mirror/icwmp
1
0
Fork 0
mirror of https://dev.iopsys.eu/bbf/icwmp.git synced 2025-12-10 07:44:41 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added client authentication via ssl cert

Browse source
This commit is contained in:
Suvendhu Hansa 2025-02-27 18:22:18 +05:30
parent 8bb5c68295
commit 4d44167e34
5 changed files with 49 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
docs/api/uci/cwmp.md
View file

@ -949,6 +949,40 @@
<div class="td_row_even">If set to **1**, icwmp will skip datatype validation on SPV operations.</div>
</td>
</tr>
<tr>
<td class="td_row_odd">
<div class="td_row_odd">ssl_cert_path</div>
</td>
<td class="td_row_odd">
<div class="td_row_odd">string</div>
</td>
<td class="td_row_odd">
<div class="td_row_odd">no</div>
</td>
<td class="td_row_odd">
<div class="td_row_odd"></div>
</td>
<td class="td_row_odd">
<div class="td_row_odd">Full path of SSL certificate in pem format, icwmp will send this certificate to ACS server for authentication.</div>
</td>
</tr>
<tr>
<td class="td_row_even">
<div class="td_row_even">ssl_key_path</div>
</td>
<td class="td_row_even">
<div class="td_row_even">string</div>
</td>
<td class="td_row_even">
<div class="td_row_even">no</div>
</td>
<td class="td_row_even">
<div class="td_row_even"></div>
</td>
<td class="td_row_even">
<div class="td_row_even">Full path of the pem file that has stored the key</div>
</td>
</tr>
</tbody>
</table>
</td>

3
src/common.h
View file

@ -170,7 +170,8 @@ typedef struct config {
char auto_cdu_result_type[BUF_SIZE_16];
char auto_cdu_fault_code[BUF_SIZE_16];
char default_wan_iface[BUF_SIZE_32];
char cpe_ssl_certpath[BUF_SIZE_256];
char cpe_ssl_keypath[BUF_SIZE_256];
} config;
struct deviceid {

5
src/config.c
View file

@ -76,8 +76,13 @@ int get_preinit_config()
cwmp_ctx.conf.supported_amd_version = cwmp_ctx.conf.amd_version;
get_uci_path_value(NULL, UCI_CPE_SSL_CERT_PATH, cwmp_ctx.conf.cpe_ssl_certpath, BUF_SIZE_256);
get_uci_path_value(NULL, UCI_CPE_SSL_KEY_PATH, cwmp_ctx.conf.cpe_ssl_keypath, BUF_SIZE_256);
CWMP_LOG(DEBUG, "CWMP CONFIG - default wan interface: %s", cwmp_ctx.conf.default_wan_iface);
CWMP_LOG(DEBUG, "CWMP CONFIG - amendement version: %d", cwmp_ctx.conf.amd_version);
CWMP_LOG(DEBUG, "CWMP CONFIG - cpe cert path: %s", cwmp_ctx.conf.cpe_ssl_certpath);
CWMP_LOG(DEBUG, "CWMP CONFIG - cpe key path: %s", cwmp_ctx.conf.cpe_ssl_keypath);
return CWMP_OK;
}

2
src/config.h
View file

@ -22,6 +22,8 @@
#define UCI_CPE_DEFAULT_WAN_IFACE "cwmp.cpe.default_wan_interface"
#define UCI_CPE_INCOMING_RULE "cwmp.cpe.incoming_rule"
#define UCI_CPE_AMD_VERSION "cwmp.cpe.amd_version"
#define UCI_CPE_SSL_CERT_PATH "cwmp.cpe.ssl_cert_path"
#define UCI_CPE_SSL_KEY_PATH "cwmp.cpe.ssl_key_path"
int cwmp_get_deviceid();
int cwmp_config_reload();

6
src/http.c
View file

@ -117,6 +117,12 @@ static void http_set_security_options()
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false);
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0);
}
if (CWMP_STRLEN(cwmp_ctx.conf.cpe_ssl_certpath) != 0 && file_exists(cwmp_ctx.conf.cpe_ssl_certpath) &&
CWMP_STRLEN(cwmp_ctx.conf.cpe_ssl_keypath) != 0 && file_exists(cwmp_ctx.conf.cpe_ssl_keypath)) {
curl_easy_setopt(curl, CURLOPT_SSLCERT, cwmp_ctx.conf.cpe_ssl_certpath);
curl_easy_setopt(curl, CURLOPT_SSLKEY, cwmp_ctx.conf.cpe_ssl_keypath);
}
}
static void http_set_connection_options()