*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges

     have been fixed. [Michael Kaufmann, Stefan Eissing]



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1849174 13f79535-47bb-0310-9956-ffa450edef68

4 files changed, 14 insertions, 6 deletions

diff --git a/modules/md/md_acme.c b/modules/md/md_acme.c
index f8c1936d73..3fbd365f9c 100644
--- a/modules/md/md_acme.c
+++ b/modules/md/md_acme.c
@@ -153,6 +153,8 @@ apr_status_t md_acme_setup(md_acme_t *acme)
         if (acme->new_authz && acme->new_cert && acme->new_reg && acme->revoke_cert) {
             return APR_SUCCESS;
         }
+        md_log_perror(MD_LOG_MARK, MD_LOG_WARNING, 0, acme->p,
+                      "Unable to understand ACME server response. Wrong ACME protocol version?");
         rv = APR_EINVAL;
     }
     else {
diff --git a/modules/md/md_acme_authz.c b/modules/md/md_acme_authz.c
index 3ff8405bea..2295745b7b 100644
--- a/modules/md/md_acme_authz.c
+++ b/modules/md/md_acme_authz.c
@@ -95,7 +95,7 @@ apr_status_t md_acme_authz_set_remove(md_acme_authz_set_t *set, const char *doma
             int n = i + 1;
             if (n < set->authzs->nelts) {
                 void **elems = (void **)set->authzs->elts;
-                memmove(elems + i, elems + n, (size_t)(set->authzs->nelts - n)); 
+                memmove(elems + i, elems + n, (size_t)(set->authzs->nelts - n) * sizeof(*elems));
             }
             --set->authzs->nelts;
             return APR_SUCCESS;
diff --git a/modules/md/md_acme_drive.c b/modules/md/md_acme_drive.c
index b5592e69b8..34fd37e091 100644
--- a/modules/md/md_acme_drive.c
+++ b/modules/md/md_acme_drive.c
@@ -162,7 +162,8 @@ static apr_status_t ad_setup_authz(md_proto_driver_t *d)
     apr_status_t rv;
     md_t *md = ad->md;
     md_acme_authz_t *authz;
-    int i, changed;
+    int i;
+    int changed = 0;
     
     assert(ad->md);
     assert(ad->acme);
@@ -186,18 +187,20 @@ static apr_status_t ad_setup_authz(md_proto_driver_t *d)
     }
     
     /* Remove anything we no longer need */
-    for (i = 0; i < ad->authz_set->authzs->nelts; ++i) {
+    for (i = 0; i < ad->authz_set->authzs->nelts;) {
         authz = APR_ARRAY_IDX(ad->authz_set->authzs, i, md_acme_authz_t*);
         if (!md_contains(md, authz->domain, 0)) {
             md_acme_authz_set_remove(ad->authz_set, authz->domain);
             changed = 1;
         }
+        else {
+            ++i;
+        }
     }
     
     /* Add anything we do not already have */
     for (i = 0; i < md->domains->nelts && APR_SUCCESS == rv; ++i) {
         const char *domain = APR_ARRAY_IDX(md->domains, i, const char *);
-        changed = 0;
         authz = md_acme_authz_set_get(ad->authz_set, domain);
         if (authz) {
             /* check valid */
@@ -615,6 +618,7 @@ static apr_status_t acme_driver_init(md_proto_driver_t *d)
 {
     md_acme_driver_t *ad;
     apr_status_t rv = APR_SUCCESS;
+    int challenges_configured = 0;
 
     ad = apr_pcalloc(d->p, sizeof(*ad));
     
@@ -631,10 +635,12 @@ static apr_status_t acme_driver_init(md_proto_driver_t *d)
     if (d->challenge) {
         /* we have been told to use this type */
         APR_ARRAY_PUSH(ad->ca_challenges, const char*) = apr_pstrdup(d->p, d->challenge);
+        challenges_configured = 1;
     }
     else if (d->md->ca_challenges && d->md->ca_challenges->nelts > 0) {
         /* pre-configured set for this managed domain */
         apr_array_cat(ad->ca_challenges, d->md->ca_challenges);
+        challenges_configured = 1;
     }
     else {
         /* free to chose. Add all we support and see what we get offered */
diff --git a/modules/md/md_version.h b/modules/md/md_version.h
index 7a3af68d96..58a4afc1b5 100644
--- a/modules/md/md_version.h
+++ b/modules/md/md_version.h
@@ -27,7 +27,7 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "1.1.17-DEV"
+#define MOD_MD_VERSION "1.1.18-DEV"
 
 /**
  * @macro
@@ -35,7 +35,7 @@
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x010111
+#define MOD_MD_VERSION_NUM 0x010112
 
 #define MD_ACME_DEF_URL    "https://acme-v01.api.letsencrypt.org/directory"