> Am 19.08.2025 um 11:10 schrieb Stefan Eissing via dev <[email protected]>:
>
>
>
>> Am 18.08.2025 um 09:39 schrieb Ruediger Pluem <[email protected]>:
>>
>>
>>
>> On 8/15/25 1:23 PM, [email protected] wrote:
>>> Author: icing
>>> Date: Fri Aug 15 11:23:29 2025
>>> New Revision: 1927807
>>>
>>> Log:
>>> *) mod_md: update to version 2.6.1
>>> - Increasing default `MDRetryDelay` to 30 seconds to generate less bursty
>>> traffic on errored renewals for the ACME CA. This leads to error
>>> retries
>>> of 30s, 1 minute, 2, 4, etc. up to daily attempts.
>>> - Checking that configuring `MDRetryDelay` will result in a positive
>>> duration. A delay of 0 is not accepted.
>>> - Fix a bug in checking Content-Type of responses from the ACME server.
>>> - Added ACME ARI support (rfc9773) to the module. Enabled by default. New
>>> directive "MDRenewViaARI on|off" for controlling this.
>>> - Removing tailscale support. It has not been working for a long time
>>> as the company decided to change their APIs. Away with the dead code,
>>> documentation and tests.
>>> - Fixed a compilation issue with pre-industrial versions of libcurl.
>>>
>>> Added:
>>> httpd/httpd/trunk/changes-entries/md_v2.6.1.txt
>>> Deleted:
>>> httpd/httpd/trunk/modules/md/md_tailscale.c
>>> httpd/httpd/trunk/modules/md/md_tailscale.h
>>> httpd/httpd/trunk/test/modules/md/test_780_tailscale.py
>>> Modified:
>>> httpd/httpd/trunk/docs/manual/mod/mod_md.xml
>>> httpd/httpd/trunk/modules/md/config2.m4
>>> httpd/httpd/trunk/modules/md/md.h
>>> httpd/httpd/trunk/modules/md/md_acme.c
>>> httpd/httpd/trunk/modules/md/md_acme.h
>>> httpd/httpd/trunk/modules/md/md_acme_authz.c
>>> httpd/httpd/trunk/modules/md/md_acme_drive.c
>>> httpd/httpd/trunk/modules/md/md_acme_order.c
>>> httpd/httpd/trunk/modules/md/md_acme_order.h
>>> httpd/httpd/trunk/modules/md/md_acmev2_drive.c
>>> httpd/httpd/trunk/modules/md/md_core.c
>>> httpd/httpd/trunk/modules/md/md_crypt.c
>>> httpd/httpd/trunk/modules/md/md_crypt.h
>>> httpd/httpd/trunk/modules/md/md_http.c
>>> httpd/httpd/trunk/modules/md/md_json.c
>>> httpd/httpd/trunk/modules/md/md_reg.c
>>> httpd/httpd/trunk/modules/md/md_reg.h
>>> httpd/httpd/trunk/modules/md/md_status.c
>>> httpd/httpd/trunk/modules/md/md_time.c
>>> httpd/httpd/trunk/modules/md/md_time.h
>>> httpd/httpd/trunk/modules/md/md_version.h
>>> httpd/httpd/trunk/modules/md/mod_md.c
>>> httpd/httpd/trunk/modules/md/mod_md.dsp
>>> httpd/httpd/trunk/modules/md/mod_md_config.c
>>> httpd/httpd/trunk/modules/md/mod_md_config.h
>>> httpd/httpd/trunk/modules/md/mod_md_drive.c
>>> httpd/httpd/trunk/modules/md/mod_md_status.c
>>> httpd/httpd/trunk/test/modules/md/md_conf.py
>>> httpd/httpd/trunk/test/modules/md/test_702_auto.py
>>> httpd/httpd/trunk/test/modules/md/test_710_profiles.py
>>> httpd/httpd/trunk/test/modules/md/test_730_static.py
>>> httpd/httpd/trunk/test/modules/md/test_920_status.py
>>>
>>
>>>
>>> Modified: httpd/httpd/trunk/modules/md/md_status.c
>>> ==============================================================================
>>> --- httpd/httpd/trunk/modules/md/md_status.c Fri Aug 15 10:27:32 2025
>>> (r1927806)
>>> +++ httpd/httpd/trunk/modules/md/md_status.c Fri Aug 15 11:23:29 2025
>>> (r1927807)
>>
>>> @@ -598,11 +612,19 @@ apr_time_t md_job_delay_on_errors(md_job
>>> delay = max_delay;
>>> }
>>> else if (err_count > 0) {
>>> - /* back off duration, depending on the errors we encounter in a
>>> row */
>>> - delay = job->min_delay << (err_count - 1);
>>> - if (delay > max_delay) {
>>> - delay = max_delay;
>>> + /* back off duration, depending on the errors we encounter in a
>>> row.
>>> + * As apr_time_t is signed, this might wrap around*/
>>> + int i;
>>> + delay = job->min_delay;
>>> + for (i = 0; i < err_count; ++i) {
>>> + delay <<= 1;
>>> + if ((delay <= 0) || (delay > max_delay)) {
>>> + delay = max_delay;
>>> + break;
>>> + }
>>> }
>>> + if (delay > max_delay)
>>> + delay = max_delay;
>>
>> I don't think that delay can be > max_delay here.
>
> I realized one mistake: the first error already triggers a doubling of the
> delay. Will fix that.
>
> Why do you think that the doubling could never reach the cap? I seem to be
> unable to see that...
The brain works better by writing. I now see what you mean. The additional
check after the loop is unnecessary. Thanks for reviewing!
>
> Cheers,
> Stefan
>
>>
>>> }
>>> if (delay > 0) {
>>> /* jitter the delay by +/- 0-50%.
>>>
>>
>> Regards
>>
>> RĂ¼diger
