Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.
OpenSSL does this in the same way already.
With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.crt /etc/uhttpd.key
-rw-r--r-- 1 root root 519 Nov 6 22:58 /etc/uhttpd.crt
-rw------- 1 root root 121 Nov 6 22:58 /etc/uhttpd.key
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 929c9a58c9)
Instead of accessing /dev/urandom use the getrandom syscall. This way we
do not have to keep the file open all the time.
This also fixes a compile error with glibc:
--------
px5g-mbedtls.c: In function '_urandom':
px5g-mbedtls.c:48:9: error: ignoring return value of 'read' declared with attribute 'warn_unused_result' [-Werror=unused-result]
48 | read(urandom_fd, out, len);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
--------
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Two versions of `px5g` exists without sharing code. For clarification
rename the previously existing MbedTLS based version to `px5g-mbedtls`
to exists next to `px5g-wolfssl`.
Rename code file of MbedTLS from `px5g.c` to `px5g-mbedtls.c`.
Signed-off-by: Paul Spooren <mail@aparcar.org>