diff options
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | modules/md/md_store_fs.c | 2 | ||||
| -rw-r--r-- | modules/md/md_version.h | 4 | ||||
| -rw-r--r-- | modules/md/mod_md.c | 63 |
4 files changed, 47 insertions, 26 deletions
@@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_md: v1.0.5, restricting post_config dry run to be more silent and performing + only necessary work for mod_ssl to be also happy with the configuration. + [Stefan Eissing] + *) mod_md: v1.0.4, removed the 'a2md' utility command from build. Only used in github testing. Avoid problems with our build system that had problems after the latest changes to make a clean initial build. Remove the windows a2md.dsp therefore also. diff --git a/modules/md/md_store_fs.c b/modules/md/md_store_fs.c index 1c310bda31..29c29650a8 100644 --- a/modules/md/md_store_fs.c +++ b/modules/md/md_store_fs.c @@ -431,7 +431,7 @@ static apr_status_t fs_fload(void **pvalue, md_store_fs_t *s_fs, const char *fpa rv = APR_ENOTIMPL; break; } - md_log_perror(MD_LOG_MARK, MD_LOG_TRACE2, rv, ptemp, + md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, rv, ptemp, "loading type %d from %s", vtype, fpath); } else { /* check for existence only */ diff --git a/modules/md/md_version.h b/modules/md/md_version.h index 2e50abf8c8..f9ec5df549 100644 --- a/modules/md/md_version.h +++ b/modules/md/md_version.h @@ -26,7 +26,7 @@ * @macro * Version number of the md module as c string */ -#define MOD_MD_VERSION "1.0.4" +#define MOD_MD_VERSION "1.0.5" /** * @macro @@ -34,7 +34,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_MD_VERSION_NUM 0x010004 +#define MOD_MD_VERSION_NUM 0x010005 #define MD_EXPERIMENTAL 0 #define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory" diff --git a/modules/md/mod_md.c b/modules/md/mod_md.c index 87121a86f8..f1447995c4 100644 --- a/modules/md/mod_md.c +++ b/modules/md/mod_md.c @@ -983,54 +983,72 @@ static void load_stage_sets(apr_array_header_t *names, apr_pool_t *p, return; } -static apr_status_t md_check_config(apr_pool_t *p, apr_pool_t *plog, - apr_pool_t *ptemp, server_rec *s) +static apr_status_t md_post_config(apr_pool_t *p, apr_pool_t *plog, + apr_pool_t *ptemp, server_rec *s) { - const char *mod_md_init_key = "mod_md_init_counter"; void *data = NULL; - + const char *mod_md_init_key = "mod_md_init_counter"; + md_srv_conf_t *sc; + md_mod_conf_t *mc; + md_reg_t *reg; + const md_t *md; + apr_array_header_t *drive_names; + apr_status_t rv = APR_SUCCESS; + int i, dry_run = 0; + apr_pool_userdata_get(&data, mod_md_init_key, s->process->pool); if (data == NULL) { + /* At the first start, httpd makes a config check dry run. It + * runs all config hooks to check if it can. If so, it does + * this all again and starts serving requests. + * + * This is known. + * + * On a dry run, we therefore do all the cheap config things we + * need to do. Because otherwise mod_ssl fails because it calls + * us unprepared. + * But synching our configuration with the md store + * and determining which domains to drive and start a watchdog + * and all that, we do not. + */ ap_log_error( APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(10070) "initializing post config dry run"); apr_pool_userdata_set((const void *)1, mod_md_init_key, apr_pool_cleanup_null, s->process->pool); + dry_run = 1; + } + else { + ap_log_error( APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(10071) + "mod_md (v%s), initializing...", MOD_MD_VERSION); } - - ap_log_error( APLOG_MARK, APLOG_INFO, 0, s, APLOGNO(10071) - "mod_md (v%s), initializing...", MOD_MD_VERSION); + (void)plog; init_setups(p, s); md_log_set(log_is_level, log_print, NULL); /* Check uniqueness of MDs, calculate global, configured MD list. * If successful, we have a list of MD definitions that do not overlap. */ /* We also need to find out if we can be reached on 80/443 from the outside (e.g. the CA) */ - return md_calc_md_list(p, plog, ptemp, s); -} - -static apr_status_t md_post_config(apr_pool_t *p, apr_pool_t *plog, - apr_pool_t *ptemp, server_rec *s) -{ - md_srv_conf_t *sc; - md_mod_conf_t *mc; - md_reg_t *reg; - const md_t *md; - apr_array_header_t *drive_names; - apr_status_t rv = APR_SUCCESS; - int i; + if (APR_SUCCESS != (rv = md_calc_md_list(p, plog, ptemp, s))) { + return rv; + } - (void)plog; md_config_post_config(s, p); sc = md_config_get(s); mc = sc->mc; - + /* Synchronize the definitions we now have with the store via a registry (reg). */ if (APR_SUCCESS != (rv = setup_reg(®, p, s, mc->can_http, mc->can_https))) { ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(10072) "setup md registry"); goto out; } + + if (dry_run) { + /* enough done in this case */ + return APR_SUCCESS; + } + if (APR_SUCCESS != (rv = md_reg_sync(reg, p, ptemp, mc->mds))) { ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(10073) "synching %d mds to registry", mc->mds->nelts); @@ -1368,7 +1386,6 @@ static void md_hooks(apr_pool_t *pool) /* Run once after configuration is set, before mod_ssl. */ - ap_hook_check_config(md_check_config, NULL, mod_ssl, APR_HOOK_MIDDLE); ap_hook_post_config(md_post_config, NULL, mod_ssl, APR_HOOK_MIDDLE); /* Run once after a child process has been created. |