From b52053b9760d4d944316463df2474fdb73dd4818 Mon Sep 17 00:00:00 2001
From: cyrus <cyrus@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Thu, 30 Oct 2014 13:15:18 +0000
Subject: [PATCH] 6in4: https support for he.net tunnel api

HE.net tunnel update API requests are now made via https if an
SSL-capable wget is installed.  Certificate validation is
conditionally enabled if the CA certs are available.

Signed-off-by: Andrew Skalski <askalski@gmail.com>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43124 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 package/network/ipv6/6in4/Makefile      |  2 +-
 package/network/ipv6/6in4/files/6in4.sh | 13 +++++++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/package/network/ipv6/6in4/Makefile b/package/network/ipv6/6in4/Makefile
index 1235ce5335..5b3669335d 100644
--- a/package/network/ipv6/6in4/Makefile
+++ b/package/network/ipv6/6in4/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=6in4
-PKG_VERSION:=17
+PKG_VERSION:=18
 PKG_RELEASE:=1
 
 include $(INCLUDE_DIR)/package.mk
diff --git a/package/network/ipv6/6in4/files/6in4.sh b/package/network/ipv6/6in4/files/6in4.sh
index 714d629416..7ffd40dc06 100755
--- a/package/network/ipv6/6in4/files/6in4.sh
+++ b/package/network/ipv6/6in4/files/6in4.sh
@@ -66,12 +66,21 @@ proto_6in4_setup() {
 	[ -n "$tunnelid" -a -n "$username" -a \( -n "$password" -o -n "$updatekey" \) ] && {
 		[ -n "$updatekey" ] && password="$updatekey"
 
-		local url="http://ipv4.tunnelbroker.net/nic/update?username=$username&password=$password&hostname=$tunnelid"
+		local http="http"
+		local wget_opts="-qO/dev/null"
+		if wget --version | grep -qF "+https"; then
+			http="https"
+			[ -z "$(find ${SSL_CERT_DIR-/etc/ssl/certs} -name "*.0" 2>/dev/null)" ] && {
+				wget_opts="$wget_opts --no-check-certificate"
+			}
+		fi
+
+		local url="$http://ipv4.tunnelbroker.net/nic/update?username=$username&password=$password&hostname=$tunnelid"
 		local try=0
 		local max=3
 
 		while [ $((++try)) -le $max ]; do
-			( exec wget -qO/dev/null "$url" 2>/dev/null ) &
+			( exec wget $wget_opts "$url" 2>/dev/null ) &
 			local pid=$!
 			( sleep 5; kill $pid 2>/dev/null ) &
 			wait $pid && break
-- 
2.11.0