VladPolskiy/apache-http-server
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-01 16:41:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
669e51165491989cb2a7a33b421cf112ea9c79a0
apache-http-server/modules/md/md_json.h
Stefan Eissing e3928f2b27 *) mod_md: v2.4.0 with improvements and bugfixes 
- MDPrivateKeys allows the specification of several types. Beside "RSA" plus 
     optional key lengths elliptic curves can be configured. This means you can 
     have multiple certificates for a Managed Domain with different key types.
     With ```MDPrivateKeys secp384r1 rsa2048``` you get one ECDSA  and one RSA 
     certificate and all modern client will use the shorter ECDSA, while older 
     client will get the RSA certificate.
     Many thanks to @tlhackque who pushed and helped on this.
     - Support added for MDomains consisting of a wildcard. Configuring 
     ```MDomain *.host.net``` will match all virtual hosts matching that pattern 
     and obtain one certificate for it (assuming you have 'dns-01' challenge 
     support configured). Addresses #239.
     - Removed support for ACMEv1 servers. The only known installation used to 
     be Let's Encrypt which has disabled that version more than a year ago for 
     new accounts.
     - Andreas Ulm (<https://github.com/root360-AndreasUlm>) implemented the 
     ```renewing``` call to ```MDMessageCmd``` that can deny a certificate 
     renewal attempt. This is useful in clustered installations, as 
     discussed in #233).
     - New event ```challenge-setup:<type>:<domain>```, triggered when the 
     challenge data for a domain has been created. This is invoked before the 
     ACME server is told to check for it. The type is one of the ACME challenge 
     types. This is invoked for every DNS name in a MDomain.
     - The max delay for retries has been raised to daily (this is like all 
     retries jittered somewhat to avoid repeats at fixed time of day).
     - Certain error codes reported by the ACME server that indicate a problem 
     with the configured data now immediately switch to daily retries. For 
     example: if the ACME server rejects a contact email or a domain name, 
     frequent retries will most likely not solve the problem. But daily retries 
     still make sense as there might be an error at the server and un-supervised 
     certificate renewal is the goal. Refs #222.
     - Test case and work around for domain names > 64 octets. Fixes #227.
     When the first DNS name of an MD is longer than 63 octets, the certificate
     request will not contain a CN field, but leave it up to the CA to choose one.
     Currently, Lets Encrypt looks for a shorter name in the SAN list given and
     fails the request if none is found. But it is really up to the CA (and what
     browsers/libs accept here) and may change over the years. That is why
     the decision is best made at the CA.
     - Retry delays now have a random +/-[0-50]% modification applied to let 
     retries from several servers spread out more, should they have been 
     restarted at the same time of day.
     - Fixed several places where the 'badNonce' return code from an ACME server 
     was not handled correctly. The test server 'pebble' simulates this behaviour 
     by default and helps nicely in verifying this behaviour. Thanks, pebble!
     - Set the default `MDActivationDelay` to 0. This was confusing to users that
     new certificates were deemed not usably before a day of delay. When clocks are
     correct, using a new certificate right away should not pose a problem.
     - When handling ACME authorization resources, the module no longer requires 
     the server to return a "Location" header, as was necessary in ACMEv1. 
     Fixes #216.
     - Fixed a theoretical uninitialized read when testing for JSON error responses 
     from the ACME CA. Reported at <https://bz.apache.org/bugzilla/show_bug.cgi?id=64297>.
     - ACME problem reports from CAs that include parameters in the Content-Type 
     header are handled correctly. (Previously, the problem text would not be 
     reported and retries could exist CA limits.)
     - Account Update transactions to V2 CAs now use the correct POST-AS-GET method.  
     Previously, an empty JSON object was sent - which apparently LE accepted, 
     but others reject.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887337 13f79535-47bb-0310-9956-ffa450edef68
2021-03-08 18:05:50 +00:00

158 lines
6.6 KiB
C
Raw Blame History

/* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef mod_md_md_json_h
#define mod_md_md_json_h
#include <apr_file_io.h>
struct apr_bucket_brigade;
struct apr_file_t;
struct md_http_t;
struct md_http_response_t;
struct md_timeperiod_t;
typedef struct md_json_t md_json_t;
typedef enum {
MD_JSON_TYPE_OBJECT,
MD_JSON_TYPE_ARRAY,
MD_JSON_TYPE_STRING,
MD_JSON_TYPE_REAL,
MD_JSON_TYPE_INT,
MD_JSON_TYPE_BOOL,
MD_JSON_TYPE_NULL,
} md_json_type_t;
typedef enum {
MD_JSON_FMT_COMPACT,
MD_JSON_FMT_INDENT,
} md_json_fmt_t;
md_json_t *md_json_create(apr_pool_t *pool);
void md_json_destroy(md_json_t *json);
md_json_t *md_json_copy(apr_pool_t *pool, const md_json_t *json);
md_json_t *md_json_clone(apr_pool_t *pool, const md_json_t *json);
int md_json_has_key(const md_json_t *json, ...);
int md_json_is(const md_json_type_t type, md_json_t *json, ...);
/* boolean manipulation */
int md_json_getb(const md_json_t *json, ...);
apr_status_t md_json_setb(int value, md_json_t *json, ...);
/* number manipulation */
double md_json_getn(const md_json_t *json, ...);
apr_status_t md_json_setn(double value, md_json_t *json, ...);
/* long manipulation */
long md_json_getl(const md_json_t *json, ...);
apr_status_t md_json_setl(long value, md_json_t *json, ...);
/* string manipulation */
md_json_t *md_json_create_s(apr_pool_t *pool, const char *s);
const char *md_json_gets(const md_json_t *json, ...);
const char *md_json_dups(apr_pool_t *p, const md_json_t *json, ...);
apr_status_t md_json_sets(const char *s, md_json_t *json, ...);
/* timestamp manipulation */
apr_time_t md_json_get_time(const md_json_t *json, ...);
apr_status_t md_json_set_time(apr_time_t value, md_json_t *json, ...);
/* json manipulation */
md_json_t *md_json_getj(md_json_t *json, ...);
md_json_t *md_json_dupj(apr_pool_t *p, const md_json_t *json, ...);
const md_json_t *md_json_getcj(const md_json_t *json, ...);
apr_status_t md_json_setj(const md_json_t *value, md_json_t *json, ...);
apr_status_t md_json_addj(const md_json_t *value, md_json_t *json, ...);
apr_status_t md_json_insertj(md_json_t *value, size_t index, md_json_t *json, ...);
/* Array/Object manipulation */
apr_status_t md_json_clr(md_json_t *json, ...);
apr_status_t md_json_del(md_json_t *json, ...);
/* Remove all array elements beyond max_elements */
apr_size_t md_json_limita(size_t max_elements, md_json_t *json, ...);
/* conversion function from and to json */
typedef apr_status_t md_json_to_cb(void *value, md_json_t *json, apr_pool_t *p, void *baton);
typedef apr_status_t md_json_from_cb(void **pvalue, md_json_t *json, apr_pool_t *p, void *baton);
/* identity pass through from json to json */
apr_status_t md_json_pass_to(void *value, md_json_t *json, apr_pool_t *p, void *baton);
apr_status_t md_json_pass_from(void **pvalue, md_json_t *json, apr_pool_t *p, void *baton);
/* conversions from json to json in specified pool */
apr_status_t md_json_clone_to(void *value, md_json_t *json, apr_pool_t *p, void *baton);
apr_status_t md_json_clone_from(void **pvalue, const md_json_t *json, apr_pool_t *p, void *baton);
/* Manipulating/Iteration on generic Arrays */
apr_status_t md_json_geta(apr_array_header_t *a, md_json_from_cb *cb,
void *baton, const md_json_t *json, ...);
apr_status_t md_json_seta(apr_array_header_t *a, md_json_to_cb *cb,
void *baton, md_json_t *json, ...);
/* Called on each array element, aborts iteration when returning 0 */
typedef int md_json_itera_cb(void *baton, size_t index, md_json_t *json);
int md_json_itera(md_json_itera_cb *cb, void *baton, md_json_t *json, ...);
/* Called on each object key, aborts iteration when returning 0 */
typedef int md_json_iterkey_cb(void *baton, const char* key, md_json_t *json);
int md_json_iterkey(md_json_iterkey_cb *cb, void *baton, md_json_t *json, ...);
/* Manipulating Object String values */
apr_status_t md_json_gets_dict(apr_table_t *dict, const md_json_t *json, ...);
apr_status_t md_json_sets_dict(apr_table_t *dict, md_json_t *json, ...);
/* Manipulating String Arrays */
apr_status_t md_json_getsa(apr_array_header_t *a, const md_json_t *json, ...);
apr_status_t md_json_dupsa(apr_array_header_t *a, apr_pool_t *p, md_json_t *json, ...);
apr_status_t md_json_setsa(apr_array_header_t *a, md_json_t *json, ...);
/* serialization & parsing */
apr_status_t md_json_writeb(const md_json_t *json, md_json_fmt_t fmt, struct apr_bucket_brigade *bb);
const char *md_json_writep(const md_json_t *json, apr_pool_t *p, md_json_fmt_t fmt);
apr_status_t md_json_writef(const md_json_t *json, apr_pool_t *p,
md_json_fmt_t fmt, struct apr_file_t *f);
apr_status_t md_json_fcreatex(const md_json_t *json, apr_pool_t *p, md_json_fmt_t fmt,
const char *fpath, apr_fileperms_t perms);
apr_status_t md_json_freplace(const md_json_t *json, apr_pool_t *p, md_json_fmt_t fmt,
const char *fpath, apr_fileperms_t perms);
apr_status_t md_json_readb(md_json_t **pjson, apr_pool_t *pool, struct apr_bucket_brigade *bb);
apr_status_t md_json_readd(md_json_t **pjson, apr_pool_t *pool, const char *data, size_t data_len);
apr_status_t md_json_readf(md_json_t **pjson, apr_pool_t *pool, const char *fpath);
/* http retrieval */
apr_status_t md_json_http_get(md_json_t **pjson, apr_pool_t *pool,
struct md_http_t *http, const char *url);
apr_status_t md_json_read_http(md_json_t **pjson, apr_pool_t *pool,
const struct md_http_response_t *res);
apr_status_t md_json_copy_to(md_json_t *dest, const md_json_t *src, ...);
const char *md_json_dump_state(const md_json_t *json, apr_pool_t *p);
apr_status_t md_json_set_timeperiod(const struct md_timeperiod_t *tp, md_json_t *json, ...);
apr_status_t md_json_get_timeperiod(struct md_timeperiod_t *tp, md_json_t *json, ...);
#endif /* md_json_h */
Reference in New Issue View Git Blame Copy Permalink