#include "md_store.h"

Classes
struct	md_proto_driver_t

struct	md_proto_t

Macros
#define	MD_UPD_DOMAINS 0x00001

#define	MD_UPD_CA_URL 0x00002

#define	MD_UPD_CA_PROTO 0x00004

#define	MD_UPD_CA_ACCOUNT 0x00008

#define	MD_UPD_CONTACTS 0x00010

#define	MD_UPD_AGREEMENT 0x00020

#define	MD_UPD_DRIVE_MODE 0x00080

#define	MD_UPD_RENEW_WINDOW 0x00100

#define	MD_UPD_CA_CHALLENGES 0x00200

#define	MD_UPD_PKEY_SPEC 0x00400

#define	MD_UPD_REQUIRE_HTTPS 0x00800

#define	MD_UPD_TRANSITIVE 0x01000

#define	MD_UPD_MUST_STAPLE 0x02000

#define	MD_UPD_PROTO 0x04000

#define	MD_UPD_WARN_WINDOW 0x08000

#define	MD_UPD_STAPLING 0x10000

#define	MD_UPD_ALL 0x7FFFFFFF

Functions
apr_status_t	md_reg_create (md_reg_t *preg, apr_pool_t pm, md_store_t store, const char proxy_url, const char *ca_file, apr_time_t min_delay, int retry_failover, int use_store_locks, apr_time_t lock_wait_timeout)

md_store_t *	md_reg_store_get (md_reg_t *reg)

apr_status_t	md_reg_set_props (md_reg_t reg, apr_pool_t p, int can_http, int can_https)

apr_status_t	md_reg_add (md_reg_t reg, md_t md, apr_pool_t *p)

md_t *	md_reg_find (md_reg_t reg, const char domain, apr_pool_t *p)

md_t *	md_reg_find_overlap (md_reg_t reg, const md_t md, const char *pdomain, apr_pool_t p)

md_t *	md_reg_get (md_reg_t reg, const char name, apr_pool_t *p)

int	md_reg_do (md_reg_do_cb cb, void baton, md_reg_t reg, apr_pool_t p)

apr_status_t	md_reg_update (md_reg_t reg, apr_pool_t p, const char name, const md_t md, int fields, int check_consistency)

apr_status_t	md_reg_get_pubcert (const md_pubcert_t *ppubcert, md_reg_t reg, const md_t md, int i, apr_pool_t p)

apr_status_t	md_reg_get_cred_files (const char pkeyfile, const char pcertfile, md_reg_t reg, md_store_group_t group, const md_t md, struct md_pkey_spec_t spec, apr_pool_t p)

apr_status_t	md_reg_sync_start (md_reg_t reg, apr_array_header_t master_mds, apr_pool_t *p)

apr_status_t	md_reg_sync_finish (md_reg_t reg, md_t md, apr_pool_t p, apr_pool_t ptemp)

apr_status_t	md_reg_remove (md_reg_t reg, apr_pool_t p, const char *name, int archive)

apr_status_t	md_reg_delete_acct (md_reg_t reg, apr_pool_t p, const char *acct_id)

apr_status_t	md_reg_cleanup_challenges (md_reg_t reg, apr_pool_t p, apr_pool_t ptemp, apr_array_header_t mds)

apr_status_t	md_reg_freeze_domains (md_reg_t reg, apr_array_header_t mds)

int	md_reg_should_renew (md_reg_t reg, const md_t md, apr_pool_t *p)

apr_time_t	md_reg_renew_at (md_reg_t reg, const md_t md, apr_pool_t *p)

apr_time_t	md_reg_valid_until (md_reg_t reg, const md_t md, apr_pool_t *p)

int	md_reg_should_warn (md_reg_t reg, const md_t md, apr_pool_t *p)

apr_status_t	md_reg_test_init (md_reg_t reg, const md_t md, struct apr_table_t env, struct md_result_t result, apr_pool_t *p)

apr_status_t	md_reg_renew (md_reg_t reg, const md_t md, struct apr_table_t env, int reset, int attempt, struct md_result_t result, apr_pool_t *p)

apr_status_t	md_reg_load_staging (md_reg_t reg, const md_t md, struct apr_table_t env, struct md_result_t result, apr_pool_t *p)

apr_status_t	md_reg_load_stagings (md_reg_t reg, apr_array_header_t mds, apr_table_t env, apr_pool_t p)

void	md_reg_set_renew_window_default (md_reg_t reg, md_timeslice_t renew_window)

void	md_reg_set_warn_window_default (md_reg_t reg, md_timeslice_t warn_window)

struct md_job_t *	md_reg_job_make (md_reg_t reg, const char mdomain, apr_pool_t *p)

apr_status_t	md_reg_lock_global (md_reg_t reg, apr_pool_t p)

void	md_reg_unlock_global (md_reg_t reg, apr_pool_t p)

int	md_reg_has_revoked_certs (md_reg_t reg, struct md_ocsp_reg_t ocsp, const md_t md, apr_pool_t p)

Macro Definition Documentation

◆ MD_UPD_AGREEMENT

#define MD_UPD_AGREEMENT 0x00020

Definition at line 100 of file md_reg.h.

◆ MD_UPD_ALL

#define MD_UPD_ALL 0x7FFFFFFF

Definition at line 111 of file md_reg.h.

◆ MD_UPD_CA_ACCOUNT

#define MD_UPD_CA_ACCOUNT 0x00008

Definition at line 98 of file md_reg.h.

◆ MD_UPD_CA_CHALLENGES

#define MD_UPD_CA_CHALLENGES 0x00200

Definition at line 103 of file md_reg.h.

◆ MD_UPD_CA_PROTO

#define MD_UPD_CA_PROTO 0x00004

Definition at line 97 of file md_reg.h.

◆ MD_UPD_CA_URL

#define MD_UPD_CA_URL 0x00002

Definition at line 96 of file md_reg.h.

◆ MD_UPD_CONTACTS

#define MD_UPD_CONTACTS 0x00010

Definition at line 99 of file md_reg.h.

◆ MD_UPD_DOMAINS

#define MD_UPD_DOMAINS 0x00001

Bitmask for fields that are updated.

Definition at line 95 of file md_reg.h.

◆ MD_UPD_DRIVE_MODE

#define MD_UPD_DRIVE_MODE 0x00080

Definition at line 101 of file md_reg.h.

◆ MD_UPD_MUST_STAPLE

#define MD_UPD_MUST_STAPLE 0x02000

Definition at line 107 of file md_reg.h.

◆ MD_UPD_PKEY_SPEC

#define MD_UPD_PKEY_SPEC 0x00400

Definition at line 104 of file md_reg.h.

◆ MD_UPD_PROTO

#define MD_UPD_PROTO 0x04000

Definition at line 108 of file md_reg.h.

◆ MD_UPD_RENEW_WINDOW

#define MD_UPD_RENEW_WINDOW 0x00100

Definition at line 102 of file md_reg.h.

◆ MD_UPD_REQUIRE_HTTPS

#define MD_UPD_REQUIRE_HTTPS 0x00800

Definition at line 105 of file md_reg.h.

◆ MD_UPD_STAPLING

#define MD_UPD_STAPLING 0x10000

Definition at line 110 of file md_reg.h.

◆ MD_UPD_TRANSITIVE

#define MD_UPD_TRANSITIVE 0x01000

Definition at line 106 of file md_reg.h.

◆ MD_UPD_WARN_WINDOW

#define MD_UPD_WARN_WINDOW 0x08000

Definition at line 109 of file md_reg.h.

Typedef Documentation

◆ md_proto_complete_md_cb

typedef apr_status_t md_proto_complete_md_cb(md_t *md, apr_pool_t *p)

Definition at line 235 of file md_reg.h.

◆ md_proto_driver_t

typedef struct md_proto_driver_t md_proto_driver_t

Definition at line 204 of file md_reg.h.

◆ md_proto_init_cb

typedef apr_status_t md_proto_init_cb(md_proto_driver_t *driver, struct md_result_t *result)

Definition at line 230 of file md_reg.h.

◆ md_proto_init_preload_cb

typedef apr_status_t md_proto_init_preload_cb(md_proto_driver_t *driver, struct md_result_t *result)

Definition at line 232 of file md_reg.h.

◆ md_proto_preload_cb

typedef apr_status_t md_proto_preload_cb(md_proto_driver_t *driver, md_store_group_t group, struct md_result_t *result)

Definition at line 233 of file md_reg.h.

◆ md_proto_renew_cb

typedef apr_status_t md_proto_renew_cb(md_proto_driver_t *driver, struct md_result_t *result)

Definition at line 231 of file md_reg.h.

◆ md_proto_t

typedef struct md_proto_t md_proto_t

Definition at line 202 of file md_reg.h.

◆ md_reg_do_cb

typedef int md_reg_do_cb(void *baton, md_reg_t *reg, md_t *md)

Callback invoked for every md in the registry. If 0 is returned, iteration stops.

Definition at line 83 of file md_reg.h.

◆ md_reg_t

typedef struct md_reg_t md_reg_t

A registry for managed domains with a md_store_t as persistence.

Definition at line 34 of file md_reg.h.

Function Documentation

◆ md_reg_add()

apr_status_t md_reg_add	(	md_reg_t *	reg,
		md_t *	md,
		apr_pool_t *	p
	)

Add a new md to the registry. This will check the name for uniqueness and that domain names do not overlap with already existing mds.

Definition at line 433 of file md_reg.c.

◆ md_reg_cleanup_challenges()

apr_status_t md_reg_cleanup_challenges	(	md_reg_t *	reg,
		apr_pool_t *	p,
		apr_pool_t *	ptemp,
		apr_array_header_t *	mds
	)

Cleanup any challenges that are no longer in use.

Parameters

reg	the registry
p	pool for permanent storage
ptemp	pool for temporary storage
mds	the list of configured MDs

Definition at line 1032 of file md_reg.c.

◆ md_reg_create()

apr_status_t md_reg_create	(	md_reg_t **	preg,
		apr_pool_t *	pm,
		md_store_t *	store,
		const char *	proxy_url,
		const char *	ca_file,
		apr_time_t	min_delay,
		int	retry_failover,
		int	use_store_locks,
		apr_time_t	lock_wait_timeout
	)

Create the MD registry, using the pool and store.

Parameters

preg	on APR_SUCCESS, the create md_reg_t
pm	memory pool to use for creation
store	the store to base on
proxy_url	optional URL of a proxy to use for requests
ca_file	optioinal CA trust anchor file to use
min_delay	minimum delay between renewal attempts for a domain
retry_failover	numer of failed renewals attempt to fail over to alternate ACME ca

Definition at line 87 of file md_reg.c.

◆ md_reg_delete_acct()

apr_status_t md_reg_delete_acct	(	md_reg_t *	reg,
		apr_pool_t *	p,
		const char *	acct_id
	)

Delete the account from the local store.

Definition at line 545 of file md_reg.c.

◆ md_reg_do()

int md_reg_do	(	md_reg_do_cb *	cb,
		void *	baton,
		md_reg_t *	reg,
		apr_pool_t *	p
	)

Invoke callback for all mds in this registry. Order is not guaranteed. If the callback returns 0, iteration stops. Returns 0 if iteration was aborted.

Definition at line 318 of file md_reg.c.

◆ md_reg_find()

md_t * md_reg_find	(	md_reg_t *	reg,
		const char *	domain,
		apr_pool_t *	p
	)

Find the md, if any, that contains the given domain name. NULL if none found.

Definition at line 354 of file md_reg.c.

◆ md_reg_find_overlap()

md_t * md_reg_find_overlap	(	md_reg_t *	reg,
		const md_t *	md,
		const char **	pdomain,
		apr_pool_t *	p
	)

Find one md, which domain names overlap with the given md and that has a different name. There may be more than one existing md that overlaps. It is not defined which one will be returned.

Definition at line 388 of file md_reg.c.

◆ md_reg_freeze_domains()

apr_status_t md_reg_freeze_domains	(	md_reg_t *	reg,
		apr_array_header_t *	mds
	)

Mark all information from group MD_SG_DOMAINS as readonly, deny future modifications (MD_SG_STAGING and MD_SG_CHALLENGES remain writeable). For the given MDs, cache the public information (MDs themselves and their pubcerts or lack of).

Definition at line 1290 of file md_reg.c.

◆ md_reg_get()

md_t * md_reg_get	(	md_reg_t *	reg,
		const char *	name,
		apr_pool_t *	p
	)

Get the md with the given unique name. NULL if it does not exist. Will update the md->state.

Definition at line 326 of file md_reg.c.

◆ md_reg_get_cred_files()

apr_status_t md_reg_get_cred_files	(	const char **	pkeyfile,
		const char **	pcertfile,
		md_reg_t *	reg,
		md_store_group_t	group,
		const md_t *	md,
		struct md_pkey_spec_t *	spec,
		apr_pool_t *	p
	)

Get the filenames of private key and pubcert of the MD - if they exist.

Returns: APR_ENOENT if one or both do not exist.

Definition at line 635 of file md_reg.c.

◆ md_reg_get_pubcert()

apr_status_t md_reg_get_pubcert	(	const md_pubcert_t **	ppubcert,
		md_reg_t *	reg,
		const md_t *	md,
		int	i,
		apr_pool_t *	p
	)

Get the chain of public certificates of the managed domain md, starting with the cert of the domain and going up the issuers. Returns APR_ENOENT when not available.

Definition at line 608 of file md_reg.c.

◆ md_reg_has_revoked_certs()

int md_reg_has_revoked_certs	(	md_reg_t *	reg,
		struct md_ocsp_reg_t *	ocsp,
		const md_t *	md,
		apr_pool_t *	p
	)

Returns: != 0 iff md has any certificates known to be REVOKED.

Definition at line 1334 of file md_reg.c.

◆ md_reg_job_make()

struct md_job_t * md_reg_job_make	(	md_reg_t *	reg,
		const char *	mdomain,
		apr_pool_t *	p
	)

Definition at line 1321 of file md_reg.c.

◆ md_reg_load_staging()

apr_status_t md_reg_load_staging	(	md_reg_t *	reg,
		const md_t *	md,
		struct apr_table_t *	env,
		struct md_result_t *	result,
		apr_pool_t *	p
	)

Load a new set of credentials for the managed domain from STAGING - if it exists. This will archive any existing credential data and make the staged set the new one in DOMAINS. If staging is incomplete or missing, the load will fail and all credentials remain as they are.

Returns: APR_SUCCESS on loading new data, APR_ENOENT when nothing is staged, error otherwise.

Definition at line 1237 of file md_reg.c.

◆ md_reg_load_stagings()

apr_status_t md_reg_load_stagings	(	md_reg_t *	reg,
		apr_array_header_t *	mds,
		apr_table_t *	env,
		apr_pool_t *	p
	)

Check given MDomains for new data in staging areas and, if it exists, load the new credentials. On encountering errors, leave the credentails as they are.

Definition at line 1244 of file md_reg.c.

◆ md_reg_lock_global()

apr_status_t md_reg_lock_global	(	md_reg_t *	reg,
		apr_pool_t *	p
	)

Acquire a cooperative, global lock on registry modifications. Will do nothing if locking is not configured.

This will only prevent other children/processes/cluster nodes from doing the same and does not protect individual store functions from being called without it.

Parameters

reg	the registy
p	memory pool to use
max_wait	maximum time to wait in order to acquire

Returns: APR_SUCCESS when lock was obtained

Definition at line 1269 of file md_reg.c.

◆ md_reg_remove()

apr_status_t md_reg_remove	(	md_reg_t *	reg,
		apr_pool_t *	p,
		const char *	name,
		int	archive
	)

Definition at line 992 of file md_reg.c.

◆ md_reg_renew()

apr_status_t md_reg_renew	(	md_reg_t *	reg,
		const md_t *	md,
		struct apr_table_t *	env,
		int	reset,
		int	attempt,
		struct md_result_t *	result,
		apr_pool_t *	p
	)

Obtain new credentials for the given managed domain in STAGING.

Parameters

reg	the registry instance
md	the mdomain to renew
env	global environment of settings
reset	!= 0 if any previous, partial information should be wiped
attempt	the number of attempts made this far (for this md)
result	for reporting results of the renewal
p	the memory pool to use

Returns: APR_SUCCESS if new credentials have been staged successfully

Definition at line 1168 of file md_reg.c.

◆ md_reg_renew_at()

apr_time_t md_reg_renew_at	(	md_reg_t *	reg,
		const md_t *	md,
		apr_pool_t *	p
	)

Return the timestamp when the certificate should be renewed. A value of 0 indicates that that renewal is not configured (see renew_mode).

Definition at line 671 of file md_reg.c.

◆ md_reg_set_props()

apr_status_t md_reg_set_props	(	md_reg_t *	reg,
		apr_pool_t *	p,
		int	can_http,
		int	can_https
	)

Definition at line 750 of file md_reg.c.

◆ md_reg_set_renew_window_default()

void md_reg_set_renew_window_default	(	md_reg_t *	reg,
		md_timeslice_t *	renew_window
	)

Definition at line 1311 of file md_reg.c.

◆ md_reg_set_warn_window_default()

void md_reg_set_warn_window_default	(	md_reg_t *	reg,
		md_timeslice_t *	warn_window
	)

Definition at line 1316 of file md_reg.c.

◆ md_reg_should_renew()

int md_reg_should_renew	(	md_reg_t *	reg,
		const md_t *	md,
		apr_pool_t *	p
	)

Return if the certificate of the MD should be renewed. This includes reaching the renewal window of an otherwise valid certificate. It return also !0 iff no certificate has been obtained yet.

Definition at line 706 of file md_reg.c.

◆ md_reg_should_warn()

int md_reg_should_warn	(	md_reg_t *	reg,
		const md_t *	md,
		apr_pool_t *	p
	)

Return if a warning should be issued about the certificate expiration. This applies the configured warn window to the remaining lifetime of the current certiciate. If no certificate is present, this returns 0.

Definition at line 714 of file md_reg.c.

◆ md_reg_store_get()

md_store_t * md_reg_store_get ( md_reg_t * reg )

Definition at line 122 of file md_reg.c.

◆ md_reg_sync_finish()

apr_status_t md_reg_sync_finish	(	md_reg_t *	reg,
		md_t *	md,
		apr_pool_t *	p,
		apr_pool_t *	ptemp
	)

Re-compute the state of the MD, given current store contents.

Finish syncing an MD with the store.

if there are changed properties (or if the MD is new), save it.
read any existing certificate and init the state of the memory MD

Definition at line 918 of file md_reg.c.

◆ md_reg_sync_start()

apr_status_t md_reg_sync_start	(	md_reg_t *	reg,
		apr_array_header_t *	master_mds,
		apr_pool_t *	p
	)

Synchronize the given master mds with the store.

Definition at line 834 of file md_reg.c.

◆ md_reg_test_init()

apr_status_t md_reg_test_init	(	md_reg_t *	reg,
		const md_t *	md,
		struct apr_table_t *	env,
		struct md_result_t *	result,
		apr_pool_t *	p
	)

Run a test initialization of the renew protocol for the given MD. This verifies basic parameter settings and is expected to return a description of encountered problems in <pmessage> when != APR_SUCCESS. A message return is allocated fromt the given pool.

Definition at line 1133 of file md_reg.c.

◆ md_reg_unlock_global()

void md_reg_unlock_global	(	md_reg_t *	reg,
		apr_pool_t *	p
	)

Realease the global registry lock. Will do nothing if there is no lock.

Definition at line 1283 of file md_reg.c.

◆ md_reg_update()

apr_status_t md_reg_update	(	md_reg_t *	reg,
		apr_pool_t *	p,
		const char *	name,
		const md_t *	md,
		int	fields,
		int	check_consistency
	)

Update the given fields for the managed domain. Take the new values from the given md, all other values remain unchanged.

Definition at line 538 of file md_reg.c.

◆ md_reg_valid_until()

apr_time_t md_reg_valid_until	(	md_reg_t *	reg,
		const md_t *	md,
		apr_pool_t *	p
	)

Return the timestamp up to which all certificates for the MD can be used. A value of 0 indicates that there is no certificate.

Definition at line 650 of file md_reg.c.

Typedefs
typedef struct md_reg_t	md_reg_t

typedef int	md_reg_do_cb(void baton, md_reg_t reg, md_t *md)

typedef struct md_proto_t	md_proto_t

typedef struct md_proto_driver_t	md_proto_driver_t

typedef apr_status_t	md_proto_init_cb(md_proto_driver_t driver, struct md_result_t result)

typedef apr_status_t	md_proto_renew_cb(md_proto_driver_t driver, struct md_result_t result)

typedef apr_status_t	md_proto_init_preload_cb(md_proto_driver_t driver, struct md_result_t result)

typedef apr_status_t	md_proto_preload_cb(md_proto_driver_t driver, md_store_group_t group, struct md_result_t result)

typedef apr_status_t	md_proto_complete_md_cb(md_t md, apr_pool_t p)

Classes

Macros

Typedefs

Functions

Macro Definition Documentation

◆ MD_UPD_AGREEMENT

◆ MD_UPD_ALL

◆ MD_UPD_CA_ACCOUNT

◆ MD_UPD_CA_CHALLENGES

◆ MD_UPD_CA_PROTO

◆ MD_UPD_CA_URL

◆ MD_UPD_CONTACTS

◆ MD_UPD_DOMAINS

◆ MD_UPD_DRIVE_MODE

◆ MD_UPD_MUST_STAPLE

◆ MD_UPD_PKEY_SPEC

◆ MD_UPD_PROTO

◆ MD_UPD_RENEW_WINDOW

◆ MD_UPD_REQUIRE_HTTPS

◆ MD_UPD_STAPLING

◆ MD_UPD_TRANSITIVE

◆ MD_UPD_WARN_WINDOW

Typedef Documentation

◆ md_proto_complete_md_cb

◆ md_proto_driver_t

◆ md_proto_init_cb

◆ md_proto_init_preload_cb

◆ md_proto_preload_cb

◆ md_proto_renew_cb

◆ md_proto_t

◆ md_reg_do_cb

◆ md_reg_t

Function Documentation

◆ md_reg_add()

◆ md_reg_cleanup_challenges()

◆ md_reg_create()

◆ md_reg_delete_acct()

◆ md_reg_do()

◆ md_reg_find()

◆ md_reg_find_overlap()

◆ md_reg_freeze_domains()

◆ md_reg_get()

◆ md_reg_get_cred_files()

◆ md_reg_get_pubcert()

◆ md_reg_has_revoked_certs()

◆ md_reg_job_make()

◆ md_reg_load_staging()

◆ md_reg_load_stagings()

◆ md_reg_lock_global()

◆ md_reg_remove()

◆ md_reg_renew()

◆ md_reg_renew_at()

◆ md_reg_set_props()

◆ md_reg_set_renew_window_default()

◆ md_reg_set_warn_window_default()

◆ md_reg_should_renew()

◆ md_reg_should_warn()

◆ md_reg_store_get()

◆ md_reg_sync_finish()

◆ md_reg_sync_start()

◆ md_reg_test_init()

◆ md_reg_unlock_global()

◆ md_reg_update()

◆ md_reg_valid_until()