* tls-alpn-01 challenge method, when available, is now preferred.

 * configure now checks the libcurl version to be at least 7.50, as does the Apache configure.

ChangeLog

@@ -1,3 +1,6 @@
+v1.99.4
+----------------------------------------------------------------------------------------------------
+ * tls-alpn-01 challenge method, when available, is now preferred.
  * configure now checks the libcurl version to be at least 7.50, as does the Apache configure.
 
 v1.99.3

configure.ac

@@ -14,7 +14,7 @@
 #
 
 AC_PREREQ([2.69])
-AC_INIT([mod_md], [1.99.3], [stefan.eissing@greenbytes.de])
+AC_INIT([mod_md], [1.99.4], [stefan.eissing@greenbytes.de])
 
 LT_PREREQ([2.2.6])
 LT_INIT()

src/md_version.h

@@ -27,15 +27,15 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "1.99.3-git"
+#define MOD_MD_VERSION "1.99.4-git"
 
 /**
  * @macro
  * Numerical representation of the version number of the md module
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x016303
+#define MOD_MD_VERSION_NUM 0x016304
 
 #define MD_ACME_DEF_URL    "https://acme-v01.api.letsencrypt.org/directory"
 

test/test_0702_auto.py

@@ -337,24 +337,20 @@ def test_702_009(self):
         assert cert1.get_serial() == cert2.get_serial()
 
         # create self-signed cert, with critical remaining valid duration -> drive again
-        CertUtil.create_self_signed_cert( [domain], { "notBefore": -120, "notAfter": 9  })
+        CertUtil.create_self_signed_cert( [domain], { "notBefore": -120, "notAfter": 2  }, serial=7029)
         cert3 = CertUtil( TestEnv.path_domain_pubcert(domain) )
-        assert cert3.get_serial() == 1000
+        assert cert3.get_serial() == 7029
         time.sleep(1)
         assert TestEnv.a2md([ "list", domain])['jout']['output'][0]['renew'] == True
+
         assert TestEnv.apache_restart() == 0
-        time.sleep(1)
         assert TestEnv.await_completion( [ domain ] )
-
-        # fetch cert from server -> self-signed still active, activation of new ACME is delayed
-        cert4 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain)
-        assert cert4.get_serial() == cert3.get_serial()
-        time.sleep( 6 ) # these timed waits make trouble sometimes...
-
+        time.sleep(3)
+
         # restart -> new ACME cert becomes active
         assert TestEnv.apache_restart() == 0
-        assert TestEnv.await_completion( [ domain ] )
         cert5 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain)
+        assert domain in cert5.get_san_list()
         assert cert5.get_serial() != cert3.get_serial()
 
     #-----------------------------------------------------------------------------------------------

test/test_base.py

@@ -687,7 +687,7 @@ class CertUtil(object):
     # Uses PyOpenSSL: https://pyopenssl.org/en/stable/index.html
 
     @classmethod
-    def create_self_signed_cert( cls, nameList, validDays ):
+    def create_self_signed_cert( cls, nameList, validDays, serial=1000 ):
         name = nameList[0]
         certFilePath = TestEnv.path_domain_pubcert(name)
         keyFilePath = TestEnv.path_domain_privkey(name)
@@ -707,7 +707,7 @@ def create_self_signed_cert( cls, nameList, validDays ):
         cert.get_subject().L = "Muenster"
         cert.get_subject().O = "greenbytes GmbH"
         cert.get_subject().CN = name
-        cert.set_serial_number(1000)
+        cert.set_serial_number(serial)
         cert.gmtime_adj_notBefore( validDays["notBefore"] * SEC_PER_DAY)
         cert.gmtime_adj_notAfter( validDays["notAfter"] * SEC_PER_DAY)
         cert.set_issuer(cert.get_subject())