[rs-commit] r541 - /mod_ca/trunk/mod_ca_disk.c
rs-commit at redwax.eu
rs-commit at redwax.eu
Mon Mar 9 12:15:26 CET 2026
Author: minfrin at redwax.eu
Date: Mon Mar 9 12:15:25 2026
New Revision: 541
Log:
Renewal is not possible when the index is unique, as the old
and new certificates cannot exist at the same time.
Modified:
mod_ca/trunk/mod_ca_disk.c
Modified: mod_ca/trunk/mod_ca_disk.c
==============================================================================
--- mod_ca/trunk/mod_ca_disk.c (original)
+++ mod_ca/trunk/mod_ca_disk.c Mon Mar 9 12:15:25 2026
@@ -1317,8 +1317,11 @@
ca_config_rec *conf = ap_get_module_config(r->per_dir_config,
&ca_disk_module);
- /* index file defined? */
- if (!conf->index_file || !conf->serial_path) {
+ /* we need an index file (to check validity) and a serial path
+ * (to check exact match), and if we are forcing unique subjects
+ * renewal is not possible (old and new cannot exist concurrently)
+ */
+ if (conf->index_unique || !conf->index_file || !conf->serial_path) {
return DECLINED;
}
More information about the rs-commit
mailing list