulder server. Thanks to @mkauf for finding and fixing. [Stefan Eissing] *) mod_proxy: Put mod_proxy_{connect,wstunnel} tunneling code in common in proxy_util. [Yann Ylavic] diff --git a/modules/md/md_acme.c b/modules/md/md_acme.c index d9342cbcd30..d42ea72230c 100644 --- a/modules/md/md_acme.c +++ b/modules/md/md_acme.c @@ -402,7 +402,7 @@ static apr_status_t md_acme_req_send(md_acme_req_t *req) if (req->req_json) { body = apr_pcalloc(req->p, sizeof(*body)); body->data = md_json_writep(req->req_json, req->p, MD_JSON_FMT_INDENT); - if (!body->data) { + if (!body) { rv = APR_EINVAL; goto leave; } body->len = strlen(body->data); diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c index b9c0c6d1856..b1db503f966 100644 --- a/modules/md/md_acme_drive.c +++ b/modules/md/md_acme_drive.c @@ -530,8 +530,8 @@ static apr_status_t acme_driver_init(md_proto_driver_t *d, md_result_t *result) } else { /* free to chose. Add all we support and see what we get offered */ - APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_HTTP01; APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_TLSALPN01; + APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_HTTP01; APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_DNS01; if (!d->can_http && !d->can_https diff --git a/modules/md/md_curl.c b/modules/md/md_curl.c index 9c4be13b691..ed40e7604e8 100644 --- a/modules/md/md_curl.c +++ b/modules/md/md_curl.c @@ -294,6 +294,12 @@ static apr_status_t internals_setup(md_http_request_t *req) curl_easy_setopt(curl, CURLOPT_LOW_SPEED_TIME, timeout_sec(req->timeout.stalled)); } + if (req->body_len >= 0) { + /* set the Content-Length */ + curl_easy_setopt(curl, CURLOPT_INFILESIZE_LARGE, (curl_off_t)req->body_len); + curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE_LARGE, (curl_off_t)req->body_len); + } + if (req->user_agent) { curl_easy_setopt(curl, CURLOPT_USERAGENT, req->user_agent); } diff --git a/modules/md/md_http.c b/modules/md/md_http.c index 027de593d5c..bafa5913fd3 100644 --- a/modules/md/md_http.c +++ b/modules/md/md_http.c @@ -207,19 +207,8 @@ void md_http_set_on_response_cb(md_http_request_t *req, md_http_response_cb *cb, req->cb.on_response_data = baton; } -static void req_init_cl(md_http_request_t *req) -{ - if (req->body_len == 0 && apr_strnatcasecmp("GET", req->method)) { - apr_table_setn(req->headers, "Content-Length", "0"); - } - else if (req->body_len > 0) { - apr_table_setn(req->headers, "Content-Length", apr_off_t_toa(req->pool, req->body_len)); - } -} - apr_status_t md_http_perform(md_http_request_t *req) { - req_init_cl(req); return req->http->impl->perform(req); } @@ -232,11 +221,8 @@ static apr_status_t proxy_nextreq(md_http_request_t **preq, void *baton, md_http_t *http, int in_flight) { nextreq_proxy_t *proxy = baton; - apr_status_t rv; - rv = proxy->nextreq(preq, proxy->baton, http, in_flight); - if (APR_SUCCESS == rv) req_init_cl(*preq); - return rv; + return proxy->nextreq(preq, proxy->baton, http, in_flight); } apr_status_t md_http_multi_perform(md_http_t *http, md_http_next_req *nextreq, void *baton) diff --git a/modules/md/md_version.h b/modules/md/md_version.h index bff92fcf5a1..331e403d721 100644 --- a/modules/md/md_version.h +++ b/modules/md/md_version.h @@ -27,7 +27,7 @@ * @macro * Version number of the md module as c string */ -#define MOD_MD_VERSION "2.2.1" +#define MOD_MD_VERSION "2.2.3" /** * @macro @@ -35,7 +35,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_MD_VERSION_NUM 0x020201 +#define MOD_MD_VERSION_NUM 0x020203 #define MD_ACME_DEF_URL "https://acme-v02.api.letsencrypt.org/directory" diff --git a/modules/md/mod_md_config.c b/modules/md/mod_md_config.c index baa20cc37fa..8d78af0c4b1 100644 --- a/modules/md/mod_md_config.c +++ b/modules/md/mod_md_config.c @@ -714,7 +714,10 @@ static const char *md_config_set_cha_tyes(cmd_parms *cmd, void *dc, pcha = &config->ca_challenges; ca_challenges = *pcha; - if (!ca_challenges) { + if (ca_challenges) { + apr_array_clear(ca_challenges); + } + else { *pcha = ca_challenges = apr_array_make(cmd->pool, 5, sizeof(const char *)); } for (i = 0; i < argc; ++i) {