Skip to content

Commit e27ffb5

Browse files
BrainSlayerBrainSlayer
committed
allow custom private keys and certificates
git-svn-id: svn://svn.dd-wrt.com/DD-WRT@44703 52c4871e-980c-0410-b1e0-e73912ce01f8
1 parent 6e9fa34 commit e27ffb5

File tree

1 file changed

+27
-24
lines changed

1 file changed

+27
-24
lines changed

src/router/httpd/httpd.c

Lines changed: 27 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -1559,26 +1559,38 @@ int main(int argc, char **argv)
15591559

15601560
/* Build our SSL context */
15611561
if (SSL_ENABLED() && do_ssl) {
1562+
char *cert = nvram_safe_get("https_cert");
1563+
char *key = nvram_safe_get("https_key");
1564+
char *certfile = NULL;
1565+
char *keyfile = NULL;
1566+
if (*cert) {
1567+
certfile = "/tmp/https_cert";
1568+
writenvram("https_cert", certfile);
1569+
}
1570+
if (*key) {
1571+
keyfile = "/tmp/https_key";
1572+
writenvram("https_key", keyfile);
1573+
}
1574+
if (!certfile)
1575+
certfile = nvram_safe_get("https_cert_file");
1576+
if (!*certfile)
1577+
certfile = CERT_FILE;
1578+
if (!keyfile)
1579+
keyfile = nvram_safe_get("https_key_file");
1580+
if (!*keyfile)
1581+
keyfile = KEY_FILE;
15621582
#ifdef HAVE_OPENSSL
15631583
SSLeay_add_ssl_algorithms();
15641584
SSL_load_error_strings();
15651585
ctx = SSL_CTX_new(SSLv23_server_method());
1566-
#ifdef HAVE_CUSTOMSSLCERT
1567-
if (SSL_CTX_use_certificate_file(ctx, nvram_safe_get("https_cert_file"), SSL_FILETYPE_PEM)
1568-
#else
1569-
if (SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM)
1570-
#endif
1586+
if (SSL_CTX_use_certificate_file(ctx, certfile, SSL_FILETYPE_PEM)
15711587
== 0) {
15721588
cprintf("Can't read %s\n", CERT_FILE);
15731589
ERR_print_errors_fp(stderr);
15741590
exit(1);
15751591

15761592
}
1577-
#ifdef HAVE_CUSTOMSSLCERT
1578-
if (SSL_CTX_use_PrivateKey_file(ctx, nvram_safe_get("https_key_file"), SSL_FILETYPE_PEM)
1579-
#else
1580-
if (SSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM)
1581-
#endif
1593+
if (SSL_CTX_use_PrivateKey_file(ctx, keyfile, SSL_FILETYPE_PEM)
15821594
== 0) {
15831595
cprintf("Can't read %s\n", KEY_FILE);
15841596
ERR_print_errors_fp(stderr);
@@ -1599,12 +1611,12 @@ int main(int argc, char **argv)
15991611
bzero(&ssl, sizeof(ssl));
16001612
bzero(&srvcert, sizeof(x509_crt));
16011613
x509_crt_init(&srvcert);
1602-
ret = x509_crt_parse_file(&srvcert, CERT_FILE);
1614+
ret = x509_crt_parse_file(&srvcert, certfile);
16031615
if (ret != 0) {
16041616
printf("x509_read_crtfile failed\n");
16051617
exit(0);
16061618
}
1607-
ret = pk_parse_keyfile(&rsa, KEY_FILE, NULL);
1619+
ret = pk_parse_keyfile(&rsa, keyfile, NULL);
16081620
if (ret != 0) {
16091621
printf("x509_read_keyfile failed\n");
16101622
exit(0);
@@ -1613,18 +1625,9 @@ int main(int argc, char **argv)
16131625

16141626
#ifdef HAVE_MATRIXSSL
16151627
matrixssl_init();
1616-
#ifdef HAVE_CUSTOMSSLCERT
1617-
if (f_exists(nvram_safe_get("https_cert_file")) && f_exists(nvram_safe_get("https_key_file"))) {
1618-
if (0 != matrixSslReadKeys(&keys, nvram_safe_get("https_cert_file"), nvram_safe_get("https_key_file"), NULL, NULL)) {
1619-
fprintf(stderr, "Error reading or parsing %s / %s.\n", nvram_safe_get("https_cert_file"), nvram_safe_get("https_key_file"));
1620-
}
1621-
} else
1622-
#endif
1623-
{
1624-
if (0 != matrixSslReadKeys(&keys, CERT_FILE, KEY_FILE, NULL, NULL)) {
1625-
fprintf(stderr, "Error reading or parsing %s.\n", KEY_FILE);
1626-
exit(0);
1627-
}
1628+
if (0 != matrixSslReadKeys(&keys, certfile, keyfile, NULL, NULL)) {
1629+
fprintf(stderr, "Error reading or parsing %s.\n", KEY_FILE);
1630+
exit(0);
16281631
}
16291632
#endif
16301633
}

0 commit comments

Comments
 (0)