uhttpd: support building against openssl instead of cyassl, minor cleanups (#7827)

SVN-Revision: 27686

package/uhttpd/Makefile

@@ -8,10 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=uhttpd
-PKG_RELEASE:=23
+PKG_RELEASE:=24
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
-PKG_BUILD_DEPENDS := libcyassl liblua
+PKG_CONFIG_DEPENDS := \
+	CONFIG_PACKAGE_uhttpd-mod-tls_cyassl \
+	CONFIG_PACKAGE_uhttpd-mod-tls_openssl
 
 include $(INCLUDE_DIR)/package.mk
 
@@ -38,13 +40,39 @@ endef
 define Package/uhttpd-mod-tls
   $(Package/uhttpd/default)
   TITLE+= (TLS plugin)
-  DEPENDS:=uhttpd +libcyassl
+  DEPENDS:=uhttpd +PACKAGE_uhttpd-mod-tls_cyassl:libcyassl +PACKAGE_uhttpd-mod-tls_openssl:libopenssl
 endef
 
 define Package/uhttpd-mod-tls/description
  The TLS plugin adds HTTPS support to uHTTPd.
 endef
 
+define Package/uhttpd-mod-tls/config
+        choice
+                depends on PACKAGE_uhttpd-mod-tls
+                prompt "TLS Provider"
+                default PACKAGE_uhttpd-mod-tls_cyassl
+
+                config PACKAGE_uhttpd-mod-tls_cyassl
+                        bool "CyaSSL"
+
+                config PACKAGE_uhttpd-mod-tls_openssl
+                        bool "OpenSSL"
+        endchoice
+endef
+
+UHTTPD_TLS:=
+TLS_CFLAGS:=
+
+ifneq ($(CONFIG_PACKAGE_uhttpd-mod-tls_cyassl),)
+  UHTTPD_TLS:=cyassl
+  TLS_CFLAGS:=-I$(STAGING_DIR)/usr/include/cyassl
+endif
+
+ifneq ($(CONFIG_PACKAGE_uhttpd-mod-tls_openssl),)
+  UHTTPD_TLS:=openssl
+endif
+
 
 define Package/uhttpd-mod-lua
   $(Package/uhttpd/default)
@@ -57,10 +85,8 @@ define Package/uhttpd-mod-lua/description
 endef
 
 
-# hack to use CyASSL headers
-TARGET_CFLAGS += -I$(firstword $(wildcard $(BUILD_DIR)/cyassl-*/include))
-TARGET_LDFLAGS += -lm
-MAKE_VARS += FPIC="$(FPIC)"
+TARGET_CFLAGS += $(TLS_CFLAGS)
+MAKE_VARS += FPIC="$(FPIC)" UHTTPD_TLS="$(UHTTPD_TLS)"
 
 define Build/Prepare
 	mkdir -p $(PKG_BUILD_DIR)

package/uhttpd/src/Makefile

@@ -1,17 +1,28 @@
 CGI_SUPPORT ?= 1
 LUA_SUPPORT ?= 1
 TLS_SUPPORT ?= 1
+UHTTPD_TLS ?= cyassl
 
-CFLAGS ?= -I./lua-5.1.4/src -I./cyassl-1.4.0/include -O0 -ggdb3
-LDFLAGS ?= -L./lua-5.1.4/src -L./cyassl-1.4.0/src/.libs
+CFLAGS ?= -I./lua-5.1.4/src -I$(TLS_INCLUDE_DIR) -O0 -ggdb3
+LDFLAGS ?= -L./lua-5.1.4/src -L$(TLS_LIB_DIR)
 
 CFLAGS += -Wall --std=gnu99
 
-OBJ = uhttpd.o uhttpd-file.o uhttpd-utils.o
-LIB = -Wl,--export-dynamic -lcrypt -ldl
+ifeq ($(UHTTPD_TLS),openssl)
+  TLS_LDFLAGS := -lssl
+  TLS_INCLUDE_DIR := ./openssl-0.9.8m/include
+  TLS_LIB_DIR := ./openssl-0.9.8m
+else
+  TLS_LDFLAGS := -lcyassl
+  TLS_INCLUDE_DIR := ./cyassl-1.4.0/include
+  TLS_LIB_DIR := ./cyassl-1.4.0/src/.libs
+endif
+
+OBJ := uhttpd.o uhttpd-file.o uhttpd-utils.o
+LIB := -Wl,--export-dynamic -lcrypt -ldl
 
-TLSLIB =
-LUALIB =
+TLSLIB :=
+LUALIB :=
 
 HAVE_SHADOW=$(shell echo 'int main(void){ return !getspnam("root"); }' | \
 	$(CC) -include shadow.h -xc -o/dev/null - 2>/dev/null && echo yes)
@@ -29,7 +40,7 @@ endif
 
 ifeq ($(LUA_SUPPORT),1)
   CFLAGS += -DHAVE_LUA
-  LUALIB = uhttpd_lua.so
+  LUALIB := uhttpd_lua.so
 
   $(LUALIB): uhttpd-lua.c
 		$(CC) $(CFLAGS) $(LDFLAGS) $(FPIC) \
@@ -39,11 +50,11 @@ endif
 
 ifeq ($(TLS_SUPPORT),1)
   CFLAGS += -DHAVE_TLS
-  TLSLIB = uhttpd_tls.so
+  TLSLIB := uhttpd_tls.so
 
   $(TLSLIB): uhttpd-tls.c
 		$(CC) $(CFLAGS) $(LDFLAGS) $(FPIC) \
-			-shared -lcyassl \
+			-shared $(TLS_LDFLAGS) \
 			-o $(TLSLIB) uhttpd-tls.c
 endif
 
@@ -55,4 +66,3 @@ compile: $(OBJ) $(TLSLIB) $(LUALIB)
 
 clean:
 	rm -f *.o *.so uhttpd
-

package/uhttpd/src/uhttpd-tls.c

@@ -23,7 +23,8 @@
 
 SSL_CTX * uh_tls_ctx_init()
 {
-	SSL_CTX *c = NULL;
+	SSL_CTX *c;
+
 	SSL_load_error_strings();
 	SSL_library_init();
 
@@ -59,13 +60,36 @@ void uh_tls_ctx_free(struct listener *l)
 }
 
 
-void uh_tls_client_accept(struct client *c)
+int uh_tls_client_accept(struct client *c)
 {
+	int rv;
+
 	if( c->server && c->server->tls )
 	{
 		c->tls = SSL_new(c->server->tls);
-		SSL_set_fd(c->tls, c->socket);
+		if( c->tls )
+		{
+			if( (rv = SSL_set_fd(c->tls, c->socket)) < 1 )
+				goto cleanup;
+			if( (rv = SSL_accept(c->tls)) < 1 )
+				goto cleanup;
+		}
+		else
+			rv = 0;
+	}
+	else
+	{
+		c->tls = NULL;
+		rv = 1;
 	}
+
+done:
+	return rv;
+
+cleanup:
+	SSL_free(c->tls);
+	c->tls = NULL;
+	goto done;
 }
 
 int uh_tls_client_recv(struct client *c, void *buf, int len)
@@ -90,5 +114,3 @@ void uh_tls_client_close(struct client *c)
 		c->tls = NULL;
 	}
 }
-
-

package/uhttpd/src/uhttpd-tls.h

@@ -26,10 +26,9 @@ int uh_tls_ctx_cert(SSL_CTX *c, const char *file);
 int uh_tls_ctx_key(SSL_CTX *c, const char *file);
 void uh_tls_ctx_free(struct listener *l);
 
-void uh_tls_client_accept(struct client *c);
+int uh_tls_client_accept(struct client *c);
 int uh_tls_client_recv(struct client *c, void *buf, int len);
 int uh_tls_client_send(struct client *c, void *buf, int len);
 void uh_tls_client_close(struct client *c);
 
 #endif
-

package/uhttpd/src/uhttpd.c

@@ -512,7 +512,22 @@ static void uh_mainloop(struct config *conf, fd_set serv_fds, int max_fd)
 #ifdef HAVE_TLS
 							/* setup client tls context */
 							if( conf->tls )
-								conf->tls_accept(cl);
+							{
+								if( conf->tls_accept(cl) < 1 )
+								{
+									fprintf(stderr,
+										"tls_accept failed, "
+										"connection dropped\n");
+
+									/* close client socket */
+									close(new_fd);
+
+									/* remove from global client list */
+									uh_client_remove(new_fd);
+
+									continue;
+								}
+							}
 #endif
 
 							/* add client socket to global fdset */

package/uhttpd/src/uhttpd.h

@@ -98,7 +98,7 @@ struct config {
 	int (*tls_cert) (SSL_CTX *c, const char *file);
 	int (*tls_key) (SSL_CTX *c, const char *file);
 	void (*tls_free) (struct listener *l);
-	void (*tls_accept) (struct client *c);
+	int (*tls_accept) (struct client *c);
 	void (*tls_close) (struct client *c);
 	int (*tls_recv) (struct client *c, void *buf, int len);
 	int (*tls_send) (struct client *c, void *buf, int len);
@@ -159,4 +159,3 @@ struct interpreter {
 #endif
 
 #endif
-