[source] uhttpd: support using OpenSSL for certificate generation
LEDE Commits
lede-commits at lists.infradead.org
Tue Oct 4 15:48:26 PDT 2016
jow pushed a commit to source.git, branch master:
https://git.lede-project.org/3c4858eeb2bbb3107f87bb3be07d5c172c8e0ef9
commit 3c4858eeb2bbb3107f87bb3be07d5c172c8e0ef9
Author: Hannu Nyman <hannu.nyman at iki.fi>
AuthorDate: Tue Oct 4 17:38:31 2016 +0300
uhttpd: support using OpenSSL for certificate generation
Support the usage of the OpenSSL command-line tool for generating
the SSL certificate for uhttpd. Traditionally 'px5g' based on
PolarSSL (or mbedTLS in LEDE), has been used for the creation.
uhttpd init script is enhanced by adding detection of an installed
openssl command-line binary (provided by 'openssl-util' package),
and if found, the tool is used for certificate generation.
Note: After this patch the script prefers to use the OpenSSL tool
if both it and px5g are installed.
This enables creating a truly OpenSSL-only version of LuCI
without dependency to PolarSSL/mbedTLS based px5g.
Signed-off-by: Hannu Nyman <hannu.nyman at iki.fi>
---
package/network/services/uhttpd/Makefile | 2 +-
package/network/services/uhttpd/files/uhttpd.init | 9 +++++++--
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/package/network/services/uhttpd/Makefile b/package/network/services/uhttpd/Makefile
index 8a3797e..25ad910 100644
--- a/package/network/services/uhttpd/Makefile
+++ b/package/network/services/uhttpd/Makefile
@@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=uhttpd
-PKG_VERSION:=2016-06-16
+PKG_VERSION:=2016-10-04
PKG_RELEASE=$(PKG_SOURCE_VERSION)
PKG_SOURCE_PROTO:=git
diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init
index 1b457a2..d703d76 100755
--- a/package/network/services/uhttpd/files/uhttpd.init
+++ b/package/network/services/uhttpd/files/uhttpd.init
@@ -7,6 +7,7 @@ USE_PROCD=1
UHTTPD_BIN="/usr/sbin/uhttpd"
PX5G_BIN="/usr/sbin/px5g"
+OPENSSL_BIN="/usr/bin/openssl"
append_arg() {
local cfg="$1"
@@ -43,8 +44,12 @@ generate_keys() {
config_get location "$cfg" location
config_get commonname "$cfg" commonname
- [ -x "$PX5G_BIN" ] && {
- $PX5G_BIN selfsigned -der \
+ # Prefer OpenSSL for certificate generation (existence evaluated last)
+ local GENKEY_CMD=""
+ [ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
+ [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -outform der -nodes"
+ [ -n "$GENKEY_CMD" ] && {
+ $GENKEY_CMD \
-days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
-subj /C="${country:-DE}"/ST="${state:-Saxony}"/L="${location:-Leipzig}"/CN="${commonname:-Lede}"
sync
More information about the lede-commits
mailing list