[Chilli] How to put uamport behind SSL?

Gunther Mayer gunther.mayer at googlemail.com
Sun Nov 29 13:34:32 UTC 2009 

Hi guys,

I've been trying to enable clients to communicate to chilli's uamport 
over SSL for authentication. Our uamserver has been running with SSL 
from day one but the uamport access is currently still over ordinary 
http for lack of a better alternative. With newer browsers increasingly 
complaining about mixed content the time has come to ssl enable chilli's 
uamport as well (I know - we'll have to get a commercial certificate but 
that's OK).

But how?

At first I thought there's a simple solution: use matrixtunnel (or its 
successor xrelayd with xyssl/polarssl) in front of chilli, i.e. as a 
proxy to provide a "fake" SSL port for clients which is then forwarded 
to chilli's normal http uamport. I've got xrelayd installed and working 
but if I point my browser to

https://ua.m.lis.ten:8443/prelogin

I just get an empty page instead of the normal login page that I get 
when using the plain http://ua.m.lis.ten:uamport/prelogin (8443 is the 
port xrelayd is forwarding to chilli's uamport). I think that's because 
chilli only sees the http request as originating from the local machine 
instead of from the client and hence doesn't know what to do. Or am I 
doing something wrong here?

Then I saw the very recent openssl support that David put in trunk this 
month and thought perhaps that's the solution. However, latest svn 
(r249) doesn't even compile:

$ svn co http://dev.coova.org/svn/coova-chilli
$ ./bootstrap2 # ./bootstrap no longer works here :-(
$ ./configure --with-openssl
$ make
cd . && /bin/bash ./config.status config.h
config.status: creating config.h
config.status: config.h is unchanged
make  all-recursive
make[1]: Entering directory `/Coova/coova-chilli-1.0.15-pre-r249'
Making all in bstring
make[2]: Entering directory `/Coova/coova-chilli-1.0.15-pre-r249/bstring'
make[2]: Nothing to be done for `all'.
make[2]: Leaving directory `/Coova/coova-chilli-1.0.15-pre-r249/bstring'
Making all in src
make[2]: Entering directory `/Coova/coova-chilli-1.0.15-pre-r249/src'
/bin/bash ../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I. 
-I..    -D_GNU_SOURCE -Wall -fno-builtin -fno-strict-aliasing -O2 
-fomit-frame-pointer -funroll-loops -pipe 
-DDEFCHILLICONF='"/usr/local/etc/chilli.conf"' 
-DDEFPIDFILE='"/usr/local/var/run/chilli.pid"' 
-DDEFSTATEDIR='"/usr/local/var/run"' 
-DDEFCMDSOCK='"/usr/local/var/run/chilli.sock"' 
-DSBINDIR='"/usr/local/sbin"' -I../bstring  -g -O2 -MT chilli.lo -MD -MP 
-MF .deps/chilli.Tpo -c -o chilli.lo chilli.c
libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -D_GNU_SOURCE -Wall 
-fno-builtin -fno-strict-aliasing -O2 -fomit-frame-pointer 
-funroll-loops -pipe -DDEFCHILLICONF=\"/usr/local/etc/chilli.conf\" 
-DDEFPIDFILE=\"/usr/local/var/run/chilli.pid\" 
-DDEFSTATEDIR=\"/usr/local/var/run\" 
-DDEFCMDSOCK=\"/usr/local/var/run/chilli.sock\" 
-DSBINDIR=\"/usr/local/sbin\" -I../bstring -g -O2 -MT chilli.lo -MD -MP 
-MF .deps/chilli.Tpo -c chilli.c  -fPIC -DPIC -o .libs/chilli.o
*chilli.c: In function 'cb_redir_getstate':
chilli.c:1682: error: 'struct dhcp_conn_t' has no member named 'dnatport'
chilli.c:1683: error: 'struct dhcp_conn_t' has no member named 'dnatstate'
*chilli.c: In function 'config_radius_session':
chilli.c:2429: warning: passing argument 3 of 
'pass_throughs_from_string' from incompatible pointer type
garden.h:53: note: expected 'size_t *' but argument is of type 'uint32_t *'
chilli.c: In function 'cmdsock_accept':
chilli.c:3756: warning: passing argument 3 of 'accept' from incompatible 
pointer type
/usr/include/sys/socket.h:214: note: expected 'socklen_t * __restrict__' 
but argument is of type 'size_t *'
chilli.c: In function 'redir_msg':
chilli.c:3997: warning: passing argument 3 of 'accept' from incompatible 
pointer type
/usr/include/sys/socket.h:214: note: expected 'socklen_t * __restrict__' 
but argument is of type 'size_t *'
make[2]: *** [chilli.lo] Error 1
make[2]: Leaving directory `/Coova/coova-chilli-1.0.15-pre-r249/src'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/Coova/coova-chilli-1.0.15-pre-r249'
make: *** [all] Error 2

Now I'm really stuck. How do I achieve my goal?

Gunther
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20091129/2be20062/attachment.htm>

More information about the Chilli mailing list