[Chilli] How to put uamport behind SSL?

Outback Dingo outbackdingo at gmail.com
Sun Nov 29 13:54:21 UTC 2009


it eould help if we knew what OS and version you were building on

On Sun, Nov 29, 2009 at 8:34 AM, Gunther Mayer <gunther.mayer at googlemail.com
> wrote:

>  Hi guys,
>
> I've been trying to enable clients to communicate to chilli's uamport over
> SSL for authentication. Our uamserver has been running with SSL from day one
> but the uamport access is currently still over ordinary http for lack of a
> better alternative. With newer browsers increasingly complaining about mixed
> content the time has come to ssl enable chilli's uamport as well (I know -
> we'll have to get a commercial certificate but that's OK).
>
> But how?
>
> At first I thought there's a simple solution: use matrixtunnel (or its
> successor xrelayd with xyssl/polarssl) in front of chilli, i.e. as a proxy
> to provide a "fake" SSL port for clients which is then forwarded to chilli's
> normal http uamport. I've got xrelayd installed and working but if I point
> my browser to
>
> https://ua.m.lis.ten:8443/prelogin
>
> I just get an empty page instead of the normal login page that I get when
> using the plain http://ua.m.lis.ten:uamport/prelogin (8443 is the port
> xrelayd is forwarding to chilli's uamport). I think that's because chilli
> only sees the http request as originating from the local machine instead of
> from the client and hence doesn't know what to do. Or am I doing something
> wrong here?
>
> Then I saw the very recent openssl support that David put in trunk this
> month and thought perhaps that's the solution. However, latest svn (r249)
> doesn't even compile:
>
> $ svn co http://dev.coova.org/svn/coova-chilli
> $ ./bootstrap2 # ./bootstrap no longer works here :-(
> $ ./configure --with-openssl
> $ make
> cd . && /bin/bash ./config.status config.h
> config.status: creating config.h
> config.status: config.h is unchanged
> make  all-recursive
> make[1]: Entering directory `/Coova/coova-chilli-1.0.15-pre-r249'
> Making all in bstring
> make[2]: Entering directory `/Coova/coova-chilli-1.0.15-pre-r249/bstring'
> make[2]: Nothing to be done for `all'.
> make[2]: Leaving directory `/Coova/coova-chilli-1.0.15-pre-r249/bstring'
> Making all in src
> make[2]: Entering directory `/Coova/coova-chilli-1.0.15-pre-r249/src'
> /bin/bash ../libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.
> -I..    -D_GNU_SOURCE -Wall -fno-builtin -fno-strict-aliasing -O2
> -fomit-frame-pointer -funroll-loops -pipe
> -DDEFCHILLICONF='"/usr/local/etc/chilli.conf"'
> -DDEFPIDFILE='"/usr/local/var/run/chilli.pid"'
> -DDEFSTATEDIR='"/usr/local/var/run"'
> -DDEFCMDSOCK='"/usr/local/var/run/chilli.sock"'
> -DSBINDIR='"/usr/local/sbin"' -I../bstring  -g -O2 -MT chilli.lo -MD -MP -MF
> .deps/chilli.Tpo -c -o chilli.lo chilli.c
> libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -D_GNU_SOURCE -Wall
> -fno-builtin -fno-strict-aliasing -O2 -fomit-frame-pointer -funroll-loops
> -pipe -DDEFCHILLICONF=\"/usr/local/etc/chilli.conf\"
> -DDEFPIDFILE=\"/usr/local/var/run/chilli.pid\"
> -DDEFSTATEDIR=\"/usr/local/var/run\"
> -DDEFCMDSOCK=\"/usr/local/var/run/chilli.sock\"
> -DSBINDIR=\"/usr/local/sbin\" -I../bstring -g -O2 -MT chilli.lo -MD -MP -MF
> .deps/chilli.Tpo -c chilli.c  -fPIC -DPIC -o .libs/chilli.o
> *chilli.c: In function ‘cb_redir_getstate’:
> chilli.c:1682: error: ‘struct dhcp_conn_t’ has no member named ‘dnatport’
> chilli.c:1683: error: ‘struct dhcp_conn_t’ has no member named ‘dnatstate’
> *chilli.c: In function ‘config_radius_session’:
> chilli.c:2429: warning: passing argument 3 of ‘pass_throughs_from_string’
> from incompatible pointer type
> garden.h:53: note: expected ‘size_t *’ but argument is of type ‘uint32_t *’
> chilli.c: In function ‘cmdsock_accept’:
> chilli.c:3756: warning: passing argument 3 of ‘accept’ from incompatible
> pointer type
> /usr/include/sys/socket.h:214: note: expected ‘socklen_t * __restrict__’
> but argument is of type ‘size_t *’
> chilli.c: In function ‘redir_msg’:
> chilli.c:3997: warning: passing argument 3 of ‘accept’ from incompatible
> pointer type
> /usr/include/sys/socket.h:214: note: expected ‘socklen_t * __restrict__’
> but argument is of type ‘size_t *’
> make[2]: *** [chilli.lo] Error 1
> make[2]: Leaving directory `/Coova/coova-chilli-1.0.15-pre-r249/src'
> make[1]: *** [all-recursive] Error 1
> make[1]: Leaving directory `/Coova/coova-chilli-1.0.15-pre-r249'
> make: *** [all] Error 2
>
> Now I'm really stuck. How do I achieve my goal?
>
> Gunther
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.coova.org/pipermail/chilli/attachments/20091129/0aec9399/attachment.htm>


More information about the Chilli mailing list