I am trying to compile coova-chilli with SSL support using wolfssl on OpenWrt 24, my impression is that it's currently broken, here's the highlights:
.config:
CONFIG_PACKAGE_coova-chilli=y
# CONFIG_COOVACHILLI_PROXY is not set
CONFIG_COOVACHILLI_REDIR=y
# CONFIG_COOVACHILLI_MINIPORTAL is not set
CONFIG_COOVACHILLI_USERAGENT=y
CONFIG_COOVACHILLI_UAMDOMAINFILE=y
CONFIG_COOVACHILLI_LARGELIMITS=y
# CONFIG_COOVACHILLI_JSONINTERFACE is not set
# CONFIG_COOVACHILLI_NOSSL is not set
CONFIG_COOVACHILLI_WOLFSSL=y
# CONFIG_COOVACHILLI_OPENSSL is not set
Compilation error:
ssl.h:52:10: fatal error: cyassl/options.h: No such file or directory
52 | #include <cyassl/options.h>
| ^~~~~~~~~~~~~~~~~~
compilation terminated.
It's looking for cyassl/options.h, which if I am not mistaken, is the old path used by wolfssl when it was named cyassl, which was quite a few years ago. I think this needs patching, but I wanted to hear a second and/or third opinion before proceeding.
Coovachilli is no longer maintained, you should consider switching to openNDS, which is not only supported but has the great upside of @bluewavenet being active on this forum and quick to chime in if any issues come up.
After patching the code to point to wolfssl instead of cyassl the compilation is done. So it's definitely a bug. I am not sure wether it's better to patch this in the OpenWrt package or send the patch upstream. Maybe we need to do both.
@Nihilokrat, openNDS is great, but coova-chilli has native support for RADIUS and CoA (change of authorization), which is something I need in most deployments, and openNDS last time I checked couldn't do this, so it's much cheaper to do small fixes to coova-chilli in these cases.
PS: a possible alternative is to stick to openssl, compilation doesn't fail in that case.
I do see your problem, you are caught by the sunk cost fallacy.
Patches are getting very few and far between though. There has been no serious development since, what, 14 years ago?
If you really are stuck with it, you should patch it wherever you can to keep it going for your current problem
It is very outdated and not compliant with modern and accepted standards for captive portals, so really it should not be used for new projects.
For the benefit of others, Coova-chilli has a dependency on Xtables (aka iptables), making it by default, incompatible with modern OpenWrt. Yes you can do some very dubious and easily broken hacks to get it working mashed into an uneasy truce with nftables.... and that may no longer be possible with future versions of OpenWrt. It might not yet be deceased, but it is living on borrowed time.
I guess there was another open source captive portal solution which would have native RADIUS support and CoA on OpenWrt and other Linux distros, most would switch to it, but so far it hasn't manifested yet.
I recommend staying on topic as other users may be interested in finding a solution for this issue.
For reference, hoping it may be useful to other readers, while working on this issue I found a relatively new OpenWrt package called uspot, which seems to have support for RADIUS and CoA: https://github.com/f00b4r0/uspot
I haven't tried it yet. I hope I'll be able to play with it in the near future.
In the meantime I sent a patch to fix this coova-chilli+wolfSSL issue I was talking about in this thread, see: