Checkout Tools
  • last updated 3 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset 1862785 is being indexed.

mod_md: adding log tag numbers

  1. … 2 more files in changeset.
mod_md: silencing unsed warnings when no mod_ssl hooks are not available

*) mod_ssl/mod_md: reversing dependency by letting mod_ssl offer hooks for

adding certificates and keys to a virtual host. An additional hook allows

answering special TLS connections as used in ACME challenges.

  1. … 4 more files in changeset.
*) mod_md: bringing over v2.0.6 from github.

- supports the ACMEv2 protocol

- supports the new challenge method 'tls-alpn-01'

- supports command configuration to setup/teardown 'dns-01' challenges

- supports wildcard certificates when dns challenges are configured

- ACMEv2 is the new default and will be used on the next certificate renewal,

unless another MDCertificateAuthority is configured

- challenge type 'tls-sni-01' has been removed as CAs do not offer this any longer

- a domain exposes its status at https://<domain>/.httpd/certificate-status

- Managed Domains are now in Apache's 'server-status' page

- A new handler 'md-status' exposes verbose status information in JSON format

- new directives "MDCertificateFile" and "MDCertificateKeyFile" to configure a

Managed Domain that uses static files. Auto-renewal is turned off for those.

- new MDMessageCmd that is invoked on several events: 'renewed', 'expiring' and

'errored'. New 'MDWarnWindow' directive to configure when expiration warnings

shall be issued.

- ACMEv2 endpoints use the GET via empty POST way of accessing resources, see

announcement by Let's Encrypt:

https://community.letsencrypt.org/t/acme-v2-scheduled-deprecation-of-unauthenticated-resource-gets/74380

  1. … 48 more files in changeset.
On the trunk:

mod_md: eliminating compiler warnings re signedness and unused. Adding a APLOG_WARNING

when the only available ACME challenge is "tls-sni-01" since Let's Encrypt will

disable that completely beginning of 2019.

  1. … 5 more files in changeset.
don't use workaround on trunk

it breaks the build w/ maintainer mode.

  1. … 1 more file in changeset.
mod_md: more robust handling of http-01 challenges and hands-off when module

should not be involved, e.g. challenge setup by another ACME client.

  1. … 3 more files in changeset.
* integrating latest changes from microgrit

* MDNotifyCmd can now specify arguments to the command

  1. … 3 more files in changeset.
mod_md: fixes error in renew window calculation that may lead to mod_md running

watchdog in a tight loop until actual renewal becomes necessary.

  1. … 1 more file in changeset.
mod_md: /.well-known/acme-challenge requests that cannot be answered for hostnames

outside the configured MDs are free to be answered by other handlers. This allows

co-existance between mod_md and other ACME clients on the same server (implements PR62189).

[Stefan Eissing, Arkadiusz Miskiewicz <arekm@maven.pl>]

Fixes PR62189.

  1. … 2 more files in changeset.
On the trunk:

mod_md: removing comments that documented that greenbytes has untransferable copyright to the sources. The rights, of course, remain unaffected, but maybe some people can sleep better.

  1. … 36 more files in changeset.
On the trunk:

mod_md v1.1.8: new configuration directive "MDBaseServer on|off" to allow/inhibit

management of the base server domains outside VirtualHosts. By default, this is "off",

e.g. mod_md will not manage certificates or perform https: redirections on the

base server.

  1. … 4 more files in changeset.
Add missing APLOGNO.

10112 is wasted because it is in my tree only.

  1. … 1 more file in changeset.
On the trunk:

mod_md v1.1.7 changes

  1. … 10 more files in changeset.
On the trunk:

mod_md: fixed mem pool usage for auto-added server names. Added

error logging of exact ACME response when challenges failed.

  1. … 3 more files in changeset.
On the trunk:

mod_md: reverses most of v1.0.5 optimization of post_config init, so that

mod_ssl can ask for certiticates without crashing.

  1. … 5 more files in changeset.
"It is better to light a candle than curse the darkness."

  1. … 17 more files in changeset.
On the trunk:

updated missing log tags.

  1. … 4 more files in changeset.
On the trunk:

mod_md: v1.0.5, restricting post_config dry run to be more silent and performing

only necessary work for mod_ssl to be also happy with the configuration.

  1. … 3 more files in changeset.
spelling fixes from Josh Soref via github
  1. … 12 more files in changeset.
On the trunk:

mod_md v1.0.3: fixes for getting stalled on new license agreemnet from CA. Job properties persisted now to preserve change when watchdog child changes.

  1. … 4 more files in changeset.
On the trunk:

mod_md: v1.0.2, fix staging reset when MDCertificateAgreemen was initially missing.

  1. … 2 more files in changeset.
mod_md: fix [-Werror=unused-but-set-variable].
On the trunk:

*) mod_md: v1.0.1, ServerName/Alias names from pure-http: virtual hosts are no longer

auto-added to a Managed Domain. Error counts of jobs are presisted. When the server

restarts (gracefully) any errored staging areas are purged to reset the signup/renewal

process.

  1. … 4 more files in changeset.
On the trunk:

mod_md: v1.0.0, new config directive 'MDNotifyCmd' to hook in a program when Managed

Domains have obtained/renewed their certificates successfully.

  1. … 8 more files in changeset.
On the trunk:

mod_md: v0.9.9, fix for applying challenge type based on available ports.

  1. … 7 more files in changeset.
On the trunk:

mod_md: v0.9.7

- Use of the new module flag

- Removed obsolete function from interface to mod_ssl.

- Fallback certificates has version set and no longer claims to be a CA. (re issue #32)

- MDRequireHttps now happens before any Redirect.

  1. … 23 more files in changeset.
On the trunk:

mod_md: v0.9.6: a "MDRequireHttps permament" configured domain automatically sends out HSTS (rfc 6797) headers in https: responses.

  1. … 6 more files in changeset.
updated mod_md log tags
On the trunk:

mod_md: v0.9.5:

- New directive (srly: what do you expect at this point?) "MDMustStaple on|off" to control if

new certificates are requested with the OCSP Must Staple extension.

- Known limitation: when the server is configured to ditch and restart child processes, for example

after a certain number of connections/requests, the mod_md watchdog instance might migrate

to a new child process. Since not all its state is persisted, some messsages might appear a

second time in the logs.

- Adding checks when 'MDRequireHttps' is used. It is considered an error when 'MDPortMap 443:-'

is used - which negates that a https: port exists. Also, a warning is logged if no

VirtualHost can be found for a Managed Domain that has port 443 (or the mapped one) in

its address list.

- New directive 'MDRequireHttps' for redirecting http: traffic to a Managed Domain, permanently

or temporarily.

- Fix for using a fallback certificate on initial signup of a Managed Domain. Requires also

a changed mod_ssl patch (v5) to take effect.

- compatibility with libressl

  1. … 14 more files in changeset.