Add support for the `--certificate` option of `wget`, which allows to authenticate using a client certificate to a server requesting it. This is useful in order to be able to serve OpenWrt packages, but only to authenticated devices.
>From `man wget`: --certificate=file: Use the client certificate stored in file. This is needed for servers that are configured to require certificates from the clients that connect to them. Normally a certificate is not required and this switch is optional. Signed-off-by: Jean Thomas <jean.tho...@wifirst.fr> --- libopkg/opkg_conf.c | 1 + libopkg/opkg_conf.h | 1 + libopkg/opkg_download.c | 6 +++++- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c index 0cbd1cc..e82a58a 100644 --- a/libopkg/opkg_conf.c +++ b/libopkg/opkg_conf.c @@ -55,6 +55,7 @@ opkg_option_t options[] = { {"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum}, {"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature}, {"no_check_certificate", OPKG_OPT_TYPE_BOOL, &_conf.no_check_certificate}, + {"client_certificate", OPKG_OPT_TYPE_STRING, &_conf.client_certificate}, {"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy}, {"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy}, {"http_timeout", OPKG_OPT_TYPE_STRING, &_conf.http_timeout}, diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h index 781c8f4..d60245b 100644 --- a/libopkg/opkg_conf.h +++ b/libopkg/opkg_conf.h @@ -80,6 +80,7 @@ struct opkg_conf { int check_signature; int force_signature; int no_check_certificate; + char *client_certificate; int nodeps; /* do not follow dependencies */ int nocase; /* perform case insensitive matching */ char *offline_root; diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c index af91f12..1347617 100644 --- a/libopkg/opkg_download.c +++ b/libopkg/opkg_download.c @@ -154,7 +154,7 @@ opkg_download(const char *src, const char *dest_file_name, { int res; - const char *argv[11]; + const char *argv[13]; int i = 0; argv[i++] = "wget"; @@ -162,6 +162,10 @@ opkg_download(const char *src, const char *dest_file_name, if (conf->no_check_certificate) { argv[i++] = "--no-check-certificate"; } + if (conf->client_certificate) { + argv[i++] = "--certificate"; + argv[i++] = conf->client_certificate; + } if (conf->http_timeout) { argv[i++] = "--timeout"; argv[i++] = conf->http_timeout; -- 2.39.2 _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel