mirror of
https://dev.iopsys.eu/feed/iopsys.git
synced 2025-12-10 07:44:50 +01:00
icwmp: keep certs for non system ssl_capath
- store certificate paths in keep.d only if ssl_capath not configured as system default certificate path(/etc/ssl/certs)
This commit is contained in:
Amin Ben Romdhane
Vivek Kumar Dutta
parent
d99b63f6cf
commit
2ec27f40be
2 changed files with 17 additions and 26 deletions
|
|
@ -8,7 +8,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=icwmp
|
||||
PKG_VERSION:=9.6.7
|
||||
PKG_VERSION:=9.6.8
|
||||
|
||||
LOCAL_DEV:=0
|
||||
ifneq ($(LOCAL_DEV),1)
|
||||
|
|
|
|||
|
|
@ -15,32 +15,24 @@ log() {
|
|||
echo "${@}"|logger -t cwmp.init -p info
|
||||
}
|
||||
|
||||
regenerate_ssl_link()
|
||||
{
|
||||
local cert_dir all_file rehash
|
||||
regenerate_ssl_link() {
|
||||
local cert_dir="${1%/}"
|
||||
[ ! -d "${cert_dir}" ] || [ "${cert_dir}" = "/etc/ssl/certs" ] && return 0
|
||||
|
||||
cert_dir="${1}"
|
||||
[ ! -d "${cert_dir}" ] && return 0;
|
||||
|
||||
### Generate all ssl link for pem certicates ###
|
||||
all_file=$(ls "${cert_dir}"/*.pem 2>/dev/null)
|
||||
if [ -n "${all_file}" ]; then
|
||||
for cfile in $all_file; do
|
||||
rehash="$(openssl x509 -hash -noout -in "${cfile}")"
|
||||
[ -f "${cert_dir}"/"${rehash}".0 ] || \
|
||||
ln -s "${cfile}" "${cert_dir}"/"${rehash}".0
|
||||
generate_links() {
|
||||
local file_type="$1"
|
||||
local files="${cert_dir}"/*."${file_type}"
|
||||
for cfile in ${files}; do
|
||||
if [ -f "${cfile}" ]; then
|
||||
rehash="$(openssl x509 -hash -noout -in "${cfile}")"
|
||||
[ -f "${cert_dir}/${rehash}.0" ] || \
|
||||
ln -s "${cfile}" "${cert_dir}/${rehash}.0"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
### Generate all ssl link for crt certicates ###
|
||||
all_file=$(ls "${cert_dir}"/*.crt 2>/dev/null)
|
||||
if [ -n "${all_file}" ]; then
|
||||
for cfile in $all_file; do
|
||||
rehash="$(openssl x509 -hash -noout -in "${cfile}")"
|
||||
[ -f "${cert_dir}"/"${rehash}".0 ] || \
|
||||
ln -s "${cfile}" "${cert_dir}"/"${rehash}".0
|
||||
done
|
||||
fi
|
||||
generate_links "pem"
|
||||
generate_links "crt"
|
||||
}
|
||||
|
||||
enable_dhcp_option43() {
|
||||
|
|
@ -458,11 +450,10 @@ validate_defaults() {
|
|||
|
||||
ssl_capath="${ssl_capath%/}"
|
||||
# Put the cert pem file in keep list
|
||||
if [ -d "${ssl_capath}" ]; then
|
||||
if [ -d "${ssl_capath}" ] && [ "${ssl_capath}" != "/etc/ssl/certs" ]; then
|
||||
if ! grep "*.pem\|*.crt" /lib/upgrade/keep.d/icwmp; then
|
||||
echo "${ssl_capath}"'/*.pem' >> /lib/upgrade/keep.d/icwmp
|
||||
echo "${ssl_capath}"'/*.crt' >> /lib/upgrade/keep.d/icwmp
|
||||
echo "${ssl_capath}"'/*.0' >> /lib/upgrade/keep.d/icwmp
|
||||
fi
|
||||
fi
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue