@@ -55,6 +55,7 @@ opkg_option_t options[] = {
{"force_checksum", OPKG_OPT_TYPE_BOOL, &_conf.force_checksum},
{"check_signature", OPKG_OPT_TYPE_BOOL, &_conf.check_signature},
{"no_check_certificate", OPKG_OPT_TYPE_BOOL, &_conf.no_check_certificate},
+ {"client_certificate", OPKG_OPT_TYPE_STRING, &_conf.client_certificate},
{"ftp_proxy", OPKG_OPT_TYPE_STRING, &_conf.ftp_proxy},
{"http_proxy", OPKG_OPT_TYPE_STRING, &_conf.http_proxy},
{"http_timeout", OPKG_OPT_TYPE_STRING, &_conf.http_timeout},
@@ -80,6 +80,7 @@ struct opkg_conf {
int check_signature;
int force_signature;
int no_check_certificate;
+ char *client_certificate;
int nodeps; /* do not follow dependencies */
int nocase; /* perform case insensitive matching */
char *offline_root;
@@ -154,7 +154,7 @@ opkg_download(const char *src, const char *dest_file_name,
{
int res;
- const char *argv[11];
+ const char *argv[13];
int i = 0;
argv[i++] = "wget";
@@ -162,6 +162,10 @@ opkg_download(const char *src, const char *dest_file_name,
if (conf->no_check_certificate) {
argv[i++] = "--no-check-certificate";
}
+ if (conf->client_certificate) {
+ argv[i++] = "--certificate";
+ argv[i++] = conf->client_certificate;
+ }
if (conf->http_timeout) {
argv[i++] = "--timeout";
argv[i++] = conf->http_timeout;
Add support for the `--certificate` option of `wget`, which allows to authenticate using a client certificate to a server requesting it. This is useful in order to be able to serve OpenWrt packages, but only to authenticated devices. From `man wget`: --certificate=file: Use the client certificate stored in file. This is needed for servers that are configured to require certificates from the clients that connect to them. Normally a certificate is not required and this switch is optional. Signed-off-by: Jean Thomas <jean.thomas@wifirst.fr> --- libopkg/opkg_conf.c | 1 + libopkg/opkg_conf.h | 1 + libopkg/opkg_download.c | 6 +++++- 3 files changed, 7 insertions(+), 1 deletion(-)