committed, thanks!
Sebastian Benoit([email protected]) on 2019.01.31 17:00:59 +0100:
> Thomas L.([email protected]) on 2019.01.30 20:59:11 +0100:
> > On Wed, 30 Jan 2019 10:08:30 +0100
> > Sebastian Benoit <[email protected]> wrote:
> > > http://feuf.eu/.well-known/acme-challenge/
> > > reports a 404 not found. I would expect a 403 Permission Denied there
> > > if you have DirectoryIndex turned off.
> > >
> > > Also feuf.eu claims it is "Apache/2.4.10 (Debian) Server at feuf.eu
> > > Port 80". How does your setup look like? What does the log of that
> > > Apache Server show?
> > >
> > > Is acme-client really writing the challenge into the correct dir?
> > > Is a NFS share involved?
> > >
> > > /Benno
> >
> > Ah, sorry, my failure. feuf.eu no longer points to my server.
> > However, I removed account and domain key of a domain I actually control to
> > reproduce:
>
> [...]
>
> ok, thanks for looking further, i think you got it.
>
> Below is my variation of your diff.
>
> ok?
>
> > diff --git netproc.c netproc.c
> > index e5845401862..12a1a1bb81a 100644
> > --- netproc.c
> > +++ netproc.c
> > @@ -759,19 +759,26 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd,
> > int rfd,
> > * every five seconds.
> > */
> >
> > - for (i = 0; i < altsz; i++) {
> > - if (chngs[i].status == 1)
> > - continue;
> > + for (;;) {
> > + for (i = 0; i < altsz; i++) {
> > + if (chngs[i].status == 1)
> > + continue;
> >
> > - if (chngs[i].retry++ >= RETRY_MAX) {
> > - warnx("%s: too many tries", chngs[i].uri);
> > - goto out;
> > - }
> > + if (chngs[i].retry++ >= RETRY_MAX) {
> > + warnx("%s: too many tries", chngs[i].uri);
> > + goto out;
> > + }
> >
> > - /* Sleep before every attempt. */
> > - sleep(RETRY_DELAY);
> > - if (!dochngcheck(&c, &chngs[i]))
> > - goto out;
> > + /* Sleep before every attempt. */
> > + sleep(RETRY_DELAY);
> > + if (!dochngcheck(&c, &chngs[i]))
> > + goto out;
> > + }
> > + for (i = 0; i < altsz; i++)
> > + if (chngs[i].status < 1)
> > + break;
> > + if (i == altsz)
> > + break;
> > }
> >
> > /*
> >
>
> (benno_acme_fix_netproc_loop.diff)
>
> diff --git usr.sbin/acme-client/netproc.c usr.sbin/acme-client/netproc.c
> index 6c6b24e6a6d..8a34139f0c4 100644
> --- usr.sbin/acme-client/netproc.c
> +++ usr.sbin/acme-client/netproc.c
> @@ -598,17 +598,17 @@ dofullchain(struct conn *c, const char *addr)
> * account key information.
> */
> int
> netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd,
> int newacct, int revocate, struct authority_c *authority,
> const char *const *alts,size_t altsz)
> {
> int rc = 0;
> - size_t i;
> + size_t i, done = 0;
> char *cert = NULL, *thumb = NULL, *url = NULL;
> struct conn c;
> struct capaths paths;
> struct chng *chngs = NULL;
> long lval;
>
> memset(&paths, 0, sizeof(struct capaths));
> memset(&c, 0, sizeof(struct conn));
> @@ -754,31 +754,42 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd,
> int rfd,
> }
>
> /*
> * We now wait on the ACME server for each domain.
> * Connect to the server (assume it's the same server) once
> * every five seconds.
> */
>
> - for (i = 0; i < altsz; i++) {
> - if (chngs[i].status == CHNG_VALID)
> - continue;
> -
> - if (chngs[i].retry++ >= RETRY_MAX) {
> - warnx("%s: too many tries", chngs[i].uri);
> - goto out;
> + for (;;) {
> + for (i = 0; i < altsz; i++) {
> + doddbg("%s: done %lu, altsz %lu, i %lu, status %d",
> + __func__, done, altsz, i, chngs[i].status);
> +
> + if (chngs[i].status == CHNG_VALID)
> + continue;
> +
> + if (chngs[i].retry++ >= RETRY_MAX) {
> + warnx("%s: too many tries", chngs[i].uri);
> + goto out;
> + }
> +
> + /* Sleep before every attempt. */
> + sleep(RETRY_DELAY);
> + if (dochngcheck(&c, &chngs[i])) {
> + if (chngs[i].status == CHNG_VALID)
> + done++;
> + continue;
> + } else
> + goto out;
> }
>
> - /* Sleep before every attempt. */
> - sleep(RETRY_DELAY);
> - if (!dochngcheck(&c, &chngs[i]))
> - goto out;
> + if (done == altsz)
> + break;
> }
> -
> /*
> * Write our acknowledgement that the challenges are over.
> * The challenge process will remove all of the files.
> */
>
> if (writeop(Cfd, COMM_CHNG_OP, CHNG_STOP) <= 0)
> goto out;
>
>
