On the trunk:

                                                         -*- coding: utf-8 -*-

Changes with Apache 2.5.0

  *) mod_md: v0.8.1:

     - New directive ```MDPrivateKeys``` to specify the type and parameter to private key generation.

       Currently only 'RSA' is supported as type with an option number of bits >= 2048 as parameter.

       Simple test cases for config handling added.

     - Private RSA keys are now generated with 2048 bits by default. Use ```MDPrivateKeys``` for

       higher security. 

     - IMPORTANT: store format change. The following changes will be made to an existing md store on 

       first start with a new version (be it by mod_md in the server or a run by a new 'a2md'):

         - pkey.pem will be renamed to privkey.pem

         - cert.pem and chain.pem will be concatenated to pubcert.pem. The former files will remain,

           but no longer be used. They will disappear on next renewal.

       ADVICE: If the current store data is vital to you, please make a backup first!

     - Fixed test case clearing of store to keep key alive, enabling true random store key again.

     - Removed pun "Something, like certbot" from the User-Agent request header. Refs issue #34

     - Cleaned up reporting of missing/mismatched MDCertificateAgreement in the logs. This will

       no longer trigger early retries.

     - badNonce encounters are no longer reported as errors. Retries are attempted now silently.

       Refs github issue #35

     - new default MDRenewWindow. Instead of 14 days, the default is now a third before the end of

       the certificates lifetime. For the usual 90 days of Let's Encrypt certificates, this makes

       an effective renewal window of 30 days - as recommended by LE. Refs issue #30

     - Enabled conversion warnings if supported by compiler, eliminated several signed/unsigned

       warnings.

     - LIVE: the real Let's Encrypt CA is now live by default! If you need to experiment, configure

           MDCertificateAuthority https://acme-staging.api.letsencrypt.org/directory   

     - When existing, complete certificates are renewed, the activation of the new ones is

       delayed by 24 hours (or until the existing ones expire, whatever is earler) to accomodate

       for clients with weird clocks, refs #1. 

     - Fixed store sync when MDCAChallenges was removed again from an MD. 

     - Fixed crash when MD matched the base server, fixes #23

     - Fixed watchgod resetting staging when server processes disappeared (e.g. reached

       max requests or other limits).

  *) mod_md: v0.9.0:

     Certificate provisioning from Let's Encrypt (and other ACME CAs) for mod_ssl virtual hosts.

     [Stefan Eissing]

  *) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25).

#define MD_FN_CHAIN             "chain.pem"

#define MD_FN_HTTPD_JSON        "httpd.json"

#define MD_FN_FALLBACK_PKEY     "fallback-privkey.pem"

#define MD_FN_FALLBACK_CERT     "fallback-cert.pem"

/* Check if a string member of a new MD (n) has 

 * a value and if it differs from the old MD o

 */

    }

    else {

        /* free to chose. Add all we support and see what we get offered */

        APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_TLSSNI01;

        APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_HTTP01;

        APR_ARRAY_PUSH(ad->ca_challenges, const char*) = MD_AUTHZ_TYPE_TLSSNI01;

    }

    if (!d->can_http && !d->can_https) {

}

apr_status_t md_reg_get_cred_files(md_reg_t *reg, const md_t *md, apr_pool_t *p,

                                   const char **pkeyfile, const char **pcertfile,

                                   const char **pchainfile)

                                   const char **pkeyfile, const char **pcertfile)

{

    apr_status_t rv;

    *pchainfile = NULL;

    rv = md_store_get_fname(pkeyfile, reg->store, MD_SG_DOMAINS, md->name, MD_FN_PRIVKEY, p);

    if (APR_SUCCESS == rv) {

        rv = md_store_get_fname(pcertfile, reg->store, MD_SG_DOMAINS, md->name, MD_FN_PUBCERT, p);

                              md_store_group_t group, const md_t *md, apr_pool_t *p);

apr_status_t md_reg_get_cred_files(md_reg_t *reg, const md_t *md, apr_pool_t *p,

                                   const char **pkeyfile, const char **pcertfile,

                                   const char **pchainfile);

                                   const char **pkeyfile, const char **pcertfile);

/**

 * Synchronise the give master mds with the store.