]]
local os = require "os"
+local fs = require "nixio.fs"
local nixio = require "nixio"
local lucid = require "luci.lucid"
local ipairs, type, require, setmetatable = ipairs, type, require, setmetatable
local pairs, print, tostring, unpack = pairs, print, tostring, unpack
+local pcall = pcall
module "luci.lucid.tcpserver"
end
function accept(polle)
+ if not lucid.try_process() then
+ return false
+ end
local socket, host, port = polle.fd:accept()
if not socket then
- return nixio.syslog("warn", "accept() failed: " .. port)
+ return nixio.syslog("warning", "accept() failed: " .. port)
end
socket:setblocking(true)
end
function prepare_tls(tlskey)
- local tls = nixio.tls("server")
+ local tls
if tlskey and cursor:get(UCINAME, tlskey) then
+ tls = nixio.tls("server")
+
+ local make = cursor:get(UCINAME, tlskey, "generate") == "1"
+ local key = cursor:get(UCINAME, tlskey, "key")
+ local xtype = make and "asn1" or cursor:get(UCINAME, tlskey, "type")
local cert = cursor:get(UCINAME, tlskey, "cert")
+ local ciphers = cursor:get(UCINAME, tlskey, "ciphers")
+
+ if make and (not fs.access(key) or not fs.access(cert)) then
+ local CN = cursor:get(UCINAME, tlskey, "CN")
+ local O = cursor:get(UCINAME, tlskey, "O")
+ local bits = 2048
+
+ local data = {
+ CN = CN or nixio.uname().nodename,
+ O = not O and "LuCId Keymaster" or #O > 0 and O
+ }
+
+ local stat, px5g = pcall(require, "px5g")
+ if not stat then
+ return nixio.syslog("err", "Unable to load PX5G Keymaster")
+ end
+
+ nixio.syslog("warning", "PX5G: Generating private key")
+ local rk = px5g.genkey(bits)
+ local keyfile = nixio.open(key, "w", 600)
+ if not rk or not keyfile or not keyfile:writeall(rk:asn1()) then
+ return nixio.syslog("err", "Unable to generate private key")
+ end
+ keyfile:close()
+
+ nixio.syslog("warning", "PX5G: Generating self-signed certificate")
+ if not fs.writefile(cert, rk:create_selfsigned(data,
+ os.time(), os.time() + 3600 * 24 * 366 * 15)) then
+ return nixio.syslog("err", "Unable to generate certificate")
+ end
+ end
+
if cert then
- tls:set_cert(cert)
+ if not tls:set_cert(cert, xtype) then
+ nixio.syslog("err", "Unable to load certificate: " .. cert)
+ end
end
- local key = cursor:get(UCINAME, tlskey, "key")
if key then
- tls:set_key(key)
+ if not tls:set_key(key, xtype) then
+ nixio.syslog("err", "Unable to load private key: " .. key)
+ end
end
- local ciphers = cursor:get(UCINAME, tlskey, "ciphers")
+
if ciphers then
if type(ciphers) == "table" then
ciphers = table.concat(ciphers, ":")
end
end
return tls
-end
\ No newline at end of file
+end
projects / project / luci.git / blobdiff