Adding upstream version 2.4.59.upstream/2.4.59

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

4 files changed, 38 insertions, 19 deletions

diff --git a/modules/md/md_acme_order.c b/modules/md/md_acme_order.c
index 9e25e84..061093a 100644
--- a/modules/md/md_acme_order.c
+++ b/modules/md/md_acme_order.c
@@ -537,8 +537,8 @@ static apr_status_t check_challenges(void *baton, int attempt)
             }
         }
         else {
-            md_result_printf(ctx->result, rv, "authorization retrieval failed for domain %s", 
-                             authz->domain);
+            md_result_printf(ctx->result, rv, "authorization retrieval failed for %s on <%s>",
+                             ctx->name, url);
         }
     }
 leave:
diff --git a/modules/md/md_crypt.c b/modules/md/md_crypt.c
index f2b0cd5..4b2af89 100644
--- a/modules/md/md_crypt.c
+++ b/modules/md/md_crypt.c
@@ -32,6 +32,9 @@
 #include <openssl/rand.h>
 #include <openssl/rsa.h>
 #include <openssl/x509v3.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/core_names.h>
+#endif
 
 #include "md.h"
 #include "md_crypt.h"
@@ -988,26 +991,42 @@ static const char *bn64(const BIGNUM *b, apr_pool_t *p)
 
 const char *md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p)
 {
-    const BIGNUM *e;
-    RSA *rsa = EVP_PKEY_get1_RSA(pkey->pkey);
-    
-    if (!rsa) {
-        return NULL;
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+    const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
+    if (rsa) {
+        const BIGNUM *e;
+        RSA_get0_key(rsa, NULL, &e, NULL);
+        return bn64(e, p);
     }
-    RSA_get0_key(rsa, NULL, &e, NULL);
-    return bn64(e, p);
+#else
+    BIGNUM *e = NULL;
+    if (EVP_PKEY_get_bn_param(pkey->pkey, OSSL_PKEY_PARAM_RSA_E, &e)) {
+        const char *e64 = bn64(e, p);
+        BN_free(e);
+        return e64;
+    }
+#endif
+    return NULL;
 }
 
 const char *md_pkey_get_rsa_n64(md_pkey_t *pkey, apr_pool_t *p)
 {
-    const BIGNUM *n;
-    RSA *rsa = EVP_PKEY_get1_RSA(pkey->pkey);
-    
-    if (!rsa) {
-        return NULL;
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+    const RSA *rsa = EVP_PKEY_get0_RSA(pkey->pkey);
+    if (rsa) {
+        const BIGNUM *n;
+        RSA_get0_key(rsa, &n, NULL, NULL);
+        return bn64(n, p);
     }
-    RSA_get0_key(rsa, &n, NULL, NULL);
-    return bn64(n, p);
+#else
+    BIGNUM *n = NULL;
+    if (EVP_PKEY_get_bn_param(pkey->pkey, OSSL_PKEY_PARAM_RSA_N, &n)) {
+        const char *n64 = bn64(n, p);
+        BN_free(n);
+        return n64;
+    }
+#endif
+    return NULL;
 }
 
 apr_status_t md_crypt_sign64(const char **psign64, md_pkey_t *pkey, apr_pool_t *p, 
diff --git a/modules/md/md_version.h b/modules/md/md_version.h
index cf62f5e..86a1821 100644
--- a/modules/md/md_version.h
+++ b/modules/md/md_version.h
@@ -27,7 +27,7 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "2.4.24"
+#define MOD_MD_VERSION "2.4.25"
 
 /**
  * @macro
@@ -35,7 +35,7 @@
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x020418
+#define MOD_MD_VERSION_NUM 0x020419
 
 #define MD_ACME_DEF_URL         "https://acme-v02.api.letsencrypt.org/directory"
 #define MD_TAILSCALE_DEF_URL    "file://localhost/var/run/tailscale/tailscaled.sock"
diff --git a/modules/md/mod_md_status.c b/modules/md/mod_md_status.c
index 2286051..6b29256 100644
--- a/modules/md/mod_md_status.c
+++ b/modules/md/mod_md_status.c
@@ -325,7 +325,7 @@ static void si_val_valid_time(status_ctx *ctx, md_json_t *mdj, const status_info
             apr_pstrcat(ctx->p, info->label, "From", NULL));
         }
         if (until) {
-            print_date(ctx, from,
+            print_date(ctx, until,
             apr_pstrcat(ctx->p, info->label, "Until", NULL));
         }
     }