[pkgsrc/trunk]: pkgsrc/security/openssl seurity/openssl: Accomodate non-stand...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/openssl seurity/openssl: Accomodate non-stand...
From: gdt <gdt%pkgsrc.org@localhost>
Date: Tue, 02 Mar 2021 00:38:50 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/b7b72bba9a8a
branches:  trunk
changeset: 447985:b7b72bba9a8a
user:      gdt <gdt%pkgsrc.org@localhost>
date:      Mon Mar 01 23:28:54 2021 +0000

description:
seurity/openssl: Accomodate non-standard paths and cert bundles

Some systems choose unusual paths fro certs, and some use bundles.
Try to accomodate that, in particular by defining SSLCERTBUNDLE.

Patch concept from Thomas Orgis on tech-pkg, with no objections.

diffstat:

 security/openssl/builtin.mk |  19 +++++++++++++++++--
 1 files changed, 17 insertions(+), 2 deletions(-)

diffs (42 lines):

diff -r 70354b7acd90 -r b7b72bba9a8a security/openssl/builtin.mk
--- a/security/openssl/builtin.mk       Mon Mar 01 20:42:12 2021 +0000
+++ b/security/openssl/builtin.mk       Mon Mar 01 23:28:54 2021 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: builtin.mk,v 1.46 2020/01/28 07:34:57 triaxx Exp $
+# $NetBSD: builtin.mk,v 1.47 2021/03/01 23:28:54 gdt Exp $
 
 BUILTIN_PKG:=  openssl
 
@@ -138,6 +138,14 @@
 .  elif !empty(USE_BUILTIN.openssl:M[yY][eE][sS])
 .    if ${OPSYS} == "NetBSD"
 SSLDIR=        /etc/openssl
+.    elif ${OPSYS} == "Linux"
+.      if exists(/etc/pki/tls)
+# Some distributions have moved to /etc/pki/tls, with incomplete
+# symlinks from /etc/ssl.  Prefer the new location if it exists
+SSLDIR=        /etc/pki/tls 
+.      else
+SSLDIR=        /etc/ssl                # standard location
+.      endif
 .    elif ${OPSYS} == "Haiku"
 .      if exists(/boot/system/data/ssl)
 SSLDIR=        /boot/system/data/ssl
@@ -152,9 +160,16 @@
 .  endif
 
 SSLCERTS=      ${SSLDIR}/certs
+# Some systems use CA bundles instead of files and hashed symlinks.
+# Continue to define SSLCERTS because it's unclear if that's the
+# directory that has one file per cert, or the directory that contains
+# trust anchor config in some fortm.
+.  if exists(${SSLDIR}/certs/ca-bundle.crt)
+SSLCERTBUNDLE=  ${SSLDIR}/certs/ca-bundle.crt
+.  endif
 SSLKEYS=       ${SSLDIR}/private
 
-BUILD_DEFS+=   SSLDIR SSLCERTS SSLKEYS
+BUILD_DEFS+=   SSLDIR SSLCERTS SSLCERTBUNDLE SSLKEYS
 
 # create pc files for builtin version; other versions assumed to contain them
 # If we are using the builtin version, check whether it has a *.pc

Prev by Date: [pkgsrc/trunk]: pkgsrc/www/py-MechanicalSoup py-MechanicalSoup: Take maintain...
Next by Date: [pkgsrc/trunk]: pkgsrc/www/curl www/curl: Accomodate SSLCERTBUNDLE
Previous by Thread: [pkgsrc/trunk]: pkgsrc/www/py-MechanicalSoup py-MechanicalSoup: Take maintain...
Next by Thread: [pkgsrc/trunk]: pkgsrc/www/curl www/curl: Accomodate SSLCERTBUNDLE
Indexes:

Home | Main Index | Thread Index | Old Index