diff options
| -rw-r--r-- | package/uhttpd/Makefile | 40 | ||||
| -rw-r--r-- | package/uhttpd/src/Makefile | 30 | ||||
| -rw-r--r-- | package/uhttpd/src/uhttpd-tls.c | 32 | ||||
| -rw-r--r-- | package/uhttpd/src/uhttpd-tls.h | 3 | ||||
| -rw-r--r-- | package/uhttpd/src/uhttpd.c | 17 | ||||
| -rw-r--r-- | package/uhttpd/src/uhttpd.h | 3 | 
6 files changed, 98 insertions, 27 deletions
| diff --git a/package/uhttpd/Makefile b/package/uhttpd/Makefile index cd1a4771a..d5dbd0e39 100644 --- a/package/uhttpd/Makefile +++ b/package/uhttpd/Makefile @@ -8,10 +8,12 @@  include $(TOPDIR)/rules.mk  PKG_NAME:=uhttpd -PKG_RELEASE:=23 +PKG_RELEASE:=24  PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) -PKG_BUILD_DEPENDS := libcyassl liblua +PKG_CONFIG_DEPENDS := \ +	CONFIG_PACKAGE_uhttpd-mod-tls_cyassl \ +	CONFIG_PACKAGE_uhttpd-mod-tls_openssl  include $(INCLUDE_DIR)/package.mk @@ -38,13 +40,39 @@ endef  define Package/uhttpd-mod-tls    $(Package/uhttpd/default)    TITLE+= (TLS plugin) -  DEPENDS:=uhttpd +libcyassl +  DEPENDS:=uhttpd +PACKAGE_uhttpd-mod-tls_cyassl:libcyassl +PACKAGE_uhttpd-mod-tls_openssl:libopenssl  endef  define Package/uhttpd-mod-tls/description   The TLS plugin adds HTTPS support to uHTTPd.  endef +define Package/uhttpd-mod-tls/config +        choice +                depends on PACKAGE_uhttpd-mod-tls +                prompt "TLS Provider" +                default PACKAGE_uhttpd-mod-tls_cyassl + +                config PACKAGE_uhttpd-mod-tls_cyassl +                        bool "CyaSSL" + +                config PACKAGE_uhttpd-mod-tls_openssl +                        bool "OpenSSL" +        endchoice +endef + +UHTTPD_TLS:= +TLS_CFLAGS:= + +ifneq ($(CONFIG_PACKAGE_uhttpd-mod-tls_cyassl),) +  UHTTPD_TLS:=cyassl +  TLS_CFLAGS:=-I$(STAGING_DIR)/usr/include/cyassl +endif + +ifneq ($(CONFIG_PACKAGE_uhttpd-mod-tls_openssl),) +  UHTTPD_TLS:=openssl +endif +  define Package/uhttpd-mod-lua    $(Package/uhttpd/default) @@ -57,10 +85,8 @@ define Package/uhttpd-mod-lua/description  endef -# hack to use CyASSL headers -TARGET_CFLAGS += -I$(firstword $(wildcard $(BUILD_DIR)/cyassl-*/include)) -TARGET_LDFLAGS += -lm -MAKE_VARS += FPIC="$(FPIC)" +TARGET_CFLAGS += $(TLS_CFLAGS) +MAKE_VARS += FPIC="$(FPIC)" UHTTPD_TLS="$(UHTTPD_TLS)"  define Build/Prepare  	mkdir -p $(PKG_BUILD_DIR) diff --git a/package/uhttpd/src/Makefile b/package/uhttpd/src/Makefile index 6dcc3555f..e18833e8f 100644 --- a/package/uhttpd/src/Makefile +++ b/package/uhttpd/src/Makefile @@ -1,17 +1,28 @@  CGI_SUPPORT ?= 1  LUA_SUPPORT ?= 1  TLS_SUPPORT ?= 1 +UHTTPD_TLS ?= cyassl -CFLAGS ?= -I./lua-5.1.4/src -I./cyassl-1.4.0/include -O0 -ggdb3 -LDFLAGS ?= -L./lua-5.1.4/src -L./cyassl-1.4.0/src/.libs +CFLAGS ?= -I./lua-5.1.4/src -I$(TLS_INCLUDE_DIR) -O0 -ggdb3 +LDFLAGS ?= -L./lua-5.1.4/src -L$(TLS_LIB_DIR)  CFLAGS += -Wall --std=gnu99 -OBJ = uhttpd.o uhttpd-file.o uhttpd-utils.o -LIB = -Wl,--export-dynamic -lcrypt -ldl +ifeq ($(UHTTPD_TLS),openssl) +  TLS_LDFLAGS := -lssl +  TLS_INCLUDE_DIR := ./openssl-0.9.8m/include +  TLS_LIB_DIR := ./openssl-0.9.8m +else +  TLS_LDFLAGS := -lcyassl +  TLS_INCLUDE_DIR := ./cyassl-1.4.0/include +  TLS_LIB_DIR := ./cyassl-1.4.0/src/.libs +endif + +OBJ := uhttpd.o uhttpd-file.o uhttpd-utils.o +LIB := -Wl,--export-dynamic -lcrypt -ldl -TLSLIB = -LUALIB = +TLSLIB := +LUALIB :=  HAVE_SHADOW=$(shell echo 'int main(void){ return !getspnam("root"); }' | \  	$(CC) -include shadow.h -xc -o/dev/null - 2>/dev/null && echo yes) @@ -29,7 +40,7 @@ endif  ifeq ($(LUA_SUPPORT),1)    CFLAGS += -DHAVE_LUA -  LUALIB = uhttpd_lua.so +  LUALIB := uhttpd_lua.so    $(LUALIB): uhttpd-lua.c  		$(CC) $(CFLAGS) $(LDFLAGS) $(FPIC) \ @@ -39,11 +50,11 @@ endif  ifeq ($(TLS_SUPPORT),1)    CFLAGS += -DHAVE_TLS -  TLSLIB = uhttpd_tls.so +  TLSLIB := uhttpd_tls.so    $(TLSLIB): uhttpd-tls.c  		$(CC) $(CFLAGS) $(LDFLAGS) $(FPIC) \ -			-shared -lcyassl \ +			-shared $(TLS_LDFLAGS) \  			-o $(TLSLIB) uhttpd-tls.c  endif @@ -55,4 +66,3 @@ compile: $(OBJ) $(TLSLIB) $(LUALIB)  clean:  	rm -f *.o *.so uhttpd - diff --git a/package/uhttpd/src/uhttpd-tls.c b/package/uhttpd/src/uhttpd-tls.c index 008f8e0df..6beae25aa 100644 --- a/package/uhttpd/src/uhttpd-tls.c +++ b/package/uhttpd/src/uhttpd-tls.c @@ -23,7 +23,8 @@  SSL_CTX * uh_tls_ctx_init()  { -	SSL_CTX *c = NULL; +	SSL_CTX *c; +  	SSL_load_error_strings();  	SSL_library_init(); @@ -59,13 +60,36 @@ void uh_tls_ctx_free(struct listener *l)  } -void uh_tls_client_accept(struct client *c) +int uh_tls_client_accept(struct client *c)  { +	int rv; +  	if( c->server && c->server->tls )  	{  		c->tls = SSL_new(c->server->tls); -		SSL_set_fd(c->tls, c->socket); +		if( c->tls ) +		{ +			if( (rv = SSL_set_fd(c->tls, c->socket)) < 1 ) +				goto cleanup; +			if( (rv = SSL_accept(c->tls)) < 1 ) +				goto cleanup; +		} +		else +			rv = 0; +	} +	else +	{ +		c->tls = NULL; +		rv = 1;  	} + +done: +	return rv; + +cleanup: +	SSL_free(c->tls); +	c->tls = NULL; +	goto done;  }  int uh_tls_client_recv(struct client *c, void *buf, int len) @@ -90,5 +114,3 @@ void uh_tls_client_close(struct client *c)  		c->tls = NULL;  	}  } - - diff --git a/package/uhttpd/src/uhttpd-tls.h b/package/uhttpd/src/uhttpd-tls.h index 4a98b78c6..24dfb4407 100644 --- a/package/uhttpd/src/uhttpd-tls.h +++ b/package/uhttpd/src/uhttpd-tls.h @@ -26,10 +26,9 @@ int uh_tls_ctx_cert(SSL_CTX *c, const char *file);  int uh_tls_ctx_key(SSL_CTX *c, const char *file);  void uh_tls_ctx_free(struct listener *l); -void uh_tls_client_accept(struct client *c); +int uh_tls_client_accept(struct client *c);  int uh_tls_client_recv(struct client *c, void *buf, int len);  int uh_tls_client_send(struct client *c, void *buf, int len);  void uh_tls_client_close(struct client *c);  #endif - diff --git a/package/uhttpd/src/uhttpd.c b/package/uhttpd/src/uhttpd.c index 4a3bced72..3563d91d1 100644 --- a/package/uhttpd/src/uhttpd.c +++ b/package/uhttpd/src/uhttpd.c @@ -512,7 +512,22 @@ static void uh_mainloop(struct config *conf, fd_set serv_fds, int max_fd)  #ifdef HAVE_TLS  							/* setup client tls context */  							if( conf->tls ) -								conf->tls_accept(cl); +							{ +								if( conf->tls_accept(cl) < 1 ) +								{ +									fprintf(stderr, +										"tls_accept failed, " +										"connection dropped\n"); + +									/* close client socket */ +									close(new_fd); + +									/* remove from global client list */ +									uh_client_remove(new_fd); + +									continue; +								} +							}  #endif  							/* add client socket to global fdset */ diff --git a/package/uhttpd/src/uhttpd.h b/package/uhttpd/src/uhttpd.h index ff058d62b..993bf93af 100644 --- a/package/uhttpd/src/uhttpd.h +++ b/package/uhttpd/src/uhttpd.h @@ -98,7 +98,7 @@ struct config {  	int (*tls_cert) (SSL_CTX *c, const char *file);  	int (*tls_key) (SSL_CTX *c, const char *file);  	void (*tls_free) (struct listener *l); -	void (*tls_accept) (struct client *c); +	int (*tls_accept) (struct client *c);  	void (*tls_close) (struct client *c);  	int (*tls_recv) (struct client *c, void *buf, int len);  	int (*tls_send) (struct client *c, void *buf, int len); @@ -159,4 +159,3 @@ struct interpreter {  #endif  #endif - | 
