diff options
author | Stefan Eissing <icing@apache.org> | 2017-11-16 16:50:58 +0000 |
---|---|---|
committer | Stefan Eissing <icing@apache.org> | 2017-11-16 16:50:58 +0000 |
commit | 94d90f41b2e5b9883cd36860f27bf87e59d86d19 (patch) | |
tree | d816e9e4908dd669cffb83374a4be313904502ee | |
parent | 14d6b3b488ff08b0433d05f3e2ba7228544a7ac9 (diff) | |
download | httpd-94d90f41b2e5b9883cd36860f27bf87e59d86d19.tar.gz |
On the trunk:
mod_md v1.0.3: fixes for getting stalled on new license agreemnet from CA. Job properties persisted now to preserve change when watchdog child changes.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1815483 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | CHANGES | 7 | ||||
-rw-r--r-- | modules/md/md_acme_acct.c | 10 | ||||
-rw-r--r-- | modules/md/md_acme_drive.c | 2 | ||||
-rw-r--r-- | modules/md/md_version.h | 4 | ||||
-rw-r--r-- | modules/md/mod_md.c | 14 |
5 files changed, 26 insertions, 11 deletions
@@ -1,8 +1,11 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 - *) mod_md: v1.0.2, fix staging reset when MDCertificateAgreemen was initially missing. - [Stefan Eissing] + *) mod_md: v1.0.3, fixed various bugs in persisting job properties, so that status is + persisted accross child process changes and staging is reset on reloads. Changed + MDCertificateAgreement url checks. As long as the CA reports that the account has + an agreement, no further checking is done. Existing accounts need no changes when + a new agreement comes out. [Stefan Eissing] *) mod_watchdog: Correct some log messages. [Rainer Jung] diff --git a/modules/md/md_acme_acct.c b/modules/md/md_acme_acct.c index 8b1906b5ec..6be9ded6d0 100644 --- a/modules/md/md_acme_acct.c +++ b/modules/md/md_acme_acct.c @@ -621,8 +621,14 @@ apr_status_t md_acme_agree(md_acme_t *acme, apr_pool_t *p, const char *agreement static int agreement_required(md_acme_acct_t *acct) { - return (!acct->agreement - || (acct->tos_required && strcmp(acct->tos_required, acct->agreement))); + /* We used to really check if the account agreement and the one + * indicated as valid are the very same: + * return (!acct->agreement + * || (acct->tos_required && strcmp(acct->tos_required, acct->agreement))); + * However, LE is happy if the account has agreed to a ToS in the past and + * does not required a renewed acceptance. + */ + return !acct->agreement; } apr_status_t md_acme_check_agreement(md_acme_t *acme, apr_pool_t *p, diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c index 430ebedc59..ccdb3e68c4 100644 --- a/modules/md/md_acme_drive.c +++ b/modules/md/md_acme_drive.c @@ -136,7 +136,7 @@ out: if (APR_SUCCESS == rv) { const char *agreement = md_acme_get_agreement(ad->acme); /* Persist the account chosen at the md so we use the same on future runs */ - if (agreement && (!md->ca_agreement || strcmp(agreement, md->ca_agreement))) { + if (agreement && !md->ca_agreement) { md->ca_agreement = agreement; update = 1; } diff --git a/modules/md/md_version.h b/modules/md/md_version.h index 83ab715cab..6b116f7c8c 100644 --- a/modules/md/md_version.h +++ b/modules/md/md_version.h @@ -26,7 +26,7 @@ * @macro * Version number of the md module as c string */ -#define MOD_MD_VERSION "1.0.2" +#define MOD_MD_VERSION "1.0.3" /** * @macro @@ -34,7 +34,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_MD_VERSION_NUM 0x010002 +#define MOD_MD_VERSION_NUM 0x010003 #define MD_EXPERIMENTAL 0 #define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory" diff --git a/modules/md/mod_md.c b/modules/md/mod_md.c index f3907d054b..c7599bb4c6 100644 --- a/modules/md/mod_md.c +++ b/modules/md/mod_md.c @@ -640,9 +640,13 @@ static apr_status_t save_job_props(md_reg_t *reg, md_job_t *job, apr_pool_t *p) apr_status_t rv; rv = md_store_load_json(store, MD_SG_STAGING, job->md->name, MD_FN_JOB, &jprops, p); + if (APR_STATUS_IS_ENOENT(rv)) { + jprops = md_json_create(p); + rv = APR_SUCCESS; + } if (APR_SUCCESS == rv) { md_json_setb(job->restart_processed, jprops, MD_KEY_PROCESSED, NULL); - md_json_setl(job->error_runs, jprops, MD_KEY_PROCESSED, NULL); + md_json_setl(job->error_runs, jprops, MD_KEY_ERRORS, NULL); rv = md_store_save_json(store, p, MD_SG_STAGING, job->md->name, MD_FN_JOB, jprops, 0); } @@ -671,8 +675,9 @@ static apr_status_t check_job(md_watchdog *wd, md_job_t *job, apr_pool_t *ptemp) if (job->stalled) { /* Missing information, this will not change until configuration * is changed and server restarted */ - rv = APR_INCOMPLETE; - goto out; + rv = APR_INCOMPLETE; + ++job->error_runs; + goto out; } else if (job->renewed) { assess_renewal(wd, job, ptemp); @@ -723,7 +728,8 @@ static apr_status_t check_job(md_watchdog *wd, md_job_t *job, apr_pool_t *ptemp) out: if (error_runs != job->error_runs) { - save_job_props(wd->reg, job, ptemp); + apr_status_t rv2 = save_job_props(wd->reg, job, ptemp); + ap_log_error(APLOG_MARK, APLOG_TRACE1, rv2, wd->s, "%s: saving job props", job->md->name); } job->last_rv = rv; |