uhttpd: create self-signed certificates with unique subjects
authorHannu Nyman <hannu.nyman@iki.fi>
Thu, 6 Oct 2016 17:37:59 +0000 (20:37 +0300)
committerJohn Crispin <john@phrozen.org>
Wed, 26 Oct 2016 13:16:52 +0000 (15:16 +0200)
commit9097dc5ad844c336020be11085e1c8c80390ac9c
tree9ef04dec717c6f62ded30f4277537b5d110679cb
parent82132540a3efbc98f8f4379b26d4b4541013e69d
uhttpd: create self-signed certificates with unique subjects

Add a partially random O= item to the certificate subject in order
to make the automatically generated certificates' subjects unique.

Firefox has problems when several self-signed certificates
with CA:true attribute and identical subjects have been
seen (and stored) by the browser. Reference to upstream bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1147544
https://bugzilla.mozilla.org/show_bug.cgi?id=1056341
https://bugzilla.redhat.com/show_bug.cgi?id=1204670#c34

Certificates created by the OpenSSL one-liner fall into that category.

Avoid identical certificate subjects by including a new 'O=' item
with CommonName + a random part (8 chars). Example:
/CN=LEDE/O=LEDEb986be0b/L=Unknown/ST=Somewhere/C=ZZ

That ensures that the browser properly sees the accumulating
certificates as separate items and does not spend time
trying to form a trust chain from them.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
package/network/services/uhttpd/files/uhttpd.init