uhttpd: support using OpenSSL for certificate generation

Support the usage of the OpenSSL command-line tool for generating
the SSL certificate for uhttpd. Traditionally 'px5g' based on
PolarSSL (or mbedTLS in LEDE), has been used for the creation.

uhttpd init script is enhanced by adding detection of an installed
openssl command-line binary (provided by 'openssl-util' package),
and if found, the tool is used for certificate generation.

Note: After this patch the script prefers to use the OpenSSL tool
if both it and px5g are installed.

This enables creating a truly OpenSSL-only version of LuCI
without dependency to PolarSSL/mbedTLS based px5g.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

diff --git a/package/network/services/uhttpd/Makefile b/package/network/services/uhttpd/Makefile
index 8a3797ed866d491e04abef75116f66aeea887a48..25ad910dd90f649e588de8e2f1a6fb9ea602100c 100644 (file)
--- a/package/network/services/uhttpd/Makefile
+++ b/package/network/services/uhttpd/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uhttpd
-PKG_VERSION:=2016-06-16
+PKG_VERSION:=2016-10-04
 PKG_RELEASE=$(PKG_SOURCE_VERSION)
 
 PKG_SOURCE_PROTO:=git

diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init
index 1b457a2b37ab8a2beb5168dbc6eaf37a97a9c567..d703d762e694a18d5ecf5ddaba31240c47165e6d 100755 (executable)
--- a/package/network/services/uhttpd/files/uhttpd.init
+++ b/package/network/services/uhttpd/files/uhttpd.init
@@ -7,6 +7,7 @@ USE_PROCD=1
 
 UHTTPD_BIN="/usr/sbin/uhttpd"
 PX5G_BIN="/usr/sbin/px5g"
+OPENSSL_BIN="/usr/bin/openssl"
 
 append_arg() {
        local cfg="$1"
@@ -43,8 +44,12 @@ generate_keys() {
        config_get location   "$cfg" location
        config_get commonname "$cfg" commonname
 
-       [ -x "$PX5G_BIN" ] && {
-               $PX5G_BIN selfsigned -der \
+       # Prefer OpenSSL for certificate generation (existence evaluated last)
+       local GENKEY_CMD=""
+       [ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
+       [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -outform der -nodes"
+       [ -n "$GENKEY_CMD" ] && {
+               $GENKEY_CMD \
                        -days ${days:-730} -newkey rsa:${bits:-2048} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
                        -subj /C="${country:-DE}"/ST="${state:-Saxony}"/L="${location:-Leipzig}"/CN="${commonname:-Lede}"
                sync