Uhttpd stop after installing luci-ssl

Phlyer · May 2, 2021, 12:23pm

Hello,

I wonder if anyone may know possible solutions.

Self-signed SSL certificate works fine with newifi-d2 OpenWrt 19.07.7 to enable https access to the router.

When I switch to the firmware:
/releases/21.02.0-rc1/targets/ramips/mt7621/
d-team_newifi-d2-squashfs-sysupgrade.bin
luci http access is normal.

But after installing either luci-ssl or luci-ssl-openssl, uhttpd was stopped. ps command shows no uhttpd process anymore.

Any changes in the back for this upgrade require different package installation?

Thanks in advance for sharing information.

frollic · May 2, 2021, 11:17pm

and what does the log say ?

or if you try to run uhttpd in the foreground ....

Phlyer · May 3, 2021, 4:41pm

Thank you for comments.

Actually, after this post, I restored my 19.07.7 backup soon. Before that, I did not check the log but tried /etc/init.d/uhttpd stop|start|restart, ps showed no uhttpd process either.

And, today, I find more time to try to reproduce it. The root cause comes out unexpectedly.

The mirror-opkg-repository leads to this. When I disable customfeeds and change back to use the official repository to install luci-ssl, uhttpd will survive, but only serve on port 80 for http not port 443 for https.

I start to doubt wolfssl, which just replaced mbedtls to be the back-end in 21.02.0-rc1. But, installation of openssl shows the same symptoms.

If I delete the crt and key files provided, upon restart uhttpd will generate new ones. Then, the https server comes back but chrome-like browsers will complain insecurity and warn not to continue.

So, I realize maybe the version upgrade of kernel or SSL back-end brings incompatibility to my old certificate and key, those were generated 1.5 years ago.

uhttpd: add support to generate EC keys · openwrt/openwrt@7f2b230 · GitHub
From the page of recent update, I still could not find any build-in option to generate crt/key with SAN-subjectAltName, which is must-have nowadays. So, I have to install openssl-util to generate new crt/key as before.

Finally, everything is OK now. Happy to let you all to know this.

system · May 13, 2021, 4:41pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.