CVS commit: pkgsrc/security/openssl

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/openssl
From: "Greg Troxel" <gdt%netbsd.org@localhost>
Date: Mon, 1 Mar 2021 23:28:55 +0000

Module Name:    pkgsrc
Committed By:   gdt
Date:           Mon Mar  1 23:28:55 UTC 2021

Modified Files:
        pkgsrc/security/openssl: builtin.mk

Log Message:
seurity/openssl: Accomodate non-standard paths and cert bundles

Some systems choose unusual paths fro certs, and some use bundles.
Try to accomodate that, in particular by defining SSLCERTBUNDLE.

Patch concept from Thomas Orgis on tech-pkg, with no objections.


To generate a diff of this commit:
cvs rdiff -u -r1.46 -r1.47 pkgsrc/security/openssl/builtin.mk

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/openssl/builtin.mk
diff -u pkgsrc/security/openssl/builtin.mk:1.46 pkgsrc/security/openssl/builtin.mk:1.47
--- pkgsrc/security/openssl/builtin.mk:1.46     Tue Jan 28 07:34:57 2020
+++ pkgsrc/security/openssl/builtin.mk  Mon Mar  1 23:28:54 2021
@@ -1,4 +1,4 @@
-# $NetBSD: builtin.mk,v 1.46 2020/01/28 07:34:57 triaxx Exp $
+# $NetBSD: builtin.mk,v 1.47 2021/03/01 23:28:54 gdt Exp $
 
 BUILTIN_PKG:=  openssl
 
@@ -138,6 +138,14 @@ SSLDIR=    ${PKG_SYSCONFDIR.openssl}
 .  elif !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
 .    if ${OPSYS} == "NetBSD"
 SSLDIR=        /etc/openssl
+.    elif ${OPSYS} == "Linux"
+.      if exists(/etc/pki/tls)
+# Some distributions have moved to /etc/pki/tls, with incomplete
+# symlinks from /etc/ssl.  Prefer the new location if it exists
+SSLDIR=        /etc/pki/tls 
+.      else
+SSLDIR=        /etc/ssl                # standard location
+.      endif
 .    elif ${OPSYS} == "Haiku"
 .      if exists(/boot/system/data/ssl)
 SSLDIR=        /boot/system/data/ssl
@@ -152,9 +160,16 @@ SSLDIR=    ${PKG_SYSCONFBASEDIR}/openssl
 .  endif
 
 SSLCERTS=      ${SSLDIR}/certs
+# Some systems use CA bundles instead of files and hashed symlinks.
+# Continue to define SSLCERTS because it's unclear if that's the
+# directory that has one file per cert, or the directory that contains
+# trust anchor config in some fortm.
+.  if exists(${SSLDIR}/certs/ca-bundle.crt)
+SSLCERTBUNDLE=  ${SSLDIR}/certs/ca-bundle.crt
+.  endif
 SSLKEYS=       ${SSLDIR}/private
 
-BUILD_DEFS+=   SSLDIR SSLCERTS SSLKEYS
+BUILD_DEFS+=   SSLDIR SSLCERTS SSLCERTBUNDLE SSLKEYS
 
 # create pc files for builtin version; other versions assumed to contain them
 # If we are using the builtin version, check whether it has a *.pc

Prev by Date: CVS commit: pkgsrc/www/py-MechanicalSoup
Next by Date: CVS commit: pkgsrc/www/curl
Previous by Thread: CVS commit: pkgsrc/www/py-MechanicalSoup
Next by Thread: CVS commit: pkgsrc/www/curl
Indexes:

Home | Main Index | Thread Index | Old Index