Thomas L.([email protected]) on 2019.01.30 20:59:11 +0100:
> On Wed, 30 Jan 2019 10:08:30 +0100
> Sebastian Benoit <[email protected]> wrote:
> > http://feuf.eu/.well-known/acme-challenge/
> > reports a 404 not found. I would expect a 403 Permission Denied there
> > if you have DirectoryIndex turned off.
> >
> > Also feuf.eu claims it is "Apache/2.4.10 (Debian) Server at feuf.eu
> > Port 80". How does your setup look like? What does the log of that
> > Apache Server show?
> >
> > Is acme-client really writing the challenge into the correct dir?
> > Is a NFS share involved?
> >
> > /Benno
>
> Ah, sorry, my failure. feuf.eu no longer points to my server.
> However, I removed account and domain key of a domain I actually control to
> reproduce:
[...]
ok, thanks for looking further, i think you got it.
Below is my variation of your diff.
ok?
> diff --git netproc.c netproc.c
> index e5845401862..12a1a1bb81a 100644
> --- netproc.c
> +++ netproc.c
> @@ -759,19 +759,26 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd,
> int rfd,
> * every five seconds.
> */
>
> - for (i = 0; i < altsz; i++) {
> - if (chngs[i].status == 1)
> - continue;
> + for (;;) {
> + for (i = 0; i < altsz; i++) {
> + if (chngs[i].status == 1)
> + continue;
>
> - if (chngs[i].retry++ >= RETRY_MAX) {
> - warnx("%s: too many tries", chngs[i].uri);
> - goto out;
> - }
> + if (chngs[i].retry++ >= RETRY_MAX) {
> + warnx("%s: too many tries", chngs[i].uri);
> + goto out;
> + }
>
> - /* Sleep before every attempt. */
> - sleep(RETRY_DELAY);
> - if (!dochngcheck(&c, &chngs[i]))
> - goto out;
> + /* Sleep before every attempt. */
> + sleep(RETRY_DELAY);
> + if (!dochngcheck(&c, &chngs[i]))
> + goto out;
> + }
> + for (i = 0; i < altsz; i++)
> + if (chngs[i].status < 1)
> + break;
> + if (i == altsz)
> + break;
> }
>
> /*
>
(benno_acme_fix_netproc_loop.diff)
diff --git usr.sbin/acme-client/netproc.c usr.sbin/acme-client/netproc.c
index 6c6b24e6a6d..8a34139f0c4 100644
--- usr.sbin/acme-client/netproc.c
+++ usr.sbin/acme-client/netproc.c
@@ -598,17 +598,17 @@ dofullchain(struct conn *c, const char *addr)
* account key information.
*/
int
netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd,
int newacct, int revocate, struct authority_c *authority,
const char *const *alts,size_t altsz)
{
int rc = 0;
- size_t i;
+ size_t i, done = 0;
char *cert = NULL, *thumb = NULL, *url = NULL;
struct conn c;
struct capaths paths;
struct chng *chngs = NULL;
long lval;
memset(&paths, 0, sizeof(struct capaths));
memset(&c, 0, sizeof(struct conn));
@@ -754,31 +754,42 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int
rfd,
}
/*
* We now wait on the ACME server for each domain.
* Connect to the server (assume it's the same server) once
* every five seconds.
*/
- for (i = 0; i < altsz; i++) {
- if (chngs[i].status == CHNG_VALID)
- continue;
-
- if (chngs[i].retry++ >= RETRY_MAX) {
- warnx("%s: too many tries", chngs[i].uri);
- goto out;
+ for (;;) {
+ for (i = 0; i < altsz; i++) {
+ doddbg("%s: done %lu, altsz %lu, i %lu, status %d",
+ __func__, done, altsz, i, chngs[i].status);
+
+ if (chngs[i].status == CHNG_VALID)
+ continue;
+
+ if (chngs[i].retry++ >= RETRY_MAX) {
+ warnx("%s: too many tries", chngs[i].uri);
+ goto out;
+ }
+
+ /* Sleep before every attempt. */
+ sleep(RETRY_DELAY);
+ if (dochngcheck(&c, &chngs[i])) {
+ if (chngs[i].status == CHNG_VALID)
+ done++;
+ continue;
+ } else
+ goto out;
}
- /* Sleep before every attempt. */
- sleep(RETRY_DELAY);
- if (!dochngcheck(&c, &chngs[i]))
- goto out;
+ if (done == altsz)
+ break;
}
-
/*
* Write our acknowledgement that the challenges are over.
* The challenge process will remove all of the files.
*/
if (writeop(Cfd, COMM_CHNG_OP, CHNG_STOP) <= 0)
goto out;
