Hi Yann, thanks for the cleanup, should already be merged to 2.4.x. The code was a leftover from earlier cert chain retrieval that actually looked at the cert issuer url.
However, as Let's Encrypt pointed out to me, they offer a Link header for this which they hold back when the issuing cert that is trusted by clients has been reached. That gives shorter cert chains. Cheers, Stefan > Am 19.12.2017 um 23:58 schrieb Yann Ylavic <[email protected]>: > > On Tue, Dec 19, 2017 at 11:39 PM, <[email protected]> wrote: >> >> --- httpd/httpd/trunk/modules/md/md_acme_drive.c (original) >> +++ httpd/httpd/trunk/modules/md/md_acme_drive.c Tue Dec 19 22:39:03 2017 >> @@ -566,18 +566,11 @@ static apr_status_t get_chain(void *bato >> { >> md_proto_driver_t *d = baton; >> md_acme_driver_t *ad = d->baton; >> - md_cert_t *cert; >> const char *prev_link = NULL; >> apr_status_t rv = APR_SUCCESS; >> >> while (APR_SUCCESS == rv && ad->chain->nelts < 10) { >> int nelts = ad->chain->nelts; >> - if (ad->chain && nelts > 0) { >> - cert = APR_ARRAY_IDX(ad->chain, nelts - 1, md_cert_t *); >> - } >> - else { >> - cert = ad->cert; >> - } > > Stefan, was 'cert' intended for a particular (future) use or is it a > remainder of some deleted code? > In the latter case, I'd merge this commit in ^/branches/2.4.x-mod_md, > otherwise I'll let you take care of it :) > > > Regards, > Yann.
