From: Stefan Eissing Date: Thu, 11 Oct 2018 11:22:55 +0000 (+0000) Subject: On the trunk: X-Git-Tag: 2.5.0-alpha2-ci-test-only~2284 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ba0bb980203ecd83bf262d4455c6fe9248f49191;p=thirdparty%2Fapache%2Fhttpd.git On the trunk: mod_md: eliminating compiler warnings re signedness and unused. Adding a APLOG_WARNING when the only available ACME challenge is "tls-sni-01" since Let's Encrypt will disable that completely beginning of 2019. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1843543 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c index 0b2a27e6a2b..1587321f250 100644 --- a/modules/md/md_acme_drive.c +++ b/modules/md/md_acme_drive.c @@ -615,6 +615,7 @@ static apr_status_t acme_driver_init(md_proto_driver_t *d) { md_acme_driver_t *ad; apr_status_t rv = APR_SUCCESS; + int challenges_configured = 0; ad = apr_pcalloc(d->p, sizeof(*ad)); @@ -631,10 +632,12 @@ static apr_status_t acme_driver_init(md_proto_driver_t *d) if (d->challenge) { /* we have been told to use this type */ APR_ARRAY_PUSH(ad->ca_challenges, const char*) = apr_pstrdup(d->p, d->challenge); + challenges_configured = 1; } else if (d->md->ca_challenges && d->md->ca_challenges->nelts > 0) { /* pre-configured set for this managed domain */ apr_array_cat(ad->ca_challenges, d->md->ca_challenges); + challenges_configured = 1; } else { /* free to chose. Add all we support and see what we get offered */ @@ -664,6 +667,14 @@ static apr_status_t acme_driver_init(md_proto_driver_t *d) " port 443 is needed.", d->md->name); return APR_EGENERAL; } + else if (ad->ca_challenges->nelts == 1 + && md_array_str_index(ad->ca_challenges, MD_AUTHZ_TYPE_TLSSNI01, 0, 0) >= 0) { + md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, 0, d->p, "%s: only challenge type '%s' " + "is available. This method of obtaining certificates will be " + "discontinued by Let's Encrypt and other CAs from early 2019 on, " + "if it is not already disabled for you.", + d->md->name, MD_AUTHZ_TYPE_TLSSNI01); + } md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, 0, d->p, "%s: init driver", d->md->name); diff --git a/modules/md/md_curl.c b/modules/md/md_curl.c index f3585da8755..02b7c1daaf3 100644 --- a/modules/md/md_curl.c +++ b/modules/md/md_curl.c @@ -189,7 +189,7 @@ static apr_status_t curl_perform(md_http_request_t *req) CURL *curl; struct curl_slist *req_hdrs = NULL; - rv = curl_init(req); + if (APR_SUCCESS != (rv = curl_init(req))) return rv; curl = req->internals; res = apr_pcalloc(req->pool, sizeof(*res)); diff --git a/modules/md/md_store_fs.c b/modules/md/md_store_fs.c index f399cea101e..e76093e08b0 100644 --- a/modules/md/md_store_fs.c +++ b/modules/md/md_store_fs.c @@ -460,7 +460,7 @@ static apr_status_t pfs_load(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_l return rv; } -static apr_status_t dispatch(md_store_fs_t *s_fs, md_store_fs_ev_t ev, int group, +static apr_status_t dispatch(md_store_fs_t *s_fs, md_store_fs_ev_t ev, unsigned int group, const char *fname, apr_filetype_e ftype, apr_pool_t *p) { (void)ev; diff --git a/modules/md/md_store_fs.h b/modules/md/md_store_fs.h index 4167c9bc958..dcdb8978506 100644 --- a/modules/md/md_store_fs.h +++ b/modules/md/md_store_fs.h @@ -56,7 +56,7 @@ typedef enum { } md_store_fs_ev_t; typedef apr_status_t md_store_fs_cb(void *baton, struct md_store_t *store, - md_store_fs_ev_t ev, int group, + md_store_fs_ev_t ev, unsigned int group, const char *fname, apr_filetype_e ftype, apr_pool_t *p); diff --git a/modules/md/md_version.h b/modules/md/md_version.h index 34ab4eb61e6..7a3af68d962 100644 --- a/modules/md/md_version.h +++ b/modules/md/md_version.h @@ -27,7 +27,7 @@ * @macro * Version number of the md module as c string */ -#define MOD_MD_VERSION "1.1.16" +#define MOD_MD_VERSION "1.1.17-DEV" /** * @macro @@ -35,7 +35,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_MD_VERSION_NUM 0x010110 +#define MOD_MD_VERSION_NUM 0x010111 #define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory" diff --git a/modules/md/mod_md.c b/modules/md/mod_md.c index 2f682835cd2..4ba9508ca55 100644 --- a/modules/md/mod_md.c +++ b/modules/md/mod_md.c @@ -19,12 +19,9 @@ #include #include -#include -#if !AP_MODULE_MAGIC_AT_LEAST(20180720, 5) #ifndef AP_ENABLE_EXCEPTION_HOOK #define AP_ENABLE_EXCEPTION_HOOK 0 #endif -#endif #include #include #include @@ -402,7 +399,7 @@ static apr_status_t md_calc_md_list(apr_pool_t *p, apr_pool_t *plog, /* store & registry setup */ static apr_status_t store_file_ev(void *baton, struct md_store_t *store, - md_store_fs_ev_t ev, int group, + md_store_fs_ev_t ev, unsigned int group, const char *fname, apr_filetype_e ftype, apr_pool_t *p) { @@ -520,10 +517,10 @@ static void log_print(const char *file, int line, md_log_level_t level, buffer[LOG_BUF_LEN-1] = '\0'; if (log_server) { - ap_log_error(file, line, APLOG_MODULE_INDEX, level, rv, log_server, "%s",buffer); + ap_log_error(file, line, APLOG_MODULE_INDEX, (int)level, rv, log_server, "%s",buffer); } else { - ap_log_perror(file, line, APLOG_MODULE_INDEX, level, rv, p, "%s", buffer); + ap_log_perror(file, line, APLOG_MODULE_INDEX, (int)level, rv, p, "%s", buffer); } } }