| 466 | } |
| 467 | |
| 468 | static server_rec *get_public_https_server(md_t *md, const char *domain, server_rec *base_server) |
| 469 | { |
| 470 | md_srv_conf_t *sc; |
| 471 | md_mod_conf_t *mc; |
| 472 | server_rec *s; |
| 473 | server_rec *res = NULL; |
| 474 | request_rec r; |
| 475 | int i; |
| 476 | int check_port = 1; |
| 477 | |
| 478 | sc = md_config_get(base_server); |
| 479 | mc = sc->mc; |
| 480 | memset(&r, 0, sizeof(r)); |
| 481 | |
| 482 | if (md->ca_challenges && md->ca_challenges->nelts > 0) { |
| 483 | /* skip the port check if "tls-alpn-01" is pre-configured */ |
| 484 | check_port = !(md_array_str_index(md->ca_challenges, MD_AUTHZ_TYPE_TLSALPN01, 0, 0) >= 0); |
| 485 | } |
| 486 | |
| 487 | if (check_port && !mc->can_https) return NULL; |
| 488 | |
| 489 | /* find an ssl server matching domain from MD */ |
| 490 | for (s = base_server; s; s = s->next) { |
| 491 | sc = md_config_get(s); |
| 492 | if (!sc || !sc->is_ssl || !sc->assigned) continue; |
| 493 | if (base_server == s && !mc->manage_base_server) continue; |
| 494 | if (base_server != s && check_port && mc->local_443 > 0 && !uses_port(s, mc->local_443)) continue; |
| 495 | for (i = 0; i < sc->assigned->nelts; ++i) { |
| 496 | if (md == APR_ARRAY_IDX(sc->assigned, i, md_t*)) { |
| 497 | r.server = s; |
| 498 | if (ap_matches_request_vhost(&r, domain, s->port)) { |
| 499 | if (check_port) { |
| 500 | return s; |
| 501 | } |
| 502 | else { |
| 503 | /* there may be multiple matching servers because we ignore the port. |
| 504 | if possible, choose a server that supports the acme-tls/1 protocol */ |
| 505 | if (ap_is_allowed_protocol(NULL, NULL, s, PROTO_ACME_TLS_1)) { |
| 506 | return s; |
| 507 | } |
| 508 | res = s; |
| 509 | } |
| 510 | } |
| 511 | } |
| 512 | } |
| 513 | } |
| 514 | return res; |
| 515 | } |
| 516 | |
| 517 | static apr_status_t auto_add_domains(md_t *md, server_rec *base_server, apr_pool_t *p) |
| 518 | { |
no test coverage detected