mod_md: v0.9.7
- Use of the new module flag
- Removed obsolete function from interface to mod_ssl.
- Fallback certificates has version set and no longer claims to be a CA. (re issue #32)
- MDRequireHttps now happens before any Redirect.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1809719 13f79535-47bb-0310-9956-ffa450edef68
mod_md: v0.9.5:
- New directive (srly: what do you expect at this point?) "MDMustStaple on|off" to control if
new certificates are requested with the OCSP Must Staple extension.
- Known limitation: when the server is configured to ditch and restart child processes, for example
after a certain number of connections/requests, the mod_md watchdog instance might migrate
to a new child process. Since not all its state is persisted, some messsages might appear a
second time in the logs.
- Adding checks when 'MDRequireHttps' is used. It is considered an error when 'MDPortMap 443:-'
is used - which negates that a https: port exists. Also, a warning is logged if no
VirtualHost can be found for a Managed Domain that has port 443 (or the mapped one) in
its address list.
- New directive 'MDRequireHttps' for redirecting http: traffic to a Managed Domain, permanently
or temporarily.
- Fix for using a fallback certificate on initial signup of a Managed Domain. Requires also
a changed mod_ssl patch (v5) to take effect.
- compatibility with libressl
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1808241 13f79535-47bb-0310-9956-ffa450edef68
mod_md: v0.9.2: new directive 'MDHttpProxy' to define a proxy for outgoing connection,
some minor bugfixes, twiddle the build system to avoid non-pic code generation.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807774 13f79535-47bb-0310-9956-ffa450edef68
*) mod_md: v0.9.1:
- various fixes in MDRenewWindow handling when specifying percent. Serialization changed. If
someone already used percent configurations, it is advised to change these to a new value,
reload and change back to the wanted ones.
- various fixes in handling of MDPrivateKeys when specifying 2048 bits (the default) explicitly.
- mod_md version removed from top level md_store.json file. The store has its own format version
to facilitate upgrades.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807347 13f79535-47bb-0310-9956-ffa450edef68
mod_md:
* Improved interface to mod_ssl for fallback handling. Backward compatible to previous mod_ssl
patch, but fallbacks will not work.
* Provide a temporary, self-signed certificate with a speaking command and domain name if we
have no other cert for a Managed Domain, yet. Refs github issue #32
* Continue to provide expired or not-completely matching, existing certificate for a Managed
Domain until the renewal was successful. This is helpful when one adds a DNS name to
a MD, so the previous domains can be served while a new cert is requested.
* All files necessary to run tests are not in the release package.
* Making "http-01" the preferred challenge type again, as people "tls-sni-01" requires at least
one working certificate vhost right now - which not everyone has.
* moved part of the MD sanity checks from post_config to check_config phase, allowing for error
detection in check-only runs.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1807228 13f79535-47bb-0310-9956-ffa450edef68
mod_md v0.7.0:
- LIVE: the real Let's Encrypt CA is now live by default! If you need to experiment, configure
MDCertificateAuthority https://acme-staging.api.letsencrypt.org/directory
- When existing, complete certificates are renewed, the activation of the new ones is
delayed by 24 hours (or until the existing ones expire, whatever is earler) to accomodate
for clients with weird clocks, refs #1.
- Fixed store sync when MDCAChallenges was removed again from an MD.
- Fixed crash when MD matched the base server, fixes#23
- Fixed watchgod resetting staging when server processes disappeared (e.g. reached
max requests or other limits).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1805294 13f79535-47bb-0310-9956-ffa450edef68
