diff mbox series

OpenWRT: add option to uhttpd init script for enabling TLS client cert auth

Message ID 20210219200153.1346105-1-luka.logar@cifra.si
State New
Headers show
Series OpenWRT: add option to uhttpd init script for enabling TLS client cert auth | expand

Commit Message

Luka Logar Feb. 19, 2021, 8:01 p.m. UTC
Add option client_auth=path_to_ca_cert_file to the uhttpd config file. Only client certificates issued by
a specified CA can be used for client authentication.

Signed-off-by: Luka Logar <luka.logar@cifra.si>
---
 package/network/services/uhttpd/files/uhttpd.config | 3 +++
 package/network/services/uhttpd/files/uhttpd.init   | 1 +
 2 files changed, 4 insertions(+)
diff mbox series

Patch

diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config
index 40ce67fd01..e95fa49517 100644
--- a/package/network/services/uhttpd/files/uhttpd.config
+++ b/package/network/services/uhttpd/files/uhttpd.config
@@ -111,6 +111,9 @@  config uhttpd main
 	# resources.
 #	list httpauth prefix_user
 
+	# Enable if you want to use TLS client certificate
+	# authentication.
+	# option client_auth	/etc/ssl/certs/client_ca.crt
 
 # Defaults for automatic certificate and key generation
 config cert defaults
diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init
index 869f79bea2..a6e96f3cda 100755
--- a/package/network/services/uhttpd/files/uhttpd.init
+++ b/package/network/services/uhttpd/files/uhttpd.init
@@ -148,6 +148,7 @@  start_instance()
 	append_arg "$cfg" error_page "-E"
 	append_arg "$cfg" max_requests "-n" 3
 	append_arg "$cfg" max_connections "-N"
+	append_arg "$cfg" client_auth "-b"
 
 	append_bool "$cfg" no_ubusauth "-a" 0
 	append_bool "$cfg" no_symlinks "-S" 0