[OpenWrt-Devel] [PATCH 3/4] Run c_hash on the certificates

Christian Schoenebeck christian.schoenebeck at gmail.com
Wed Sep 24 16:40:49 EDT 2014


Am 24.09.2014 um 16:15 schrieb Cristian Morales Vega:
> It's needed for OpenSSL to find them.
> 
> Signed-off-by: Cristian Morales Vega <cristian at samknows.com>
> ---
>  package/system/ca-certificates/Makefile | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/package/system/ca-certificates/Makefile b/package/system/ca-certificates/Makefile
> index cd29c0a..492cbb5 100644
> --- a/package/system/ca-certificates/Makefile
> +++ b/package/system/ca-certificates/Makefile
> @@ -14,6 +14,8 @@ PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
>  PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/main/c/ca-certificates
>  PKG_MD5SUM:=0436aba482091da310bd762e1deca8b4
>  
> +PKG_BUILD_DEPENDS:=openssl-util/host
> +
>  PKG_INSTALL:=1
>  
>  include $(INCLUDE_DIR)/package.mk
> @@ -34,6 +36,7 @@ endef
>  define Package/ca-certificates/install
>  	$(INSTALL_DIR) $(1)/etc/ssl/certs
>  	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.pem $(1)/etc/ssl/certs/
> +	c_rehash $(1)/etc/ssl/certs/
>  endef
>  
>  $(eval $(call BuildPackage,ca-certificates))
> 
Hi Cristian,

I already offered attached patch to build hashes during build of ca-certificate package.
I'm using this patch for my own because it's not part of trunk.
curl and wget works fine with this as long as they have hashes to look at.
I'm not sure, but it makes no diff if file extension is pem or cer.

Christian

Date: Sun, 20 Jul 2014 10:48:50 +0200
Subject: [PATCH] [package] ca-certificates: create symbolic link for certificate hashes

Implementing "add-cert.sh" functionality described at
http://wiki.openwrt.org/doc/howto/wget-ssl-certs into Makefile
otherwise you need to create symbolic links for certificate hashes
yourself.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck at gmail.com>
---
 package/system/ca-certificates/Makefile | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/package/system/ca-certificates/Makefile b/package/system/ca-certificates/Makefile
index 7f38c86..08a853f 100644
--- a/package/system/ca-certificates/Makefile
+++ b/package/system/ca-certificates/Makefile
@@ -34,6 +34,15 @@ endef
 define Package/ca-certificates/install
 	$(INSTALL_DIR) $(1)/etc/ssl/certs
 	$(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/ca-certificates/*/*.crt $(1)/etc/ssl/certs/
+
+	for CERTFILE in `ls -1 $(1)/etc/ssl/certs`; do \
+		HASH=`openssl x509 -hash -noout -in $(1)/etc/ssl/certs/$$$$CERTFILE` ; \
+		SUFFIX=0 ; \
+		while [ -h "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ]; do \
+			let "SUFFIX += 1" ; \
+		done ; \
+		ln -s "$$$$CERTFILE" "$(1)/etc/ssl/certs/$$$$HASH.$$$$SUFFIX" ; \
+	done
 endef
 
 $(eval $(call BuildPackage,ca-certificates))
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list