diff options
| -rw-r--r-- | CMakeLists.txt | 50 | ||||
| -rw-r--r-- | build/apr_common.m4 | 39 | ||||
| -rw-r--r-- | modules/md/md_acme_drive.c | 28 | ||||
| -rw-r--r-- | modules/md/md_status.c | 2 | ||||
| -rw-r--r-- | modules/md/md_version.h | 4 | ||||
| -rw-r--r-- | modules/md/mod_md.dsp | 53 |
6 files changed, 141 insertions, 35 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 73bce70f60..ecf47d54b0 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -70,6 +70,18 @@ ELSE() SET(default_check_libraries) ENDIF() +IF(EXISTS "${CMAKE_INSTALL_PREFIX}/lib/curl.lib") + SET(default_curl_libraries "${CMAKE_INSTALL_PREFIX}/lib/curl.lib") +ELSE() + SET(default_curl_libraries) +ENDIF() + +IF(EXISTS "${CMAKE_INSTALL_PREFIX}/lib/jansson.lib") + SET(default_jansson_libraries "${CMAKE_INSTALL_PREFIX}/lib/jansson.lib") +ELSE() + SET(default_jansson_libraries) +ENDIF() + SET(APR_INCLUDE_DIR "${CMAKE_INSTALL_PREFIX}/include" CACHE STRING "Directory with APR[-Util] include files") SET(APR_LIBRARIES ${default_apr_libraries} CACHE STRING "APR libraries to link with") SET(NGHTTP2_INCLUDE_DIR "${CMAKE_INSTALL_PREFIX}/include" CACHE STRING "Directory with NGHTTP2 include files within nghttp2 subdirectory") @@ -82,6 +94,8 @@ SET(BROTLI_INCLUDE_DIR "${CMAKE_INSTALL_PREFIX}/include" CACHE STRING "Direct SET(BROTLI_LIBRARIES ${default_brotli_libraries} CACHE STRING "Brotli libraries to link with") SET(CHECK_INCLUDE_DIR "${CMAKE_INSTALL_PREFIX}/include" CACHE STRING "Directory with include files for Check") SET(CHECK_LIBRARIES "${default_check_libraries}" CACHE STRING "Check libraries to link with") +SET(CURL_LIBRARIES "${default_curl_libraries}" CACHE STRING "Curl libraries to link with") +SET(JANSSON_LIBRARIES "${default_jansson_libraries}" CACHE STRING "Jansson libraries to link with") # end support library configuration # Misc. options @@ -231,6 +245,19 @@ ELSE() SET(CHECK_FOUND FALSE) ENDIF() +# See if we have curl +SET(CURL_FOUND TRUE) +IF(EXISTS "${CURL_INCLUDE_DIR}/curl/curl.h") + FOREACH(onelib ${CURL_LIBRARIES}) + IF(NOT EXISTS ${onelib}) + SET(CURL_FOUND FALSE) + ENDIF() + ENDFOREACH() +ELSE() + SET(CURL_FOUND FALSE) +ENDIF() + + MESSAGE(STATUS "") MESSAGE(STATUS "Summary of feature detection:") MESSAGE(STATUS "") @@ -240,6 +267,8 @@ MESSAGE(STATUS "NGHTTP2_FOUND ............ : ${NGHTTP2_FOUND}") MESSAGE(STATUS "OPENSSL_FOUND ............ : ${OPENSSL_FOUND}") MESSAGE(STATUS "ZLIB_FOUND ............... : ${ZLIB_FOUND}") MESSAGE(STATUS "BROTLI_FOUND ............. : ${BROTLI_FOUND}") +MESSAGE(STATUS "CURL_FOUND ............... : ${CURL_FOUND}") +MESSAGE(STATUS "JANSSON_FOUND ............ : ${JANSSON_FOUND}") MESSAGE(STATUS "CHECK_FOUND .............. : ${CHECK_FOUND}") MESSAGE(STATUS "APR_HAS_LDAP ............. : ${APR_HAS_LDAP}") MESSAGE(STATUS "APR_HAS_XLATE ............ : ${APR_HAS_XLATE}") @@ -345,6 +374,7 @@ SET(MODULE_LIST "modules/loggers/mod_log_forensic+I+forensic logging" "modules/loggers/mod_logio+I+input and output logging" "modules/lua/mod_lua+i+Apache Lua Framework" + "modules/md/mod_md+i+Apache Managed Domains (Certificates)" "modules/mappers/mod_actions+I+Action triggering on requests" "modules/mappers/mod_alias+A+mapping of requests to different filesystem parts" "modules/mappers/mod_dir+A+directory request handling" @@ -478,6 +508,24 @@ SET(mod_lua_extra_sources modules/lua/lua_vmprep.c modules/lua/lua_dbd.c ) SET(mod_lua_requires LUA51_FOUND) +SET(mod_md_requires OPENSSL_FOUND CURL_FOUND JANSSON_FOUND HAVE_OPENSSL_102) +SET(mod_md_extra_includes ${OPENSSL_INCLUDE_DIR} ${CURL_INCLUDE_DIR} ${JANSSON_INCLUDE_DIR}) +SET(mod_md_extra_libs ${OPENSSL_LIBRARIES} ${CURL_LIBRARIES} ${JANSSON_LIBRARIES} mod_watchdog) +SET(mod_md_extra_sources + modules/md/md_acme.c modules/md/md_acme_acct.c + modules/md/md_acme_authz.c modules/md/md_acme_drive.c + modules/md/md_acmev1_drive.c modules/md/md_acmev2_drive.c + modules/md/md_acme_order.c modules/md/md_core.c + modules/md/md_curl.c modules/md/md_crypt.c + modules/md/md_http.c modules/md/md_json.c + modules/md/md_jws.c modules/md/md_log.c + modules/md/md_result.c modules/md/md_reg.c + modules/md/md_status.c modules/md/md_store.c + modules/md/md_store_fs.c modules/md/md_time.c + modules/md/md_util.c + modules/md/mod_md_config.c modules/md/mod_md_drive.c + modules/md/mod_md_os.c modules/md/mod_md_status.c +) SET(mod_optional_hook_export_extra_defines AP_DECLARE_EXPORT) # bogus reuse of core API prefix SET(mod_proxy_extra_defines PROXY_DECLARE_EXPORT) SET(mod_proxy_extra_sources modules/proxy/proxy_util.c) @@ -1062,6 +1110,8 @@ MESSAGE(STATUS " Brotli include directory......... : ${BROTLI_INCLUDE_DIR}") MESSAGE(STATUS " Brotli libraries ................ : ${BROTLI_LIBRARIES}") MESSAGE(STATUS " Check include directory.......... : ${CHECK_INCLUDE_DIR}") MESSAGE(STATUS " Check libraries ................. : ${CHECK_LIBRARIES}") +MESSAGE(STATUS " Curl include directory........... : ${CURL_INCLUDE_DIR}") +MESSAGE(STATUS " Jansson libraries ............... : ${JANSSON_LIBRARIES}") MESSAGE(STATUS " Extra include directories ....... : ${EXTRA_INCLUDES}") MESSAGE(STATUS " Extra compile flags ............. : ${EXTRA_COMPILE_FLAGS}") MESSAGE(STATUS " Extra libraries ................. : ${EXTRA_LIBS}") diff --git a/build/apr_common.m4 b/build/apr_common.m4 index 6b5c0f033b..f4e2dfd0a7 100644 --- a/build/apr_common.m4 +++ b/build/apr_common.m4 @@ -511,9 +511,9 @@ AC_DEFUN([APR_TRY_COMPILE_NO_WARNING], [int main(int argc, const char *const *argv) {] [[$2]] [ return 0; }] - )], - [$3], [$4]) - CFLAGS=$apr_save_CFLAGS + )], [CFLAGS=$apr_save_CFLAGS +$3], [CFLAGS=$apr_save_CFLAGS +$4]) ]) dnl @@ -975,11 +975,44 @@ AC_SUBST(MKDEP) ]) dnl +dnl APR_CHECK_TYPES_FMT_COMPATIBLE(TYPE-1, TYPE-2, FMT-TAG, +dnl [ACTION-IF-TRUE], [ACTION-IF-FALSE]) +dnl +dnl Try to determine whether two types are the same and accept the given +dnl printf formatter (bare token, e.g. literal d, ld, etc). +dnl +AC_DEFUN([APR_CHECK_TYPES_FMT_COMPATIBLE], [ +define([apr_cvname], apr_cv_typematch_[]translit([$1], [ ], [_])_[]translit([$2], [ ], [_])_[][$3]) +AC_CACHE_CHECK([whether $1 and $2 use fmt %$3], apr_cvname, [ +APR_TRY_COMPILE_NO_WARNING([#include <sys/types.h> +#include <stdio.h> +#ifdef HAVE_STDINT_H +#include <stdint.h> +#endif +], [ + $1 chk1, *ptr1; + $2 chk2, *ptr2 = &chk1; + ptr1 = &chk2; + *ptr1 = *ptr2 = 0; + printf("%$3 %$3", chk1, chk2); +], [apr_cvname=yes], [apr_cvname=no])]) +if test "$apr_cvname" = "yes"; then + : + $4 +else + : + $5 +fi +]) + +dnl dnl APR_CHECK_TYPES_COMPATIBLE(TYPE-1, TYPE-2, [ACTION-IF-TRUE]) dnl dnl Try to determine whether two types are the same. Only works dnl for gcc and icc. dnl +dnl @deprecated @see APR_CHECK_TYPES_FMT_COMPATIBLE +dnl AC_DEFUN([APR_CHECK_TYPES_COMPATIBLE], [ define([apr_cvname], apr_cv_typematch_[]translit([$1], [ ], [_])_[]translit([$2], [ ], [_])) AC_CACHE_CHECK([whether $1 and $2 are the same], apr_cvname, [ diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c index 0e1d84602f..4b29e4b044 100644 --- a/modules/md/md_acme_drive.c +++ b/modules/md/md_acme_drive.c @@ -304,17 +304,9 @@ static apr_status_t csr_req(md_acme_t *acme, const md_http_response_t *res, void ad->next_up_link = NULL; if (APR_SUCCESS == (rv = md_cert_read_http(&cert, d->p, res))) { md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, d->p, "cert parsed"); - if (ad->certs) { - apr_array_clear(ad->certs); - } - else { - ad->certs = apr_array_make(d->p, 5, sizeof(md_cert_t*)); - } + apr_array_clear(ad->certs); APR_ARRAY_PUSH(ad->certs, md_cert_t*) = cert; - - if (APR_SUCCESS == rv) { - get_up_link(d, res->headers); - } + get_up_link(d, res->headers); } else if (APR_STATUS_IS_ENOENT(rv)) { rv = APR_SUCCESS; @@ -454,9 +446,6 @@ static apr_status_t ad_chain_retrieve(md_proto_driver_t *d) * the link header with relation "up" gives us the location * for the next cert in the chain */ - if (!ad->certs) { - ad->certs = apr_array_make(d->p, 5, sizeof(md_cert_t *)); - } if (md_array_is_empty(ad->certs)) { /* Need to start at the order */ ad->next_up_link = NULL; @@ -499,15 +488,16 @@ static apr_status_t acme_driver_init(md_proto_driver_t *d, md_result_t *result) ad = apr_pcalloc(d->p, sizeof(*ad)); d->baton = ad; - ad->driver = d; + ad->driver = d; ad->authz_monitor_timeout = apr_time_from_sec(30); ad->cert_poll_timeout = apr_time_from_sec(30); + ad->ca_challenges = apr_array_make(d->p, 3, sizeof(const char*)); + ad->certs = apr_array_make(d->p, 5, sizeof(md_cert_t*)); /* We can only support challenges if the server is reachable from the outside * via port 80 and/or 443. These ports might be mapped for httpd to something * else, but a mapping needs to exist. */ - ad->ca_challenges = apr_array_make(d->p, 3, sizeof(const char *)); challenge = apr_table_get(d->env, MD_KEY_CHALLENGE); if (challenge) { APR_ARRAY_PUSH(ad->ca_challenges, const char*) = apr_pstrdup(d->p, challenge); @@ -578,6 +568,7 @@ static apr_status_t acme_renew(md_proto_driver_t *d, md_result_t *result) int reset_staging = d->reset; apr_status_t rv = APR_SUCCESS; apr_time_t now; + apr_array_header_t *staged_certs; char ts[APR_RFC822_DATE_LEN]; if (md_log_is_level(d->p, MD_LOG_DEBUG)) { @@ -667,9 +658,10 @@ static apr_status_t acme_renew(md_proto_driver_t *d, md_result_t *result) if (!ad->domains) { ad->domains = md_dns_make_minimal(d->p, ad->md->domains); } - if (md_array_is_empty(ad->certs)) { - /* have we created this already? */ - md_pubcert_load(d->store, MD_SG_STAGING, d->md->name, &ad->certs, d->p); + + if (md_array_is_empty(ad->certs) + && APR_SUCCESS == md_pubcert_load(d->store, MD_SG_STAGING, d->md->name, &staged_certs, d->p)) { + apr_array_cat(ad->certs, staged_certs); } if (md_array_is_empty(ad->certs)) { diff --git a/modules/md/md_status.c b/modules/md/md_status.c index 8aa1de2d57..4bdd508199 100644 --- a/modules/md/md_status.c +++ b/modules/md/md_status.c @@ -98,7 +98,7 @@ static apr_status_t get_staging_cert_json(md_json_t **pjson, apr_pool_t *p, apr_status_t rv = APR_SUCCESS; rv = md_pubcert_load(md_reg_store_get(reg), MD_SG_STAGING, md->name, &certs, p); - if (APR_STATUS_IS_ENOENT(rv) || certs->nelts == 0) { + if (APR_STATUS_IS_ENOENT(rv)) { rv = APR_SUCCESS; goto leave; } diff --git a/modules/md/md_version.h b/modules/md/md_version.h index 4a668bc381..21286a2616 100644 --- a/modules/md/md_version.h +++ b/modules/md/md_version.h @@ -27,7 +27,7 @@ * @macro * Version number of the md module as c string */ -#define MOD_MD_VERSION "2.0.6" +#define MOD_MD_VERSION "2.0.7" /** * @macro @@ -35,7 +35,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_MD_VERSION_NUM 0x020006 +#define MOD_MD_VERSION_NUM 0x020007 #define MD_ACME_DEF_URL "https://acme-v02.api.letsencrypt.org/directory" diff --git a/modules/md/mod_md.dsp b/modules/md/mod_md.dsp index edc7f859c8..250b2e9fb9 100644 --- a/modules/md/mod_md.dsp +++ b/modules/md/mod_md.dsp @@ -109,10 +109,46 @@ SOURCE=./mod_md_config.c # End Source File
# Begin Source File
+SOURCE=./mod_md_drive.c
+# End Source File
+# Begin Source File
+
SOURCE=./mod_md_os.c
# End Source File
# Begin Source File
+SOURCE=./mod_md_status.c
+# End Source File
+# Begin Source File
+
+SOURCE=./md_acme.c
+# End Source File
+# Begin Source File
+
+SOURCE=./md_acme_acct.c
+# End Source File
+# Begin Source File
+
+SOURCE=./md_acme_authz.c
+# End Source File
+# Begin Source File
+
+SOURCE=./md_acme_drive.c
+# End Source File
+# Begin Source File
+
+SOURCE=./md_acme_order.c
+# End Source File
+# Begin Source File
+
+SOURCE=./md_acmev1_drive.c
+# End Source File
+# Begin Source File
+
+SOURCE=./md_acmev2_drive.c
+# End Source File
+# Begin Source File
+
SOURCE=./md_core.c
# End Source File
# Begin Source File
@@ -145,35 +181,30 @@ SOURCE=./md_reg.c # End Source File
# Begin Source File
-SOURCE=./md_store.c
-# End Source File
-# Begin Source File
-
-SOURCE=./md_store_fs.c
+SOURCE=./md_result.c
# End Source File
# Begin Source File
-SOURCE=./md_util.c
+SOURCE=./md_status.c
# End Source File
# Begin Source File
-SOURCE=./md_acme.c
+SOURCE=./md_store.c
# End Source File
# Begin Source File
-SOURCE=./md_acme_acct.c
+SOURCE=./md_store_fs.c
# End Source File
# Begin Source File
-SOURCE=./md_acme_authz.c
+SOURCE=./md_time.c
# End Source File
# Begin Source File
-SOURCE=./md_acme_drive.c
+SOURCE=./md_util.c
# End Source File
# Begin Source File
-
SOURCE=..\..\build\win32\httpd.rc
# End Source File
# End Target
|