[PATCH] libopkg: Add support for client certificate authentication

Wed, 21 Jun 2023 08:06:51 -0700 

Add support for the `--certificate` option of `wget`, which allows
to authenticate using a client certificate to a server requesting
it. This is useful in order to be able to serve OpenWrt packages,
but only to authenticated devices.

>From `man wget`:
--certificate=file: Use the client certificate stored in file.
This is needed for servers that are configured to require certificates
from the clients that connect to them. Normally a certificate is not
required and this switch is optional.

Signed-off-by: Jean Thomas <jean.tho...@wifirst.fr>
---
 libopkg/opkg_conf.c     | 1 +
 libopkg/opkg_conf.h     | 1 +
 libopkg/opkg_download.c | 6 +++++-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/libopkg/opkg_conf.c b/libopkg/opkg_conf.c
index 0cbd1cc..e82a58a 100644
--- a/libopkg/opkg_conf.c
+++ b/libopkg/opkg_conf.c
@@ -55,6 +55,7 @@ opkg_option_t options[] = {
        {"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
        {"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
        {"no_check_certificate", OPKG_OPT_TYPE_BOOL, 
&_conf.no_check_certificate},
+       {"client_certificate", OPKG_OPT_TYPE_STRING, &_conf.client_certificate},
        {"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
        {"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
        {"http_timeout", OPKG_OPT_TYPE_STRING, &_conf.http_timeout},
diff --git a/libopkg/opkg_conf.h b/libopkg/opkg_conf.h
index 781c8f4..d60245b 100644
--- a/libopkg/opkg_conf.h
+++ b/libopkg/opkg_conf.h
@@ -80,6 +80,7 @@ struct opkg_conf {
        int check_signature;
        int force_signature;
        int no_check_certificate;
+       char *client_certificate;
        int nodeps;             /* do not follow dependencies */
        int nocase;             /* perform case insensitive matching */
        char *offline_root;
diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
index af91f12..1347617 100644
--- a/libopkg/opkg_download.c
+++ b/libopkg/opkg_download.c
@@ -154,7 +154,7 @@ opkg_download(const char *src, const char *dest_file_name,
 
        {
                int res;
-               const char *argv[11];
+               const char *argv[13];
                int i = 0;
 
                argv[i++] = "wget";
@@ -162,6 +162,10 @@ opkg_download(const char *src, const char *dest_file_name,
                if (conf->no_check_certificate) {
                        argv[i++] = "--no-check-certificate";
                }
+               if (conf->client_certificate) {
+                       argv[i++] = "--certificate";
+                       argv[i++] = conf->client_certificate;
+               }
                if (conf->http_timeout) {
                        argv[i++] = "--timeout";
                        argv[i++] = conf->http_timeout;
-- 
2.39.2


_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Reply via email to