httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ic...@apache.org
Subject svn commit: r1816423 [3/5] - in /httpd/httpd/branches/2.4.x-mod_md: ./ docs/manual/ docs/manual/mod/ modules/md/ modules/ssl/
Date Mon, 27 Nov 2017 10:44:57 GMT
Modified: httpd/httpd/branches/2.4.x-mod_md/modules/md/md_curl.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-mod_md/modules/md/md_curl.c?rev=1816423&r1=1804530&r2=1816423&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-mod_md/modules/md/md_curl.c (original)
+++ httpd/httpd/branches/2.4.x-mod_md/modules/md/md_curl.c Mon Nov 27 10:44:56 2017
@@ -99,7 +99,7 @@ static size_t resp_data_cb(void *data, s
         if (res->req->resp_limit) {
             apr_off_t body_len = 0;
             apr_brigade_length(res->body, 0, &body_len);
-            if (body_len + len > res->req->resp_limit) {
+            if (body_len + (apr_off_t)len > res->req->resp_limit) {
                 return 0; /* signal curl failure */
             }
         }
@@ -117,7 +117,7 @@ static size_t header_cb(void *buffer, si
     md_http_response_t *res = baton;
     size_t len, clen = elen * nmemb;
     const char *name = NULL, *value = "", *b = buffer;
-    int i;
+    apr_size_t i;
     
     len = (clen && b[clen-1] == '\n')? clen-1 : clen;
     len = (len && b[len-1] == '\r')? len-1 : len;
@@ -183,7 +183,7 @@ static int curlify_headers(void *baton,
 static apr_status_t curl_perform(md_http_request_t *req)
 {
     apr_status_t rv = APR_SUCCESS;
-    int curle;
+    CURLcode curle;
     md_http_response_t *res;
     CURL *curl;
     struct curl_slist *req_hdrs = NULL;
@@ -219,6 +219,9 @@ static apr_status_t curl_perform(md_http
     if (req->user_agent) {
         curl_easy_setopt(curl, CURLOPT_USERAGENT, req->user_agent);
     }
+    if (req->proxy_url) {
+        curl_easy_setopt(curl, CURLOPT_PROXY, req->proxy_url);
+    }
     if (!apr_is_empty_table(req->headers)) {
         curlify_hdrs_ctx ctx;
         
@@ -253,7 +256,8 @@ static apr_status_t curl_perform(md_http
     }
     else {
         md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, res->rv, req->pool, 
-                      "request %ld failed(%d): %s", req->id, curle, curl_easy_strerror(curle));
+                      "request %ld failed(%d): %s", req->id, curle, 
+                      curl_easy_strerror(curle));
     }
     
     if (req->cb) {
@@ -296,6 +300,7 @@ static md_http_impl_t impl = {
 md_http_impl_t * md_curl_get_impl(apr_pool_t *p)
 {
     /* trigger early global curl init, before we are down a rabbit hole */
+    (void)p;
     md_curl_init();
     return &impl;
 }

Modified: httpd/httpd/branches/2.4.x-mod_md/modules/md/md_http.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-mod_md/modules/md/md_http.c?rev=1816423&r1=1804530&r2=1816423&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-mod_md/modules/md/md_http.c (original)
+++ httpd/httpd/branches/2.4.x-mod_md/modules/md/md_http.c Mon Nov 27 10:44:56 2017
@@ -27,6 +27,7 @@ struct md_http_t {
     apr_off_t resp_limit;
     md_http_impl_t *impl;
     const char *user_agent;
+    const char *proxy_url;
 };
 
 static md_http_impl_t *cur_impl;
@@ -42,7 +43,8 @@ void md_http_use_implementation(md_http_
 
 static long next_req_id;
 
-apr_status_t md_http_create(md_http_t **phttp, apr_pool_t *p, const char *user_agent)
+apr_status_t md_http_create(md_http_t **phttp, apr_pool_t *p, const char *user_agent,
+                            const char *proxy_url)
 {
     md_http_t *http;
     apr_status_t rv = APR_SUCCESS;
@@ -65,6 +67,7 @@ apr_status_t md_http_create(md_http_t **
     http->pool = p;
     http->impl = cur_impl;
     http->user_agent = apr_pstrdup(p, user_agent);
+    http->proxy_url = proxy_url? apr_pstrdup(p, proxy_url) : NULL;
     http->bucket_alloc = apr_bucket_alloc_create(p);
     if (!http->bucket_alloc) {
         return APR_EGENERAL;
@@ -103,6 +106,7 @@ static apr_status_t req_create(md_http_r
     req->cb = cb;
     req->baton = baton;
     req->user_agent = http->user_agent;
+    req->proxy_url = http->proxy_url;
 
     *preq = req;
     return rv;
@@ -232,6 +236,8 @@ apr_status_t md_http_POSTd(md_http_t *ht
 
 apr_status_t md_http_await(md_http_t *http, long req_id)
 {
+    (void)http;
+    (void)req_id;
     return APR_SUCCESS;
 }
 

Modified: httpd/httpd/branches/2.4.x-mod_md/modules/md/md_http.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-mod_md/modules/md/md_http.h?rev=1816423&r1=1804530&r2=1816423&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-mod_md/modules/md/md_http.h (original)
+++ httpd/httpd/branches/2.4.x-mod_md/modules/md/md_http.h Mon Nov 27 10:44:56 2017
@@ -35,6 +35,7 @@ struct md_http_request_t {
     const char *method;
     const char *url;
     const char *user_agent;
+    const char *proxy_url;
     apr_table_t *headers;
     struct apr_bucket_brigade *body;
     apr_off_t body_len;
@@ -52,7 +53,8 @@ struct md_http_response_t {
     struct apr_bucket_brigade *body;
 };
 
-apr_status_t md_http_create(md_http_t **phttp, apr_pool_t *p, const char *user_agent);
+apr_status_t md_http_create(md_http_t **phttp, apr_pool_t *p, const char *user_agent,
+                            const char *proxy_url);
 
 void md_http_set_response_limit(md_http_t *http, apr_off_t resp_limit);
 

Modified: httpd/httpd/branches/2.4.x-mod_md/modules/md/md_json.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-mod_md/modules/md/md_json.c?rev=1816423&r1=1804530&r2=1816423&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-mod_md/modules/md/md_json.c (original)
+++ httpd/httpd/branches/2.4.x-mod_md/modules/md/md_json.c Mon Nov 27 10:44:56 2017
@@ -25,19 +25,26 @@
 /* jansson thinks everyone compiles with the platform's cc in its fullest capabilities
  * when undefining their INLINEs, we get static, unused functions, arg 
  */
+#if defined(__GNUC__)
 #pragma GCC diagnostic push
-#pragma GCC diagnostic ignored "-Wunknown-pragmas"
 #pragma GCC diagnostic ignored "-Wunreachable-code"
+#endif
+#if defined(__clang__)
 #pragma clang diagnostic push
 #pragma clang diagnostic ignored "-Wunused-function"
+#endif
 
 #include <jansson_config.h>
-#undef   JSON_INLINE
+#undef  JSON_INLINE
 #define JSON_INLINE 
 #include <jansson.h>
 
-#pragma clang diagnostic pop
+#if defined(__GNUC__)
 #pragma GCC diagnostic pop
+#endif
+#if defined(__clang__)
+#pragma clang diagnostic pop
+#endif
 
 struct md_json_t {
     apr_pool_t *p;
@@ -45,7 +52,7 @@ struct md_json_t {
 };
 
 /**************************************************************************************************/
-/* lifecylce */
+/* lifecycle */
 
 static apr_status_t json_pool_cleanup(void *data)
 {

Modified: httpd/httpd/branches/2.4.x-mod_md/modules/md/md_log.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-mod_md/modules/md/md_log.c?rev=1816423&r1=1804530&r2=1816423&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-mod_md/modules/md/md_log.c (original)
+++ httpd/httpd/branches/2.4.x-mod_md/modules/md/md_log.c Mon Nov 27 10:44:56 2017
@@ -42,10 +42,7 @@ static const char *level_names[] = {
 
 const char *md_log_level_name(md_log_level_t level)
 {
-    if ((int)level < (sizeof(level_names)/sizeof(level_names[0]))) {
-        return level_names[level];
-    }
-    return "???";
+    return level_names[level];
 }
 
 static md_log_print_cb *log_printv;

Modified: httpd/httpd/branches/2.4.x-mod_md/modules/md/md_reg.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-mod_md/modules/md/md_reg.c?rev=1816423&r1=1804530&r2=1816423&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-mod_md/modules/md/md_reg.c (original)
+++ httpd/httpd/branches/2.4.x-mod_md/modules/md/md_reg.c Mon Nov 27 10:44:56 2017
@@ -37,15 +37,37 @@
 struct md_reg_t {
     struct md_store_t *store;
     struct apr_hash_t *protos;
-    int was_synched;
     int can_http;
     int can_https;
+    const char *proxy_url;
 };
 
 /**************************************************************************************************/
 /* life cycle */
 
-apr_status_t md_reg_init(md_reg_t **preg, apr_pool_t *p, struct md_store_t *store)
+static apr_status_t load_props(md_reg_t *reg, apr_pool_t *p)
+{
+    md_json_t *json;
+    apr_status_t rv;
+    
+    rv = md_store_load(reg->store, MD_SG_NONE, NULL, MD_FN_HTTPD_JSON, 
+                       MD_SV_JSON, (void**)&json, p);
+    if (APR_SUCCESS == rv) {
+        if (md_json_has_key(json, MD_KEY_PROTO, MD_KEY_HTTP, NULL)) {
+            reg->can_http = md_json_getb(json, MD_KEY_PROTO, MD_KEY_HTTP, NULL);
+        }
+        if (md_json_has_key(json, MD_KEY_PROTO, MD_KEY_HTTPS, NULL)) {
+            reg->can_https = md_json_getb(json, MD_KEY_PROTO, MD_KEY_HTTPS, NULL);
+        }
+    }
+    else if (APR_STATUS_IS_ENOENT(rv)) {
+        rv = APR_SUCCESS;
+    }
+    return rv;
+}
+
+apr_status_t md_reg_init(md_reg_t **preg, apr_pool_t *p, struct md_store_t *store,
+                         const char *proxy_url)
 {
     md_reg_t *reg;
     apr_status_t rv;
@@ -55,8 +77,11 @@ apr_status_t md_reg_init(md_reg_t **preg
     reg->protos = apr_hash_make(p);
     reg->can_http = 1;
     reg->can_https = 1;
+    reg->proxy_url = proxy_url? apr_pstrdup(p, proxy_url) : NULL;
     
-    rv = md_acme_protos_add(reg->protos, p);
+    if (APR_SUCCESS == (rv = md_acme_protos_add(reg->protos, p))) {
+        rv = load_props(reg, p);
+    }
     
     *preg = (rv == APR_SUCCESS)? reg : NULL;
     return rv;
@@ -151,18 +176,18 @@ static apr_status_t check_values(md_reg_
 /**************************************************************************************************/
 /* state assessment */
 
-static apr_status_t state_init(md_reg_t *reg, apr_pool_t *p, md_t *md)
+static apr_status_t state_init(md_reg_t *reg, apr_pool_t *p, md_t *md, int save_changes)
 {
     md_state_t state = MD_S_UNKNOWN;
     const md_creds_t *creds;
     const md_cert_t *cert;
-    apr_time_t expires = 0;
+    apr_time_t expires = 0, valid_from = 0;
     apr_status_t rv;
     int i;
 
     if (APR_SUCCESS == (rv = md_reg_creds_get(&creds, reg, MD_SG_DOMAINS, md, p))) {
         state = MD_S_INCOMPLETE;
-        if (!creds->pkey) {
+        if (!creds->privkey) {
             md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p, 
                           "md{%s}: incomplete, without private key", md->name);
         }
@@ -170,12 +195,8 @@ static apr_status_t state_init(md_reg_t
             md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p, 
                           "md{%s}: incomplete, has key but no certificate", md->name);
         }
-        else if (!creds->chain) {
-            md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p, 
-                          "md{%s}: incomplete, has key and certificate, but no chain file.", 
-                          md->name);
-        }
         else {
+            valid_from = md_cert_get_not_before(creds->cert);
             expires = md_cert_get_not_after(creds->cert);
             if (md_cert_has_expired(creds->cert)) {
                 state = MD_S_EXPIRED;
@@ -198,8 +219,8 @@ static apr_status_t state_init(md_reg_t
                 goto out;
             }
 
-            for (i = 0; i < creds->chain->nelts; ++i) {
-                cert = APR_ARRAY_IDX(creds->chain, i, const md_cert_t *);
+            for (i = 1; i < creds->pubcert->nelts; ++i) {
+                cert = APR_ARRAY_IDX(creds->pubcert, i, const md_cert_t *);
                 if (!md_cert_is_valid_now(cert)) {
                     state = MD_S_ERROR;
                     md_log_perror(MD_LOG_MARK, MD_LOG_ERR, rv, p, 
@@ -220,52 +241,35 @@ out:
         state = MD_S_ERROR;
         md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, rv, p, "md{%s}: error", md->name);
     }
+    
+    if (save_changes && md->state == state
+        && md->valid_from == valid_from && md->expires == expires) {
+        save_changes = 0;
+    }
     md->state = state;
+    md->valid_from = valid_from;
     md->expires = expires;
-    return rv;
-}
-
-static apr_status_t state_vinit(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap)
-{
-    md_reg_t *reg = baton;
-    md_t *md = va_arg(ap, md_t *);
-    
-    return state_init(reg, p, md);
-}
-
-static apr_status_t md_state_init(md_reg_t *reg, md_t *md, apr_pool_t *p)
-{
-    return md_util_pool_vdo(state_vinit, reg, p, md, NULL);
-}
-
-static md_t *state_check(md_reg_t *reg, md_t *md, apr_pool_t *p) 
-{
-    if (md) {
-        int ostate = md->state;
-        if (APR_SUCCESS == state_init(reg, p, md) && md->state != ostate) {
-            md_save(reg->store, p, MD_SG_DOMAINS, md, 0);
-        }
+    if (save_changes && APR_SUCCESS == rv) {
+        return md_save(reg->store, p, MD_SG_DOMAINS, md, 0);
     }
-    return md;
+    return rv;
 }
 
 apr_status_t md_reg_assess(md_reg_t *reg, md_t *md, int *perrored, int *prenew, apr_pool_t *p)
 {
     int renew = 0;
     int errored = 0;
-    apr_time_t now = apr_time_now();
     
+    (void)reg;
     switch (md->state) {
         case MD_S_UNKNOWN:
-            md_log_perror( MD_LOG_MARK, MD_LOG_ERR, 0, p, "md(%s): in unkown state.", md->name);
+            md_log_perror( MD_LOG_MARK, MD_LOG_ERR, 0, p, "md(%s): in unknown state.", md->name);
             break;
         case MD_S_ERROR:
             md_log_perror( MD_LOG_MARK, MD_LOG_ERR, 0, p,  
-                         "md(%s): in error state, unable to drive forward. It could "
-                         "be that files have gotten corrupted. You may check with "
-                         "a2md the status of this managed domain to diagnose the "
-                         " problem. As a last resort, you may delete the files for "
-                         " this md and start all over.", md->name);
+                         "md(%s): in error state, unable to drive forward. If unable to "
+                         " detect the cause, you may remove the staging or even domain "
+                         " sub-directory for this MD and start all over.", md->name);
             errored = 1;
             break;
         case MD_S_COMPLETE:
@@ -274,22 +278,21 @@ apr_status_t md_reg_assess(md_reg_t *reg
                              "md(%s): looks complete, but has unknown expiration date.", md->name);
                 errored = 1;
             }
-            else if (md->expires <= now) {
+            else if (md->expires <= apr_time_now()) {
                 /* Maybe we hibernated in the meantime? */
                 md->state = MD_S_EXPIRED;
                 renew = 1;
             }
-            else if ((md->expires - now) <= md->renew_window) {
-                int days = (int)(apr_time_sec(md->expires - now) / MD_SECS_PER_DAY);
-                md_log_perror( MD_LOG_MARK, MD_LOG_DEBUG, 0, p,  
-                              "md(%s): %d days to expiry, attempt renewal", md->name, days);
-                renew = 1;
+            else {
+                renew = md_should_renew(md);
             }
             break;
         case MD_S_INCOMPLETE:
         case MD_S_EXPIRED:
             renew = 1;
             break;
+        case MD_S_MISSING:
+            break;
     }
     *prenew = renew;
     *perrored = errored;
@@ -311,8 +314,9 @@ static int reg_md_iter(void *baton, md_s
 {
     reg_do_ctx *ctx = baton;
     
+    (void)store;
     if (!ctx->exclude || strcmp(ctx->exclude, md->name)) {
-        md = state_check(ctx->reg, (md_t*)md, ptemp);
+        state_init(ctx->reg, ptemp, (md_t*)md, 1);
         return ctx->cb(ctx->baton, ctx->reg, md);
     }
     return 1;
@@ -343,7 +347,8 @@ md_t *md_reg_get(md_reg_t *reg, const ch
     md_t *md;
     
     if (APR_SUCCESS == md_load(reg->store, MD_SG_DOMAINS, name, &md, p)) {
-        return state_check(reg, md, p);
+        state_init(reg, p, md, 1);
+        return md;
     }
     return NULL;
 }
@@ -357,6 +362,7 @@ static int find_domain(void *baton, md_r
 {
     find_domain_ctx *ctx = baton;
     
+    (void)reg;
     if (md_contains(md, ctx->domain, 0)) {
         ctx->md = md;
         return 0;
@@ -372,12 +378,15 @@ md_t *md_reg_find(md_reg_t *reg, const c
     ctx.md = NULL;
     
     md_reg_do(find_domain, &ctx, reg, p);
-    return state_check(reg, (md_t*)ctx.md, p);
+    if (ctx.md) {
+        state_init(reg, p, ctx.md, 1);
+    }
+    return ctx.md;
 }
 
 typedef struct {
     const md_t *md_checked;
-    const md_t *md;
+    md_t *md;
     const char *s;
 } find_overlap_ctx;
 
@@ -386,6 +395,7 @@ static int find_overlap(void *baton, md_
     find_overlap_ctx *ctx = baton;
     const char *overlap;
     
+    (void)reg;
     if ((overlap = md_common_name(ctx->md_checked, md))) {
         ctx->md = md;
         ctx->s = overlap;
@@ -406,25 +416,20 @@ md_t *md_reg_find_overlap(md_reg_t *reg,
     if (pdomain && ctx.s) {
         *pdomain = ctx.s;
     }
-    return state_check(reg, (md_t*)ctx.md, p);
+    if (ctx.md) {
+        state_init(reg, p, ctx.md, 1);
+    }
+    return ctx.md;
 }
 
 apr_status_t md_reg_get_cred_files(md_reg_t *reg, const md_t *md, apr_pool_t *p,
-                                   const char **pkeyfile, const char **pcertfile,
-                                   const char **pchainfile)
+                                   const char **pkeyfile, const char **pcertfile)
 {
     apr_status_t rv;
     
-    rv = md_store_get_fname(pkeyfile, reg->store, MD_SG_DOMAINS, md->name, MD_FN_PKEY, p);
+    rv = md_store_get_fname(pkeyfile, reg->store, MD_SG_DOMAINS, md->name, MD_FN_PRIVKEY, p);
     if (APR_SUCCESS == rv) {
-        rv = md_store_get_fname(pcertfile, reg->store, MD_SG_DOMAINS, md->name, MD_FN_CERT, p);
-    }
-    if (APR_SUCCESS == rv) {
-        rv = md_store_get_fname(pchainfile, reg->store, MD_SG_DOMAINS, md->name, MD_FN_CHAIN, p);
-        if (APR_STATUS_IS_ENOENT(rv)) {
-            *pchainfile = NULL;
-            rv = APR_SUCCESS;
-        }
+        rv = md_store_get_fname(pcertfile, reg->store, MD_SG_DOMAINS, md->name, MD_FN_PUBCERT, p);
     }
     return rv;
 }
@@ -441,7 +446,7 @@ static apr_status_t p_md_add(void *baton
     md = va_arg(ap, md_t *);
     mine = md_clone(ptemp, md);
     if (APR_SUCCESS == (rv = check_values(reg, ptemp, md, MD_UPD_ALL))
-        && APR_SUCCESS == (rv = md_state_init(reg, mine, ptemp))
+        && APR_SUCCESS == (rv = state_init(reg, ptemp, mine, 0))
         && APR_SUCCESS == (rv = md_save(reg->store, p, MD_SG_DOMAINS, mine, 1))) {
     }
     return rv;
@@ -511,6 +516,7 @@ static apr_status_t p_md_update(void *ba
     }
     if (MD_UPD_RENEW_WINDOW & fields) {
         md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, 0, ptemp, "update renew-window: %s", name);
+        nmd->renew_norm = updates->renew_norm;
         nmd->renew_window = updates->renew_window;
     }
     if (MD_UPD_CA_CHALLENGES & fields) {
@@ -518,9 +524,28 @@ static apr_status_t p_md_update(void *ba
         nmd->ca_challenges = (updates->ca_challenges? 
                               apr_array_copy(p, updates->ca_challenges) : NULL);
     }
+    if (MD_UPD_PKEY_SPEC & fields) {
+        md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, 0, ptemp, "update pkey spec: %s", name);
+        nmd->pkey_spec = NULL;
+        if (updates->pkey_spec) {
+            nmd->pkey_spec = apr_pmemdup(p, updates->pkey_spec, sizeof(md_pkey_spec_t));
+        }
+    }
+    if (MD_UPD_REQUIRE_HTTPS & fields) {
+        md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, 0, ptemp, "update require-https: %s", name);
+        nmd->require_https = updates->require_https;
+    }
+    if (MD_UPD_TRANSITIVE & fields) {
+        md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, 0, ptemp, "update transitive: %s", name);
+        nmd->transitive = updates->transitive;
+    }
+    if (MD_UPD_MUST_STAPLE & fields) {
+        md_log_perror(MD_LOG_MARK, MD_LOG_TRACE1, 0, ptemp, "update must-staple: %s", name);
+        nmd->must_staple = updates->must_staple;
+    }
     
     if (fields && APR_SUCCESS == (rv = md_save(reg->store, p, MD_SG_DOMAINS, nmd, 0))) {
-        rv = md_state_init(reg, nmd, ptemp);
+        rv = state_init(reg, ptemp, nmd, 0);
     }
     return rv;
 }
@@ -542,29 +567,28 @@ static int ok_or_noent(apr_status_t rv)
 static apr_status_t creds_load(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap)
 {
     md_reg_t *reg = baton;
-    apr_status_t rv;
-    md_cert_t *cert;
-    md_pkey_t *pkey;
-    apr_array_header_t *chain;
+    md_pkey_t *privkey;
+    apr_array_header_t *pubcert;
     md_creds_t *creds, **pcreds;
     const md_t *md;
     md_cert_state_t cert_state;
     md_store_group_t group;
+    apr_status_t rv;
     
     pcreds = va_arg(ap, md_creds_t **);
-    group = va_arg(ap, int);
+    group = (md_store_group_t)va_arg(ap, int);
     md = va_arg(ap, const md_t *);
     
-    if (ok_or_noent(rv = md_cert_load(reg->store, group, md->name, &cert, p))
-        && ok_or_noent(rv = md_pkey_load(reg->store, group, md->name, &pkey, p))
-        && ok_or_noent(rv = md_chain_load(reg->store, group, md->name, &chain, p))) {
+    if (ok_or_noent(rv = md_pkey_load(reg->store, group, md->name, &privkey, p))
+        && ok_or_noent(rv = md_pubcert_load(reg->store, group, md->name, &pubcert, p))) {
         rv = APR_SUCCESS;
             
         creds = apr_pcalloc(p, sizeof(*creds));
-        creds->cert = cert;
-        creds->pkey = pkey;
-        creds->chain = chain;
-        
+        creds->privkey = privkey;
+        if (pubcert && pubcert->nelts > 0) {
+            creds->pubcert = pubcert;
+            creds->cert = APR_ARRAY_IDX(pubcert, 0, md_cert_t *);
+        }
         if (creds->cert) {
             switch ((cert_state = md_cert_state_get(creds->cert))) {
                 case MD_CERT_VALID:
@@ -609,38 +633,27 @@ static int find_changes(void *baton, md_
 {
     sync_ctx *ctx = baton;
 
+    (void)store;
+    (void)ptemp;
     APR_ARRAY_PUSH(ctx->store_mds, const md_t*) = md_clone(ctx->p, md);
     return 1;
 }
 
-static apr_status_t load_props(md_reg_t *reg, apr_pool_t *p)
+apr_status_t md_reg_set_props(md_reg_t *reg, apr_pool_t *p, int can_http, int can_https)
 {
-    md_json_t *json;
-    apr_status_t rv;
-    
-    rv = md_store_load(reg->store, MD_SG_NONE, NULL, MD_FN_HTTPD_JSON, 
-                       MD_SV_JSON, (void**)&json, p);
-    if (APR_SUCCESS == rv) {
-        if (md_json_has_key(json, MD_KEY_PROTO, MD_KEY_HTTP, NULL)) {
-            reg->can_http = md_json_getb(json, MD_KEY_PROTO, MD_KEY_HTTP, NULL);
-        }
-        if (md_json_has_key(json, MD_KEY_PROTO, MD_KEY_HTTPS, NULL)) {
-            reg->can_https = md_json_getb(json, MD_KEY_PROTO, MD_KEY_HTTPS, NULL);
-        }
-    }
-    else if (APR_STATUS_IS_ENOENT(rv)) {
-        rv = APR_SUCCESS;
+    if (reg->can_http != can_http || reg->can_https != can_https) {
+        md_json_t *json;
+        
+        reg->can_http = can_http;
+        reg->can_https = can_https;
+        
+        json = md_json_create(p);
+        md_json_setb(can_http, json, MD_KEY_PROTO, MD_KEY_HTTP, NULL);
+        md_json_setb(can_https, json, MD_KEY_PROTO, MD_KEY_HTTPS, NULL);
+        
+        return md_store_save(reg->store, p, MD_SG_NONE, NULL, MD_FN_HTTPD_JSON, MD_SV_JSON, json, 0);
     }
-    return rv;
-}
-
-static apr_status_t sync_props(md_reg_t *reg, apr_pool_t *p, int can_http, int can_https)
-{
-    md_json_t *json = md_json_create(p);
-    md_json_setb(can_http, json, MD_KEY_PROTO, MD_KEY_HTTP, NULL);
-    md_json_setb(can_https, json, MD_KEY_PROTO, MD_KEY_HTTPS, NULL);
-    
-    return md_store_save(reg->store, p, MD_SG_NONE, NULL, MD_FN_HTTPD_JSON, MD_SV_JSON, json, 0);
+    return APR_SUCCESS;
 }
  
 /**
@@ -660,19 +673,12 @@ static apr_status_t sync_props(md_reg_t
  *   c. compare MD acme url/protocol, update if changed
  */
 apr_status_t md_reg_sync(md_reg_t *reg, apr_pool_t *p, apr_pool_t *ptemp, 
-                         apr_array_header_t *master_mds, int can_http, int can_https) 
+                         apr_array_header_t *master_mds) 
 {
     sync_ctx ctx;
     md_store_t *store = reg->store;
     apr_status_t rv;
 
-    if (APR_SUCCESS != (rv = sync_props(reg, ptemp, can_http, can_https))) {
-        reg->was_synched = 0;
-        return rv;
-    }
-    
-    reg->was_synched = 1;
-    
     ctx.p = ptemp;
     ctx.conf_mds = master_mds;
     ctx.store_mds = apr_array_make(ptemp, 100, sizeof(md_t *));
@@ -756,6 +762,10 @@ apr_status_t md_reg_sync(md_reg_t *reg,
                     smd->ca_agreement = md->ca_agreement;
                     fields |= MD_UPD_AGREEMENT;
                 }
+                if (MD_VAL_UPDATE(md, smd, transitive)) {
+                    smd->transitive = md->transitive;
+                    fields |= MD_UPD_TRANSITIVE;
+                }
                 if (MD_VAL_UPDATE(md, smd, drive_mode)) {
                     smd->drive_mode = md->drive_mode;
                     fields |= MD_UPD_DRIVE_MODE;
@@ -765,22 +775,42 @@ apr_status_t md_reg_sync(md_reg_t *reg,
                     smd->contacts = md->contacts;
                     fields |= MD_UPD_CONTACTS;
                 }
-                if (MD_VAL_UPDATE(md, smd, renew_window)) {
+                if (MD_VAL_UPDATE(md, smd, renew_window) 
+                    || MD_VAL_UPDATE(md, smd, renew_norm)) {
                     md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, p, 
-                                  "%s: update renew_window, old=%ld, new=%ld", 
-                                  smd->name, (long)smd->renew_window, md->renew_window);
+                                  "%s: update renew norm=%ld, window=%ld", 
+                                  smd->name, (long)md->renew_norm, (long)md->renew_window);
+                    smd->renew_norm = md->renew_norm;
                     smd->renew_window = md->renew_window;
                     fields |= MD_UPD_RENEW_WINDOW;
                 }
                 if (md->ca_challenges) {
                     md->ca_challenges = md_array_str_compact(p, md->ca_challenges, 0);
-                    if (smd->ca_challenges 
-                        && !md_array_str_eq(md->ca_challenges, smd->ca_challenges, 0)) {
-                        smd->ca_challenges = (md->ca_challenges?
-                                              apr_array_copy(ptemp, md->ca_challenges) : NULL);
+                    if (!smd->ca_challenges 
+                        || !md_array_str_eq(md->ca_challenges, smd->ca_challenges, 0)) {
+                        smd->ca_challenges = apr_array_copy(ptemp, md->ca_challenges);
                         fields |= MD_UPD_CA_CHALLENGES;
                     }
                 }
+                else if (smd->ca_challenges) {
+                    smd->ca_challenges = NULL;
+                    fields |= MD_UPD_CA_CHALLENGES;
+                }
+                if (!md_pkey_spec_eq(md->pkey_spec, smd->pkey_spec)) {
+                    fields |= MD_UPD_PKEY_SPEC;
+                    smd->pkey_spec = NULL;
+                    if (md->pkey_spec) {
+                        smd->pkey_spec = apr_pmemdup(p, md->pkey_spec, sizeof(md_pkey_spec_t));
+                    }
+                }
+                if (MD_VAL_UPDATE(md, smd, require_https)) {
+                    smd->require_https = md->require_https;
+                    fields |= MD_UPD_REQUIRE_HTTPS;
+                }
+                if (MD_VAL_UPDATE(md, smd, must_staple)) {
+                    smd->must_staple = md->must_staple;
+                    fields |= MD_UPD_MUST_STAPLE;
+                }
                 
                 if (fields) {
                     rv = md_reg_update(reg, ptemp, smd->name, smd, fields);
@@ -814,19 +844,16 @@ static apr_status_t init_proto_driver(md
     /* If this registry instance was not synched before (and obtained server
      * properties that way), read them from the store.
      */
-    if (reg->was_synched 
-        || APR_SUCCESS == (rv = load_props(reg, p))) {
-
-        driver->proto = proto;
-        driver->p = p;
-        driver->challenge = challenge;
-        driver->can_http = reg->can_http;
-        driver->can_https = reg->can_https;
-        driver->reg = reg;
-        driver->store = md_reg_store_get(reg);
-        driver->md = md;
-        driver->reset = reset;
-    }
+    driver->proto = proto;
+    driver->p = p;
+    driver->challenge = challenge;
+    driver->can_http = reg->can_http;
+    driver->can_https = reg->can_https;
+    driver->reg = reg;
+    driver->store = md_reg_store_get(reg);
+    driver->proxy_url = reg->proxy_url;
+    driver->md = md;
+    driver->reset = reset;
 
     return rv;
 }
@@ -839,12 +866,15 @@ static apr_status_t run_stage(void *bato
     int reset;
     md_proto_driver_t *driver;
     const char *challenge;
+    apr_time_t *pvalid_from;
     apr_status_t rv;
     
+    (void)p;
     proto = va_arg(ap, const md_proto_t *);
     md = va_arg(ap, const md_t *);
     challenge = va_arg(ap, const char *);
     reset = va_arg(ap, int); 
+    pvalid_from = va_arg(ap, apr_time_t*);
     
     driver = apr_pcalloc(ptemp, sizeof(*driver));
     rv = init_proto_driver(driver, proto, reg, md, challenge, reset, ptemp);
@@ -853,13 +883,17 @@ static apr_status_t run_stage(void *bato
         
         md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, ptemp, "%s: run staging", md->name);
         rv = proto->stage(driver);
+
+        if (APR_SUCCESS == rv && pvalid_from) {
+            *pvalid_from = driver->stage_valid_from;
+        }
     }
     md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, rv, ptemp, "%s: staging done", md->name);
     return rv;
 }
 
 apr_status_t md_reg_stage(md_reg_t *reg, const md_t *md, const char *challenge, 
-                          int reset, apr_pool_t *p)
+                          int reset, apr_time_t *pvalid_from, apr_pool_t *p)
 {
     const md_proto_t *proto;
     
@@ -869,7 +903,7 @@ apr_status_t md_reg_stage(md_reg_t *reg,
         return APR_SUCCESS;
     }
     
-    proto = apr_hash_get(reg->protos, md->ca_proto, strlen(md->ca_proto));
+    proto = apr_hash_get(reg->protos, md->ca_proto, (apr_ssize_t)strlen(md->ca_proto));
     if (!proto) {
         md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, 0, p, 
                       "md %s has unknown CA protocol: %s", md->name, md->ca_proto);
@@ -877,7 +911,7 @@ apr_status_t md_reg_stage(md_reg_t *reg,
         return APR_EINVAL;
     }
     
-    return md_util_pool_vdo(run_stage, reg, p, proto, md, challenge, reset, NULL);
+    return md_util_pool_vdo(run_stage, reg, p, proto, md, challenge, reset, pvalid_from, NULL);
 }
 
 static apr_status_t run_load(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap)
@@ -907,7 +941,7 @@ static apr_status_t run_load(void *baton
         return APR_EINVAL;
     }
     
-    proto = apr_hash_get(reg->protos, md->ca_proto, strlen(md->ca_proto));
+    proto = apr_hash_get(reg->protos, md->ca_proto, (apr_ssize_t)strlen(md->ca_proto));
     if (!proto) {
         md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, 0, p, 
                       "md %s has unknown CA protocol: %s", md->name, md->ca_proto);
@@ -950,21 +984,3 @@ apr_status_t md_reg_load(md_reg_t *reg,
     return md_util_pool_vdo(run_load, reg, p, name, NULL);
 }
 
-apr_status_t md_reg_drive(md_reg_t *reg, md_t *md, const char *challenge,
-                          int reset, int force, apr_pool_t *p)
-{
-    apr_status_t rv;
-    int errored, renew;
-    
-    if (APR_SUCCESS == (rv = md_reg_assess(reg, md, &errored, &renew, p))) {
-        if (errored) {
-            rv = APR_EGENERAL;
-        }
-        else if (renew || force) {
-            if (APR_SUCCESS == (rv = md_reg_stage(reg, md, challenge, reset, p))) {
-                rv = md_reg_load(reg, md->name, p);
-            }
-        }
-    }
-    return rv;
-}

Modified: httpd/httpd/branches/2.4.x-mod_md/modules/md/md_reg.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-mod_md/modules/md/md_reg.h?rev=1816423&r1=1804530&r2=1816423&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-mod_md/modules/md/md_reg.h (original)
+++ httpd/httpd/branches/2.4.x-mod_md/modules/md/md_reg.h Mon Nov 27 10:44:56 2017
@@ -32,10 +32,13 @@ typedef struct md_reg_t md_reg_t;
  * Initialize the registry, using the pool and loading any existing information
  * from the store.
  */
-apr_status_t md_reg_init(md_reg_t **preg, apr_pool_t *pm, struct md_store_t *store);
+apr_status_t md_reg_init(md_reg_t **preg, apr_pool_t *pm, struct md_store_t *store,
+                         const char *proxy_url);
 
 struct md_store_t *md_reg_store_get(md_reg_t *reg);
 
+apr_status_t md_reg_set_props(md_reg_t *reg, apr_pool_t *p, int can_http, int can_https);
+
 /**
  * Add a new md to the registry. This will check the name for uniqueness and
  * that domain names do not overlap with already existing mds.
@@ -72,7 +75,7 @@ apr_status_t md_reg_assess(md_reg_t *reg
 typedef int md_reg_do_cb(void *baton, md_reg_t *reg, md_t *md);
 
 /**
- * Invoke callback for all mds in this registry. Order is not guarantueed.
+ * Invoke callback for all mds in this registry. Order is not guaranteed.
  * If the callback returns 0, iteration stops. Returns 0 if iteration was
  * aborted.
  */
@@ -81,17 +84,21 @@ int md_reg_do(md_reg_do_cb *cb, void *ba
 /**
  * Bitmask for fields that are updated.
  */
-#define MD_UPD_DOMAINS      0x0001
-#define MD_UPD_CA_URL       0x0002
-#define MD_UPD_CA_PROTO     0x0004
-#define MD_UPD_CA_ACCOUNT   0x0008
-#define MD_UPD_CONTACTS     0x0010
-#define MD_UPD_AGREEMENT    0x0020
-#define MD_UPD_CERT_URL     0x0040
-#define MD_UPD_DRIVE_MODE   0x0080
-#define MD_UPD_RENEW_WINDOW 0x0100
+#define MD_UPD_DOMAINS       0x0001
+#define MD_UPD_CA_URL        0x0002
+#define MD_UPD_CA_PROTO      0x0004
+#define MD_UPD_CA_ACCOUNT    0x0008
+#define MD_UPD_CONTACTS      0x0010
+#define MD_UPD_AGREEMENT     0x0020
+#define MD_UPD_CERT_URL      0x0040
+#define MD_UPD_DRIVE_MODE    0x0080
+#define MD_UPD_RENEW_WINDOW  0x0100
 #define MD_UPD_CA_CHALLENGES 0x0200
-#define MD_UPD_ALL          0x7FFF
+#define MD_UPD_PKEY_SPEC     0x0400
+#define MD_UPD_REQUIRE_HTTPS 0x0800
+#define MD_UPD_TRANSITIVE    0x1000
+#define MD_UPD_MUST_STAPLE   0x2000
+#define MD_UPD_ALL           0x7FFFFFFF
 
 /**
  * Update the given fields for the managed domain. Take the new
@@ -108,14 +115,13 @@ apr_status_t md_reg_creds_get(const md_c
                               md_store_group_t group, const md_t *md, apr_pool_t *p);
 
 apr_status_t md_reg_get_cred_files(md_reg_t *reg, const md_t *md, apr_pool_t *p,
-                                   const char **pkeyfile, const char **pcertfile,
-                                   const char **pchainfile);
+                                   const char **pkeyfile, const char **pcertfile);
 
 /**
  * Synchronise the give master mds with the store.
  */
 apr_status_t md_reg_sync(md_reg_t *reg, apr_pool_t *p, apr_pool_t *ptemp, 
-                         apr_array_header_t *master_mds, int can_http, int can_https);
+                         apr_array_header_t *master_mds);
 
 /**************************************************************************************************/
 /* protocol drivers */
@@ -135,6 +141,8 @@ struct md_proto_driver_t {
     const md_t *md;
     void *baton;
     int reset;
+    apr_time_t stage_valid_from;
+    const char *proxy_url;
 };
 
 typedef apr_status_t md_proto_init_cb(md_proto_driver_t *driver);
@@ -154,7 +162,8 @@ struct md_proto_t {
  * without interfering with any existing credentials.
  */
 apr_status_t md_reg_stage(md_reg_t *reg, const md_t *md, 
-                          const char *challenge, int reset, apr_pool_t *p);
+                          const char *challenge, int reset, 
+                          apr_time_t *pvalid_from, apr_pool_t *p);
 
 /**
  * Load a staged set of new credentials for the managed domain. This will archive
@@ -164,19 +173,4 @@ apr_status_t md_reg_stage(md_reg_t *reg,
  */
 apr_status_t md_reg_load(md_reg_t *reg, const char *name, apr_pool_t *p);
 
-/**
- * Drive the given managed domain toward completeness.
- * This is a convenience method that combines staging and, on success, loading
- * of a new managed domain credentials set.
- *
- * @param reg   the md registry
- * @param md    the managed domain to drive
- * @param challenge the challenge type to use or NULL for auto selection
- * @param reset remove any staging information that has been collected
- * @param force force driving even though it looks unnecessary (e.g. not epxired)
- * @param p     pool to use
- */
-apr_status_t md_reg_drive(md_reg_t *reg, md_t *md, 
-                          const char *challenge, int reset, int force, apr_pool_t *p);
-
 #endif /* mod_md_md_reg_h */

Modified: httpd/httpd/branches/2.4.x-mod_md/modules/md/md_store.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-mod_md/modules/md/md_store.c?rev=1816423&r1=1804530&r2=1816423&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-mod_md/modules/md/md_store.c (original)
+++ httpd/httpd/branches/2.4.x-mod_md/modules/md/md_store.c Mon Nov 27 10:44:56 2017
@@ -59,7 +59,7 @@ static const char *GROUP_NAME[] = {
 
 const char *md_store_group_name(int group)
 {
-    if (group < sizeof(GROUP_NAME)/sizeof(GROUP_NAME[0])) {
+    if ((size_t)group < sizeof(GROUP_NAME)/sizeof(GROUP_NAME[0])) {
         return GROUP_NAME[group];
     }
     return "UNKNOWN";
@@ -200,6 +200,7 @@ static apr_status_t p_remove(void *baton
     const char *name;
     int force;
     
+    (void)p;
     name = va_arg(ap, const char *);
     force = va_arg(ap, int);
 
@@ -232,13 +233,13 @@ typedef struct {
 apr_status_t md_pkey_load(md_store_t *store, md_store_group_t group, const char *name, 
                           md_pkey_t **ppkey, apr_pool_t *p)
 {
-    return md_store_load(store, group, name, MD_FN_PKEY, MD_SV_PKEY, (void**)ppkey, p);
+    return md_store_load(store, group, name, MD_FN_PRIVKEY, MD_SV_PKEY, (void**)ppkey, p);
 }
 
 apr_status_t md_pkey_save(md_store_t *store, apr_pool_t *p, md_store_group_t group, const char *name, 
                           struct md_pkey_t *pkey, int create)
 {
-    return md_store_save(store, p, group, name, MD_FN_PKEY, MD_SV_PKEY, pkey, create);
+    return md_store_save(store, p, group, name, MD_FN_PRIVKEY, MD_SV_PKEY, pkey, create);
 }
 
 apr_status_t md_cert_load(md_store_t *store, md_store_group_t group, const char *name, 
@@ -267,6 +268,19 @@ apr_status_t md_chain_save(md_store_t *s
     return md_store_save(store, p, group, name, MD_FN_CHAIN, MD_SV_CHAIN, chain, create);
 }
 
+apr_status_t md_pubcert_load(md_store_t *store, md_store_group_t group, const char *name, 
+                             struct apr_array_header_t **ppubcert, apr_pool_t *p)
+{
+    return md_store_load(store, group, name, MD_FN_PUBCERT, MD_SV_CHAIN, (void**)ppubcert, p);
+}
+
+apr_status_t md_pubcert_save(md_store_t *store, apr_pool_t *p, 
+                             md_store_group_t group, const char *name, 
+                             struct apr_array_header_t *pubcert, int create)
+{
+    return md_store_save(store, p, group, name, MD_FN_PUBCERT, MD_SV_CHAIN, pubcert, create);
+}
+
 typedef struct {
     md_store_t *store;
     md_store_group_t group;

Modified: httpd/httpd/branches/2.4.x-mod_md/modules/md/md_store.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-mod_md/modules/md/md_store.h?rev=1816423&r1=1804530&r2=1816423&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-mod_md/modules/md/md_store.h (original)
+++ httpd/httpd/branches/2.4.x-mod_md/modules/md/md_store.h Mon Nov 27 10:44:56 2017
@@ -146,5 +146,11 @@ apr_status_t md_chain_load(md_store_t *s
 apr_status_t md_chain_save(md_store_t *store, apr_pool_t *p, md_store_group_t group, 
                            const char *name, struct apr_array_header_t *chain, int create);
 
+apr_status_t md_pubcert_load(md_store_t *store, md_store_group_t group, const char *name, 
+                             struct apr_array_header_t **ppubcert, apr_pool_t *p);
+apr_status_t md_pubcert_save(md_store_t *store, apr_pool_t *p, 
+                             md_store_group_t group, const char *name, 
+                             struct apr_array_header_t *pubcert, int create);
+
 
 #endif /* mod_md_md_store_h */

Modified: httpd/httpd/branches/2.4.x-mod_md/modules/md/md_store_fs.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-mod_md/modules/md/md_store_fs.c?rev=1816423&r1=1804530&r2=1816423&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-mod_md/modules/md/md_store_fs.c (original)
+++ httpd/httpd/branches/2.4.x-mod_md/modules/md/md_store_fs.c Mon Nov 27 10:44:56 2017
@@ -37,7 +37,7 @@
 /**************************************************************************************************/
 /* file system based implementation of md_store_t */
 
-#define MD_STORE_VERSION        1.0
+#define MD_STORE_VERSION        3
 
 typedef struct {
     apr_fileperms_t dir;
@@ -60,8 +60,6 @@ struct md_store_fs_t {
     
     int port_80;
     int port_443;
-
-    const unsigned char *dupkey;
 };
 
 #define FS_STORE(store)     (md_store_fs_t*)(((char*)store)-offsetof(md_store_fs_t, s))
@@ -98,32 +96,93 @@ static apr_status_t init_store_file(md_s
 {
     md_json_t *json = md_json_create(p);
     const char *key64;
+    unsigned char *key;
     apr_status_t rv;
-    unsigned char key[FS_STORE_KLEN];
-    int i;
     
-    md_json_sets(MOD_MD_VERSION, json, MD_KEY_VERSION, NULL);
     md_json_setn(MD_STORE_VERSION, json, MD_KEY_STORE, MD_KEY_VERSION, NULL);
 
-    /*if (APR_SUCCESS != (rv = md_rand_bytes(key, sizeof(key), p))) {
+    s_fs->key_len = FS_STORE_KLEN;
+    s_fs->key = key = apr_pcalloc(p, FS_STORE_KLEN);
+    if (APR_SUCCESS != (rv = md_rand_bytes(key, s_fs->key_len, p))) {
         return rv;
-    }*/
-    for (i = 0; i < FS_STORE_KLEN; ++i) {
-        key[i] = 'a' + (i % 26);
-    } 
-
-    s_fs->key_len = sizeof(key);
-    s_fs->key = apr_pcalloc(p, sizeof(key) + 1);
-    memcpy((void*)s_fs->key, key, sizeof(key));
-    s_fs->dupkey = apr_pmemdup(p, key, sizeof(key));
+    }
         
-    key64 = md_util_base64url_encode((char *)key, sizeof(key), ptemp);
+    key64 = md_util_base64url_encode((char *)key, s_fs->key_len, ptemp);
     md_json_sets(key64, json, MD_KEY_KEY, NULL);
-    
     rv = md_json_fcreatex(json, ptemp, MD_JSON_FMT_INDENT, fname, MD_FPROT_F_UONLY);
     memset((char*)key64, 0, strlen(key64));
 
-    assert(memcmp(s_fs->key, s_fs->dupkey, FS_STORE_KLEN) == 0);
+    return rv;
+}
+
+static apr_status_t rename_pkey(void *baton, apr_pool_t *p, apr_pool_t *ptemp, 
+                                const char *dir, const char *name, 
+                                apr_filetype_e ftype)
+{
+    const char *from, *to;
+    apr_status_t rv = APR_SUCCESS;
+
+    (void)baton;
+    (void)ftype;
+    if (APR_SUCCESS == (rv = md_util_path_merge(&from, ptemp, dir, name, NULL))
+        && APR_SUCCESS == (rv = md_util_path_merge(&to, ptemp, dir, MD_FN_PRIVKEY, NULL))) {
+        md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, p, "renaming %s/%s to %s", 
+                      dir, name, MD_FN_PRIVKEY);
+        return apr_file_rename(from, to, ptemp);
+    }
+    return rv;
+}
+
+static apr_status_t mk_pubcert(void *baton, apr_pool_t *p, apr_pool_t *ptemp, 
+                               const char *dir, const char *name, 
+                               apr_filetype_e ftype)
+{
+    md_cert_t *cert;
+    apr_array_header_t *chain, *pubcert;
+    const char *fname, *fpubcert;
+    apr_status_t rv = APR_SUCCESS;
+    
+    (void)baton;
+    (void)ftype;
+    (void)p;
+    if (   APR_SUCCESS == (rv = md_util_path_merge(&fpubcert, ptemp, dir, MD_FN_PUBCERT, NULL))
+        && APR_STATUS_IS_ENOENT((rv = md_chain_fload(&pubcert, ptemp, fpubcert)))
+        && APR_SUCCESS == (rv = md_util_path_merge(&fname, ptemp, dir, name, NULL))
+        && APR_SUCCESS == (rv = md_cert_fload(&cert, ptemp, fname))
+        && APR_SUCCESS == (rv = md_util_path_merge(&fname, ptemp, dir, MD_FN_CHAIN, NULL))) {
+        
+        rv = md_chain_fload(&chain, ptemp, fname);
+        if (APR_STATUS_IS_ENOENT(rv)) {
+            chain = apr_array_make(ptemp, 1, sizeof(md_cert_t*));
+            rv = APR_SUCCESS;
+        }
+        if (APR_SUCCESS == rv) {
+            pubcert = apr_array_make(ptemp, chain->nelts + 1, sizeof(md_cert_t*));
+            APR_ARRAY_PUSH(pubcert, md_cert_t *) = cert;
+            apr_array_cat(pubcert, chain);
+            rv = md_chain_fsave(pubcert, ptemp, fpubcert, MD_FPROT_F_UONLY);
+        }
+    }
+    return rv;
+}
+
+static apr_status_t upgrade_from_1_0(md_store_fs_t *s_fs, apr_pool_t *p, apr_pool_t *ptemp)
+{
+    md_store_group_t g;
+    apr_status_t rv = APR_SUCCESS;
+    
+    (void)ptemp;
+    /* Migrate pkey.pem -> privkey.pem */
+    for (g = MD_SG_NONE; g < MD_SG_COUNT && APR_SUCCESS == rv; ++g) {
+        rv = md_util_files_do(rename_pkey, s_fs, p, s_fs->base, 
+                              md_store_group_name(g), "*", "pkey.pem", NULL);
+    }
+    /* Generate fullcert.pem from cert.pem and chain.pem where missing */
+    rv = md_util_files_do(mk_pubcert, s_fs, p, s_fs->base, 
+                          md_store_group_name(MD_SG_DOMAINS), "*", MD_FN_CERT, NULL);
+    rv = md_util_files_do(mk_pubcert, s_fs, p, s_fs->base, 
+                          md_store_group_name(MD_SG_ARCHIVE), "*", MD_FN_CERT, NULL);
+    
     return rv;
 }
 
@@ -131,7 +190,7 @@ static apr_status_t read_store_file(md_s
                                     apr_pool_t *p, apr_pool_t *ptemp)
 {
     md_json_t *json;
-    const char *key64;
+    const char *key64, *key;
     apr_status_t rv;
     double store_version;
     
@@ -145,22 +204,38 @@ static apr_status_t read_store_file(md_s
             md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "version too new: %s", store_version);
             return APR_EINVAL;
         }
-        else if (store_version > MD_STORE_VERSION) {
-            /* migrate future store version changes */
-        } 
-        
+
         key64 = md_json_dups(p, json, MD_KEY_KEY, NULL);
         if (!key64) {
             md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "missing key: %s", MD_KEY_KEY);
             return APR_EINVAL;
         }
         
-        s_fs->key_len = md_util_base64url_decode((const char **)&s_fs->key, key64, p);
-        if (s_fs->key_len < FS_STORE_KLEN) {
-            md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "key too short: %d", s_fs->key_len);
+        s_fs->key_len = md_util_base64url_decode(&key, key64, p);
+        s_fs->key = (const unsigned char*)key;
+        if (s_fs->key_len != FS_STORE_KLEN) {
+            md_log_perror(MD_LOG_MARK, MD_LOG_ERR, 0, p, "key length unexpected: %d", 
+                          s_fs->key_len);
             return APR_EINVAL;
         }
-        s_fs->dupkey = apr_pmemdup(p, s_fs->key, FS_STORE_KLEN);
+
+        /* Need to migrate format? */
+        if (store_version < MD_STORE_VERSION) {
+            if (store_version <= 1.0) {
+                md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, p, "migrating store v1 -> v2");
+                rv = upgrade_from_1_0(s_fs, p, ptemp);
+            }
+            if (store_version <= 2.0) {
+                md_log_perror(MD_LOG_MARK, MD_LOG_DEBUG, 0, p, "migrating store v2 -> v3");
+                md_json_del(json, MD_KEY_VERSION, NULL);
+            }
+            
+            if (APR_SUCCESS == rv) {
+                md_json_setn(MD_STORE_VERSION, json, MD_KEY_STORE, MD_KEY_VERSION, NULL);
+                rv = md_json_freplace(json, ptemp, MD_JSON_FMT_INDENT, fname, MD_FPROT_F_UONLY);
+           }
+           md_log_perror(MD_LOG_MARK, MD_LOG_INFO, rv, p, "migrated store");
+        } 
     }
     return rv;
 }
@@ -171,6 +246,7 @@ static apr_status_t setup_store_file(voi
     const char *fname;
     apr_status_t rv;
 
+    (void)ap;
     s_fs->plain_pkey[MD_SG_DOMAINS] = 1;
     s_fs->plain_pkey[MD_SG_TMP] = 1;
     
@@ -320,7 +396,6 @@ static void get_pass(const char **ppass,
         *plen = 0;
     }
     else {
-        assert(memcmp(s_fs->key, s_fs->dupkey, FS_STORE_KLEN) == 0);
         *ppass = (const char *)s_fs->key;
         *plen = s_fs->key_len;
     }
@@ -374,10 +449,10 @@ static apr_status_t pfs_load(void *baton
     void **pvalue;
     apr_status_t rv;
     
-    group = va_arg(ap, int);
+    group = (md_store_group_t)va_arg(ap, int);
     name = va_arg(ap, const char *);
     aspect = va_arg(ap, const char *);
-    vtype = va_arg(ap, int);
+    vtype = (md_store_vtype_t)va_arg(ap, int);
     pvalue= va_arg(ap, void **);
         
     rv = fs_get_fname(&fpath, &s_fs->s, group, name, aspect, ptemp);
@@ -390,6 +465,7 @@ static apr_status_t pfs_load(void *baton
 static apr_status_t dispatch(md_store_fs_t *s_fs, md_store_fs_ev_t ev, int group, 
                              const char *fname, apr_filetype_e ftype, apr_pool_t *p)
 {
+    (void)ev;
     if (s_fs->event_cb) {
         return s_fs->event_cb(s_fs->event_baton, &s_fs->s, MD_S_FS_EV_CREATED, 
                               group, fname, ftype, p);
@@ -438,8 +514,9 @@ static apr_status_t pfs_is_newer(void *b
     int *pnewer;
     apr_status_t rv;
     
-    group1 = va_arg(ap, int);
-    group2 = va_arg(ap, int);
+    (void)p;
+    group1 = (md_store_group_t)va_arg(ap, int);
+    group2 = (md_store_group_t)va_arg(ap, int);
     name = va_arg(ap, const char*);
     aspect = va_arg(ap, const char*);
     pnewer = va_arg(ap, int*);
@@ -483,10 +560,10 @@ static apr_status_t pfs_save(void *baton
     const char *pass;
     apr_size_t pass_len;
     
-    group = va_arg(ap, int);
+    group = (md_store_group_t)va_arg(ap, int);
     name = va_arg(ap, const char*);
     aspect = va_arg(ap, const char*);
-    vtype = va_arg(ap, int);
+    vtype = (md_store_vtype_t)va_arg(ap, int);
     value = va_arg(ap, void *);
     create = va_arg(ap, int);
     
@@ -540,7 +617,8 @@ static apr_status_t pfs_remove(void *bat
     apr_finfo_t info;
     md_store_group_t group;
     
-    group = va_arg(ap, int);
+    (void)p;
+    group = (md_store_group_t)va_arg(ap, int);
     name = va_arg(ap, const char*);
     aspect = va_arg(ap, const char *);
     force = va_arg(ap, int);
@@ -599,7 +677,8 @@ static apr_status_t pfs_purge(void *bato
     md_store_group_t group;
     apr_status_t rv;
     
-    group = va_arg(ap, int);
+    (void)p;
+    group = (md_store_group_t)va_arg(ap, int);
     name = va_arg(ap, const char*);
     
     groupname = md_store_group_name(group);
@@ -639,7 +718,8 @@ static apr_status_t insp(void *baton, ap
     apr_status_t rv;
     void *value;
     const char *fpath;
-    
+ 
+    (void)ftype;   
     md_log_perror(MD_LOG_MARK, MD_LOG_TRACE3, 0, ptemp, "inspecting value at: %s/%s", dir, name);
     if (APR_SUCCESS == (rv = md_util_path_merge(&fpath, ptemp, dir, name, NULL))) {
         rv = fs_fload(&value, ctx->s_fs, fpath, ctx->group, ctx->vtype, p, ptemp);
@@ -684,8 +764,9 @@ static apr_status_t pfs_move(void *baton
     int archive;
     apr_status_t rv;
     
-    from = va_arg(ap, int);
-    to = va_arg(ap, int);
+    (void)p;
+    from = (md_store_group_t)va_arg(ap, int);
+    to = (md_store_group_t)va_arg(ap, int);
     name = va_arg(ap, const char*);
     archive = va_arg(ap, int);
     

Modified: httpd/httpd/branches/2.4.x-mod_md/modules/md/md_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-mod_md/modules/md/md_util.c?rev=1816423&r1=1804530&r2=1816423&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-mod_md/modules/md/md_util.c (original)
+++ httpd/httpd/branches/2.4.x-mod_md/modules/md/md_util.c Mon Nov 27 10:44:56 2017
@@ -17,11 +17,10 @@
 
 #include <apr_lib.h>
 #include <apr_strings.h>
-#include <apr_file_io.h>
+#include <apr_portable.h>
 #include <apr_file_info.h>
 #include <apr_fnmatch.h>
 #include <apr_tables.h>
-#include <apr_time.h>
 #include <apr_uri.h>
 
 #include "md_log.h"
@@ -73,7 +72,7 @@ char *md_util_str_tolower(char *s)
 {
     char *orig = s;
     while (*s) {
-        *s = apr_tolower(*s);
+        *s = (char)apr_tolower(*s);
         ++s;
     }
     return orig;
@@ -297,6 +296,8 @@ static apr_status_t write_text(void *bat
 {
     const char *text = baton;
     apr_size_t len = strlen(text);
+    
+    (void)p;
     return apr_file_write_full(f, text, len, &len);
 }
 
@@ -374,6 +375,8 @@ static apr_status_t rm_recursive(const c
 static apr_status_t prm_recursive(void *baton, apr_pool_t *p, apr_pool_t *ptemp, va_list ap)
 {
     int max_level = va_arg(ap, int);
+    
+    (void)p;
     return rm_recursive(baton, ptemp, max_level); 
 }
 
@@ -567,6 +570,8 @@ static apr_status_t rm_cb(void *baton, a
     apr_status_t rv;
     const char *fpath;
     
+    (void)baton;
+    (void)p;
     rv = md_util_path_merge(&fpath, ptemp, path, name, NULL);
     if (APR_SUCCESS == rv) {
         if (APR_DIR == ftype) {
@@ -647,52 +652,54 @@ const char *md_util_schemify(apr_pool_t
     return apr_psprintf(p, "%s:%s", def_scheme, s);
 }
 
-apr_status_t md_util_abs_uri_check(apr_pool_t *p, const char *uri, const char **perr)
+static apr_status_t uri_check(apr_uri_t *uri_parsed, apr_pool_t *p, 
+                              const char *uri, const char **perr)
 {
     const char *s, *err = NULL;
-    apr_uri_t uri_parsed;
     apr_status_t rv;
     
-    if (APR_SUCCESS != (rv = apr_uri_parse(p, uri, &uri_parsed))) {
+    if (APR_SUCCESS != (rv = apr_uri_parse(p, uri, uri_parsed))) {
         err = "not an uri";
     }
-    else if (!uri_parsed.scheme) {
-        err = "missing uri scheme";
-    }
-    else if (strlen(uri_parsed.scheme) + 1 >= strlen(uri)) {
-        err = "missing uri identifier";
-    }
-    else if (strchr(uri, ' ') || strchr(uri, '\t') ) {
-        err = "whitespace in uri";
-    }
-    else if (!strncmp("http", uri_parsed.scheme, 4)) {
-        if (!uri_parsed.hostname) {
-            err = "missing hostname";
-        }
-        else if (!md_util_is_dns_name(p, uri_parsed.hostname, 0)) {
-            err = "invalid hostname";
+    else if (uri_parsed->scheme) {
+        if (strlen(uri_parsed->scheme) + 1 >= strlen(uri)) {
+            err = "missing uri identifier";
+        }
+        else if (!strncmp("http", uri_parsed->scheme, 4)) {
+            if (!uri_parsed->hostname) {
+                err = "missing hostname";
+            }
+            else if (!md_util_is_dns_name(p, uri_parsed->hostname, 0)) {
+                err = "invalid hostname";
+            }
+            if (uri_parsed->port_str 
+                && (!apr_isdigit(uri_parsed->port_str[0])
+                || uri_parsed->port == 0
+                || uri_parsed->port > 65353)) {
+                err = "invalid port";
+            }
         }
-        if (uri_parsed.port_str && (uri_parsed.port == 0 || uri_parsed.port > 65353)) {
-            err = "invalid port";
+        else if (!strcmp("mailto", uri_parsed->scheme)) {
+            s = strchr(uri, '@');
+            if (!s) {
+                err = "missing @";
+            }
+            else if (strchr(s+1, '@')) {
+                err = "duplicate @";
+            }
+            else if (s == uri + strlen(uri_parsed->scheme) + 1) {
+                err = "missing local part";
+            }
+            else if (s == (uri + strlen(uri)-1)) {
+                err = "missing hostname";
+            }
+            else if (strstr(uri, "..")) {
+                err = "double period";
+            }
         }
     }
-    else if (!strcmp("mailto", uri_parsed.scheme)) {
-        s = strchr(uri, '@');
-        if (!s) {
-            err = "missing @";
-        }
-        else if (strchr(s+1, '@')) {
-            err = "duplicate @";
-        }
-        else if (s == uri + strlen(uri_parsed.scheme) + 1) {
-            err = "missing local part";
-        }
-        else if (s == (uri + strlen(uri)-1)) {
-            err = "missing hostname";
-        }
-        else if (strstr(uri, "..")) {
-            err = "double period";
-        }
+    if (strchr(uri, ' ') || strchr(uri, '\t') ) {
+        err = "whitespace in uri";
     }
     
     if (err) {
@@ -702,7 +709,40 @@ apr_status_t md_util_abs_uri_check(apr_p
     return rv;
 }
 
-/* retry login ************************************************************************************/
+apr_status_t md_util_abs_uri_check(apr_pool_t *p, const char *uri, const char **perr)
+{
+    apr_uri_t uri_parsed;
+    apr_status_t rv;
+
+    if (APR_SUCCESS == (rv = uri_check(&uri_parsed, p, uri, perr))) {
+        if (!uri_parsed.scheme) {
+            *perr = "missing uri scheme";
+            return APR_EINVAL;
+        }
+    }
+    return rv;
+}
+
+apr_status_t md_util_abs_http_uri_check(apr_pool_t *p, const char *uri, const char **perr)
+{
+    apr_uri_t uri_parsed;
+    apr_status_t rv;
+
+    if (APR_SUCCESS == (rv = uri_check(&uri_parsed, p, uri, perr))) {
+        if (!uri_parsed.scheme) {
+            *perr = "missing uri scheme";
+            return APR_EINVAL;
+        }
+        if (apr_strnatcasecmp("http", uri_parsed.scheme) 
+            && apr_strnatcasecmp("https", uri_parsed.scheme)) {
+            *perr = "uri scheme must be http or https";
+            return APR_EINVAL;
+        }
+    }
+    return rv;
+}
+
+/* try and retry for a while **********************************************************************/
 
 apr_status_t md_util_try(md_util_try_fn *fn, void *baton, int ignore_errs, 
                          apr_interval_time_t timeout, apr_interval_time_t start_delay, 
@@ -746,28 +786,71 @@ apr_status_t md_util_try(md_util_try_fn
     return rv;
 }
 
+/* execute process ********************************************************************************/
+
+apr_status_t md_util_exec(apr_pool_t *p, const char *cmd, const char * const *argv,
+                          int *exit_code)
+{
+    apr_status_t rv;
+    apr_procattr_t *procattr;
+    apr_proc_t *proc;
+    apr_exit_why_e ewhy;
+
+    *exit_code = 0;
+    if (!(proc = apr_pcalloc(p, sizeof(*proc)))) {
+        return APR_ENOMEM;
+    }
+    if (   APR_SUCCESS == (rv = apr_procattr_create(&procattr, p))
+        && APR_SUCCESS == (rv = apr_procattr_io_set(procattr, APR_NO_FILE, 
+                                                    APR_NO_PIPE, APR_NO_PIPE))
+        && APR_SUCCESS == (rv = apr_procattr_cmdtype_set(procattr, APR_PROGRAM))
+        && APR_SUCCESS == (rv = apr_proc_create(proc, cmd, argv, NULL, procattr, p))
+        && APR_CHILD_DONE == (rv = apr_proc_wait(proc, exit_code, &ewhy, APR_WAIT))) {
+        /* let's not dwell on exit stati, but core should signal something's bad */
+        if (*exit_code > 127 || APR_PROC_SIGNAL_CORE == ewhy) {
+            return APR_EINCOMPLETE;
+        }
+        return APR_SUCCESS;
+    }
+    return rv;
+}
+
+
+/* date/time encoding *****************************************************************************/
+
+const char *md_print_duration(apr_pool_t *p, apr_interval_time_t duration)
+{
+    int secs = (int)(apr_time_sec(duration) % MD_SECS_PER_DAY);
+    return apr_psprintf(p, "%2d:%02d:%02d hours", 
+                        (int)secs/MD_SECS_PER_HOUR, (int)(secs%(MD_SECS_PER_HOUR))/60,
+                        (int)(secs%60));
+}
+
+
 /* base64 url encoding ****************************************************************************/
 
-static const int BASE64URL_UINT6[] = {
+#define N6 (unsigned int)-1
+
+static const unsigned int BASE64URL_UINT6[] = {
 /*   0   1   2   3   4   5   6   7   8   9   a   b   c   d   e   f        */
-    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*  0 */
-    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*  1 */ 
-    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, /*  2 */
-    52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, /*  3 */ 
-    -1, 0,  1,  2,  3,  4,  5,  6,   7,  8,  9, 10, 11, 12, 13, 14, /*  4 */
-    15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, 63, /*  5 */
-    -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /*  6 */
-    41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, /*  7 */
-    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*  8 */
-    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*  9 */
-    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*  a */
-    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*  b */
-    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*  c */
-    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*  d */
-    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*  e */
-    -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1  /*  f */
+    N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, /*  0 */
+    N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, /*  1 */ 
+    N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, 62, N6, N6, /*  2 */
+    52, 53, 54, 55, 56, 57, 58, 59, 60, 61, N6, N6, N6, N6, N6, N6, /*  3 */ 
+    N6, 0,  1,  2,  3,  4,  5,  6,   7,  8,  9, 10, 11, 12, 13, 14, /*  4 */
+    15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, N6, N6, N6, N6, 63, /*  5 */
+    N6, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, /*  6 */
+    41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, N6, N6, N6, N6, N6, /*  7 */
+    N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, /*  8 */
+    N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, /*  9 */
+    N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, /*  a */
+    N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, /*  b */
+    N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, /*  c */
+    N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, /*  d */
+    N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, /*  e */
+    N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6, N6  /*  f */
 };
-static const char BASE64URL_CHARS[] = {
+static const unsigned char BASE64URL_CHARS[] = {
     'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', /*  0 -  9 */
     'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', /* 10 - 19 */
     'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', /* 20 - 29 */
@@ -777,21 +860,23 @@ static const char BASE64URL_CHARS[] = {
     '8', '9', '-', '_', ' ', ' ', ' ', ' ', ' ', ' ', /* 60 - 69 */
 };
 
+#define BASE64URL_CHAR(x)    BASE64URL_CHARS[ (unsigned int)(x) & 0x3fu ]
+   
 apr_size_t md_util_base64url_decode(const char **decoded, const char *encoded, 
                                     apr_pool_t *pool)
 {
     const unsigned char *e = (const unsigned char *)encoded;
     const unsigned char *p = e;
     unsigned char *d;
-    int n;
-    apr_size_t len, mlen, remain, i;
+    unsigned int n;
+    long len, mlen, remain, i;
     
-    while (*p && BASE64URL_UINT6[ *p ] != -1) {
+    while (*p && BASE64URL_UINT6[ *p ] != N6) {
         ++p;
     }
-    len = p - e;
+    len = (int)(p - e);
     mlen = (len/4)*4;
-    *decoded = apr_pcalloc(pool, len+1);
+    *decoded = apr_pcalloc(pool, (apr_size_t)len + 1);
     
     i = 0;
     d = (unsigned char*)*decoded;
@@ -800,60 +885,59 @@ apr_size_t md_util_base64url_decode(cons
              (BASE64URL_UINT6[ e[i+1] ] << 12) +
              (BASE64URL_UINT6[ e[i+2] ] << 6) +
              (BASE64URL_UINT6[ e[i+3] ]));
-        *d++ = n >> 16;
-        *d++ = n >> 8 & 0xffu;
-        *d++ = n & 0xffu;
+        *d++ = (unsigned char)(n >> 16);
+        *d++ = (unsigned char)(n >> 8 & 0xffu);
+        *d++ = (unsigned char)(n & 0xffu);
     }
     remain = len - mlen;
     switch (remain) {
         case 2:
             n = ((BASE64URL_UINT6[ e[mlen+0] ] << 18) +
                  (BASE64URL_UINT6[ e[mlen+1] ] << 12));
-            *d++ = n >> 16;
+            *d++ = (unsigned char)(n >> 16);
             remain = 1;
             break;
         case 3:
             n = ((BASE64URL_UINT6[ e[mlen+0] ] << 18) +
                  (BASE64URL_UINT6[ e[mlen+1] ] << 12) +
                  (BASE64URL_UINT6[ e[mlen+2] ] << 6));
-            *d++ = n >> 16;
-            *d++ = n >> 8 & 0xffu;
+            *d++ = (unsigned char)(n >> 16);
+            *d++ = (unsigned char)(n >> 8 & 0xffu);
             remain = 2;
             break;
         default: /* do nothing */
             break;
     }
-    return mlen/4*3 + remain;
+    return (apr_size_t)(mlen/4*3 + remain);
 }
 
-const char *md_util_base64url_encode(const char *data, 
-                                     apr_size_t dlen, apr_pool_t *pool)
+const char *md_util_base64url_encode(const char *data, apr_size_t dlen, apr_pool_t *pool)
 {
-    long i, len = (int)dlen;
+    int i, len = (int)dlen;
     apr_size_t slen = ((dlen+2)/3)*4 + 1; /* 0 terminated */
     const unsigned char *udata = (const unsigned char*)data;
-    char *enc, *p = apr_pcalloc(pool, slen);
+    unsigned char *enc, *p = apr_pcalloc(pool, slen);
     
     enc = p;
     for (i = 0; i < len-2; i+= 3) {
-        *p++ = BASE64URL_CHARS[ (udata[i] >> 2) & 0x3fu ];
-        *p++ = BASE64URL_CHARS[ ((udata[i] << 4) + (udata[i+1] >> 4)) & 0x3fu ];
-        *p++ = BASE64URL_CHARS[ ((udata[i+1] << 2) + (udata[i+2] >> 6)) & 0x3fu ];
-        *p++ = BASE64URL_CHARS[ udata[i+2] & 0x3fu ];
+        *p++ = BASE64URL_CHAR( (udata[i]   >> 2) );
+        *p++ = BASE64URL_CHAR( (udata[i]   << 4) + (udata[i+1] >> 4) );
+        *p++ = BASE64URL_CHAR( (udata[i+1] << 2) + (udata[i+2] >> 6) );
+        *p++ = BASE64URL_CHAR( (udata[i+2]) );
     }
     
     if (i < len) {
-        *p++ = BASE64URL_CHARS[ (udata[i] >> 2) & 0x3fu ];
+        *p++ = BASE64URL_CHAR( (udata[i] >> 2) );
         if (i == (len - 1)) {
-            *p++ = BASE64URL_CHARS[ (udata[i] << 4) & 0x3fu ];
+            *p++ = BASE64URL_CHARS[ ((unsigned int)udata[i] << 4) & 0x3fu ];
         }
         else {
-            *p++ = BASE64URL_CHARS[ ((udata[i] << 4) + (udata[i+1] >> 4)) & 0x3fu ];
-            *p++ = BASE64URL_CHARS[ (udata[i+1] << 2) & 0x3fu ];
+            *p++ = BASE64URL_CHAR( (udata[i] << 4) + (udata[i+1] >> 4) );
+            *p++ = BASE64URL_CHAR( (udata[i+1] << 2) );
         }
     }
     *p++ = '\0';
-    return enc;
+    return (char *)enc;
 }
 
 /*******************************************************************************
@@ -863,12 +947,12 @@ const char *md_util_base64url_encode(con
 typedef struct {
     const char *s;
     apr_size_t slen;
-    int i;
-    int link_start;
+    apr_size_t i;
+    apr_size_t link_start;
     apr_size_t link_len;
-    int pn_start;
+    apr_size_t pn_start;
     apr_size_t pn_len;
-    int pv_start;
+    apr_size_t pv_start;
     apr_size_t pv_len;
 } link_ctx;
 
@@ -949,9 +1033,9 @@ static int skip_nonws(link_ctx *ctx)
     return (ctx->i < ctx->slen);
 }
 
-static int find_chr(link_ctx *ctx, char c, int *pidx)
+static unsigned int find_chr(link_ctx *ctx, char c, apr_size_t *pidx)
 {
-    int j;
+    apr_size_t j;
     for (j = ctx->i; j < ctx->slen; ++j) {
         if (ctx->s[j] == c) {
             *pidx = j;
@@ -973,7 +1057,7 @@ static int read_chr(link_ctx *ctx, char
 static int skip_qstring(link_ctx *ctx)
 {
     if (skip_ws(ctx) && read_chr(ctx, '\"')) {
-        int end;
+        apr_size_t end;
         if (find_chr(ctx, '\"', &end)) {
             ctx->i = end + 1;
             return 1;
@@ -985,7 +1069,7 @@ static int skip_qstring(link_ctx *ctx)
 static int skip_ptoken(link_ctx *ctx)
 {
     if (skip_ws(ctx)) {
-        int i;
+        apr_size_t i;
         for (i = ctx->i; i < ctx->slen && ptoken_char(ctx->s[i]); ++i) {
             /* nop */
         }
@@ -1002,7 +1086,7 @@ static int read_link(link_ctx *ctx)
 {
     ctx->link_start = ctx->link_len = 0;
     if (skip_ws(ctx) && read_chr(ctx, '<')) {
-        int end;
+        apr_size_t end;
         if (find_chr(ctx, '>', &end)) {
             ctx->link_start = ctx->i;
             ctx->link_len = end - ctx->link_start;
@@ -1016,7 +1100,7 @@ static int read_link(link_ctx *ctx)
 static int skip_pname(link_ctx *ctx)
 {
     if (skip_ws(ctx)) {
-        int i;
+        apr_size_t i;
         for (i = ctx->i; i < ctx->slen && attr_char(ctx->s[i]); ++i) {
             /* nop */
         }
@@ -1057,7 +1141,7 @@ static int skip_param(link_ctx *ctx)
 
 static int pv_contains(link_ctx *ctx, const char *s)
 {
-    int pvstart = ctx->pv_start;
+    apr_size_t pvstart = ctx->pv_start;
     apr_size_t pvlen = ctx->pv_len;
     
     if (ctx->s[pvstart] == '\"' && pvlen > 1) {
@@ -1067,7 +1151,7 @@ static int pv_contains(link_ctx *ctx, co
     if (pvlen > 0) {
         apr_size_t slen = strlen(s);
         link_ctx pvctx;
-        int i;
+        apr_size_t i;
         
         memset(&pvctx, 0, sizeof(pvctx));
         pvctx.s = ctx->s + pvstart;
@@ -1137,7 +1221,7 @@ static int find_url(void *baton, const c
         
         memset(&ctx, 0, sizeof(ctx));
         ctx.s = value;
-        ctx.slen = (int)strlen(value);
+        ctx.slen = strlen(value);
         
         while (read_link(&ctx)) {
             while (skip_param(&ctx)) {

Modified: httpd/httpd/branches/2.4.x-mod_md/modules/md/md_util.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-mod_md/modules/md/md_util.h?rev=1816423&r1=1804530&r2=1816423&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-mod_md/modules/md/md_util.h (original)
+++ httpd/httpd/branches/2.4.x-mod_md/modules/md/md_util.h Mon Nov 27 10:44:56 2017
@@ -53,6 +53,11 @@ int md_array_str_add_missing(struct apr_
                              struct apr_array_header_t *src, int case_sensitive);
 
 /**************************************************************************************************/
+/* process execution */
+apr_status_t md_util_exec(apr_pool_t *p, const char *cmd, const char * const *argv,
+                          int *exit_code);
+
+/**************************************************************************************************/
 /* dns name check */
 
 int md_util_is_dns_name(apr_pool_t *p, const char *hostname, int need_fqdn);
@@ -117,7 +122,8 @@ apr_size_t md_util_base64url_decode(cons
 const char *md_util_schemify(apr_pool_t *p, const char *s, const char *def_scheme);
 
 apr_status_t md_util_abs_uri_check(apr_pool_t *p, const char *s, const char **perr);
- 
+apr_status_t md_util_abs_http_uri_check(apr_pool_t *p, const char *uri, const char **perr);
+
 const char *md_link_find_relation(const struct apr_table_t *headers, 
                                   apr_pool_t *pool, const char *relation);
 
@@ -130,4 +136,12 @@ apr_status_t md_util_try(md_util_try_fn
                          apr_interval_time_t timeout, apr_interval_time_t start_delay, 
                          apr_interval_time_t max_delay, int backoff);
 
+/**************************************************************************************************/
+/* date/time related */
+
+#define MD_SECS_PER_HOUR      (60*60)
+#define MD_SECS_PER_DAY       (24*MD_SECS_PER_HOUR)
+
+const char *md_print_duration(apr_pool_t *p, apr_interval_time_t duration);
+
 #endif /* md_util_h */

Modified: httpd/httpd/branches/2.4.x-mod_md/modules/md/md_version.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-mod_md/modules/md/md_version.h?rev=1816423&r1=1804530&r2=1816423&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-mod_md/modules/md/md_version.h (original)
+++ httpd/httpd/branches/2.4.x-mod_md/modules/md/md_version.h Mon Nov 27 10:44:56 2017
@@ -26,7 +26,7 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "0.6.1"
+#define MOD_MD_VERSION "1.0.4"
 
 /**
  * @macro
@@ -34,9 +34,9 @@
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x000601
+#define MOD_MD_VERSION_NUM 0x010004
 
-#define MD_EXPERIMENTAL 1
-#define MD_ACME_DEF_URL    "https://acme-staging.api.letsencrypt.org/directory"
+#define MD_EXPERIMENTAL 0
+#define MD_ACME_DEF_URL    "https://acme-v01.api.letsencrypt.org/directory"
 
 #endif /* mod_md_md_version_h */



Mime
View raw message