summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--package/uhttpd/Makefile40
-rw-r--r--package/uhttpd/src/Makefile30
-rw-r--r--package/uhttpd/src/uhttpd-tls.c32
-rw-r--r--package/uhttpd/src/uhttpd-tls.h3
-rw-r--r--package/uhttpd/src/uhttpd.c17
-rw-r--r--package/uhttpd/src/uhttpd.h3
6 files changed, 98 insertions, 27 deletions
diff --git a/package/uhttpd/Makefile b/package/uhttpd/Makefile
index cd1a477..d5dbd0e 100644
--- a/package/uhttpd/Makefile
+++ b/package/uhttpd/Makefile
@@ -8,10 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=uhttpd
-PKG_RELEASE:=23
+PKG_RELEASE:=24
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
-PKG_BUILD_DEPENDS := libcyassl liblua
+PKG_CONFIG_DEPENDS := \
+ CONFIG_PACKAGE_uhttpd-mod-tls_cyassl \
+ CONFIG_PACKAGE_uhttpd-mod-tls_openssl
include $(INCLUDE_DIR)/package.mk
@@ -38,13 +40,39 @@ endef
define Package/uhttpd-mod-tls
$(Package/uhttpd/default)
TITLE+= (TLS plugin)
- DEPENDS:=uhttpd +libcyassl
+ DEPENDS:=uhttpd +PACKAGE_uhttpd-mod-tls_cyassl:libcyassl +PACKAGE_uhttpd-mod-tls_openssl:libopenssl
endef
define Package/uhttpd-mod-tls/description
The TLS plugin adds HTTPS support to uHTTPd.
endef
+define Package/uhttpd-mod-tls/config
+ choice
+ depends on PACKAGE_uhttpd-mod-tls
+ prompt "TLS Provider"
+ default PACKAGE_uhttpd-mod-tls_cyassl
+
+ config PACKAGE_uhttpd-mod-tls_cyassl
+ bool "CyaSSL"
+
+ config PACKAGE_uhttpd-mod-tls_openssl
+ bool "OpenSSL"
+ endchoice
+endef
+
+UHTTPD_TLS:=
+TLS_CFLAGS:=
+
+ifneq ($(CONFIG_PACKAGE_uhttpd-mod-tls_cyassl),)
+ UHTTPD_TLS:=cyassl
+ TLS_CFLAGS:=-I$(STAGING_DIR)/usr/include/cyassl
+endif
+
+ifneq ($(CONFIG_PACKAGE_uhttpd-mod-tls_openssl),)
+ UHTTPD_TLS:=openssl
+endif
+
define Package/uhttpd-mod-lua
$(Package/uhttpd/default)
@@ -57,10 +85,8 @@ define Package/uhttpd-mod-lua/description
endef
-# hack to use CyASSL headers
-TARGET_CFLAGS += -I$(firstword $(wildcard $(BUILD_DIR)/cyassl-*/include))
-TARGET_LDFLAGS += -lm
-MAKE_VARS += FPIC="$(FPIC)"
+TARGET_CFLAGS += $(TLS_CFLAGS)
+MAKE_VARS += FPIC="$(FPIC)" UHTTPD_TLS="$(UHTTPD_TLS)"
define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
diff --git a/package/uhttpd/src/Makefile b/package/uhttpd/src/Makefile
index 6dcc355..e18833e 100644
--- a/package/uhttpd/src/Makefile
+++ b/package/uhttpd/src/Makefile
@@ -1,17 +1,28 @@
CGI_SUPPORT ?= 1
LUA_SUPPORT ?= 1
TLS_SUPPORT ?= 1
+UHTTPD_TLS ?= cyassl
-CFLAGS ?= -I./lua-5.1.4/src -I./cyassl-1.4.0/include -O0 -ggdb3
-LDFLAGS ?= -L./lua-5.1.4/src -L./cyassl-1.4.0/src/.libs
+CFLAGS ?= -I./lua-5.1.4/src -I$(TLS_INCLUDE_DIR) -O0 -ggdb3
+LDFLAGS ?= -L./lua-5.1.4/src -L$(TLS_LIB_DIR)
CFLAGS += -Wall --std=gnu99
-OBJ = uhttpd.o uhttpd-file.o uhttpd-utils.o
-LIB = -Wl,--export-dynamic -lcrypt -ldl
+ifeq ($(UHTTPD_TLS),openssl)
+ TLS_LDFLAGS := -lssl
+ TLS_INCLUDE_DIR := ./openssl-0.9.8m/include
+ TLS_LIB_DIR := ./openssl-0.9.8m
+else
+ TLS_LDFLAGS := -lcyassl
+ TLS_INCLUDE_DIR := ./cyassl-1.4.0/include
+ TLS_LIB_DIR := ./cyassl-1.4.0/src/.libs
+endif
+
+OBJ := uhttpd.o uhttpd-file.o uhttpd-utils.o
+LIB := -Wl,--export-dynamic -lcrypt -ldl
-TLSLIB =
-LUALIB =
+TLSLIB :=
+LUALIB :=
HAVE_SHADOW=$(shell echo 'int main(void){ return !getspnam("root"); }' | \
$(CC) -include shadow.h -xc -o/dev/null - 2>/dev/null && echo yes)
@@ -29,7 +40,7 @@ endif
ifeq ($(LUA_SUPPORT),1)
CFLAGS += -DHAVE_LUA
- LUALIB = uhttpd_lua.so
+ LUALIB := uhttpd_lua.so
$(LUALIB): uhttpd-lua.c
$(CC) $(CFLAGS) $(LDFLAGS) $(FPIC) \
@@ -39,11 +50,11 @@ endif
ifeq ($(TLS_SUPPORT),1)
CFLAGS += -DHAVE_TLS
- TLSLIB = uhttpd_tls.so
+ TLSLIB := uhttpd_tls.so
$(TLSLIB): uhttpd-tls.c
$(CC) $(CFLAGS) $(LDFLAGS) $(FPIC) \
- -shared -lcyassl \
+ -shared $(TLS_LDFLAGS) \
-o $(TLSLIB) uhttpd-tls.c
endif
@@ -55,4 +66,3 @@ compile: $(OBJ) $(TLSLIB) $(LUALIB)
clean:
rm -f *.o *.so uhttpd
-
diff --git a/package/uhttpd/src/uhttpd-tls.c b/package/uhttpd/src/uhttpd-tls.c
index 008f8e0..6beae25 100644
--- a/package/uhttpd/src/uhttpd-tls.c
+++ b/package/uhttpd/src/uhttpd-tls.c
@@ -23,7 +23,8 @@
SSL_CTX * uh_tls_ctx_init()
{
- SSL_CTX *c = NULL;
+ SSL_CTX *c;
+
SSL_load_error_strings();
SSL_library_init();
@@ -59,13 +60,36 @@ void uh_tls_ctx_free(struct listener *l)
}
-void uh_tls_client_accept(struct client *c)
+int uh_tls_client_accept(struct client *c)
{
+ int rv;
+
if( c->server && c->server->tls )
{
c->tls = SSL_new(c->server->tls);
- SSL_set_fd(c->tls, c->socket);
+ if( c->tls )
+ {
+ if( (rv = SSL_set_fd(c->tls, c->socket)) < 1 )
+ goto cleanup;
+ if( (rv = SSL_accept(c->tls)) < 1 )
+ goto cleanup;
+ }
+ else
+ rv = 0;
+ }
+ else
+ {
+ c->tls = NULL;
+ rv = 1;
}
+
+done:
+ return rv;
+
+cleanup:
+ SSL_free(c->tls);
+ c->tls = NULL;
+ goto done;
}
int uh_tls_client_recv(struct client *c, void *buf, int len)
@@ -90,5 +114,3 @@ void uh_tls_client_close(struct client *c)
c->tls = NULL;
}
}
-
-
diff --git a/package/uhttpd/src/uhttpd-tls.h b/package/uhttpd/src/uhttpd-tls.h
index 4a98b78..24dfb44 100644
--- a/package/uhttpd/src/uhttpd-tls.h
+++ b/package/uhttpd/src/uhttpd-tls.h
@@ -26,10 +26,9 @@ int uh_tls_ctx_cert(SSL_CTX *c, const char *file);
int uh_tls_ctx_key(SSL_CTX *c, const char *file);
void uh_tls_ctx_free(struct listener *l);
-void uh_tls_client_accept(struct client *c);
+int uh_tls_client_accept(struct client *c);
int uh_tls_client_recv(struct client *c, void *buf, int len);
int uh_tls_client_send(struct client *c, void *buf, int len);
void uh_tls_client_close(struct client *c);
#endif
-
diff --git a/package/uhttpd/src/uhttpd.c b/package/uhttpd/src/uhttpd.c
index 4a3bced..3563d91 100644
--- a/package/uhttpd/src/uhttpd.c
+++ b/package/uhttpd/src/uhttpd.c
@@ -512,7 +512,22 @@ static void uh_mainloop(struct config *conf, fd_set serv_fds, int max_fd)
#ifdef HAVE_TLS
/* setup client tls context */
if( conf->tls )
- conf->tls_accept(cl);
+ {
+ if( conf->tls_accept(cl) < 1 )
+ {
+ fprintf(stderr,
+ "tls_accept failed, "
+ "connection dropped\n");
+
+ /* close client socket */
+ close(new_fd);
+
+ /* remove from global client list */
+ uh_client_remove(new_fd);
+
+ continue;
+ }
+ }
#endif
/* add client socket to global fdset */
diff --git a/package/uhttpd/src/uhttpd.h b/package/uhttpd/src/uhttpd.h
index ff058d6..993bf93 100644
--- a/package/uhttpd/src/uhttpd.h
+++ b/package/uhttpd/src/uhttpd.h
@@ -98,7 +98,7 @@ struct config {
int (*tls_cert) (SSL_CTX *c, const char *file);
int (*tls_key) (SSL_CTX *c, const char *file);
void (*tls_free) (struct listener *l);
- void (*tls_accept) (struct client *c);
+ int (*tls_accept) (struct client *c);
void (*tls_close) (struct client *c);
int (*tls_recv) (struct client *c, void *buf, int len);
int (*tls_send) (struct client *c, void *buf, int len);
@@ -159,4 +159,3 @@ struct interpreter {
#endif
#endif
-