md_curl.c

Checkout Tools
  • last updated 5 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
*) mod_md v2.2.3:

- Configuring MDCAChallenges replaces any previous existing challenge configuration. It

had been additive before which was not the intended behaviour. [@mkauf]

- Fixing order of ACME challenges used when nothing else configured. Code now behaves as

documented for `MDCAChallenges`. Fixes #156. Thanks again to @mkauf for finding this.

- Fixing a potential, low memory null pointer dereference [thanks to @uhliarik].

- Fixing an incompatibility with a change in libcurl v7.66.0 that added unwanted

"transfer-encoding" to POST requests. This failed in directy communication with

Let's Encrypt boulder server. Thanks to @mkauf for finding and fixing.

  1. … 6 more files in changeset.
*) mod_md: Adding the several new features.

The module offers an implementation of OCSP Stapling that can replace fully or

for a limited set of domains the existing one from mod_ssl. OCSP handling

is part of mod_md's monitoring and message notifications. If can be used

for sites that do not have ACME certificates.

The url for a CTLog Monitor can be configured. It is used in the server-status

to link to the external status page of a certicate.

The MDMessageCmd is called with argument "installed" when a new certificate

has been activated on server restart/reload. This allows for processing of

the new certificate, for example to applications that require it in different

locations or formats.

  1. … 50 more files in changeset.
*) mod_md: bringing over v2.0.6 from github.

- supports the ACMEv2 protocol

- supports the new challenge method 'tls-alpn-01'

- supports command configuration to setup/teardown 'dns-01' challenges

- supports wildcard certificates when dns challenges are configured

- ACMEv2 is the new default and will be used on the next certificate renewal,

unless another MDCertificateAuthority is configured

- challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer

- a domain exposes its status at https://<domain>/.httpd/certificate-status

- Managed Domains are now in Apache's 'server-status' page

- A new handler 'md-status' exposes verbose status information in JSON format

- new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a

Managed Domain that uses static files. Auto-renewal is turned off for those.

- new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and

'errored'. New 'MDWarnWindow' directive to configure when expiration warnings

shall be issued.

- ACMEv2 endpoints use the GET via empty POST way of accessing resources, see

announcement by Let's Encrypt:

https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380

  1. … 48 more files in changeset.
On the trunk:

mod_md: eliminating compiler warnings re signedness and unused. Adding a APLOG_WARNING

when the only available ACME challenge is "tls-sni-01" since Let's Encrypt will

disable that completely beginning of 2019.

  1. … 5 more files in changeset.
On the trunk:

mod_md: removing comments that documented that greenbytes has untransferable copyright to the sources. The rights, of course, remain unaffected, but maybe some people can sleep better.

  1. … 36 more files in changeset.
"It is better to light a candle than curse the darkness."

  1. … 17 more files in changeset.
On the trunk:

mod_md: v0.9.7

- Use of the new module flag

- Removed obsolete function from interface to mod_ssl.

- Fallback certificates has version set and no longer claims to be a CA. (re issue #32)

- MDRequireHttps now happens before any Redirect.

  1. … 23 more files in changeset.
On the trunk:

mod_md: v0.9.2: new directive 'MDHttpProxy' to define a proxy for outgoing connection,

some minor bugfixes, twiddle the build system to avoid non-pic code generation.

  1. … 19 more files in changeset.
On the trunk:

mod_md: v0.8.1 from github, new feats in CHANGES

  1. … 26 more files in changeset.