6in4: https support for he.net tunnel api

HE.net tunnel update API requests are now made via https if an
SSL-capable wget is installed.  Certificate validation is
conditionally enabled if the CA certs are available.

Signed-off-by: Andrew Skalski <askalski@gmail.com>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43124 3c298f89-4303-0410-b956-a3cf2f4a3e73

2 files changed, 12 insertions, 3 deletions

diff --git a/package/network/ipv6/6in4/Makefile b/package/network/ipv6/6in4/Makefile
index 1235ce5335..5b3669335d 100644
--- a/package/network/ipv6/6in4/Makefile
+++ b/package/network/ipv6/6in4/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=6in4
-PKG_VERSION:=17
+PKG_VERSION:=18
 PKG_RELEASE:=1
 
 include $(INCLUDE_DIR)/package.mk
diff --git a/package/network/ipv6/6in4/files/6in4.sh b/package/network/ipv6/6in4/files/6in4.sh
index 714d629416..7ffd40dc06 100755
--- a/package/network/ipv6/6in4/files/6in4.sh
+++ b/package/network/ipv6/6in4/files/6in4.sh
@@ -66,12 +66,21 @@ proto_6in4_setup() {
 	[ -n "$tunnelid" -a -n "$username" -a \( -n "$password" -o -n "$updatekey" \) ] && {
 		[ -n "$updatekey" ] && password="$updatekey"
 
-		local url="http://ipv4.tunnelbroker.net/nic/update?username=$username&password=$password&hostname=$tunnelid"
+		local http="http"
+		local wget_opts="-qO/dev/null"
+		if wget --version | grep -qF "+https"; then
+			http="https"
+			[ -z "$(find ${SSL_CERT_DIR-/etc/ssl/certs} -name "*.0" 2>/dev/null)" ] && {
+				wget_opts="$wget_opts --no-check-certificate"
+			}
+		fi
+
+		local url="$http://ipv4.tunnelbroker.net/nic/update?username=$username&password=$password&hostname=$tunnelid"
 		local try=0
 		local max=3
 
 		while [ $((++try)) -le $max ]; do
-			( exec wget -qO/dev/null "$url" 2>/dev/null ) &
+			( exec wget $wget_opts "$url" 2>/dev/null ) &
 			local pid=$!
 			( sleep 5; kill $pid 2>/dev/null ) &
 			wait $pid && break