diff --git a/docs/api/uci/cwmp.md b/docs/api/uci/cwmp.md index 5156fdc..bf00ff8 100644 --- a/docs/api/uci/cwmp.md +++ b/docs/api/uci/cwmp.md @@ -371,6 +371,40 @@
if set to **1**, the cwmp client will be enabled.
+ + +
client_cert_path
+ + +
string
+ + +
no
+ + +
+ + +
Full path client perm certificate, icwmp will send this certificate to ACS server for authentication.
+ + + + +
client_key_path
+ + +
string
+ + +
no
+ + +
+ + +
Full path of client key pem file
+ +
manufacturer
diff --git a/schemas/uci/cwmp.json b/schemas/uci/cwmp.json index 29c2304..5abeafd 100644 --- a/schemas/uci/cwmp.json +++ b/schemas/uci/cwmp.json @@ -131,6 +131,20 @@ "default": "1", "description": "if set to **1**, the cwmp client will be enabled. " }, + { + "name": "client_cert_path", + "type": "string", + "required": "no", + "default": "", + "description": "Full path client perm certificate, icwmp will send this certificate to ACS server for authentication." + }, + { + "name": "client_key_path", + "type": "string", + "required": "no", + "default": "", + "description": "Full path of client key pem file" + }, { "name": "manufacturer", "type": "string", diff --git a/src/common.h b/src/common.h index 75b7540..8bb702b 100644 --- a/src/common.h +++ b/src/common.h @@ -170,7 +170,8 @@ typedef struct config { char auto_cdu_result_type[BUF_SIZE_16]; char auto_cdu_fault_code[BUF_SIZE_16]; char default_wan_iface[BUF_SIZE_32]; - + char cpe_client_cert[BUF_SIZE_256]; + char cpe_client_key[BUF_SIZE_256]; } config; struct deviceid { diff --git a/src/config.c b/src/config.c index 17abee9..0a9d028 100755 --- a/src/config.c +++ b/src/config.c @@ -76,8 +76,13 @@ int get_preinit_config() cwmp_ctx.conf.supported_amd_version = cwmp_ctx.conf.amd_version; + get_uci_path_value(NULL, UCI_CPE_CERT_PATH, cwmp_ctx.conf.cpe_client_cert, BUF_SIZE_256); + get_uci_path_value(NULL, UCI_CPE_KEY_PATH, cwmp_ctx.conf.cpe_client_key, BUF_SIZE_256); + CWMP_LOG(DEBUG, "CWMP CONFIG - default wan interface: %s", cwmp_ctx.conf.default_wan_iface); CWMP_LOG(DEBUG, "CWMP CONFIG - amendement version: %d", cwmp_ctx.conf.amd_version); + CWMP_LOG(DEBUG, "CWMP CONFIG - cpe cert path: %s", cwmp_ctx.conf.cpe_client_cert); + CWMP_LOG(DEBUG, "CWMP CONFIG - cpe key path: %s", cwmp_ctx.conf.cpe_client_key); return CWMP_OK; } diff --git a/src/config.h b/src/config.h index ad4988f..1764404 100755 --- a/src/config.h +++ b/src/config.h @@ -22,6 +22,8 @@ #define UCI_CPE_DEFAULT_WAN_IFACE "cwmp.cpe.default_wan_interface" #define UCI_CPE_INCOMING_RULE "cwmp.cpe.incoming_rule" #define UCI_CPE_AMD_VERSION "cwmp.cpe.amd_version" +#define UCI_CPE_CERT_PATH "cwmp.cpe.client_cert_path" +#define UCI_CPE_KEY_PATH "cwmp.cpe.client_key_path" int cwmp_get_deviceid(); int cwmp_config_reload(); diff --git a/src/http.c b/src/http.c index c18437e..22f1905 100644 --- a/src/http.c +++ b/src/http.c @@ -117,6 +117,12 @@ static void http_set_security_options() curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, false); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); } + + if (CWMP_STRLEN(cwmp_ctx.conf.cpe_client_cert) != 0 && file_exists(cwmp_ctx.conf.cpe_client_cert) && + CWMP_STRLEN(cwmp_ctx.conf.cpe_client_key) != 0 && file_exists(cwmp_ctx.conf.cpe_client_key)) { + curl_easy_setopt(curl, CURLOPT_SSLCERT, cwmp_ctx.conf.cpe_client_cert); + curl_easy_setopt(curl, CURLOPT_SSLKEY, cwmp_ctx.conf.cpe_client_key); + } } static void http_set_connection_options()