aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHannu Nyman <hannu.nyman@iki.fi>2016-10-04 17:38:31 +0300
committerJo-Philipp Wich <jo@mein.io>2016-10-05 00:48:19 +0200
commit3c4858eeb2bbb3107f87bb3be07d5c172c8e0ef9 (patch)
tree9c2f926d516f078e760b8f0487b377639d305b9b
parent5d86dc791ef17b4a5733f836cbf82bb6647cd54a (diff)
downloadupstream-3c4858eeb2bbb3107f87bb3be07d5c172c8e0ef9.tar.gz
upstream-3c4858eeb2bbb3107f87bb3be07d5c172c8e0ef9.tar.bz2
upstream-3c4858eeb2bbb3107f87bb3be07d5c172c8e0ef9.zip
uhttpd: support using OpenSSL for certificate generation
Support the usage of the OpenSSL command-line tool for generating the SSL certificate for uhttpd. Traditionally 'px5g' based on PolarSSL (or mbedTLS in LEDE), has been used for the creation. uhttpd init script is enhanced by adding detection of an installed openssl command-line binary (provided by 'openssl-util' package), and if found, the tool is used for certificate generation. Note: After this patch the script prefers to use the OpenSSL tool if both it and px5g are installed. This enables creating a truly OpenSSL-only version of LuCI without dependency to PolarSSL/mbedTLS based px5g. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
-rw-r--r--package/network/services/uhttpd/Makefile2
-rwxr-xr-xpackage/network/services/uhttpd/files/uhttpd.init9
2 files changed, 8 insertions, 3 deletions
diff --git a/package/network/services/uhttpd/Makefile b/package/network/services/uhttpd/Makefile
index 8a3797ed86..25ad910dd9 100644
--- a/package/network/services/uhttpd/Makefile
+++ b/package/network/services/uhttpd/Makefile
@@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=uhttpd
-PKG_VERSION:=2016-06-16
+PKG_VERSION:=2016-10-04
PKG_RELEASE=$(PKG_SOURCE_VERSION)
PKG_SOURCE_PROTO:=git
diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init
index 1b457a2b37..d703d762e6 100755
--- a/package/network/services/uhttpd/files/uhttpd.init
+++ b/package/network/services/uhttpd/files/uhttpd.init
@@ -7,6 +7,7 @@ USE_PROCD=1
UHTTPD_BIN="/usr/sbin/uhttpd"
PX5G_BIN="/usr/sbin/px5g"
+OPENSSL_BIN="/usr/bin/openssl"
append_arg() {
local cfg="$1"
@@ -43,8 +44,12 @@ generate_keys() {
config_get location "$cfg" location
config_get commonname "$cfg" commonname
- [ -x "$PX5G_BIN" ] && {
- $PX5G_BIN selfsigned -der \
+ # Prefer OpenSSL for certificate generation (existence evaluated last)
+ local GENKEY_CMD=""
+ [ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
+ [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -outform der -nodes"
+ [ -n "$GENKEY_CMD" ] && {
+ $GENKEY_CMD \
-days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
-subj /C="${country:-DE}"/ST="${state:-Saxony}"/L="${location:-Leipzig}"/CN="${commonname:-Lede}"
sync