httpd: rc: revert gencert.sh invocation to match Asus (now that we no…

… longer use web/ftp as argument) Originally (back in Tomato days), gencert.sh would receive a random value as parameter, to use as a serial. Asus removed that part from gencert.sh, but left it in httpd for some unknown reason. To keep things in sync we still reproduce that behaviour for now.
RMerl · Oct 29, 2018 · d28e752 · d28e752
1 parent 9f358ab
commit d28e752
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 2 deletions.
diff --git a/release/src/router/httpd/httpd.c b/release/src/router/httpd/httpd.c
@@ -2213,6 +2213,8 @@ void start_ssl(void)
 	int lockfd;
 	int retry;
 	int i;
+	unsigned long long sn;
+	char t[32];
 
 	lockfd = open("/var/lock/sslinit.lock", O_CREAT | O_RDWR, 0666);
 
@@ -2235,7 +2237,12 @@ void start_ssl(void)
 		if ((!f_exists("/etc/cert.pem")) || (!f_exists("/etc/key.pem"))) {
 			erase_cert();
 			logmessage("httpd", "Generating SSL certificate...");
-			eval("gencert.sh", "web");
+
+			// browsers seems to like this when the ip address moves...     -- zzz
+			f_read("/dev/urandom", &sn, sizeof(sn));
+
+			sprintf(t, "%llu", sn & 0x7FFFFFFFFFFFFFFFULL);
+			eval("gencert.sh", t);
 
 #ifdef RTCONFIG_LETSENCRYPT
 			if (nvram_match("le_enable", "2"))

diff --git a/release/src/router/rc/usb.c b/release/src/router/rc/usb.c
@@ -2548,6 +2548,10 @@ void write_ftpd_conf()
 	FILE *fp;
 	char maxuser[16];
 	int passive_port;
+#ifdef RTCONFIG_HTTPS
+	unsigned long long sn;
+	char t[32];
+#endif
 
 	/* write /etc/vsftpd.conf */
 	fp=fopen("/etc/vsftpd.conf", "w");
@@ -2635,6 +2639,7 @@ void write_ftpd_conf()
 		fprintf(fp, "xferlog_file=/var/log/vsftpd.log\n");
 	}
 
+#ifdef RTCONFIG_HTTPS
 	if(nvram_get_int("ftp_tls")){
 		fprintf(fp, "ssl_enable=YES\n");
 		fprintf(fp, "rsa_cert_file=%s\n", HTTPD_CERT);
@@ -2672,11 +2677,16 @@ void write_ftpd_conf()
                         || !cert_key_match(HTTPD_CERT, HTTPD_KEY)
 #endif
 		) {
-			eval("gencert.sh", "web");
+			f_read("/dev/urandom", &sn, sizeof(sn));
+			sprintf(t, "%llu", sn & 0x7FFFFFFFFFFFFFFFULL);
+			eval("gencert.sh", t);
 		}
 	} else {
 		fprintf(fp, "ssl_enable=NO\n");
 	}
+#else
+	fprintf(fp, "ssl_enable=NO\n");
+#endif	// HTTPS
 
 	append_custom_config("vsftpd.conf", fp);
 	fclose(fp);