Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id A678C200D84 for ; Wed, 20 Dec 2017 20:51:04 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id A5333160BF9; Wed, 20 Dec 2017 19:51:04 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id D63F6160C18 for ; Wed, 20 Dec 2017 20:51:03 +0100 (CET) Received: (qmail 50845 invoked by uid 500); 20 Dec 2017 19:50:57 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 50835 invoked by uid 99); 20 Dec 2017 19:50:57 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Dec 2017 19:50:57 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 60BE3C640B for ; Wed, 20 Dec 2017 19:50:57 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.111 X-Spam-Level: X-Spam-Status: No, score=-0.111 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=greenbytes.de header.b=GeWw8a3B; dkim=pass (1024-bit key) header.d=greenbytes.de header.b=IMw8SoaM Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id GgeJnTtG0IJv for ; Wed, 20 Dec 2017 19:50:55 +0000 (UTC) Received: from mail.greenbytes.de (mail.greenbytes.de [217.91.35.233]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 645265F1E7 for ; Wed, 20 Dec 2017 19:50:55 +0000 (UTC) Received: by mail.greenbytes.de (Postfix, from userid 117) id D0BEB15A3B22; Wed, 20 Dec 2017 20:50:47 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=greenbytes.de; s=mail; t=1513799447; bh=wBzr6RW/ysZvLoZjKudOOGjt8cWLzxob8nk82xMMxZc=; h=From:Subject:Date:References:To:In-Reply-To:From; b=GeWw8a3BCMRclbSJF4knWqIBuvz2h9xBJC5bFd2A0SdVjxlie+VIXh5GWZTq/SGKt TUkoPCZ6bYufAv+fFb6e0sTSvx1vlgsMNzg0Yvr8PEKhEaSq33A0aRagLOUVILpn1U bBUZb8yVwgPJUILgTyKR3lqpdYybG2vMkk7V1uSw= Received: from delight.fritz.box (unknown [84.150.86.163]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail.greenbytes.de (Postfix) with ESMTPSA id 1EA3115A0F27 for ; Wed, 20 Dec 2017 20:50:43 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=greenbytes.de; s=mail; t=1513799443; bh=wBzr6RW/ysZvLoZjKudOOGjt8cWLzxob8nk82xMMxZc=; h=From:Subject:Date:References:To:In-Reply-To:From; b=IMw8SoaMUty4o9DYNzHCnTTOtNc7LRjWgKA5prxGDezvM2FQ3ERg6ePxijC8f6PeH T4x038Ea3jbvqi6nmPYWhdC2Bya5iUJmEf/9MVKtJYk6pRZVmxtvba1egF/3oNedB2 1b02AWK87HeoboIKEwgiK8O/5yiSk9YBiK6/7154= From: Stefan Eissing Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\)) Subject: Re: svn commit: r1818725 - /httpd/httpd/trunk/modules/md/md_acme_drive.c Date: Wed, 20 Dec 2017 20:50:42 +0100 References: <20171219223908.06D443A00B0@svn01-us-west.apache.org> To: dev@httpd.apache.org In-Reply-To: Message-Id: <383E5256-39C9-4D20-9BE8-8D7719EE3417@greenbytes.de> X-Mailer: Apple Mail (2.3445.5.20) archived-at: Wed, 20 Dec 2017 19:51:04 -0000 Hi Yann, thanks for the cleanup, should already be merged to 2.4.x. The code was a leftover from earlier cert chain retrieval that actually looked at the cert issuer url. However, as Let's Encrypt pointed out to me, they offer a Link header for this which they hold back when the issuing cert that is trusted by clients has been reached. That gives shorter cert chains. Cheers, Stefan > Am 19.12.2017 um 23:58 schrieb Yann Ylavic : > > On Tue, Dec 19, 2017 at 11:39 PM, wrote: >> >> --- httpd/httpd/trunk/modules/md/md_acme_drive.c (original) >> +++ httpd/httpd/trunk/modules/md/md_acme_drive.c Tue Dec 19 22:39:03 2017 >> @@ -566,18 +566,11 @@ static apr_status_t get_chain(void *bato >> { >> md_proto_driver_t *d = baton; >> md_acme_driver_t *ad = d->baton; >> - md_cert_t *cert; >> const char *prev_link = NULL; >> apr_status_t rv = APR_SUCCESS; >> >> while (APR_SUCCESS == rv && ad->chain->nelts < 10) { >> int nelts = ad->chain->nelts; >> - if (ad->chain && nelts > 0) { >> - cert = APR_ARRAY_IDX(ad->chain, nelts - 1, md_cert_t *); >> - } >> - else { >> - cert = ad->cert; >> - } > > Stefan, was 'cert' intended for a particular (future) use or is it a > remainder of some deleted code? > In the latter case, I'd merge this commit in ^/branches/2.4.x-mod_md, > otherwise I'll let you take care of it :) > > > Regards, > Yann.