20170302_jeffrey - silenceuncrio/diary GitHub Wiki
0920
review
1020
修改 webcfg.c 的 LoadDefault()
static int LoadDefault(sWebConfig *pCfg) { IDBG("\n");
memset(pCfg, 0, sizeof(*pCfg));
pCfg->mode = ATTVAL_WEBMODE_BOTH;
pCfg->httpdPort = 80;
pCfg->httpsPort = 443;
pCfg->refreshPeriod = 2;
/* base on ZyXEL's web */
pCfg->serverWebPort = 80;
pCfg->WWWAccessInterface = 0; // {"value":0, "text": "ALL"}
pCfg->btnwww2 = 0; // {"value":0, "text": "All"}
strcpy(pCfg->serverWebClientIP, "0.0.0.0");
...
return ICOS_SUCCESS;
}
修改 pCfg->mode
從 ATTVAL_MODE_ON 改成 ATTVAL_WEBMODE_BOTH
觀察 web.log
root@Mobile Router:~# cat /home/log/web.log
1488421422[20170302 2:23:42] [notify_web:871]IN(E82|S44|D44)
1488421422[20170302 2:23:42] [notify_web:880]module init
1488421430[20170302 2:23:50] [notify_web:871]IN(E62|S00|D00)
1488421430[20170302 2:23:50] [notify_web:905]boot init done
1488421430[20170302 2:23:50] [web_dump:609]===init config===
1488421430[20170302 2:23:50] [web_dump:619][COM]conn_mgr=1,mod_init_done:1.
1488421430[20170302 2:23:50] [web_dump:640][CFG]mode=both,httpd_port=80,https_port=443,refreshperiod=2,sport=80,intf=all,secure=all,clienip=0.0.0.0
1488421430[20170302 2:23:50] [web_dump:648][DMN0]active=1,pid=-1,status=0,flag=0x0,DID0
1488421430[20170302 2:23:50] [web_dump:648][DMN1]active=1,pid=-1,status=0,flag=0x0,DID1
1488421430[20170302 2:23:50] [web_dump:653][RTI]wan4_ifname=,wan6_ifname=.
1488421430[20170302 2:23:50] [daemon_restart:756][DID0] remain IP server retry for 6 times.
1488421430[20170302 2:23:50] [create_daemon_conf:664]IN
1488421430[20170302 2:23:50] [create_daemon_conf:675]cmd_buf=>dir=/
1488421430[20170302 2:23:50] [create_daemon_conf:680]cmd_buf=>cgipat=cgi-bin/**
1488421430[20170302 2:23:50] [create_daemon_conf:685]cmd_buf=>chroot
1488421430[20170302 2:23:50] [create_daemon_conf:690]cmd_buf=>user=root
1488421430[20170302 2:23:50] [create_daemon_conf:695]cmd_buf=>max_age=0
1488421430[20170302 2:23:50] [create_daemon_conf:700]cmd_buf=>debug
1488421430[20170302 2:23:50] [daemon_restart:781][DMN]Lanch=>/usr/sbin/iweb -p 80 -d /www
1488421430[20170302 2:23:50] [daemon_restart:756][DID1] remain IP server retry for 6 times.
1488421430[20170302 2:23:50] [create_daemon_conf:664]IN
1488421430[20170302 2:23:50] [create_daemon_conf:675]cmd_buf=>dir=/
1488421430[20170302 2:23:50] [create_daemon_conf:680]cmd_buf=>cgipat=cgi-bin/**
1488421430[20170302 2:23:50] [create_daemon_conf:685]cmd_buf=>chroot
1488421430[20170302 2:23:50] [create_daemon_conf:690]cmd_buf=>user=root
1488421430[20170302 2:23:50] [create_daemon_conf:695]cmd_buf=>max_age=0
1488421430[20170302 2:23:50] [create_daemon_conf:700]cmd_buf=>debug
1488421430[20170302 2:23:50] [create_daemon_conf:707]cmd_buf=>ssl
1488421430[20170302 2:23:50] [create_daemon_conf:712]cmd_buf=>certfile=/etc/icos/ca/cert.pem
1488421430[20170302 2:23:50] [daemon_restart:781][DMN]Lanch=>/usr/sbin/iweb -p 443 -d /www
1488421430[20170302 2:23:50] [web_dump:609]===After daemon restart===
1488421430[20170302 2:23:50] [web_dump:619][COM]conn_mgr=1,mod_init_done:1.
1488421430[20170302 2:23:50] [web_dump:640][CFG]mode=both,httpd_port=80,https_port=443,refreshperiod=2,sport=80,intf=all,secure=all,clienip=0.0.0.0
1488421430[20170302 2:23:50] [web_dump:648][DMN0]active=1,pid=965,status=1,flag=0x0,DID0
1488421430[20170302 2:23:50] [web_dump:648][DMN1]active=1,pid=969,status=1,flag=0x0,DID1
1488421430[20170302 2:23:50] [web_dump:653][RTI]wan4_ifname=,wan6_ifname=.
1488421431[20170302 2:23:51] [notify_web:871]IN(E50|S59|D00)
1488421434[20170302 2:23:54] [msgcb_web:1155]IN(DID1,pid 969)
<--
Icos_user_root.session_ttl: 300 sec
Icos_user_root.user: root
Icos_user_root.pass: $1$$2Dg0uARUa9gcTJ9I5/iKb/
Starting iweb on port 443, serving /www
-->
1488421434[20170302 2:23:54] [msgcb_web:1155]IN(DID0,pid 965)
<--
Icos_user_root.session_ttl: 300 sec
Icos_user_root.user: root
Icos_user_root.pass: $1$$2Dg0uARUa9gcTJ9I5/iKb/
Starting iweb on port 80, serving /www
-->
1488421435[20170302 2:23:55] [notify_web:871]IN(E53|S50|D00)
1488421435[20170302 2:23:55] [notify_web:871]IN(E02|S56|D00)
1488421435[20170302 2:23:55] [notify_web:871]IN(E01|S56|D00)
1488421437[20170302 2:23:57] [notify_web:871]IN(E43|S35|D00)
可以發現兩個 daemon 的 log
DID0
1488421430[20170302 2:23:50] [daemon_restart:756][DID0] remain IP server retry for 6 times.
1488421430[20170302 2:23:50] [create_daemon_conf:664]IN
1488421430[20170302 2:23:50] [create_daemon_conf:675]cmd_buf=>dir=/
1488421430[20170302 2:23:50] [create_daemon_conf:680]cmd_buf=>cgipat=cgi-bin/**
1488421430[20170302 2:23:50] [create_daemon_conf:685]cmd_buf=>chroot
1488421430[20170302 2:23:50] [create_daemon_conf:690]cmd_buf=>user=root
1488421430[20170302 2:23:50] [create_daemon_conf:695]cmd_buf=>max_age=0
1488421430[20170302 2:23:50] [create_daemon_conf:700]cmd_buf=>debug
1488421430[20170302 2:23:50] [daemon_restart:781][DMN]Lanch=>/usr/sbin/iweb -p 80 -d /www
DID1
1488421430[20170302 2:23:50] [daemon_restart:756][DID1] remain IP server retry for 6 times.
1488421430[20170302 2:23:50] [create_daemon_conf:664]IN
1488421430[20170302 2:23:50] [create_daemon_conf:675]cmd_buf=>dir=/
1488421430[20170302 2:23:50] [create_daemon_conf:680]cmd_buf=>cgipat=cgi-bin/**
1488421430[20170302 2:23:50] [create_daemon_conf:685]cmd_buf=>chroot
1488421430[20170302 2:23:50] [create_daemon_conf:690]cmd_buf=>user=root
1488421430[20170302 2:23:50] [create_daemon_conf:695]cmd_buf=>max_age=0
1488421430[20170302 2:23:50] [create_daemon_conf:700]cmd_buf=>debug
1488421430[20170302 2:23:50] [create_daemon_conf:707]cmd_buf=>ssl
1488421430[20170302 2:23:50] [create_daemon_conf:712]cmd_buf=>certfile=/etc/icos/ca/cert.pem
1488421430[20170302 2:23:50] [daemon_restart:781][DMN]Lanch=>/usr/sbin/iweb -p 443 -d /www
再來就要把這 DID1 換成真正的 HTTPS
1115
參考 http://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl
再加上之前的 trace
試著解析 Obtain SSL certificate file and private key file
mongoose 要跑 HTTPS 需要以下兩個東西
- private key file - key.pem
- SSL certificate file - server.pem
我們可以利用以下的 openssl 命令一次就產生這兩個東西
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=localhost'
看一下 M300 上的操作
root@Mobile Router:/tmp# openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=localhost'
Generating a 2048 bit RSA private key
..+++
...........................................+++
writing new private key to 'key.pem'
-----
root@Mobile Router:/tmp# cat key.pem
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDZvpSf8ABFk3F1
hk0zzPwpQIL0CNntvgTJcQZAnJWExipwpWA72FD09RhnMzanO6w7eqM5mxT0evCM
Wec9ZN/WAuiO6WMqgeOPMHKTfA178foKZu5UZc/eE3lpGwRkxRdj2Wco1E2T4RcL
85hBIx2vZpIDX2KHLhWn6b3glT0SLLliJr+nU499iuON09GEhmQR8fChU20S4p4X
SPGPKl7Hh1WLEZPZQTbMShFEsCasQHdN3XACcJgJW3k/uovcORPq0BQUYOtqFYVW
8I/G9RFwWga9lT8udgYx9dsw0nUIrue8OPOd/4tGQQCJyewfx3SgWMtdc11uVbFg
rsrPbmjtAgMBAAECggEBALwSTpEuXS27Qn5+N+SMIykGXZWmp4UfYUcU5o+cL9D0
0OdnEA3gs1xA7okExSoA8qyVKrKw7pKUNX0kkgSHQoa5EGGP2GV4tzKQaAZXWdY6
lPuzGBuxrK9mJrHP8iWPzrohp2auqSsXei6KgnGQgS1k7K0ZECMufOoBjE2U2aD9
g9lSsKl3z9/d2SUjI5C1UrzBbkcMJp7FD3d3GtdrlHXyBQQj3xUrle/CA7nhBmZ3
7C9QiacamOdBp2y4MRKGUH+ASy5LFwKwbzSwLAqg9HnWcL806FyPN18HCGYFVsOn
BLC7QwRzCpPuCQCEnwAcHxZYzZsRkJE0am74dOCzd0ECgYEA+RVXiHzCSAvbPq9C
vy3tL18GcvdYmatVLs2PhAcgG4t5Y2D7hkhziQDaoJi5AXsIJk+Svcavb9UObi9G
BOoy6zq5jceGJ501V5kt/YaLW3MlnqNDkDo5xgp3wZBxyH6RnXnQlfmTJdRVzxSp
Q/sld/DBjvthr6jupLcsjEDpLFUCgYEA38p1tyuKzkwPbP5+ghb0OAuRpsfBALTl
xFOUrT3qIqpv7QRfpX1KVz8KFZ3OfvKnh8zgNJBqFL17zXwAb4+XIJD4PSs+ABz7
A/5cscUNkuHGtN5/RaVR4KEQdaCRmpAKNCCiSnx/pfxN2gIYYgFJ+VifsXGaYI9I
MIvdRhFfYjkCgYAy8aaBh+LEkYg5/eaM63vDYJAVG3nHlD9L30cnHb33ZENjjAZl
pJPcxYvxpMrR/rPgAg5lOinPmafl6U1M3AmmCtDAqrpJh+HNFMtPOyFthtN+6q16
5i3Cz4lG0aAz/Y8SwkNjKTRrXE5gmD02Zjt3mIo+EDQelVKZ5cz6spv+MQKBgQCB
lB4i6EBgASRxbM5djuLrzK8STdlQCm58BhUxVodKeTuDlqO3E9vGtsalC5G0adZd
SGCNrwztY2Xa7jDmZ9MO1UIXUQF+WUly34ZWnI2mfbproeU5s2a8VSZNpaKJR1vR
IRA3Zu0WdAez8sChhrOJgCo/OVM1E+Gt0l5WItsC6QKBgHCbOU+kI8ZW8O2xk7HY
1CHQzrN34EuhdM/RNGHvhsROp5lfbcOTXWUDFBo8HnkQEL2Lnt1nUnwwmEfAQ/d2
3cnk87A3HpCYPeg7Qyg3Py1iRmRw8SW0TqWivKCVVA3C7RR7pQYMie191s/5K02a
H7EZKqOsXQ/Sa0qcyeeSI79o
-----END PRIVATE KEY-----
root@Mobile Router:/tmp# cat cert.pem
-----BEGIN CERTIFICATE-----
MIIC+zCCAeOgAwIBAgIJAJEXSmc/OFf9MA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
BAMMCWxvY2FsaG9zdDAeFw0xNzAzMDIwMzExMThaFw0xODAzMDIwMzExMThaMBQx
EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANm+lJ/wAEWTcXWGTTPM/ClAgvQI2e2+BMlxBkCclYTGKnClYDvYUPT1GGcz
Nqc7rDt6ozmbFPR68IxZ5z1k39YC6I7pYyqB448wcpN8DXvx+gpm7lRlz94TeWkb
BGTFF2PZZyjUTZPhFwvzmEEjHa9mkgNfYocuFafpveCVPRIsuWImv6dTj32K443T
0YSGZBHx8KFTbRLinhdI8Y8qXseHVYsRk9lBNsxKEUSwJqxAd03dcAJwmAlbeT+6
i9w5E+rQFBRg62oVhVbwj8b1EXBaBr2VPy52BjH12zDSdQiu57w4853/i0ZBAInJ
7B/HdKBYy11zXW5VsWCuys9uaO0CAwEAAaNQME4wHQYDVR0OBBYEFD4DIKJ0nSVN
GsVRnO4Y4SYhkYlPMB8GA1UdIwQYMBaAFD4DIKJ0nSVNGsVRnO4Y4SYhkYlPMAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAI7yzQFNutKQrVC8/U7hfUpi
Eovgq8YulKNz3P7ncCsq3Ex3Sw5wCb6Ps5Sdi4F1SSU+iFAbFxO5tIC1WWTWUeh5
9G4LNfAa1dUwOJPJxlJCjA3u+xiCbZQxm7Fc2md00Hs/9hjZAaapAv8lqfEIQB9T
CXwOAQg2Q2F0WHmKK/pEdWBAq3iNHAGAoDaf5Yu+E+TG0wY3KpUhGGDkurp2YceA
wQalqJ3IxY3WCqr7kz5oQq4l8WfcsNz4kOje83/7mkETyyX3og8hKHwfDHy6tDC2
X0fY/UyZCzrt36PZgxen9wLjgnHISnVU6iGo0mMplKDIVXIouI2Jr2EvKHhchYo=
-----END CERTIFICATE-----
1300
模仿 sshcfg.c 裡頭跟 key 有關的流程
1500
工規產品 顧問 教育訓練 開始
1710
工規產品 顧問 教育訓練 結束