uhttpd: support building against openssl instead of cyassl, minor cleanups (#7827)
authorJo-Philipp Wich <jow@openwrt.org>
Mon, 18 Jul 2011 14:18:31 +0000 (14:18 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Mon, 18 Jul 2011 14:18:31 +0000 (14:18 +0000)
SVN-Revision: 27686

package/uhttpd/Makefile
package/uhttpd/src/Makefile
package/uhttpd/src/uhttpd-tls.c
package/uhttpd/src/uhttpd-tls.h
package/uhttpd/src/uhttpd.c
package/uhttpd/src/uhttpd.h

index cd1a4771a8d792c52c40f90d82a3c0f0abfff6cd..d5dbd0e397dc4c8ccb2fdedacac26ebf1e7dc5a1 100644 (file)
@@ -8,10 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uhttpd
-PKG_RELEASE:=23
+PKG_RELEASE:=24
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
-PKG_BUILD_DEPENDS := libcyassl liblua
+PKG_CONFIG_DEPENDS := \
+       CONFIG_PACKAGE_uhttpd-mod-tls_cyassl \
+       CONFIG_PACKAGE_uhttpd-mod-tls_openssl
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -38,13 +40,39 @@ endef
 define Package/uhttpd-mod-tls
   $(Package/uhttpd/default)
   TITLE+= (TLS plugin)
-  DEPENDS:=uhttpd +libcyassl
+  DEPENDS:=uhttpd +PACKAGE_uhttpd-mod-tls_cyassl:libcyassl +PACKAGE_uhttpd-mod-tls_openssl:libopenssl
 endef
 
 define Package/uhttpd-mod-tls/description
  The TLS plugin adds HTTPS support to uHTTPd.
 endef
 
+define Package/uhttpd-mod-tls/config
+        choice
+                depends on PACKAGE_uhttpd-mod-tls
+                prompt "TLS Provider"
+                default PACKAGE_uhttpd-mod-tls_cyassl
+
+                config PACKAGE_uhttpd-mod-tls_cyassl
+                        bool "CyaSSL"
+
+                config PACKAGE_uhttpd-mod-tls_openssl
+                        bool "OpenSSL"
+        endchoice
+endef
+
+UHTTPD_TLS:=
+TLS_CFLAGS:=
+
+ifneq ($(CONFIG_PACKAGE_uhttpd-mod-tls_cyassl),)
+  UHTTPD_TLS:=cyassl
+  TLS_CFLAGS:=-I$(STAGING_DIR)/usr/include/cyassl
+endif
+
+ifneq ($(CONFIG_PACKAGE_uhttpd-mod-tls_openssl),)
+  UHTTPD_TLS:=openssl
+endif
+
 
 define Package/uhttpd-mod-lua
   $(Package/uhttpd/default)
@@ -57,10 +85,8 @@ define Package/uhttpd-mod-lua/description
 endef
 
 
-# hack to use CyASSL headers
-TARGET_CFLAGS += -I$(firstword $(wildcard $(BUILD_DIR)/cyassl-*/include))
-TARGET_LDFLAGS += -lm
-MAKE_VARS += FPIC="$(FPIC)"
+TARGET_CFLAGS += $(TLS_CFLAGS)
+MAKE_VARS += FPIC="$(FPIC)" UHTTPD_TLS="$(UHTTPD_TLS)"
 
 define Build/Prepare
        mkdir -p $(PKG_BUILD_DIR)
index 6dcc3555f196928ab72de7eb498ee6668d868079..e18833e8f3c2dcf416b4c5f54f89c879673bb06f 100644 (file)
@@ -1,17 +1,28 @@
 CGI_SUPPORT ?= 1
 LUA_SUPPORT ?= 1
 TLS_SUPPORT ?= 1
+UHTTPD_TLS ?= cyassl
 
-CFLAGS ?= -I./lua-5.1.4/src -I./cyassl-1.4.0/include -O0 -ggdb3
-LDFLAGS ?= -L./lua-5.1.4/src -L./cyassl-1.4.0/src/.libs
+CFLAGS ?= -I./lua-5.1.4/src -I$(TLS_INCLUDE_DIR) -O0 -ggdb3
+LDFLAGS ?= -L./lua-5.1.4/src -L$(TLS_LIB_DIR)
 
 CFLAGS += -Wall --std=gnu99
 
-OBJ = uhttpd.o uhttpd-file.o uhttpd-utils.o
-LIB = -Wl,--export-dynamic -lcrypt -ldl
+ifeq ($(UHTTPD_TLS),openssl)
+  TLS_LDFLAGS := -lssl
+  TLS_INCLUDE_DIR := ./openssl-0.9.8m/include
+  TLS_LIB_DIR := ./openssl-0.9.8m
+else
+  TLS_LDFLAGS := -lcyassl
+  TLS_INCLUDE_DIR := ./cyassl-1.4.0/include
+  TLS_LIB_DIR := ./cyassl-1.4.0/src/.libs
+endif
+
+OBJ := uhttpd.o uhttpd-file.o uhttpd-utils.o
+LIB := -Wl,--export-dynamic -lcrypt -ldl
 
-TLSLIB =
-LUALIB =
+TLSLIB :=
+LUALIB :=
 
 HAVE_SHADOW=$(shell echo 'int main(void){ return !getspnam("root"); }' | \
        $(CC) -include shadow.h -xc -o/dev/null - 2>/dev/null && echo yes)
@@ -29,7 +40,7 @@ endif
 
 ifeq ($(LUA_SUPPORT),1)
   CFLAGS += -DHAVE_LUA
-  LUALIB = uhttpd_lua.so
+  LUALIB := uhttpd_lua.so
 
   $(LUALIB): uhttpd-lua.c
                $(CC) $(CFLAGS) $(LDFLAGS) $(FPIC) \
@@ -39,11 +50,11 @@ endif
 
 ifeq ($(TLS_SUPPORT),1)
   CFLAGS += -DHAVE_TLS
-  TLSLIB = uhttpd_tls.so
+  TLSLIB := uhttpd_tls.so
 
   $(TLSLIB): uhttpd-tls.c
                $(CC) $(CFLAGS) $(LDFLAGS) $(FPIC) \
-                       -shared -lcyassl \
+                       -shared $(TLS_LDFLAGS) \
                        -o $(TLSLIB) uhttpd-tls.c
 endif
 
@@ -55,4 +66,3 @@ compile: $(OBJ) $(TLSLIB) $(LUALIB)
 
 clean:
        rm -f *.o *.so uhttpd
-
index 008f8e0df6a7e873a96ec0a3182cad60243155a5..6beae25aa153c03c6973a655fd3d98c9e5f1f5fd 100644 (file)
@@ -23,7 +23,8 @@
 
 SSL_CTX * uh_tls_ctx_init()
 {
-       SSL_CTX *c = NULL;
+       SSL_CTX *c;
+
        SSL_load_error_strings();
        SSL_library_init();
 
@@ -59,13 +60,36 @@ void uh_tls_ctx_free(struct listener *l)
 }
 
 
-void uh_tls_client_accept(struct client *c)
+int uh_tls_client_accept(struct client *c)
 {
+       int rv;
+
        if( c->server && c->server->tls )
        {
                c->tls = SSL_new(c->server->tls);
-               SSL_set_fd(c->tls, c->socket);
+               if( c->tls )
+               {
+                       if( (rv = SSL_set_fd(c->tls, c->socket)) < 1 )
+                               goto cleanup;
+                       if( (rv = SSL_accept(c->tls)) < 1 )
+                               goto cleanup;
+               }
+               else
+                       rv = 0;
+       }
+       else
+       {
+               c->tls = NULL;
+               rv = 1;
        }
+
+done:
+       return rv;
+
+cleanup:
+       SSL_free(c->tls);
+       c->tls = NULL;
+       goto done;
 }
 
 int uh_tls_client_recv(struct client *c, void *buf, int len)
@@ -90,5 +114,3 @@ void uh_tls_client_close(struct client *c)
                c->tls = NULL;
        }
 }
-
-
index 4a98b78c69c079350d448086507b656b1d35ae0d..24dfb440744417c537ea484c5875a6df80de5ff0 100644 (file)
@@ -26,10 +26,9 @@ int uh_tls_ctx_cert(SSL_CTX *c, const char *file);
 int uh_tls_ctx_key(SSL_CTX *c, const char *file);
 void uh_tls_ctx_free(struct listener *l);
 
-void uh_tls_client_accept(struct client *c);
+int uh_tls_client_accept(struct client *c);
 int uh_tls_client_recv(struct client *c, void *buf, int len);
 int uh_tls_client_send(struct client *c, void *buf, int len);
 void uh_tls_client_close(struct client *c);
 
 #endif
-
index 4a3bced722c9ac84107e5aaf771ee33b4ec0d9f1..3563d91d16ef92ad12ed55cae69b410cc5aa2e84 100644 (file)
@@ -512,7 +512,22 @@ static void uh_mainloop(struct config *conf, fd_set serv_fds, int max_fd)
 #ifdef HAVE_TLS
                                                        /* setup client tls context */
                                                        if( conf->tls )
-                                                               conf->tls_accept(cl);
+                                                       {
+                                                               if( conf->tls_accept(cl) < 1 )
+                                                               {
+                                                                       fprintf(stderr,
+                                                                               "tls_accept failed, "
+                                                                               "connection dropped\n");
+
+                                                                       /* close client socket */
+                                                                       close(new_fd);
+
+                                                                       /* remove from global client list */
+                                                                       uh_client_remove(new_fd);
+
+                                                                       continue;
+                                                               }
+                                                       }
 #endif
 
                                                        /* add client socket to global fdset */
index ff058d62bff3e214e4dee0e5c8cb5e35a63050e7..993bf93af1dc0d436864379fbea730df2d196f00 100644 (file)
@@ -98,7 +98,7 @@ struct config {
        int (*tls_cert) (SSL_CTX *c, const char *file);
        int (*tls_key) (SSL_CTX *c, const char *file);
        void (*tls_free) (struct listener *l);
-       void (*tls_accept) (struct client *c);
+       int (*tls_accept) (struct client *c);
        void (*tls_close) (struct client *c);
        int (*tls_recv) (struct client *c, void *buf, int len);
        int (*tls_send) (struct client *c, void *buf, int len);
@@ -159,4 +159,3 @@ struct interpreter {
 #endif
 
 #endif
-