OpenSSL: move user certificates in non-packaged directory.

2026-04-23 04:00:05 +02:00 · 2020-11-18 18:32:22 +01:00
parent b039c5d365
commit bab2d72fbc
3 changed files with 56 additions and 163 deletions
--- a/dev-libs/openssl/openssl-1.1.1e.recipe
+++ b/dev-libs/openssl/openssl-1.1.1e.recipe
@@ -1,159 +0,0 @@
-SUMMARY="Full-strength general purpose cryptography library (with SSL/TLS)"
-DESCRIPTION="The OpenSSL Project is a collaborative effort to develop a \
-robust, commercial-grade, full-featured, and Open Source toolkit implementing \
-the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) \
-protocols as well as a full-strength general purpose cryptography library. The \
-project is managed by a worldwide community of volunteers that use the \
-Internet to communicate, plan, and develop the OpenSSL toolkit and its related \
-documentation.
-OpenSSL is based on the excellent SSLeay library developed by Eric A. Young \
-and Tim J. Hudson. The OpenSSL toolkit is licensed under an Apache-style \
-licence, which basically means that you are free to get and use it for \
-commercial and non-commercial purposes subject to some simple license \
-conditions."
-HOMEPAGE="https://www.openssl.org/"
-COPYRIGHT="1995-1998 Eric Young
-	1998-2019 The OpenSSL Project"
-LICENSE="Apache v2"
-REVISION="1"
-SOURCE_URI="https://www.openssl.org/source/openssl-$portVersion.tar.gz"
-CHECKSUM_SHA256="694f61ac11cb51c9bf73f54e771ff6022b0327a43bbdfa1b2f19de1662a6dcbe"
-SOURCE_DIR="openssl-$portVersion"
-PATCHES="openssl-$portVersion.patchset"
-
-ARCHITECTURES="x86_gcc2 x86 x86_64 arm ppc sparc m68k"
-SECONDARY_ARCHITECTURES="x86_gcc2 x86"
-
-libVersion=1.1
-cmdSuffix=""
-mySuffix=
-altSuffix=1.0
-
-PROVIDES="
-	openssl$mySuffix$secondaryArchSuffix = $portVersion compat >= 1.1.0
-	lib:libcrypto$secondaryArchSuffix = $libVersion compat >= $libVersion
-	lib:libssl$secondaryArchSuffix = $libVersion compat >= $libVersion
-	"
-if [ -z "$secondaryArchSuffix" ]; then
-	PROVIDES="$PROVIDES
-		cmd:c_rehash${cmdSuffix/-/_} = $portVersion compat >= 1
-		cmd:openssl${cmdSuffix/-/_} = $portVersion compat >= 1
-		"
-fi
-
-REQUIRES="
-	haiku$secondaryArchSuffix
-	lib:libz$secondaryArchSuffix >= 1.2.3
-	ca_root_certificates
-	"
-
-if [ -z "$secondaryArchSuffix" ]; then
-	SUMMARY_man="Manual pages for openssl $portVersion"
-	ARCHITECTURES_man="any"
-	PROVIDES_man="
-		openssl${mySuffix}_man = $portVersion
-		"
-	REQUIRES_man="
-		openssl$mySuffix == $portVersion
-		"
-	SUPPLEMENTS_man="
-		openssl$mySuffix == $portVersion
-		"
-	CONFLICTS_man="
-		openssl${altSuffix}_man
-		"
-fi
-
-PROVIDES_devel="
-	openssl$mySuffix${secondaryArchSuffix}_devel = $portVersion
-	devel:libcrypto$secondaryArchSuffix = $libVersion compat >= $libVersion
-	devel:libssl$secondaryArchSuffix = $libVersion compat >= $libVersion
-	"
-REQUIRES_devel="
-	openssl$mySuffix$secondaryArchSuffix == $portVersion base
-	"
-CONFLICTS_devel="
-	openssl$altSuffix${secondaryArchSuffix}_devel
-	"
-
-BUILD_REQUIRES="
-	devel:libz$secondaryArchSuffix >= 1.2.3
-	"
-BUILD_PREREQUIRES="
-	haiku${secondaryArchSuffix}_devel
-	cmd:awk
-	cmd:gcc$secondaryArchSuffix
-	cmd:ld$secondaryArchSuffix
-	cmd:make
-	cmd:perl >= 5
-	cmd:sed
-	"
-
-if [ -n "$secondaryArchSuffix" ]; then
-	maybe_binDir_runtimes=
-else
-	maybe_binDir_runtimes="
-		$binDir/openssl$cmdSuffix \
-		"
-fi
-defineDebugInfoPackage openssl$mySuffix$secondaryArchSuffix \
-	$libDir/engines-1.1/capi.so \
-	$libDir/engines-1.1/padlock.so \
-	$libDir/libcrypto.so.$libVersion \
-	$libDir/libssl.so.$libVersion \
-	$maybe_binDir_runtimes
-
-BUILD()
-{
-	./config --prefix=$prefix --libdir=$relativeLibDir \
-		--openssldir=$dataRootDir/ssl \
-		zlib shared no-asm -g
-	make $jobArgs
-}
-
-INSTALL()
-{
-	make MANDIR=$manDir DOCDIR=$docDir install
-
-	# move include dir to correct location
-	mkdir -p $(dirname $includeDir)
-	mv $prefix/include $includeDir
-
-	# prepare develop/lib
-	prepareInstalledDevelLibs libcrypto libssl
-	fixPkgconfig
-
-	if [ -n "$secondaryArchSuffix" ]; then
-		maybe_docDir_html_man3=
-		maybe_manDir_man3=
-	else
-		maybe_docDir_html_man3=$docDir/html/man3
-		maybe_manDir_man3=$manDir/man3
-	fi
-
-	# devel package
-	packageEntries devel \
-		$developDir \
-		$maybe_docDir_html_man3 \
-		$maybe_manDir_man3
-
-	# Remove stuff we don't need in the secondary architecture base package
-	if [ -n "$secondaryArchSuffix" ]; then
-		rm -rf $prefix/bin
-		rm -rf $dataRootDir/ssl
-		rm -rf $documentationDir
-	else
-		if [ -n "$cmdSuffix" ]; then
-			mv $binDir/openssl $binDir/openssl$cmdSuffix
-			mv $binDir/c_rehash $binDir/c_rehash$cmdSuffix
-		fi
-		# man package
-		packageEntries man \
-			$manDir
-	fi
-}
-
-TEST()
-{
-	make test
-}
--- a/dev-libs/openssl/openssl-1.1.1g.recipe
+++ b/dev-libs/openssl/openssl-1.1.1g.recipe
@@ -15,11 +15,11 @@ HOMEPAGE="https://www.openssl.org/"
 COPYRIGHT="1995-1998 Eric Young
 	1998-2020 The OpenSSL Project"
 LICENSE="OpenSSL"
-REVISION="2"
+REVISION="3"
 SOURCE_URI="https://www.openssl.org/source/openssl-$portVersion.tar.gz"
 CHECKSUM_SHA256="ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46"
 SOURCE_DIR="openssl-$portVersion"
-PATCHES="openssl-1.1.1e.patchset"
+PATCHES="openssl-1.1.1g.patchset"

 ARCHITECTURES="x86_gcc2 x86 x86_64 arm ppc sparc m68k"
 SECONDARY_ARCHITECTURES="x86_gcc2 x86"
--- a/dev-libs/openssl/patches/openssl-1.1.1g.patchset
+++ b/dev-libs/openssl/patches/openssl-1.1.1g.patchset
@@ -1,4 +1,4 @@
-From b6f59fe55a17125da8a3fd5dc9020c306cd038c6 Mon Sep 17 00:00:00 2001
+From 20e8d7801a02b24db87f0675d1295418c55b8a5a Mon Sep 17 00:00:00 2001
 From: Augustin Cavalier <waddlesplash@gmail.com>
 Date: Sat, 14 Mar 2020 19:20:45 -0400
 Subject: Small changes for Haiku.
@@ -63,5 +63,57 @@ index 7e908ef..7735f6d 100644
 +
 +#define OPENSSL_NO_SECURE_MEMORY
 -- 
-2.24.0
+2.28.0
+
+
+From 23a019c8e82e73be8761a02b164053e605ae021f Mon Sep 17 00:00:00 2001
+From: Adrien Destugues <pulkomandy@pulkomandy.tk>
+Date: Wed, 18 Nov 2020 18:29:38 +0100
+Subject: Use find_directory to locate user certificates
+
+We want this directory (where the user can easily add their own
+certificates) to be non-packaged and under user control. The system
+certificates are centralized in the CARootCertificates.pem file.
+
+This was previously done in BSecureSocket (overriding OpenSSL defaults),
+now it is valid also for apps using OpenSSL directly.
+
+diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
+index bfa8d7d..69be76c 100644
+--- a/crypto/x509/x509_def.c
+++ b/crypto/x509/x509_def.c
+@@ -12,6 +12,10 @@
+ #include <openssl/crypto.h>
+ #include <openssl/x509.h>
+ 
+#ifdef __HAIKU__
+#include <FindDirectory.h>
+#endif
+
+ const char *X509_get_default_private_dir(void)
+ {
+     return X509_PRIVATE_DIR;
+@@ -24,6 +28,20 @@ const char *X509_get_default_cert_area(void)
+ 
+ const char *X509_get_default_cert_dir(void)
+ {
+#ifdef __HAIKU__
+	static char path[PATH_MAX];
+	if (path[0] != 0)
+	{
+		// We already called find_directory
+		return path;
+	}
+
+	if (find_directory(B_SYSTEM_NONPACKAGED_DATA_DIRECTORY, 0, false, path, sizeof(path)) == B_OK)
+	{
+		strlcat(path, "/ssl/certs/", sizeof(path));
+		return path;
+	}
+#endif
+     return X509_CERT_DIR;
+ }
+ 
+-- 
+2.28.0