From 76b3ad7317b8d4ab401374ce73bad4ce7a134d03 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Mon, 22 Mar 2010 23:10:48 +0000 Subject: [PATCH] uhttpd: add ssl cert generation to init script --- contrib/package/uhttpd/files/uhttpd.config | 29 ++++++++++++++++--- contrib/package/uhttpd/files/uhttpd.init | 45 ++++++++++++++++++++++++++---- 2 files changed, 65 insertions(+), 9 deletions(-) diff --git a/contrib/package/uhttpd/files/uhttpd.config b/contrib/package/uhttpd/files/uhttpd.config index 9c4cd305b..0bca4f516 100644 --- a/contrib/package/uhttpd/files/uhttpd.config +++ b/contrib/package/uhttpd/files/uhttpd.config @@ -1,12 +1,14 @@ +# Server configuration config uhttpd main + # Server document root option home /www # Certificate and private key for HTTPS. # If no listen_https addresses are given, # the key options are ignored. - option cert /etc/nixio/cert_main.der - option key /etc/nixio/rsa_main.der + option cert /etc/uhttpd.crt + option key /etc/uhttpd.key # CGI url prefix, will be searched in docroot. # Default is /cgi-bin @@ -14,8 +16,8 @@ config uhttpd main # Lua url prefix and handler script. # Lua support is disabled if no prefix given. -# option lua_prefix /lua -# option lua_handler /www/lua/handler.lua +# option lua_prefix /luci +# option lua_handler /usr/lib/lua/luci/sgi/uhttpd.lua # HTTP listen addresses, multiple allowed list listen_http 0.0.0.0:80 @@ -30,3 +32,22 @@ config uhttpd main # Configuration file in busybox httpd format # option config /etc/httpd.conf + + +# Certificate defaults for px5g key generator +config cert px5g + + # Validity time + option days 730 + + # RSA key size + option bits 1024 + + # Location + option country DE + option state Berlin + option location Berlin + + # Common name + option commonname OpenWrt + diff --git a/contrib/package/uhttpd/files/uhttpd.init b/contrib/package/uhttpd/files/uhttpd.init index b13cd60f3..16320a730 100755 --- a/contrib/package/uhttpd/files/uhttpd.init +++ b/contrib/package/uhttpd/files/uhttpd.init @@ -3,7 +3,7 @@ START=50 UHTTPD_BIN="/usr/sbin/uhttpd" -UHTTPD_ARGS="" +PX5G_BIN="/usr/sbin/px5g" append_listen_http() { @@ -25,9 +25,35 @@ append_arg() { [ -n "$val" -o -n "$def" ] && append UHTTPD_ARGS "$opt ${val:-$def}" } +generate_keys() { + local cfg="$1" + local key="$2" + local crt="$3" + local days bits country state location commonname + + config_get days "$cfg" days + config_get bits "$cfg" bits + config_get country "$cfg" country + config_get state "$cfg" state + config_get location "$cfg" location + config_get commonname "$cfg" commonname + + [ -x "$PX5G_BIN" ] && { + $PX5G_BIN selfsigned -der \ + -days ${days:-730} -newkey rsa:${bits:-1024} -keyout "$UHTTPD_KEY" -out "$UHTTPD_CERT" \ + -subj /C=${country:-DE}/ST=${state:-Saxony}/L=${location:-Leipzig}/CN=${commonname:-OpenWrt} + } || { + echo "WARNING: the specified certificate and key" \ + "files do not exist and the px5g generator" \ + "is not available, skipping SSL setup." + } +} + start_instance() { UHTTPD_ARGS="" + UHTTPD_CERT="" + UHTTPD_KEY="" local cfg="$1" local realm="$(uci get system.@system[0].hostname 2>/dev/null)" @@ -44,12 +70,21 @@ start_instance() append_listen_http config_get ssl "$cfg" listen_https + config_get UHTTPD_KEY "$cfg" key /etc/httpd.key + config_get UHTTPD_CERT "$cfg" cert /etc/httpd.cert + [ -n "$ssl" ] && { - append_arg "$cfg" cert "-C" - append_arg "$cfg" key "-K" + [ -f "$UHTTPD_CERT" -a -f "$UHTTPD_KEY" ] || { + config_foreach generate_keys cert + } + + [ -f "$UHTTPD_CERT" -a -f "$UHTTPD_KEY" ] && { + append_arg "$cfg" cert "-C" + append_arg "$cfg" key "-K" - config_list_foreach "$cfg" listen_https \ - append_listen_https + config_list_foreach "$cfg" listen_https \ + append_listen_https + } } start-stop-daemon -S -x $UHTTPD_BIN \ -- 2.11.0