On the trunk: (60610c20) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+7 −0

Original line number	Diff line number	Diff line
		-- coding: utf-8 --
		Changes with Apache 2.5.0

		*) mod_md: v0.9.7
		- Use of the new module flag
		- Removed obsolete function from interface to mod_ssl.
		- Fallback certificates has version set and no longer claims to be a CA. (re issue #32)
		- MDRequireHttps now happens before any Redirect.
		[Stefan Eissing]

		*) mod_authz_dbd: fix a segmentation fault if AuthzDBDQuery is not set.
		PR 61546 [Lubos Uhliarik <luhliari redhat.com>]

modules/md/md_acme.c

+5 −2

Original line number	Diff line number	Diff line
		@@ -67,7 +67,7 @@ static acme_problem_status_t Problems[] = {
		};

		static apr_status_t problem_status_get(const char *type) {
		int i;
		size_t i;

		if (strstr(type, "urn:ietf:params:") == type) {
		type += strlen("urn:ietf:params:");
		@@ -493,6 +493,9 @@ static apr_status_t on_got_json(md_acme_t acme, apr_pool_t p, const apr_table_
		{
		json_ctx *ctx = baton;

		(void)acme;
		(void)p;
		(void)headers;
		ctx->json = md_json_clone(ctx->pool, jbody);
		return APR_SUCCESS;
		}

modules/md/md_acme.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -113,7 +113,7 @@ apr_status_t md_acme_use_acct_staged(md_acme_t acme, struct md_store_t store,
		* Get the local name of the account currently used by the acme instance.
		* Will be NULL if no account has been setup successfully.
		*/
		const char md_acme_get_acct(md_acme_t acme, apr_pool_t *p);
		const char md_acme_get_acct_id(md_acme_t acme);

		/**
		* Agree to the given Terms-of-Service url for the current account.

modules/md/md_acme_acct.c

+25 −18

Original line number	Diff line number	Diff line
		@@ -58,10 +58,6 @@ static apr_status_t acct_make(md_acme_acct_t *pacct, apr_pool_t p,
		}


		static void md_acme_acct_free(md_acme_acct_t *acct)
		{
		}

		static const char mk_acct_id(apr_pool_t p, md_acme_t *acme, int i)
		{
		return apr_psprintf(p, "ACME-%s-%04d", acme->sname, i);
		@@ -225,10 +221,14 @@ static int find_acct(void baton, const char name, const char *aspect,
		md_store_vtype_t vtype, void value, apr_pool_t ptemp)
		{
		find_ctx *ctx = baton;
		md_json_t *json = value;
		int disabled;
		const char ca_url, id;

		(void)aspect;
		(void)ptemp;
		if (MD_SV_JSON == vtype) {
		md_json_t *json = value;

		id = md_json_gets(json, MD_KEY_ID, NULL);
		disabled = md_json_getb(json, MD_KEY_DISABLED, NULL);
		ca_url = md_json_gets(json, MD_KEY_CA_URL, NULL);
		@@ -240,6 +240,7 @@ static int find_acct(void baton, const char name, const char *aspect,
		ctx->id = id;
		return 0;
		}
		}
		return 1;
		}

		@@ -371,7 +372,6 @@ static apr_status_t acct_register(md_acme_t acme, apr_pool_t p,

		out:
		if (APR_SUCCESS != rv && acme->acct) {
		md_acme_acct_free(acme->acct);
		acme->acct = NULL;
		}
		return rv;
		@@ -384,6 +384,7 @@ static apr_status_t on_init_acct_valid(md_acme_req_t req, void baton)
		{
		md_json_t *jpayload;

		(void)baton;
		jpayload = md_json_create(req->p);
		md_json_sets("reg", jpayload, MD_KEY_RESOURCE, NULL);

		@@ -398,6 +399,8 @@ static apr_status_t acct_valid(md_acme_t acme, apr_pool_t p, const apr_table_t
		const char *body_str;
		const char *tos_required;

		(void)p;
		(void)baton;
		apr_array_clear(acct->contacts);
		md_json_getsa(acct->contacts, body, MD_KEY_CONTACT, NULL);
		acct->registration = md_json_clone(acme->p, body);
		@@ -493,7 +496,7 @@ apr_status_t md_acme_use_acct_staged(md_acme_t acme, struct md_store_t store,
		return rv;
		}

		const char md_acme_get_acct(md_acme_t acme, apr_pool_t *p)
		const char md_acme_get_acct_id(md_acme_t acme)
		{
		return acme->acct? acme->acct->id : NULL;
		}
		@@ -553,6 +556,7 @@ static apr_status_t on_init_acct_del(md_acme_req_t req, void baton)
		{
		md_json_t *jpayload;

		(void)baton;
		jpayload = md_json_create(req->p);
		md_json_sets("reg", jpayload, MD_KEY_RESOURCE, NULL);
		md_json_setb(1, jpayload, "delete", NULL);
		@@ -566,6 +570,8 @@ static apr_status_t acct_del(md_acme_t acme, apr_pool_t p,
		md_store_t *store = baton;
		apr_status_t rv = APR_SUCCESS;

		(void)hdrs;
		(void)body;
		md_log_perror(MD_LOG_MARK, MD_LOG_INFO, 0, p, "deleted account %s", acme->acct->url);
		if (store) {
		rv = md_acme_unstore_acct(store, p, acme->acct->id);
		@@ -579,6 +585,7 @@ apr_status_t md_acme_delete_acct(md_acme_t acme, md_store_t store, apr_pool_t
		{
		md_acme_acct_t *acct = acme->acct;

		(void)p;
		if (!acct) {
		return APR_EINVAL;
		}

modules/md/md_acme_authz.c

+26 −7

Original line number	Diff line number	Diff line
		@@ -45,7 +45,7 @@ md_acme_authz_t md_acme_authz_create(apr_pool_t p)
		return authz;
		}

		md_acme_authz_set_t md_acme_authz_set_create(apr_pool_t p, md_acme_t *acme)
		md_acme_authz_set_t md_acme_authz_set_create(apr_pool_t p)
		{
		md_acme_authz_set_t *authz_set;

		@@ -152,6 +152,8 @@ static apr_status_t authz_created(md_acme_t acme, apr_pool_t p, const apr_tabl
		const char *location = apr_table_get(hdrs, "location");
		apr_status_t rv = APR_SUCCESS;

		(void)acme;
		(void)p;
		if (location) {
		ctx->authz = md_acme_authz_create(ctx->p);
		ctx->authz->domain = apr_pstrdup(ctx->p, ctx->domain);
		@@ -172,6 +174,7 @@ apr_status_t md_acme_authz_register(struct md_acme_authz_t *pauthz, md_acme_t
		apr_status_t rv;
		authz_req_ctx ctx;

		(void)store;
		authz_req_ctx_init(&ctx, acme, domain, NULL, p);

		md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, acme->p, "create new authz");
		@@ -191,6 +194,7 @@ apr_status_t md_acme_authz_update(md_acme_authz_t authz, md_acme_t acme,
		const char *s;
		apr_status_t rv;

		(void)store;
		assert(acme);
		assert(acme->http);
		assert(authz);
		@@ -261,6 +265,10 @@ static apr_status_t authz_http_set(md_acme_t acme, apr_pool_t p, const apr_tab
		{
		authz_req_ctx *ctx = baton;

		(void)acme;
		(void)p;
		(void)hdrs;
		(void)body;
		md_log_perror(MD_LOG_MARK, MD_LOG_INFO, 0, ctx->p, "updated authz %s", ctx->authz->location);
		return APR_SUCCESS;
		}
		@@ -271,6 +279,7 @@ static apr_status_t setup_key_authz(md_acme_authz_cha_t cha, md_acme_authz_t a
		const char thumb64, key_authz;
		apr_status_t rv;

		(void)authz;
		assert(cha);
		assert(cha->token);

		@@ -299,6 +308,7 @@ static apr_status_t cha_http_01_setup(md_acme_authz_cha_t *cha, md_acme_authz_t
		apr_status_t rv;
		int notify_server;

		(void)key_spec;
		if (APR_SUCCESS != (rv = setup_key_authz(cha, authz, acme, p, &notify_server))) {
		goto out;
		}
		@@ -434,9 +444,10 @@ typedef struct {
		static apr_status_t collect_offered(void baton, size_t index, md_json_t json)
		{
		cha_find_ctx *ctx = baton;
		const char *ctype;

		const char *ctype = md_json_gets(json, MD_KEY_TYPE, NULL);
		if (ctype) {
		(void)index;
		if ((ctype = md_json_gets(json, MD_KEY_TYPE, NULL))) {
		APR_ARRAY_PUSH(ctx->offered, const char*) = apr_pstrdup(ctx->p, ctype);
		}
		return 1;
		@@ -459,7 +470,7 @@ apr_status_t md_acme_authz_respond(md_acme_authz_t authz, md_acme_t acme, md_s
		md_pkey_spec_t key_spec, apr_pool_t p)
		{
		apr_status_t rv;
		unsigned int i;
		int i;
		cha_find_ctx fctx;

		assert(acme);
		@@ -490,7 +501,7 @@ apr_status_t md_acme_authz_respond(md_acme_authz_t authz, md_acme_t acme, md_s
		return rv;
		}

		for (i = 0; i < CHA_TYPES_LEN; ++i) {
		for (i = 0; i < (int)CHA_TYPES_LEN; ++i) {
		if (!apr_strnatcasecmp(CHA_TYPES[i].name, fctx.accepted->type)) {
		return CHA_TYPES[i].start(fctx.accepted, authz, acme, store, key_spec, p);
		}
		@@ -515,6 +526,7 @@ static apr_status_t on_init_authz_del(md_acme_req_t req, void baton)
		{
		md_json_t *jpayload;

		(void)baton;
		jpayload = md_json_create(req->p);
		md_json_sets("deactivated", jpayload, MD_KEY_STATUS, NULL);

		@@ -526,6 +538,9 @@ static apr_status_t authz_del(md_acme_t acme, apr_pool_t p, const apr_table_t
		{
		authz_req_ctx *ctx = baton;

		(void)p;
		(void)body;
		(void)hdrs;
		md_log_perror(MD_LOG_MARK, MD_LOG_INFO, 0, ctx->p, "deleted authz %s", ctx->authz->location);
		acme->acct = NULL;
		return APR_SUCCESS;
		@@ -536,6 +551,7 @@ apr_status_t md_acme_authz_del(md_acme_authz_t authz, md_acme_t acme,
		{
		authz_req_ctx ctx;

		(void)store;
		ctx.p = p;
		ctx.authz = authz;

		@@ -581,11 +597,13 @@ md_acme_authz_t md_acme_authz_from_json(struct md_json_t json, apr_pool_t *p)

		static apr_status_t authz_to_json(void value, md_json_t json, apr_pool_t p, void baton)
		{
		(void)baton;
		return md_json_setj(md_acme_authz_to_json(value, p), json, NULL);
		}

		static apr_status_t authz_from_json(void *pvalue, md_json_t json, apr_pool_t p, void baton)
		{
		(void)baton;
		*pvalue = md_acme_authz_from_json(json, p);
		return (*pvalue)? APR_SUCCESS : APR_EINVAL;
		}
		@@ -602,7 +620,7 @@ md_json_t md_acme_authz_set_to_json(md_acme_authz_set_t set, apr_pool_t *p)

		md_acme_authz_set_t md_acme_authz_set_from_json(md_json_t json, apr_pool_t *p)
		{
		md_acme_authz_set_t *set = md_acme_authz_set_create(p, NULL);
		md_acme_authz_set_t *set = md_acme_authz_set_create(p);
		if (set) {
		md_json_geta(set->authzs, authz_from_json, NULL, json, MD_KEY_AUTHZS, NULL);
		return set;
		@@ -638,6 +656,7 @@ static apr_status_t p_save(void baton, apr_pool_t p, apr_pool_t *ptemp, va_lis
		const char *md_name;
		int create;

		(void)p;
		group = (md_store_group_t)va_arg(ap, int);
		md_name = va_arg(ap, const char *);
		set = va_arg(ap, md_acme_authz_set_t *);