mirror/iopsys-feed
1
0
Fork 0
mirror of https://dev.iopsys.eu/feed/iopsys.git synced 2025-12-10 07:44:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

icwmp: keep certs for non system ssl_capath

Browse source 
- store certificate paths in keep.d only if ssl_capath not configured as system default certificate path(/etc/ssl/certs)
This commit is contained in:
Amin Ben Romdhane 2024-02-28 13:37:10 +00:00 committed by Vivek Kumar Dutta
parent d99b63f6cf
commit 2ec27f40be
2 changed files with 17 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
icwmp/Makefile
View file

@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=icwmp PKG_NAME:=icwmp
PKG_VERSION:=9.6.7 PKG_VERSION:=9.6.8
LOCAL_DEV:=0 LOCAL_DEV:=0
ifneq ($(LOCAL_DEV),1) ifneq ($(LOCAL_DEV),1)

41
icwmp/files/etc/init.d/icwmpd
View file

@ -15,32 +15,24 @@ log() {
echo "${@}"|logger -t cwmp.init -p info echo "${@}"|logger -t cwmp.init -p info
} }
regenerate_ssl_link() regenerate_ssl_link() {
{ local cert_dir="${1%/}"
local cert_dir all_file rehash [ ! -d "${cert_dir}" ] || [ "${cert_dir}" = "/etc/ssl/certs" ] && return 0
cert_dir="${1}" generate_links() {
[ ! -d "${cert_dir}" ] && return 0; local file_type="$1"
local files="${cert_dir}"/*."${file_type}"
### Generate all ssl link for pem certicates ### for cfile in ${files}; do
all_file=$(ls "${cert_dir}"/*.pem 2>/dev/null) if [ -f "${cfile}" ]; then
if [ -n "${all_file}" ]; then rehash="$(openssl x509 -hash -noout -in "${cfile}")"
for cfile in $all_file; do [ -f "${cert_dir}/${rehash}.0" ] || \
rehash="$(openssl x509 -hash -noout -in "${cfile}")" ln -s "${cfile}" "${cert_dir}/${rehash}.0"
[ -f "${cert_dir}"/"${rehash}".0 ] || \ fi
ln -s "${cfile}" "${cert_dir}"/"${rehash}".0
done done
fi }
### Generate all ssl link for crt certicates ### generate_links "pem"
all_file=$(ls "${cert_dir}"/*.crt 2>/dev/null) generate_links "crt"
if [ -n "${all_file}" ]; then
for cfile in $all_file; do
rehash="$(openssl x509 -hash -noout -in "${cfile}")"
[ -f "${cert_dir}"/"${rehash}".0 ] || \
ln -s "${cfile}" "${cert_dir}"/"${rehash}".0
done
fi
} }
enable_dhcp_option43() { enable_dhcp_option43() {
@ -458,11 +450,10 @@ validate_defaults() {
ssl_capath="${ssl_capath%/}" ssl_capath="${ssl_capath%/}"
# Put the cert pem file in keep list # Put the cert pem file in keep list
if [ -d "${ssl_capath}" ]; then if [ -d "${ssl_capath}" ] && [ "${ssl_capath}" != "/etc/ssl/certs" ]; then
if ! grep "*.pem\|*.crt" /lib/upgrade/keep.d/icwmp; then if ! grep "*.pem\|*.crt" /lib/upgrade/keep.d/icwmp; then
echo "${ssl_capath}"'/*.pem' >> /lib/upgrade/keep.d/icwmp echo "${ssl_capath}"'/*.pem' >> /lib/upgrade/keep.d/icwmp
echo "${ssl_capath}"'/*.crt' >> /lib/upgrade/keep.d/icwmp echo "${ssl_capath}"'/*.crt' >> /lib/upgrade/keep.d/icwmp
echo "${ssl_capath}"'/*.0' >> /lib/upgrade/keep.d/icwmp
fi fi
fi fi