From: Craig H. <cr...@gu...> - 2005-09-15 18:35:34
|
On Sep 15, 2005, at 10:51 AM, ba...@ho... wrote: > BUT, currently there is no (to my knowledge) version of curl with > ssl support on the gumstix. Additionally, the busybox wget doesn't > have ssl support and doesn't support the --post-data flag anyway. I have to admit I didn't actually look at the busybox config -- you're right, no easy ssl option there. > Would it be possible to compile curl-ssl for the gumstix? > > If not, that leaves me to use socat. > > Would it be possible to use socat to open up a connection to the > https server and pipe something like the following to into socat: > > --snip-- > > POST /path/script.cgi HTTP/1.0 > User-Agent: HTTPTool/1.0 > Content-Type: application/x-www-form-urlencoded > Content-Length: 32 > > home=Cosby&favorite+flavor=flies > > --snip-- > > where the information above was the information required by the > authentication server? > > If this is possible, then I need to get socat compiled with > openssl. I noticed that the socat.mk file has the --disable- > openssl . Would recompilling it without this flag yield the socat > ssl binary i need? The first thing you'd need to do is compile openssl so you have the necessary libs, and then compile socat without the --disable-openssl option (might need --with-ssl=/path/to/ssl or something) > This all seems like a round-about way of posting to a secure http > web form. Any other ideas out there? Well, you might be able to cheat, depending on how your network is set up. Can you make DNS queries before authenticating? How about ICMP packets? If you can get *any* traffic out to the network, and you have control of a fixed host on the network somewhere, you should be able to pass the relevant info (which looks like the IP address you've been assigned) to your fixed host, and have it respond by authenticating for you, eg: /etc/network/interfaces: ... iface wlan0 dhcp up remote_authenticate_me.sh ... /usr/bin/remote_authenticate_me.sh: MYHOSTIP=`ping -c 1 hostname.that.you.control | head -1 | awk '{print $3}' | sed -e 's/(\(.*\)):/\1/'` mv /etc/resolv.conf /tmp/resolv.conf echo nameserver $MYHOSTIP > /etc/resolv.conf ping -c 1 `ifconfig wlan0 | grep 'inet addr' | awk '{print $2}' | awk -F: '{print $2}'`.somesecret.fake mv /tmp/resolv.conf /etc/resolv.conf There you go, now all you have to do is set up a process on UDP port 53 on hostname.that.you.control which will respond to DNS queries which ask for an A record for *.somesecret.fake by issuing the https request for you ;) ...of course it's probably easier to just compile socat-ssl support, using the attached patch. C |