Commit 9b1d73e4 authored by Stefan Eissing's avatar Stefan Eissing
Browse files

On the trunk: 

mod_md: v1.0.0, new config directive 'MDNotifyCmd' to hook in a program when Managed
     Domains have obtained/renewed their certificates successfully.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1811812 13f79535-47bb-0310-9956-ffa450edef68
parent a10865db

CHANGES

+3 −0
Original line number Diff line number Diff line 
                                                         -*- coding: utf-8 -*-

Changes with Apache 2.5.0



  *) mod_md: v1.0.0, new config directive 'MDNotifyCmd' to hook in a program when Managed

     Domains have obtained/renewed their certificates successfully. [Stefan Eissing]



  *) mod_rewrite, core: add the Vary header when a condition evaluates to true

     and the related RewriteRule is used in a Directory context

     (triggering an internal redirect). [Luca Toscano]

docs/manual/mod/mod_md.xml

+16 −0
Original line number Diff line number Diff line
@@ -351,6 +351,22 @@ MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2 
        </usage>

    </directivesynopsis>



    <directivesynopsis>

        <name>MDNotifyCmd</name>

        <description>Run a program when Managed Domain are ready.</description>

        <syntax>MDNotifyCmd  path</syntax>

        <contextlist>

            <context>server config</context>

        </contextlist>

        <usage>

            <p>The configured executable is run when Managed Domains have signed up or

            renewed their certificates. It is given the names of the processed MDs as

            arguments. It should return status code 0 to indicate that it has 

            run successfully.

            </p>

        </usage>

    </directivesynopsis>



    <directivesynopsis>

        <name>MDPortMap</name>

        <description>Map external to internal ports for domain ownership verification.</description>

modules/md/md.h

+2 −0
Original line number Diff line number Diff line
@@ -136,6 +136,7 @@ struct md_t { 
#define MD_KEY_NAME             "name"

#define MD_KEY_PERMANENT        "permanent"

#define MD_KEY_PKEY             "privkey"

#define MD_KEY_PROCESSED        "processed"

#define MD_KEY_PROTO            "proto"

#define MD_KEY_REGISTRATION     "registration"

#define MD_KEY_RENEW            "renew"
@@ -156,6 +157,7 @@ struct md_t { 
#define MD_KEY_VERSION          "version"



#define MD_FN_MD                "md.json"

#define MD_FN_JOB               "job.json"

#define MD_FN_PRIVKEY           "privkey.pem"

#define MD_FN_PUBCERT           "pubcert.pem"

#define MD_FN_CERT              "cert.pem"

modules/md/md_util.c

+32 −3
Original line number Diff line number Diff line
@@ -17,11 +17,10 @@ 


#include <apr_lib.h>

#include <apr_strings.h>

#include <apr_file_io.h>

#include <apr_portable.h>

#include <apr_file_info.h>

#include <apr_fnmatch.h>

#include <apr_tables.h>

#include <apr_time.h>

#include <apr_uri.h>



#include "md_log.h"
@@ -743,7 +742,7 @@ apr_status_t md_util_abs_http_uri_check(apr_pool_t *p, const char *uri, const ch 
    return rv;

}



/* retry login ************************************************************************************/

/* try and retry for a while **********************************************************************/



apr_status_t md_util_try(md_util_try_fn *fn, void *baton, int ignore_errs, 

                         apr_interval_time_t timeout, apr_interval_time_t start_delay,
@@ -787,6 +786,36 @@ apr_status_t md_util_try(md_util_try_fn *fn, void *baton, int ignore_errs, 
    return rv;

}



/* execute process ********************************************************************************/



apr_status_t md_util_exec(apr_pool_t *p, const char *cmd, const char * const *argv,

                          int *exit_code)

{

    apr_status_t rv;

    apr_procattr_t *procattr;

    apr_proc_t *proc;

    apr_exit_why_e ewhy;



    *exit_code = 0;

    if (!(proc = apr_pcalloc(p, sizeof(*proc)))) {

        return APR_ENOMEM;

    }

    if (   APR_SUCCESS == (rv = apr_procattr_create(&procattr, p))

        && APR_SUCCESS == (rv = apr_procattr_io_set(procattr, APR_NO_FILE, 

                                                    APR_NO_PIPE, APR_NO_PIPE))

        && APR_SUCCESS == (rv = apr_procattr_cmdtype_set(procattr, APR_PROGRAM))

        && APR_SUCCESS == (rv = apr_proc_create(proc, cmd, argv, NULL, procattr, p))

        && APR_CHILD_DONE == (rv = apr_proc_wait(proc, exit_code, &ewhy, APR_WAIT))) {

        /* let's not dwell on exit stati, but core should signal something's bad */

        if (*exit_code > 127 || APR_PROC_SIGNAL_CORE == ewhy) {

            return APR_EINCOMPLETE;

        }

        return APR_SUCCESS;

    }

    return rv;

}





/* date/time encoding *****************************************************************************/



const char *md_print_duration(apr_pool_t *p, apr_interval_time_t duration)

modules/md/md_util.h

+5 −0
Original line number Diff line number Diff line
@@ -52,6 +52,11 @@ struct apr_array_header_t *md_array_str_remove(apr_pool_t *p, struct apr_array_h 
int md_array_str_add_missing(struct apr_array_header_t *dest, 

                             struct apr_array_header_t *src, int case_sensitive);



/**************************************************************************************************/

/* process execution */

apr_status_t md_util_exec(apr_pool_t *p, const char *cmd, const char * const *argv,

                          int *exit_code);



/**************************************************************************************************/

/* dns name check */