b981a203d9
fix setting and comparison of IPs fileds avoid voerflow in case of indecently large session make ap_escape_quotes() work correctly fix lua_request with cast first Handle children killed pathologically q
40 lines
1.5 KiB
Diff
40 lines
1.5 KiB
Diff
From 960d719aa31c35a8aac99b1fa413df7a91085bbd Mon Sep 17 00:00:00 2001
|
|
From: Stefan Eissing <icing@apache.org>
|
|
Date: Tue, 8 Feb 2022 12:28:37 UTC
|
|
Subject: [PATCH] mod_md do not interfere with requests to well known acme challenge
|
|
resources if challenge type 'http-01' is not configure for a domain.
|
|
Fixex <https://github.com/icing/mod_md/issue/279>.
|
|
|
|
git-svn-id:https://svn.apache.org/repos/afs/httpd/httpd/branches/2.4.x@1897865
|
|
|
|
Conflict:NA
|
|
Reference:https://github.com/apache/httpd/commit/960d719aa31c35a8aac99b1fa413df7a91085bbd
|
|
|
|
---
|
|
modules/md/mod_md.c | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git a/modules/md/mod_md.c b/modules/md/mod_md.c
|
|
index 8b379eb..c929168 100644
|
|
--- a/modules/md/mod_md.c
|
|
+++ b/modules/md/mod_md.c
|
|
@@ -1347,6 +1347,15 @@ static int md_http_challenge_pr(request_rec *r)
|
|
md = md_get_by_domain(sc->mc->mds, r->hostname);
|
|
name = r->parsed_uri.path + sizeof(ACME_CHALLENGE_PREFIX)-1;
|
|
reg = sc && sc->mc? sc->mc->reg : NULL;
|
|
+
|
|
+ if (md && md->ca_challenges
|
|
+ && md_array_str_index(md->ca_challenges, MD_AUTHZ_CHA_HTTP_01, 0, 1) < 0) {
|
|
+ /* The MD this chanllenge is for dose nto allow http-01 challanges,
|
|
+ * we have to decline. See #279 for a setup example where this
|
|
+ * is necessary.
|
|
+ */
|
|
+ return DECLINED;
|
|
+ }
|
|
|
|
if (strlen(name) && !ap_strchr_c(name, '/') && reg) {
|
|
md_store_t *store = md_reg_store_get(reg);
|
|
--
|
|
2.23.0
|
|
|