Re: svn commit: r1804671 - /httpd/httpd/trunk/modules/md/mod_md_config.c

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: svn commit: r1804671 - /httpd/httpd/trunk/modules/md/mod_md_config.c

Greg Stein-4
On Thu, Aug 10, 2017 at 8:58 AM, <[hidden email]> wrote:
Author: icing
Date: Thu Aug 10 13:58:26 2017
New Revision: 1804671

URL: http://svn.apache.org/viewvc?rev=1804671&view=rev
Log:
fix for <ManagedDomain sections with inner <If or other sections
>... 
+++ httpd/httpd/trunk/modules/md/mod_md_config.c Thu Aug 10 13:58:26 2017
>... 
@@ -215,7 +218,7 @@ static const char *md_config_sec_add_mem
     const char *err;
     int i;

-    if (NULL != (err = md_section_check(cmd))) {
+    if (NULL != (err = md_section_check(cmd, "<ManagedDomain"))) {

Seems you should be using a symbolic constant for the dozen occurrences of this string, in order to avoid typos.

>...

Cheers,
-g

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: svn commit: r1804671 - /httpd/httpd/trunk/modules/md/mod_md_config.c

Stefan Eissing
Correct, changed in r1804759.

If you're looking at this anyway, how hard would it be for someone knowledgeable to make a md_serf.c as alternative to md_curl.c? ^^

Cheers,

-Stefan

> Am 11.08.2017 um 01:18 schrieb Greg Stein <[hidden email]>:
>
> On Thu, Aug 10, 2017 at 8:58 AM, <[hidden email]> wrote:
> Author: icing
> Date: Thu Aug 10 13:58:26 2017
> New Revision: 1804671
>
> URL: http://svn.apache.org/viewvc?rev=1804671&view=rev
> Log:
> fix for <ManagedDomain sections with inner <If or other sections
> >...
> +++ httpd/httpd/trunk/modules/md/mod_md_config.c Thu Aug 10 13:58:26 2017
> >...
> @@ -215,7 +218,7 @@ static const char *md_config_sec_add_mem
>      const char *err;
>      int i;
>
> -    if (NULL != (err = md_section_check(cmd))) {
> +    if (NULL != (err = md_section_check(cmd, "<ManagedDomain"))) {
>
> Seems you should be using a symbolic constant for the dozen occurrences of this string, in order to avoid typos.
>
> >...
>
> Cheers,
> -g
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: svn commit: r1804671 - /httpd/httpd/trunk/modules/md/mod_md_config.c

Greg Stein-4
[cc: serf]

On Fri, Aug 11, 2017 at 3:41 AM, Stefan Eissing <[hidden email]> wrote:
>...
If you're looking at this anyway, how hard would it be for someone knowledgeable to make a md_serf.c as alternative to md_curl.c? ^^

Should be pretty easy, I think. Looking at serf_get.c will give somebody an easy path to build the alternative:

There is a lot of stuff in there that isn't applicable, so the core should be quite small/easy. And it uses APR pools (and whatnot), so the impedance should be very low.

While I'm busy over in Infra-land, there are other Serf people here and happy to help. I'll certainly throw in on some reviews, if/when I see the commits.

And from ASF/Infra side: we'd love to see this code hit a release soon. We've been very hesitant to use LE in our deployments because the httpd and puppet config/scripts are quite rough. It doesn't "Just Work". This would go a long ways towards solving numerous certificate-related issues for us.

Thanks,
-g

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: svn commit: r1804671 - /httpd/httpd/trunk/modules/md/mod_md_config.c

Stefan Eissing
Thanks for the feedback and the crosspost. I think it would be great to offer peeps
that already link serf into their server to avoid an additional dependency.

Regarding Apache infrastructure use:

Would you prefer that the server gracefully restarts itself (when needed, at a time
interval configured?) or is this something where you prefer outside control anyway and
maybe a callable script that notifies/mails an admin?

-Stefan

> Am 14.08.2017 um 07:43 schrieb Greg Stein <[hidden email]>:
>
> [cc: serf]
>
> On Fri, Aug 11, 2017 at 3:41 AM, Stefan Eissing <[hidden email]> wrote:
> >...
> If you're looking at this anyway, how hard would it be for someone knowledgeable to make a md_serf.c as alternative to md_curl.c? ^^
>
> Should be pretty easy, I think. Looking at serf_get.c will give somebody an easy path to build the alternative:
>   http://svn.apache.org/repos/asf/serf/trunk/test/serf_get.c
>
> There is a lot of stuff in there that isn't applicable, so the core should be quite small/easy. And it uses APR pools (and whatnot), so the impedance should be very low.
>
> While I'm busy over in Infra-land, there are other Serf people here and happy to help. I'll certainly throw in on some reviews, if/when I see the commits.
>
> And from ASF/Infra side: we'd love to see this code hit a release soon. We've been very hesitant to use LE in our deployments because the httpd and puppet config/scripts are quite rough. It doesn't "Just Work". This would go a long ways towards solving numerous certificate-related issues for us.
>
> Thanks,
> -g
>

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: svn commit: r1804671 - /httpd/httpd/trunk/modules/md/mod_md_config.c

Greg Stein-4
Oh, I don't know that Infra has any specific request on the restart/update mechanism. I'd just say: build it how you think best. What would work for Everybody should work just fine for us.

On Mon, Aug 14, 2017 at 2:09 AM, Stefan Eissing <[hidden email]> wrote:
Thanks for the feedback and the crosspost. I think it would be great to offer peeps
that already link serf into their server to avoid an additional dependency.

Regarding Apache infrastructure use:

Would you prefer that the server gracefully restarts itself (when needed, at a time
interval configured?) or is this something where you prefer outside control anyway and
maybe a callable script that notifies/mails an admin?

-Stefan

> Am 14.08.2017 um 07:43 schrieb Greg Stein <[hidden email]>:
>
> [cc: serf]
>
> On Fri, Aug 11, 2017 at 3:41 AM, Stefan Eissing <[hidden email]> wrote:
> >...
> If you're looking at this anyway, how hard would it be for someone knowledgeable to make a md_serf.c as alternative to md_curl.c? ^^
>
> Should be pretty easy, I think. Looking at serf_get.c will give somebody an easy path to build the alternative:
>   http://svn.apache.org/repos/asf/serf/trunk/test/serf_get.c
>
> There is a lot of stuff in there that isn't applicable, so the core should be quite small/easy. And it uses APR pools (and whatnot), so the impedance should be very low.
>
> While I'm busy over in Infra-land, there are other Serf people here and happy to help. I'll certainly throw in on some reviews, if/when I see the commits.
>
> And from ASF/Infra side: we'd love to see this code hit a release soon. We've been very hesitant to use LE in our deployments because the httpd and puppet config/scripts are quite rough. It doesn't "Just Work". This would go a long ways towards solving numerous certificate-related issues for us.
>
> Thanks,
> -g
>


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: svn commit: r1804671 - /httpd/httpd/trunk/modules/md/mod_md_config.c

Steffen
In reply to this post by Greg Stein-4
Already requested in Git issue #17 :

On Windows: A script to sent an email, kill zombie processes (needed now on Win), copy e.g. cert's to mail servers etc. 

Btw.
There there is at moment no restart in mod-md code for Windows, maybe a dev has a solution (Maybe Bill) ?

In mod_md_os.c now: 

#ifdef WIN32
apr_status_t md_server_graceful(apr_pool_t *p, server_rec *s)
{
    return APR_ENOTIMPL;
}
 #else
apr_status_t md_server_graceful(apr_pool_t *p, server_rec *s)
    apr_status_t rv;
    rv = (kill(getppid(), AP_SIG_GRACEFUL) < 0)? APR_ENOTIMPL : APR_SUCCESS;
    ap_log_error(APLOG_MARK, APLOG_TRACE1, errno, NULL, "sent signal to parent");
    return rv;
}
endif

 
On Monday 14/08/2017 at 13:07, Greg Stein wrote:
Oh, I don't know that Infra has any specific request on the restart/update mechanism. I'd just say: build it how you think best. What would work for Everybody should work just fine for us.

On Mon, Aug 14, 2017 at 2:09 AM, Stefan Eissing <[hidden email]> wrote:
Thanks for the feedback and the crosspost. I think it would be great to offer peeps
that already link serf into their server to avoid an additional dependency.

Regarding Apache infrastructure use:

Would you prefer that the server gracefully restarts itself (when needed, at a time
interval configured?) or is this something where you prefer outside control anyway and
maybe a callable script that notifies/mails an admin?

-Stefan

> Am 14.08.2017 um 07:43 schrieb Greg Stein <[hidden email]>:
>
> [cc: serf]
>
> On Fri, Aug 11, 2017 at 3:41 AM, Stefan Eissing <[hidden email]> wrote:
> >...
> If you're looking at this anyway, how hard would it be for someone knowledgeable to make a md_serf.c as alternative to md_curl.c? ^^
>
> Should be pretty easy, I think. Looking at serf_get.c will give somebody an easy path to build the alternative:
>   http://svn.apache.org/repos/asf/serf/trunk/test/serf_get.c
>
> There is a lot of stuff in there that isn't applicable, so the core should be quite small/easy. And it uses APR pools (and whatnot), so the impedance should be very low.
>
> While I'm busy over in Infra-land, there are other Serf people here and happy to help. I'll certainly throw in on some reviews, if/when I see the commits.
>
> And from ASF/Infra side: we'd love to see this code hit a release soon. We've been very hesitant to use LE in our deployments because the httpd and puppet config/scripts are quite rough. It doesn't "Just Work". This would go a long ways towards solving numerous certificate-related issues for us.
>
> Thanks,
> -g
>



Loading...