httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: svn commit: r1818725 - /httpd/httpd/trunk/modules/md/md_acme_drive.c
Date Wed, 20 Dec 2017 19:50:42 GMT
Hi Yann,

thanks for the cleanup, should already be merged to 2.4.x. The code
was a leftover from earlier cert chain retrieval that actually looked
at the cert issuer url.

However, as Let's Encrypt pointed out to me, they offer a Link header
for this which they hold back when the issuing cert that is trusted
by clients has been reached. That gives shorter cert chains.

Cheers,

Stefan

> Am 19.12.2017 um 23:58 schrieb Yann Ylavic <ylavic.dev@gmail.com>:
> 
> On Tue, Dec 19, 2017 at 11:39 PM,  <ylavic@apache.org> wrote:
>> 
>> --- httpd/httpd/trunk/modules/md/md_acme_drive.c (original)
>> +++ httpd/httpd/trunk/modules/md/md_acme_drive.c Tue Dec 19 22:39:03 2017
>> @@ -566,18 +566,11 @@ static apr_status_t get_chain(void *bato
>> {
>>     md_proto_driver_t *d = baton;
>>     md_acme_driver_t *ad = d->baton;
>> -    md_cert_t *cert;
>>     const char *prev_link = NULL;
>>     apr_status_t rv = APR_SUCCESS;
>> 
>>     while (APR_SUCCESS == rv && ad->chain->nelts < 10) {
>>         int nelts = ad->chain->nelts;
>> -        if (ad->chain && nelts > 0) {
>> -            cert = APR_ARRAY_IDX(ad->chain, nelts - 1, md_cert_t *);
>> -        }
>> -        else {
>> -            cert = ad->cert;
>> -        }
> 
> Stefan, was 'cert' intended for a particular (future) use or is it a
> remainder of some deleted code?
> In the latter case, I'd merge this commit in ^/branches/2.4.x-mod_md,
> otherwise I'll let you take care of it :)
> 
> 
> Regards,
> Yann.


Mime
View raw message