From bab2d72fbc891a5b363473106d393182236c2de5 Mon Sep 17 00:00:00 2001 From: Adrien Destugues Date: Wed, 18 Nov 2020 18:32:22 +0100 Subject: [PATCH] OpenSSL: move user certificates in non-packaged directory. --- dev-libs/openssl/openssl-1.1.1e.recipe | 159 ------------------ dev-libs/openssl/openssl-1.1.1g.recipe | 4 +- ....1.1e.patchset => openssl-1.1.1g.patchset} | 56 +++++- 3 files changed, 56 insertions(+), 163 deletions(-) delete mode 100644 dev-libs/openssl/openssl-1.1.1e.recipe rename dev-libs/openssl/patches/{openssl-1.1.1e.patchset => openssl-1.1.1g.patchset} (60%) diff --git a/dev-libs/openssl/openssl-1.1.1e.recipe b/dev-libs/openssl/openssl-1.1.1e.recipe deleted file mode 100644 index 316df88a9..000000000 --- a/dev-libs/openssl/openssl-1.1.1e.recipe +++ /dev/null @@ -1,159 +0,0 @@ -SUMMARY="Full-strength general purpose cryptography library (with SSL/TLS)" -DESCRIPTION="The OpenSSL Project is a collaborative effort to develop a \ -robust, commercial-grade, full-featured, and Open Source toolkit implementing \ -the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) \ -protocols as well as a full-strength general purpose cryptography library. The \ -project is managed by a worldwide community of volunteers that use the \ -Internet to communicate, plan, and develop the OpenSSL toolkit and its related \ -documentation. -OpenSSL is based on the excellent SSLeay library developed by Eric A. Young \ -and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style \ -licence, which basically means that you are free to get and use it for \ -commercial and non-commercial purposes subject to some simple license \ -conditions." -HOMEPAGE="https://www.openssl.org/" -COPYRIGHT="1995-1998 Eric Young - 1998-2019 The OpenSSL Project" -LICENSE="Apache v2" -REVISION="1" -SOURCE_URI="https://www.openssl.org/source/openssl-$portVersion.tar.gz" -CHECKSUM_SHA256="694f61ac11cb51c9bf73f54e771ff6022b0327a43bbdfa1b2f19de1662a6dcbe" -SOURCE_DIR="openssl-$portVersion" -PATCHES="openssl-$portVersion.patchset" - -ARCHITECTURES="x86_gcc2 x86 x86_64 arm ppc sparc m68k" -SECONDARY_ARCHITECTURES="x86_gcc2 x86" - -libVersion=1.1 -cmdSuffix="" -mySuffix= -altSuffix=1.0 - -PROVIDES=" - openssl$mySuffix$secondaryArchSuffix = $portVersion compat >= 1.1.0 - lib:libcrypto$secondaryArchSuffix = $libVersion compat >= $libVersion - lib:libssl$secondaryArchSuffix = $libVersion compat >= $libVersion - " -if [ -z "$secondaryArchSuffix" ]; then - PROVIDES="$PROVIDES - cmd:c_rehash${cmdSuffix/-/_} = $portVersion compat >= 1 - cmd:openssl${cmdSuffix/-/_} = $portVersion compat >= 1 - " -fi - -REQUIRES=" - haiku$secondaryArchSuffix - lib:libz$secondaryArchSuffix >= 1.2.3 - ca_root_certificates - " - -if [ -z "$secondaryArchSuffix" ]; then - SUMMARY_man="Manual pages for openssl $portVersion" - ARCHITECTURES_man="any" - PROVIDES_man=" - openssl${mySuffix}_man = $portVersion - " - REQUIRES_man=" - openssl$mySuffix == $portVersion - " - SUPPLEMENTS_man=" - openssl$mySuffix == $portVersion - " - CONFLICTS_man=" - openssl${altSuffix}_man - " -fi - -PROVIDES_devel=" - openssl$mySuffix${secondaryArchSuffix}_devel = $portVersion - devel:libcrypto$secondaryArchSuffix = $libVersion compat >= $libVersion - devel:libssl$secondaryArchSuffix = $libVersion compat >= $libVersion - " -REQUIRES_devel=" - openssl$mySuffix$secondaryArchSuffix == $portVersion base - " -CONFLICTS_devel=" - openssl$altSuffix${secondaryArchSuffix}_devel - " - -BUILD_REQUIRES=" - devel:libz$secondaryArchSuffix >= 1.2.3 - " -BUILD_PREREQUIRES=" - haiku${secondaryArchSuffix}_devel - cmd:awk - cmd:gcc$secondaryArchSuffix - cmd:ld$secondaryArchSuffix - cmd:make - cmd:perl >= 5 - cmd:sed - " - -if [ -n "$secondaryArchSuffix" ]; then - maybe_binDir_runtimes= -else - maybe_binDir_runtimes=" - $binDir/openssl$cmdSuffix \ - " -fi -defineDebugInfoPackage openssl$mySuffix$secondaryArchSuffix \ - $libDir/engines-1.1/capi.so \ - $libDir/engines-1.1/padlock.so \ - $libDir/libcrypto.so.$libVersion \ - $libDir/libssl.so.$libVersion \ - $maybe_binDir_runtimes - -BUILD() -{ - ./config --prefix=$prefix --libdir=$relativeLibDir \ - --openssldir=$dataRootDir/ssl \ - zlib shared no-asm -g - make $jobArgs -} - -INSTALL() -{ - make MANDIR=$manDir DOCDIR=$docDir install - - # move include dir to correct location - mkdir -p $(dirname $includeDir) - mv $prefix/include $includeDir - - # prepare develop/lib - prepareInstalledDevelLibs libcrypto libssl - fixPkgconfig - - if [ -n "$secondaryArchSuffix" ]; then - maybe_docDir_html_man3= - maybe_manDir_man3= - else - maybe_docDir_html_man3=$docDir/html/man3 - maybe_manDir_man3=$manDir/man3 - fi - - # devel package - packageEntries devel \ - $developDir \ - $maybe_docDir_html_man3 \ - $maybe_manDir_man3 - - # Remove stuff we don't need in the secondary architecture base package - if [ -n "$secondaryArchSuffix" ]; then - rm -rf $prefix/bin - rm -rf $dataRootDir/ssl - rm -rf $documentationDir - else - if [ -n "$cmdSuffix" ]; then - mv $binDir/openssl $binDir/openssl$cmdSuffix - mv $binDir/c_rehash $binDir/c_rehash$cmdSuffix - fi - # man package - packageEntries man \ - $manDir - fi -} - -TEST() -{ - make test -} diff --git a/dev-libs/openssl/openssl-1.1.1g.recipe b/dev-libs/openssl/openssl-1.1.1g.recipe index 4cb2c30b9..7f2fac9b4 100644 --- a/dev-libs/openssl/openssl-1.1.1g.recipe +++ b/dev-libs/openssl/openssl-1.1.1g.recipe @@ -15,11 +15,11 @@ HOMEPAGE="https://www.openssl.org/" COPYRIGHT="1995-1998 Eric Young 1998-2020 The OpenSSL Project" LICENSE="OpenSSL" -REVISION="2" +REVISION="3" SOURCE_URI="https://www.openssl.org/source/openssl-$portVersion.tar.gz" CHECKSUM_SHA256="ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46" SOURCE_DIR="openssl-$portVersion" -PATCHES="openssl-1.1.1e.patchset" +PATCHES="openssl-1.1.1g.patchset" ARCHITECTURES="x86_gcc2 x86 x86_64 arm ppc sparc m68k" SECONDARY_ARCHITECTURES="x86_gcc2 x86" diff --git a/dev-libs/openssl/patches/openssl-1.1.1e.patchset b/dev-libs/openssl/patches/openssl-1.1.1g.patchset similarity index 60% rename from dev-libs/openssl/patches/openssl-1.1.1e.patchset rename to dev-libs/openssl/patches/openssl-1.1.1g.patchset index 264513926..329e8190e 100644 --- a/dev-libs/openssl/patches/openssl-1.1.1e.patchset +++ b/dev-libs/openssl/patches/openssl-1.1.1g.patchset @@ -1,4 +1,4 @@ -From b6f59fe55a17125da8a3fd5dc9020c306cd038c6 Mon Sep 17 00:00:00 2001 +From 20e8d7801a02b24db87f0675d1295418c55b8a5a Mon Sep 17 00:00:00 2001 From: Augustin Cavalier Date: Sat, 14 Mar 2020 19:20:45 -0400 Subject: Small changes for Haiku. @@ -63,5 +63,57 @@ index 7e908ef..7735f6d 100644 + +#define OPENSSL_NO_SECURE_MEMORY -- -2.24.0 +2.28.0 + + +From 23a019c8e82e73be8761a02b164053e605ae021f Mon Sep 17 00:00:00 2001 +From: Adrien Destugues +Date: Wed, 18 Nov 2020 18:29:38 +0100 +Subject: Use find_directory to locate user certificates + +We want this directory (where the user can easily add their own +certificates) to be non-packaged and under user control. The system +certificates are centralized in the CARootCertificates.pem file. + +This was previously done in BSecureSocket (overriding OpenSSL defaults), +now it is valid also for apps using OpenSSL directly. + +diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c +index bfa8d7d..69be76c 100644 +--- a/crypto/x509/x509_def.c ++++ b/crypto/x509/x509_def.c +@@ -12,6 +12,10 @@ + #include + #include + ++#ifdef __HAIKU__ ++#include ++#endif ++ + const char *X509_get_default_private_dir(void) + { + return X509_PRIVATE_DIR; +@@ -24,6 +28,20 @@ const char *X509_get_default_cert_area(void) + + const char *X509_get_default_cert_dir(void) + { ++#ifdef __HAIKU__ ++ static char path[PATH_MAX]; ++ if (path[0] != 0) ++ { ++ // We already called find_directory ++ return path; ++ } ++ ++ if (find_directory(B_SYSTEM_NONPACKAGED_DATA_DIRECTORY, 0, false, path, sizeof(path)) == B_OK) ++ { ++ strlcat(path, "/ssl/certs/", sizeof(path)); ++ return path; ++ } ++#endif + return X509_CERT_DIR; + } + +-- +2.28.0