| Message ID | 20210219200153.1346105-1-luka.logar@cifra.si |
|---|---|
| State | New |
| Headers | show |
| Series | OpenWRT: add option to uhttpd init script for enabling TLS client cert auth | expand |
diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config index 40ce67fd01..e95fa49517 100644 --- a/package/network/services/uhttpd/files/uhttpd.config +++ b/package/network/services/uhttpd/files/uhttpd.config @@ -111,6 +111,9 @@ config uhttpd main # resources. # list httpauth prefix_user + # Enable if you want to use TLS client certificate + # authentication. + # option client_auth /etc/ssl/certs/client_ca.crt # Defaults for automatic certificate and key generation config cert defaults diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init index 869f79bea2..a6e96f3cda 100755 --- a/package/network/services/uhttpd/files/uhttpd.init +++ b/package/network/services/uhttpd/files/uhttpd.init @@ -148,6 +148,7 @@ start_instance() append_arg "$cfg" error_page "-E" append_arg "$cfg" max_requests "-n" 3 append_arg "$cfg" max_connections "-N" + append_arg "$cfg" client_auth "-b" append_bool "$cfg" no_ubusauth "-a" 0 append_bool "$cfg" no_symlinks "-S" 0
Add option client_auth=path_to_ca_cert_file to the uhttpd config file. Only client certificates issued by a specified CA can be used for client authentication. Signed-off-by: Luka Logar <luka.logar@cifra.si> --- package/network/services/uhttpd/files/uhttpd.config | 3 +++ package/network/services/uhttpd/files/uhttpd.init | 1 + 2 files changed, 4 insertions(+)