@ -43,15 +43,19 @@ generate_keys() {
config_get state "$cfg" state
config_get state "$cfg" state
config_get location "$cfg" location
config_get location "$cfg" location
config_get commonname "$cfg" commonname
config_get commonname "$cfg" commonname
config_get key_type "$cfg" key_type
config_get ec_curve "$cfg" ec_curve
# Prefer px5g for certificate generation (existence evaluated last)
# Prefer px5g for certificate generation (existence evaluated last)
local GENKEY_CMD=""
local GENKEY_CMD=""
local KEY_OPTS="rsa:${bits:-2048}"
local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"')
[ "$key_type" = "ec" ] && KEY_OPTS="ec -pkeyopt ec_paramgen_curve:${ec_curve:-P-256}"
[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform der -nodes"
[ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform der -nodes"
[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
[ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der"
[ -n "$GENKEY_CMD" ] && {
[ -n "$GENKEY_CMD" ] && {
$GENKEY_CMD \
$GENKEY_CMD \
-days ${days:-730} -newkey rsa:${bits:-2048 } -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
-days ${days:-730} -newkey ${KEY_OPTS } -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \
-subj /C="${country:-ZZ}"/ST="${state:-Somewhere}"/L="${location:-Unknown}"/O="${commonname:-OpenWrt}$UNIQUEID"/CN="${commonname:-OpenWrt}"
-subj /C="${country:-ZZ}"/ST="${state:-Somewhere}"/L="${location:-Unknown}"/O="${commonname:-OpenWrt}$UNIQUEID"/CN="${commonname:-OpenWrt}"
sync
sync
mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}"
mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}"