diff --git a/package/uhttpd/Makefile b/package/uhttpd/Makefile index cd1a4771a8d..d5dbd0e397d 100644 --- a/package/uhttpd/Makefile +++ b/package/uhttpd/Makefile @@ -8,10 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=uhttpd -PKG_RELEASE:=23 +PKG_RELEASE:=24 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) -PKG_BUILD_DEPENDS := libcyassl liblua +PKG_CONFIG_DEPENDS := \ + CONFIG_PACKAGE_uhttpd-mod-tls_cyassl \ + CONFIG_PACKAGE_uhttpd-mod-tls_openssl include $(INCLUDE_DIR)/package.mk @@ -38,13 +40,39 @@ endef define Package/uhttpd-mod-tls $(Package/uhttpd/default) TITLE+= (TLS plugin) - DEPENDS:=uhttpd +libcyassl + DEPENDS:=uhttpd +PACKAGE_uhttpd-mod-tls_cyassl:libcyassl +PACKAGE_uhttpd-mod-tls_openssl:libopenssl endef define Package/uhttpd-mod-tls/description The TLS plugin adds HTTPS support to uHTTPd. endef +define Package/uhttpd-mod-tls/config + choice + depends on PACKAGE_uhttpd-mod-tls + prompt "TLS Provider" + default PACKAGE_uhttpd-mod-tls_cyassl + + config PACKAGE_uhttpd-mod-tls_cyassl + bool "CyaSSL" + + config PACKAGE_uhttpd-mod-tls_openssl + bool "OpenSSL" + endchoice +endef + +UHTTPD_TLS:= +TLS_CFLAGS:= + +ifneq ($(CONFIG_PACKAGE_uhttpd-mod-tls_cyassl),) + UHTTPD_TLS:=cyassl + TLS_CFLAGS:=-I$(STAGING_DIR)/usr/include/cyassl +endif + +ifneq ($(CONFIG_PACKAGE_uhttpd-mod-tls_openssl),) + UHTTPD_TLS:=openssl +endif + define Package/uhttpd-mod-lua $(Package/uhttpd/default) @@ -57,10 +85,8 @@ define Package/uhttpd-mod-lua/description endef -# hack to use CyASSL headers -TARGET_CFLAGS += -I$(firstword $(wildcard $(BUILD_DIR)/cyassl-*/include)) -TARGET_LDFLAGS += -lm -MAKE_VARS += FPIC="$(FPIC)" +TARGET_CFLAGS += $(TLS_CFLAGS) +MAKE_VARS += FPIC="$(FPIC)" UHTTPD_TLS="$(UHTTPD_TLS)" define Build/Prepare mkdir -p $(PKG_BUILD_DIR) diff --git a/package/uhttpd/src/Makefile b/package/uhttpd/src/Makefile index 6dcc3555f19..e18833e8f3c 100644 --- a/package/uhttpd/src/Makefile +++ b/package/uhttpd/src/Makefile @@ -1,17 +1,28 @@ CGI_SUPPORT ?= 1 LUA_SUPPORT ?= 1 TLS_SUPPORT ?= 1 +UHTTPD_TLS ?= cyassl -CFLAGS ?= -I./lua-5.1.4/src -I./cyassl-1.4.0/include -O0 -ggdb3 -LDFLAGS ?= -L./lua-5.1.4/src -L./cyassl-1.4.0/src/.libs +CFLAGS ?= -I./lua-5.1.4/src -I$(TLS_INCLUDE_DIR) -O0 -ggdb3 +LDFLAGS ?= -L./lua-5.1.4/src -L$(TLS_LIB_DIR) CFLAGS += -Wall --std=gnu99 -OBJ = uhttpd.o uhttpd-file.o uhttpd-utils.o -LIB = -Wl,--export-dynamic -lcrypt -ldl +ifeq ($(UHTTPD_TLS),openssl) + TLS_LDFLAGS := -lssl + TLS_INCLUDE_DIR := ./openssl-0.9.8m/include + TLS_LIB_DIR := ./openssl-0.9.8m +else + TLS_LDFLAGS := -lcyassl + TLS_INCLUDE_DIR := ./cyassl-1.4.0/include + TLS_LIB_DIR := ./cyassl-1.4.0/src/.libs +endif -TLSLIB = -LUALIB = +OBJ := uhttpd.o uhttpd-file.o uhttpd-utils.o +LIB := -Wl,--export-dynamic -lcrypt -ldl + +TLSLIB := +LUALIB := HAVE_SHADOW=$(shell echo 'int main(void){ return !getspnam("root"); }' | \ $(CC) -include shadow.h -xc -o/dev/null - 2>/dev/null && echo yes) @@ -29,7 +40,7 @@ endif ifeq ($(LUA_SUPPORT),1) CFLAGS += -DHAVE_LUA - LUALIB = uhttpd_lua.so + LUALIB := uhttpd_lua.so $(LUALIB): uhttpd-lua.c $(CC) $(CFLAGS) $(LDFLAGS) $(FPIC) \ @@ -39,11 +50,11 @@ endif ifeq ($(TLS_SUPPORT),1) CFLAGS += -DHAVE_TLS - TLSLIB = uhttpd_tls.so + TLSLIB := uhttpd_tls.so $(TLSLIB): uhttpd-tls.c $(CC) $(CFLAGS) $(LDFLAGS) $(FPIC) \ - -shared -lcyassl \ + -shared $(TLS_LDFLAGS) \ -o $(TLSLIB) uhttpd-tls.c endif @@ -55,4 +66,3 @@ compile: $(OBJ) $(TLSLIB) $(LUALIB) clean: rm -f *.o *.so uhttpd - diff --git a/package/uhttpd/src/uhttpd-tls.c b/package/uhttpd/src/uhttpd-tls.c index 008f8e0df6a..6beae25aa15 100644 --- a/package/uhttpd/src/uhttpd-tls.c +++ b/package/uhttpd/src/uhttpd-tls.c @@ -23,7 +23,8 @@ SSL_CTX * uh_tls_ctx_init() { - SSL_CTX *c = NULL; + SSL_CTX *c; + SSL_load_error_strings(); SSL_library_init(); @@ -59,13 +60,36 @@ void uh_tls_ctx_free(struct listener *l) } -void uh_tls_client_accept(struct client *c) +int uh_tls_client_accept(struct client *c) { + int rv; + if( c->server && c->server->tls ) { c->tls = SSL_new(c->server->tls); - SSL_set_fd(c->tls, c->socket); + if( c->tls ) + { + if( (rv = SSL_set_fd(c->tls, c->socket)) < 1 ) + goto cleanup; + if( (rv = SSL_accept(c->tls)) < 1 ) + goto cleanup; + } + else + rv = 0; } + else + { + c->tls = NULL; + rv = 1; + } + +done: + return rv; + +cleanup: + SSL_free(c->tls); + c->tls = NULL; + goto done; } int uh_tls_client_recv(struct client *c, void *buf, int len) @@ -90,5 +114,3 @@ void uh_tls_client_close(struct client *c) c->tls = NULL; } } - - diff --git a/package/uhttpd/src/uhttpd-tls.h b/package/uhttpd/src/uhttpd-tls.h index 4a98b78c69c..24dfb440744 100644 --- a/package/uhttpd/src/uhttpd-tls.h +++ b/package/uhttpd/src/uhttpd-tls.h @@ -26,10 +26,9 @@ int uh_tls_ctx_cert(SSL_CTX *c, const char *file); int uh_tls_ctx_key(SSL_CTX *c, const char *file); void uh_tls_ctx_free(struct listener *l); -void uh_tls_client_accept(struct client *c); +int uh_tls_client_accept(struct client *c); int uh_tls_client_recv(struct client *c, void *buf, int len); int uh_tls_client_send(struct client *c, void *buf, int len); void uh_tls_client_close(struct client *c); #endif - diff --git a/package/uhttpd/src/uhttpd.c b/package/uhttpd/src/uhttpd.c index 4a3bced722c..3563d91d16e 100644 --- a/package/uhttpd/src/uhttpd.c +++ b/package/uhttpd/src/uhttpd.c @@ -512,7 +512,22 @@ static void uh_mainloop(struct config *conf, fd_set serv_fds, int max_fd) #ifdef HAVE_TLS /* setup client tls context */ if( conf->tls ) - conf->tls_accept(cl); + { + if( conf->tls_accept(cl) < 1 ) + { + fprintf(stderr, + "tls_accept failed, " + "connection dropped\n"); + + /* close client socket */ + close(new_fd); + + /* remove from global client list */ + uh_client_remove(new_fd); + + continue; + } + } #endif /* add client socket to global fdset */ diff --git a/package/uhttpd/src/uhttpd.h b/package/uhttpd/src/uhttpd.h index ff058d62bff..993bf93af1d 100644 --- a/package/uhttpd/src/uhttpd.h +++ b/package/uhttpd/src/uhttpd.h @@ -98,7 +98,7 @@ struct config { int (*tls_cert) (SSL_CTX *c, const char *file); int (*tls_key) (SSL_CTX *c, const char *file); void (*tls_free) (struct listener *l); - void (*tls_accept) (struct client *c); + int (*tls_accept) (struct client *c); void (*tls_close) (struct client *c); int (*tls_recv) (struct client *c, void *buf, int len); int (*tls_send) (struct client *c, void *buf, int len); @@ -159,4 +159,3 @@ struct interpreter { #endif #endif -