include $(TOPDIR)/rules.mk
PKG_NAME:=uhttpd
-PKG_RELEASE:=23
+PKG_RELEASE:=24
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
-PKG_BUILD_DEPENDS := libcyassl liblua
+PKG_CONFIG_DEPENDS := \
+ CONFIG_PACKAGE_uhttpd-mod-tls_cyassl \
+ CONFIG_PACKAGE_uhttpd-mod-tls_openssl
include $(INCLUDE_DIR)/package.mk
define Package/uhttpd-mod-tls
$(Package/uhttpd/default)
TITLE+= (TLS plugin)
- DEPENDS:=uhttpd +libcyassl
+ DEPENDS:=uhttpd +PACKAGE_uhttpd-mod-tls_cyassl:libcyassl +PACKAGE_uhttpd-mod-tls_openssl:libopenssl
endef
define Package/uhttpd-mod-tls/description
The TLS plugin adds HTTPS support to uHTTPd.
endef
+define Package/uhttpd-mod-tls/config
+ choice
+ depends on PACKAGE_uhttpd-mod-tls
+ prompt "TLS Provider"
+ default PACKAGE_uhttpd-mod-tls_cyassl
+
+ config PACKAGE_uhttpd-mod-tls_cyassl
+ bool "CyaSSL"
+
+ config PACKAGE_uhttpd-mod-tls_openssl
+ bool "OpenSSL"
+ endchoice
+endef
+
+UHTTPD_TLS:=
+TLS_CFLAGS:=
+
+ifneq ($(CONFIG_PACKAGE_uhttpd-mod-tls_cyassl),)
+ UHTTPD_TLS:=cyassl
+ TLS_CFLAGS:=-I$(STAGING_DIR)/usr/include/cyassl
+endif
+
+ifneq ($(CONFIG_PACKAGE_uhttpd-mod-tls_openssl),)
+ UHTTPD_TLS:=openssl
+endif
+
define Package/uhttpd-mod-lua
$(Package/uhttpd/default)
endef
-# hack to use CyASSL headers
-TARGET_CFLAGS += -I$(firstword $(wildcard $(BUILD_DIR)/cyassl-*/include))
-TARGET_LDFLAGS += -lm
-MAKE_VARS += FPIC="$(FPIC)"
+TARGET_CFLAGS += $(TLS_CFLAGS)
+MAKE_VARS += FPIC="$(FPIC)" UHTTPD_TLS="$(UHTTPD_TLS)"
define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
CGI_SUPPORT ?= 1
LUA_SUPPORT ?= 1
TLS_SUPPORT ?= 1
+UHTTPD_TLS ?= cyassl
-CFLAGS ?= -I./lua-5.1.4/src -I./cyassl-1.4.0/include -O0 -ggdb3
-LDFLAGS ?= -L./lua-5.1.4/src -L./cyassl-1.4.0/src/.libs
+CFLAGS ?= -I./lua-5.1.4/src -I$(TLS_INCLUDE_DIR) -O0 -ggdb3
+LDFLAGS ?= -L./lua-5.1.4/src -L$(TLS_LIB_DIR)
CFLAGS += -Wall --std=gnu99
-OBJ = uhttpd.o uhttpd-file.o uhttpd-utils.o
-LIB = -Wl,--export-dynamic -lcrypt -ldl
+ifeq ($(UHTTPD_TLS),openssl)
+ TLS_LDFLAGS := -lssl
+ TLS_INCLUDE_DIR := ./openssl-0.9.8m/include
+ TLS_LIB_DIR := ./openssl-0.9.8m
+else
+ TLS_LDFLAGS := -lcyassl
+ TLS_INCLUDE_DIR := ./cyassl-1.4.0/include
+ TLS_LIB_DIR := ./cyassl-1.4.0/src/.libs
+endif
+
+OBJ := uhttpd.o uhttpd-file.o uhttpd-utils.o
+LIB := -Wl,--export-dynamic -lcrypt -ldl
-TLSLIB =
-LUALIB =
+TLSLIB :=
+LUALIB :=
HAVE_SHADOW=$(shell echo 'int main(void){ return !getspnam("root"); }' | \
$(CC) -include shadow.h -xc -o/dev/null - 2>/dev/null && echo yes)
ifeq ($(LUA_SUPPORT),1)
CFLAGS += -DHAVE_LUA
- LUALIB = uhttpd_lua.so
+ LUALIB := uhttpd_lua.so
$(LUALIB): uhttpd-lua.c
$(CC) $(CFLAGS) $(LDFLAGS) $(FPIC) \
ifeq ($(TLS_SUPPORT),1)
CFLAGS += -DHAVE_TLS
- TLSLIB = uhttpd_tls.so
+ TLSLIB := uhttpd_tls.so
$(TLSLIB): uhttpd-tls.c
$(CC) $(CFLAGS) $(LDFLAGS) $(FPIC) \
- -shared -lcyassl \
+ -shared $(TLS_LDFLAGS) \
-o $(TLSLIB) uhttpd-tls.c
endif
clean:
rm -f *.o *.so uhttpd
-
SSL_CTX * uh_tls_ctx_init()
{
- SSL_CTX *c = NULL;
+ SSL_CTX *c;
+
SSL_load_error_strings();
SSL_library_init();
}
-void uh_tls_client_accept(struct client *c)
+int uh_tls_client_accept(struct client *c)
{
+ int rv;
+
if( c->server && c->server->tls )
{
c->tls = SSL_new(c->server->tls);
- SSL_set_fd(c->tls, c->socket);
+ if( c->tls )
+ {
+ if( (rv = SSL_set_fd(c->tls, c->socket)) < 1 )
+ goto cleanup;
+ if( (rv = SSL_accept(c->tls)) < 1 )
+ goto cleanup;
+ }
+ else
+ rv = 0;
+ }
+ else
+ {
+ c->tls = NULL;
+ rv = 1;
}
+
+done:
+ return rv;
+
+cleanup:
+ SSL_free(c->tls);
+ c->tls = NULL;
+ goto done;
}
int uh_tls_client_recv(struct client *c, void *buf, int len)
c->tls = NULL;
}
}
-
-
int uh_tls_ctx_key(SSL_CTX *c, const char *file);
void uh_tls_ctx_free(struct listener *l);
-void uh_tls_client_accept(struct client *c);
+int uh_tls_client_accept(struct client *c);
int uh_tls_client_recv(struct client *c, void *buf, int len);
int uh_tls_client_send(struct client *c, void *buf, int len);
void uh_tls_client_close(struct client *c);
#endif
-
#ifdef HAVE_TLS
/* setup client tls context */
if( conf->tls )
- conf->tls_accept(cl);
+ {
+ if( conf->tls_accept(cl) < 1 )
+ {
+ fprintf(stderr,
+ "tls_accept failed, "
+ "connection dropped\n");
+
+ /* close client socket */
+ close(new_fd);
+
+ /* remove from global client list */
+ uh_client_remove(new_fd);
+
+ continue;
+ }
+ }
#endif
/* add client socket to global fdset */
int (*tls_cert) (SSL_CTX *c, const char *file);
int (*tls_key) (SSL_CTX *c, const char *file);
void (*tls_free) (struct listener *l);
- void (*tls_accept) (struct client *c);
+ int (*tls_accept) (struct client *c);
void (*tls_close) (struct client *c);
int (*tls_recv) (struct client *c, void *buf, int len);
int (*tls_send) (struct client *c, void *buf, int len);
#endif
#endif
-