diff --git a/lib/tls/tls-server.c b/lib/tls/tls-server.c index dbb517834..05055f7ec 100644 --- a/lib/tls/tls-server.c +++ b/lib/tls/tls-server.c @@ -113,12 +113,12 @@ lws_context_init_server_ssl(const struct lws_context_creation_info *info, if (vhost->tls.use_ssl) lws_context_init_alpn(vhost); - /* check certs once a day */ + /* check certs in a few seconds (after protocol init) and then once a day */ context->pt[0].sul_tls.cb = lws_sul_tls_cb; __lws_sul_insert_us(&context->pt[0].pt_sul_owner[LWSSULLI_MISS_IF_SUSPENDED], &context->pt[0].sul_tls, - (lws_usec_t)24 * 3600 * LWS_US_PER_SEC); + (lws_usec_t)5 * LWS_US_PER_SEC); return 0; } diff --git a/plugins/acme-client/protocol_lws_acme_client.c b/plugins/acme-client/protocol_lws_acme_client.c index d202085b9..f6be2b012 100644 --- a/plugins/acme-client/protocol_lws_acme_client.c +++ b/plugins/acme-client/protocol_lws_acme_client.c @@ -1,7 +1,7 @@ /* * libwebsockets ACME client protocol plugin * - * Copyright (C) 2010 - 2019 Andy Green + * Copyright (C) 2010 - 2022 Andy Green * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to @@ -21,16 +21,9 @@ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS * IN THE SOFTWARE. * - * Acme is in a big messy transition at the moment from a homebrewed api - * to an IETF one. The old repo for the homebrew api (they currently - * implement) is marked up as deprecated and "not accurate[ly] reflect[ing]" - * what they implement, but the IETF standard, currently at v7 is not yet - * implemented at let's encrypt (ETA Jan 2018). - * * This implementation follows draft 7 of the IETF standard, and falls back - * to whatever differences exist for Boulder's tls-sni-01 challenge. The - * tls-sni-02 support is there but nothing to test it against at the time of - * writing (Nov 1 2017). + * to whatever differences exist for Boulder's tls-sni-01 challenge. + * tls-sni-02 is also supported. */ #if !defined (LWS_PLUGIN_STATIC) @@ -148,11 +141,11 @@ callback_chall_http01(struct lws *wsi, enum lws_callback_reasons reason, switch (reason) { case LWS_CALLBACK_HTTP: - lwsl_notice("%s: ca connection received, key_auth %s\n", - __func__, ac->key_auth); + lwsl_wsi_notice(wsi, "CA connection received, key_auth %s", + ac->key_auth); if (lws_add_http_header_status(wsi, HTTP_STATUS_OK, &p, end)) { - lwsl_notice("%s: add status failed\n", __func__); + lwsl_wsi_warn(wsi, "add status failed"); return -1; } @@ -160,14 +153,13 @@ callback_chall_http01(struct lws *wsi, enum lws_callback_reasons reason, WSI_TOKEN_HTTP_CONTENT_TYPE, (unsigned char *)"text/plain", 10, &p, end)) { - lwsl_notice("%s: add content_type failed\n", __func__); + lwsl_wsi_warn(wsi, "add content_type failed"); return -1; } n = (int)strlen(ac->key_auth); if (lws_add_http_header_content_length(wsi, (lws_filepos_t)n, &p, end)) { - lwsl_notice("%s: add content_length failed\n", - __func__); + lwsl_wsi_warn(wsi, "add content_length failed"); return -1; } @@ -175,13 +167,12 @@ callback_chall_http01(struct lws *wsi, enum lws_callback_reasons reason, WSI_TOKEN_HTTP_CONTENT_DISPOSITION, (unsigned char *)"attachment", 10, &p, end)) { - lwsl_notice("%s: add content_dispo failed\n", __func__); + lwsl_wsi_warn(wsi, "add content_dispo failed"); return -1; } if (lws_finalize_write_http_header(wsi, start, &p, end)) { - lwsl_notice("%s: finalize http header failed\n", - __func__); + lwsl_wsi_warn(wsi, "finalize http header failed"); return -1; } @@ -190,10 +181,10 @@ callback_chall_http01(struct lws *wsi, enum lws_callback_reasons reason, case LWS_CALLBACK_HTTP_WRITEABLE: p += lws_snprintf((char *)p, lws_ptr_diff_size_t(end, p), "%s", ac->key_auth); - lwsl_notice("%s: len %d\n", __func__, lws_ptr_diff(p, start)); + // lwsl_notice("%s: len %d\n", __func__, lws_ptr_diff(p, start)); if (lws_write(wsi, (uint8_t *)start, lws_ptr_diff_size_t(p, start), LWS_WRITE_HTTP_FINAL) != lws_ptr_diff(p, start)) { - lwsl_err("_write content failed\n"); + lwsl_wsi_err(wsi, "_write content failed"); return 1; } @@ -234,7 +225,7 @@ jws_create_packet(struct lws_jwe *jwe, const char *payload, size_t len, n = LWS_PRE + 2048; buf = malloc((unsigned int)n); if (!buf) { - lwsl_notice("%s: malloc %d failed\n", __func__, n); + lwsl_warn("%s: malloc %d failed\n", __func__, n); return -1; } @@ -680,14 +671,14 @@ lws_acme_load_create_auth_keys(struct per_vhost_data__lws_acme_client *vhd, n = lws_genrsa_new_keypair(vhd->context, &vhd->rsactx, LGRSAM_PKCS1_1_5, vhd->jwk.e, bits); if (n) { - lwsl_notice("failed to create keypair\n"); + lwsl_vhost_warn(vhd->vhost, "failed to create keypair"); return 1; } lwsl_notice("...keypair generated\n"); if (lws_jwk_save(&vhd->jwk, vhd->pvop[LWS_TLS_SET_AUTH_PATH])) { - lwsl_notice("unable to save %s\n", + lwsl_vhost_warn(vhd->vhost, "unable to save %s", vhd->pvop[LWS_TLS_SET_AUTH_PATH]); return 1; } @@ -709,8 +700,8 @@ lws_acme_start_acquisition(struct per_vhost_data__lws_acme_client *vhd, /* * ...well... we should try to do something about it then... */ - lwsl_notice("%s: ACME cert needs creating / updating: " - "vhost %s\n", __func__, lws_get_vhost_name(vhd->vhost)); + lwsl_vhost_notice(vhd->vhost, "ACME cert needs creating / updating: " + "vhost %s", lws_get_vhost_name(vhd->vhost)); vhd->ac = malloc(sizeof(*vhd->ac)); memset(vhd->ac, 0, sizeof(*vhd->ac)); @@ -795,11 +786,13 @@ callback_acme_client(struct lws *wsi, enum lws_callback_reasons reason, switch ((int)reason) { case LWS_CALLBACK_PROTOCOL_INIT: + if (vhd) + return 0; vhd = lws_protocol_vh_priv_zalloc(lws_get_vhost(wsi), lws_get_protocol(wsi), sizeof(struct per_vhost_data__lws_acme_client)); - if (vhd) - return 0; + if (!vhd) + return -1; vhd->context = lws_get_context(wsi); vhd->protocol = lws_get_protocol(wsi); @@ -867,7 +860,12 @@ callback_acme_client(struct lws *wsi, enum lws_callback_reasons reason, vhd->pvop[LWS_TLS_SET_CERT_PATH]); vhd->fd_updated_cert = lws_open(buf, LWS_O_WRONLY | LWS_O_CREAT | - LWS_O_TRUNC, 0600); + LWS_O_TRUNC + /*do not replace \n to \r\n on Windows */ + #ifdef WIN32 + | O_BINARY + #endif + , 0600); if (vhd->fd_updated_cert < 0) { lwsl_err("unable to create update cert file %s\n", buf); return -1; @@ -875,9 +873,14 @@ callback_acme_client(struct lws *wsi, enum lws_callback_reasons reason, lws_snprintf(buf, sizeof(buf) - 1, "%s.upd", vhd->pvop[LWS_TLS_SET_KEY_PATH]); vhd->fd_updated_key = lws_open(buf, LWS_O_WRONLY | LWS_O_CREAT | - LWS_O_TRUNC, 0600); + /*do not replace \n to \r\n on Windows */ + #ifdef WIN32 + O_BINARY | + #endif + LWS_O_TRUNC, 0600); if (vhd->fd_updated_key < 0) { - lwsl_err("unable to create update key file %s\n", buf); + lwsl_vhost_err(vhd->vhost, "unable to create update key file %s", buf); + return -1; } #endif @@ -929,35 +932,18 @@ callback_acme_client(struct lws *wsi, enum lws_callback_reasons reason, * Client */ - case LWS_CALLBACK_CLIENT_ESTABLISHED: - lwsl_notice("%s: CLIENT_ESTABLISHED\n", __func__); - break; - - case LWS_CALLBACK_CLIENT_CONNECTION_ERROR: - lwsl_notice("%s: CLIENT_CONNECTION_ERROR: %p\n", __func__, wsi); - break; - - case LWS_CALLBACK_CLOSED_CLIENT_HTTP: - lwsl_notice("%s: CLOSED_CLIENT_HTTP: %p\n", __func__, wsi); - break; - - case LWS_CALLBACK_CLOSED: - lwsl_notice("%s: CLOSED: %p\n", __func__, wsi); - break; - case LWS_CALLBACK_ESTABLISHED_CLIENT_HTTP: - lwsl_notice("%s: ESTABLISHED_CLIENT_HTTP:" - "%p, state:%d, status:%d\n", __func__, wsi, - ac->state, lws_http_client_http_response(wsi)); if (!ac) break; + ac->resp = (int)lws_http_client_http_response(wsi); + /* we get a new nonce each time */ if (lws_hdr_total_length(wsi, WSI_TOKEN_REPLAY_NONCE) && lws_hdr_copy(wsi, ac->replay_nonce, sizeof(ac->replay_nonce), WSI_TOKEN_REPLAY_NONCE) < 0) { - lwsl_notice("%s: nonce too large\n", __func__); + lwsl_vhost_warn(vhd->vhost, "nonce too large"); goto failed; } @@ -967,11 +953,12 @@ callback_acme_client(struct lws *wsi, enum lws_callback_reasons reason, lejp_construct(&ac->jctx, cb_dir, vhd, jdir_tok, LWS_ARRAY_SIZE(jdir_tok)); break; + case ACME_STATE_NEW_NONCE: /* - * we try to * register our keys next. - * It's OK if it ends up * they're already registered, - * this eliminates any * gaps where we stored the key + * we try to register our keys next. + * It's OK if it ends up they're already registered, + * this eliminates any gaps where we stored the key * but registration did not complete for some reason... */ ac->state = ACME_STATE_NEW_ACCOUNT; @@ -981,8 +968,7 @@ callback_acme_client(struct lws *wsi, enum lws_callback_reasons reason, cwsi = lws_acme_client_connect(vhd->context, vhd->vhost, &ac->cwsi, &ac->i, buf, "POST"); if (!cwsi) { - lwsl_notice("%s: failed to connect to acme\n", - __func__); + lwsl_vhost_warn(vhd->vhost, "failed to connect to acme"); goto failed; } @@ -991,28 +977,26 @@ callback_acme_client(struct lws *wsi, enum lws_callback_reasons reason, case ACME_STATE_NEW_ACCOUNT: if (!lws_hdr_total_length(wsi, WSI_TOKEN_HTTP_LOCATION)) { - lwsl_notice("%s: no Location\n", __func__); + lwsl_vhost_warn(vhd->vhost, "no Location"); goto failed; } if (lws_hdr_copy(wsi, ac->acct_id, sizeof(ac->acct_id), WSI_TOKEN_HTTP_LOCATION) < 0) { - lwsl_notice("%s: Location too large\n", - __func__); + lwsl_vhost_warn(vhd->vhost, "Location too large"); goto failed; } ac->kid = ac->acct_id; - lwsl_notice("Location: %s\n", ac->acct_id); + lwsl_vhost_notice(vhd->vhost, "Location: %s", ac->acct_id); break; case ACME_STATE_NEW_ORDER: if (lws_hdr_copy(wsi, ac->order_url, sizeof(ac->order_url), WSI_TOKEN_HTTP_LOCATION) < 0) { - lwsl_notice("%s: missing cert location:\n", - __func__); + lwsl_vhost_warn(vhd->vhost, "missing cert location"); goto failed; } @@ -1061,7 +1045,6 @@ callback_acme_client(struct lws *wsi, enum lws_callback_reasons reason, ",\"contact\": [\"mailto:%s\"]}", vhd->pvop_active[LWS_TLS_REQ_ELEMENT_EMAIL]); - puts(start); strcpy(ac->active_url, ac->urls[JAD_NEW_ACCOUNT_URL]); pkt_add_hdrs: if (lws_gencrypto_jwe_alg_to_definition("RSA1_5", @@ -1096,7 +1079,7 @@ pkt_add_hdrs: WSI_TOKEN_HTTP_CONTENT_TYPE, (uint8_t *)content_type, 21, pp, pend)) { - lwsl_notice("could not add content type\n"); + lwsl_vhost_warn(vhd->vhost, "could not add content type"); goto failed; } @@ -1104,7 +1087,7 @@ pkt_add_hdrs: if (lws_add_http_header_by_token(wsi, WSI_TOKEN_HTTP_CONTENT_LENGTH, (uint8_t *)buf, n, pp, pend)) { - lwsl_notice("could not add content length\n"); + lwsl_vhost_warn(vhd->vhost, "could not add content length"); goto failed; } @@ -1122,12 +1105,10 @@ pkt_add_hdrs: "}", vhd->pvop_active[LWS_TLS_REQ_ELEMENT_COMMON_NAME]); - puts(start); strcpy(ac->active_url, ac->urls[JAD_NEW_ORDER_URL]); goto pkt_add_hdrs; case ACME_STATE_AUTHZ: - puts(start); strcpy(ac->active_url, ac->authz_url); goto pkt_add_hdrs; @@ -1136,7 +1117,6 @@ pkt_add_hdrs: end = &buf[sizeof(buf) - 1]; p += lws_snprintf(p, lws_ptr_diff_size_t(end, p), "{}"); - puts(start); strcpy(ac->active_url, ac->challenge_uri); goto pkt_add_hdrs; @@ -1147,7 +1127,7 @@ pkt_add_hdrs: case ACME_STATE_POLLING_CSR: if (ac->goes_around) break; - + lwsl_vhost_notice(vhd->vhost, "Generating ACME CSR... may take a little while"); p += lws_snprintf(p, lws_ptr_diff_size_t(end, p), "{\"csr\":\""); n = lws_tls_acme_sni_csr_create(vhd->context, &vhd->pvop_active[0], @@ -1155,12 +1135,11 @@ pkt_add_hdrs: &ac->alloc_privkey_pem, &ac->len_privkey_pem); if (n < 0) { - lwsl_notice("CSR generation failed\n"); + lwsl_vhost_warn(vhd->vhost, "CSR generation failed"); goto failed; } p += n; p += lws_snprintf(p, lws_ptr_diff_size_t(end, p), "\"}"); - puts(start); strcpy(ac->active_url, ac->finalize_url); goto pkt_add_hdrs; @@ -1175,7 +1154,6 @@ pkt_add_hdrs: break; case LWS_CALLBACK_CLIENT_HTTP_WRITEABLE: - lwsl_notice("LWS_CALLBACK_CLIENT_HTTP_WRITEABLE\n"); if (!ac) break; @@ -1187,7 +1165,7 @@ pkt_add_hdrs: if (lws_write(wsi, (uint8_t *)ac->buf + LWS_PRE, (size_t)ac->len, LWS_WRITE_HTTP_FINAL) < 0) return -1; - lwsl_notice("wrote %d\n", ac->len); + ac->pos = ac->len; lws_client_http_body_pending(wsi, 0); break; @@ -1204,28 +1182,29 @@ pkt_add_hdrs: case ACME_STATE_AUTHZ: case ACME_STATE_NEW_ORDER: case ACME_STATE_DIRECTORY: - ((char *)in)[len] = '\0'; - puts(in); + m = lejp_parse(&ac->jctx, (uint8_t *)in, (int)len); if (m < 0 && m != LEJP_CONTINUE) { lwsl_notice("lejp parse failed %d\n", m); goto failed; } break; + case ACME_STATE_NEW_ACCOUNT: - ((char *)in)[len] = '\0'; - puts(in); break; + case ACME_STATE_DOWNLOAD_CERT: - ((char *)in)[len] = '\0'; - puts(in); - /* it should be the DER cert! */ - if ((unsigned int)ac->cpos + len > sizeof(ac->buf)) { - lwsl_notice("Incoming cert is too large!\n"); - goto failed; + /* + * It should be the DER cert... + * ACME 2.0 can send certs chain with 3 certs, store only first bytes + */ + if ((unsigned int)ac->cpos + len > sizeof(ac->buf)) + len = sizeof(ac->buf) - (unsigned int)ac->cpos; + + if (len) { + memcpy(&ac->buf[ac->cpos], in, len); + ac->cpos += (int)len; } - memcpy(&ac->buf[ac->cpos], in, len); - ac->cpos += (int)len; break; default: break; @@ -1234,9 +1213,9 @@ pkt_add_hdrs: /* unchunked content */ case LWS_CALLBACK_RECEIVE_CLIENT_HTTP: - lwsl_notice("%s: LWS_CALLBACK_RECEIVE_CLIENT_HTTP\n", __func__); if (!ac) return -1; + switch (ac->state) { default: { @@ -1252,7 +1231,6 @@ pkt_add_hdrs: break; case LWS_CALLBACK_COMPLETED_CLIENT_HTTP: - lwsl_notice("%s: COMPLETED_CLIENT_HTTP\n", __func__); if (!ac) return -1; @@ -1281,7 +1259,7 @@ pkt_add_hdrs: case ACME_STATE_NEW_ACCOUNT: if ((ac->resp >= 200 && ac->resp < 299) || - ac->resp == 409) { + ac->resp == 409) { /* * Our account already existed, or exists now. * @@ -1324,8 +1302,7 @@ pkt_add_hdrs: vhd->vhost, &ac->cwsi, &ac->i, buf, "POST"); if (!cwsi) - lwsl_notice("%s: failed to connect\n", - __func__); + lwsl_notice("%s: failed to connect\n", __func__); return -1; /* close the completed client connection */ @@ -1335,13 +1312,12 @@ pkt_add_hdrs: lws_snprintf(buf, sizeof(buf), "Auth failed: %s", ac->detail); failreason = buf; - lwsl_notice("auth failed\n"); + lwsl_vhost_warn(vhd->vhost, "auth failed"); goto failed; } - lwsl_notice("chall: %s (%d)\n", ac->chall_token, - ac->resp); + lwsl_vhost_info(vhd->vhost, "chall: %s (%d)\n", ac->chall_token, ac->resp); if (!ac->chall_token[0]) { - lwsl_notice("no challenge\n"); + lwsl_vhost_warn(vhd->vhost, "no challenge"); goto failed; } @@ -1362,7 +1338,7 @@ pkt_add_hdrs: if (n < 0) goto failed; - lwsl_notice("key_auth: '%s'\n", ac->key_auth); + lwsl_vhost_notice(vhd->vhost, "key_auth: '%s'", ac->key_auth); lws_snprintf(ac->http01_mountpoint, sizeof(ac->http01_mountpoint), @@ -1378,8 +1354,7 @@ pkt_add_hdrs: ac->ci.mounts = &ac->mount; - /* listen on the same port as the vhost that triggered - * us */ + /* listen on the same port as the vhost that triggered us */ ac->ci.port = 80; /* make ourselves protocols[0] for the new vhost */ @@ -1396,7 +1371,7 @@ pkt_add_hdrs: if (!ac->vhost) goto failed; - lwsl_notice("challenge_uri %s\n", ac->challenge_uri); + lwsl_vhost_notice(vhd->vhost, "challenge_uri %s", ac->challenge_uri); /* * The challenge-specific vhost is up... let the ACME @@ -1408,14 +1383,14 @@ pkt_add_hdrs: ac->challenge_uri, "POST"); if (!cwsi) { - lwsl_notice("%s: connect failed\n", __func__); + lwsl_vhost_warn(vhd->vhost, "Connect failed"); goto failed; } return -1; /* close the completed client connection */ case ACME_STATE_START_CHALL: - lwsl_notice("%s: COMPLETED start chall: %s\n", - __func__, ac->challenge_uri); + lwsl_vhost_notice(vhd->vhost, "COMPLETED start chall: %s", + ac->challenge_uri); poll_again: ac->state = ACME_STATE_POLLING; lws_acme_report_status(vhd->vhost, LWS_CUS_CHALLENGE, @@ -1433,8 +1408,7 @@ poll_again: &ac->cwsi, &ac->i, buf, "POST"); if (!cwsi) { - lwsl_notice("%s: failed to connect to acme\n", - __func__); + lwsl_vhost_warn(vhd->vhost, "failed to connect to acme"); goto failed; } @@ -1443,18 +1417,14 @@ poll_again: case ACME_STATE_POLLING: if (ac->resp == 202 && strcmp(ac->status, "invalid") && - strcmp(ac->status, "valid")) { - lwsl_notice("status: %s\n", ac->status); + strcmp(ac->status, "valid")) goto poll_again; - } - if (!strcmp(ac->status, "pending")) { - lwsl_notice("status: %s\n", ac->status); + if (!strcmp(ac->status, "pending")) goto poll_again; - } if (!strcmp(ac->status, "invalid")) { - lwsl_notice("%s: Challenge failed\n", __func__); + lwsl_vhost_warn(vhd->vhost, "Challenge failed"); lws_snprintf(buf, sizeof(buf), "Challenge Invalid: %s", ac->detail); @@ -1462,7 +1432,7 @@ poll_again: goto failed; } - lwsl_notice("Challenge passed\n"); + lwsl_vhost_notice(vhd->vhost, "ACME challenge passed"); /* * The challenge was validated... so delete the @@ -1487,8 +1457,7 @@ poll_again: &ac->cwsi, &ac->i, buf, "POST"); if (!cwsi) { - lwsl_notice("%s: failed to connect to acme\n", - __func__); + lwsl_vhost_warn(vhd->vhost, "Failed to connect to acme"); goto failed; } @@ -1503,8 +1472,7 @@ poll_again: if (ac->resp != 200) { if (ac->goes_around++ == 30) { - lwsl_notice("%s: too many retries\n", - __func__); + lwsl_vhost_warn(vhd->vhost, "Too many retries"); goto failed; } @@ -1514,9 +1482,8 @@ poll_again: &ac->cwsi, &ac->i, buf, "POST"); if (!cwsi) { - lwsl_notice("%s: " - "failed to connect to acme\n", - __func__); + lwsl_vhost_warn(vhd->vhost, + "Failed to connect to acme"); goto failed; } @@ -1531,8 +1498,7 @@ poll_again: &ac->cwsi, &ac->i, buf, "POST"); if (!cwsi) { - lwsl_notice("%s: failed to connect to acme\n", - __func__); + lwsl_vhost_warn(vhd->vhost, "Failed to connect to acme"); goto failed; } @@ -1541,11 +1507,11 @@ poll_again: case ACME_STATE_DOWNLOAD_CERT: if (ac->resp != 200) { - lwsl_notice("download cert failed on resp %d\n", + lwsl_vhost_warn(vhd->vhost, "Download cert failed on resp %d", ac->resp); goto failed; } - lwsl_notice("The cert was sent..\n"); + lwsl_vhost_notice(vhd->vhost, "The cert was sent.."); lws_acme_report_status(vhd->vhost, LWS_CUS_ISSUE, NULL); @@ -1554,13 +1520,25 @@ poll_again: * ac->buf, length in ac->cpos; and the key in * ac->alloc_privkey_pem, length in * ac->len_privkey_pem. + * ACME 2.0 can send certs chain with 3 certs, we need save only first */ + { + char *end_cert = strstr(ac->buf, "END CERTIFICATE-----"); + + if (end_cert) { + ac->cpos = (int)(lws_ptr_diff_size_t(end_cert, ac->buf) + sizeof("END CERTIFICATE-----") - 1); + } else { + ac->cpos = 0; + lwsl_vhost_err(vhd->vhost, "Unable to find ACME cert!"); + goto failed; + } + } n = lws_plat_write_cert(vhd->vhost, 0, vhd->fd_updated_cert, ac->buf, (size_t)ac->cpos); if (n) { - lwsl_err("unable to write ACME cert! %d\n", n); + lwsl_vhost_err(vhd->vhost, "unable to write ACME cert! %d", n); goto failed; } @@ -1572,16 +1550,16 @@ poll_again: vhd->fd_updated_key, ac->alloc_privkey_pem, ac->len_privkey_pem)) { - lwsl_err("unable to write ACME key!\n"); + lwsl_vhost_err(vhd->vhost, "unable to write ACME key!"); goto failed; } /* * we have written the persistent copies */ - lwsl_notice("%s: Updated certs written for %s " - "to %s.upd and %s.upd\n", __func__, - vhd->pvop_active[LWS_TLS_REQ_ELEMENT_COMMON_NAME], + lwsl_vhost_notice(vhd->vhost, "Updated certs written for %s " + "to %s.upd and %s.upd", + vhd->pvop_active[LWS_TLS_REQ_ELEMENT_COMMON_NAME], vhd->pvop_active[LWS_TLS_SET_CERT_PATH], vhd->pvop_active[LWS_TLS_SET_KEY_PATH]); @@ -1593,7 +1571,7 @@ poll_again: ac->buf, (size_t)ac->cpos, ac->alloc_privkey_pem, ac->len_privkey_pem)) { - lwsl_notice("problem setting certs\n"); + lwsl_vhost_warn(vhd->vhost, "problem setting certs"); } lws_acme_finished(vhd); @@ -1615,7 +1593,7 @@ poll_again: ac->challenge_uri, "GET"); if (!cwsi) { - lwsl_notice("%s: failed to connect\n", __func__); + lwsl_vhost_warn(vhd->vhost, "Failed to connect"); goto failed; } break; @@ -1627,7 +1605,7 @@ poll_again: return 0; failed: - lwsl_notice("%s: failed out\n", __func__); + lwsl_vhost_warn(vhd->vhost, "Failed out"); lws_acme_report_status(vhd->vhost, LWS_CUS_FAILED, failreason); lws_acme_finished(vhd);