Hi,
I've submitted a set of patches in Februray to enable certificate/two
factor authentication for LuCI.
I guess, there is no will to accept those patches?
Kind regards
Luka
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https:/
When available, pass TLS client certificate data (subject name & cert hash) to
the rpcd daemon
for authentication (as username and password). Add an extra mode='cert'
parameter, so the rpcd
is aware they come from certificate and are treated accordingly
Signed-off-
stored in the /etc/config/rpcd
file.
Signed-off-by: Luka Logar
---
session.c | 16 +---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/session.c b/session.c
index 908e298..b577475 100644
--- a/session.c
+++ b/session.c
@@ -120,12 +120,14 @@ enum {
Add option client_auth=path_to_ca_cert_file to the uhttpd config file. Only
client certificates issued by
a specified CA can be used for client authentication.
Signed-off-by: Luka Logar
---
package/network/services/uhttpd/files/uhttpd.config | 3 +++
package/network/services/uhttpd/files
The above series of patches puts everything in place for the LuCI TLS
client certificate authentication. The authentication is disabled by default
and must be enabled in uhttpd config by setting
uci set uhttpd.main.client_auth='/etc/ssl/certs/clientCA.crt'
Also, user/certificate must be added i
HTTPS_CLIENT_CERT,
HTTPS_CLIENT_CERT_SHA256 and HTTPS_CLIENT_CERT_SN environment variables.
Currently not supported by
mbedtls backend.
Signed-off-by: Luka Logar
---
main.c | 10 --
proc.c | 9 +
tls.c | 7 ++-
tls.h | 2 +-
4 files changed, 24 insertions(+), 4 deletions(-)
diff
Store peer certificate, it's sha256 hash and subject name in ustream_ssl
struct, so the upper layer
can access and use this data. This data can then be used, for example, in
client authentication.
Signed-off-by: Luka Logar
---
ustream-openssl.c | 22 ++
ustream-
Hi,
I've implemented LuCI TLS user certificate authentication (instead of
standard user/password). How/where do I submit patches to rpcd,
ustream-ssl, uhttpd and luci?
Kind regards
Luka
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.
This patch adds the eap-radius plugin to the list of available plugins.
Signed-off-by: Luka Logar
---
diff -urN a/feeds/packages/net/strongswan/Makefile
b/feeds/packages/net/strongswan/Makefile
--- a/feeds/packages/net/strongswan/Makefile2013-03-18 11:04:09.0
+0100
+++ b/feeds
This patch adds a simple init.d script (taken from
http://wiki.openwrt.org/inbox/strongswan.howto),
Signed-off-by: Luka Logar
---
diff -urN a/feeds/packages/net/strongswan/Makefile
b/feeds/packages/net/strongswan/Makefile
--- a/feeds/packages/net/strongswan/Makefile2013-03-18 11:02
10 matches
Mail list logo
