Import OpenSSL 0.9.2b pkg, a package which finally updates and fixes many

deficiencies in SSLeay.  Intended to be a drop-in replacement for SSLeay
(and still provides the command-prompt interface as "ssleay").

16 files changed, 476 insertions, 0 deletions

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
new file mode 100644
index 00000000000..22aaaf8f417
--- /dev/null
+++ b/security/openssl/Makefile
@@ -0,0 +1,105 @@
+# $NetBSD: Makefile,v 1.1.1.1 1999/04/30 15:19:13 tv Exp $
+#
+
+DISTNAME=		openssl-0.9.2b
+CATEGORIES=		security
+MASTER_SITES=		ftp://ftp.openssl.org/source/
+
+PATCH_SITES=		${MASTER_SITES}
+PATCHFILES=		openssl-0.9.2b-rsaoaep.patch
+
+MAINTAINER=		packages@NetBSD.ORG
+HOMEPAGE=		http://www.openssl.org/
+
+CONFLICTS=		SSLeay-* ssleay-*
+
+USE_PERL5=		yes
+
+RESTRICTED=		"Crypto; export-controlled"
+MIRROR_DISTFILE=	no
+# matches what's in `Configure' (except sparc64)
+ONLY_FOR_ARCHS=		alpha arm32 i386 m68k mips mipse[bl] ns32k powerpc \
+			sparc vax
+
+CONFIGURE_ARGS=		-fPIC -DPIC ${LDFLAGS}
+#CONFIGURE_ENV=		PREFIX=${PREFIX}
+MAKE_ENV=		LD_LIBRARY_PATH=${WRKSRC} MAKELIB=${FILESDIR}/makelib
+
+.if !exists(/usr/libexec/ld.elf_so) && !exists(/usr/libexec/ld.so)
+IGNORE=			requires shared object support
+.endif
+
+.include "../../mk/bsd.prefs.mk"
+
+.if defined(USE_RSAREF2) && ${USE_RSAREF2} == YES
+DEPENDS=		rsaref-2.0:../../security/rsaref
+CONFIGURE_ARGS+=	-DRSAref -L${PREFIX}/lib -lrsaref ${LDFLAGS}
+.endif
+
+fetch-depends:
+.if !defined(USE_RSAREF2) || ${USE_RSAREF2} != YES && ${USE_RSAREF2} != NO
+	@${ECHO}
+	@${ECHO} The variable USE_RSAREF2 must be set to either YES or NO
+	@${ECHO} in order to build this package.  People with no RSA
+	@${ECHO} license MUST set this variable to YES.  Users outside
+	@${ECHO} the USA MUST set this variable to NO.  RSA licensees may
+	@${ECHO} choose -- NO is faster.
+	@${FALSE}
+.endif
+
+# The Perl stuff doesn't work yet (nor did it work properly in SSLeay...)
+do-configure:
+	@cd ${WRKSRC} && ${LOCALBASE}/bin/perl util/perlpath.pl ${LOCALBASE}/bin
+	@cd ${WRKSRC} && ${LOCALBASE}/bin/perl util/ssldir.pl ${PREFIX}
+	@cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ./config ${CONFIGURE_ARGS}
+#	@cd ${WRKSRC}/perl && ${SETENV} ${CONFIGURE_ENV} ${LOCALBASE}/bin/perl \
+#		Makefile.PL
+
+#post-build:
+#	@cd ${WRKSRC}/perl && ${MAKE}
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/apps/openssl ${PREFIX}/bin/
+	@cd ${PREFIX}/bin && \
+	for file in asn1parse base64 bf bf-cbc bf-cfb bf-ecb bf-ofb ca \
+	cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb ciphers crl \
+	crl2pkcs7 des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb \
+	des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb \
+	des-ofb des3 desx dgst dh dsa dsaparam enc errstr gendh gendsa \
+	genrsa idea idea-cbc idea-cfb idea-ecb idea-ofb md2 mdc2 nseq \
+	pkcs7 rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc5 rc5-cbc rc5-cfb \
+	rc5-ecb rc5-ofb req rmd160 rsa s_client s_server s_time sess_id \
+	sha sha1 verify x509 ssleay; do \
+		${LN} -sf openssl $$file; \
+	done
+	cd ${WRKSRC}/tools && ${INSTALL_SCRIPT} \
+		c_hash c_info c_issuer c_name c_rehash ${PREFIX}/bin/
+	${SED} -e s,/usr/local,${PREFIX}, ${WRKSRC}/apps/der_chop >${WRKDIR}/der_chop && \
+		${INSTALL_SCRIPT} ${WRKDIR}/der_chop ${PREFIX}/bin/
+	cd ${WRKSRC}/apps && ${INSTALL_SCRIPT} CA.sh CA.pl ${PREFIX}/bin/
+	${INSTALL_DATA} ${WRKSRC}/apps/openssl.cnf ${PREFIX}/etc/openssl.cnf.example
+	cd ${WRKSRC} && \
+		${INSTALL_DATA} libcrypto.so.?.0 libssl.so.?.0 ${PREFIX}/lib/
+	${INSTALL_DATA_DIR} ${PREFIX}/include/openssl
+	cd ${WRKSRC}/include && \
+	for file in asn1.h asn1_mac.h bio.h blowfish.h bn.h buffer.h \
+	cast.h comp.h conf.h cryptall.h crypto.h des.h dh.h dsa.h err.h \
+	evp.h hmac.h idea.h lhash.h md2.h md5.h mdc2.h objects.h \
+	opensslv.h pem.h pem2.h pkcs7.h rand.h rc2.h rc4.h rc5.h ripemd.h \
+	rsa.h sha.h ssl.h ssl2.h ssl23.h ssl3.h stack.h tls1.h tmdiff.h \
+	txt_db.h x509.h x509_vfy.h x509v3.h; do \
+		${INSTALL_DATA} $$file ${PREFIX}/include/openssl/; \
+	done
+#	@cd ${WRKSRC}/perl && ${MAKE} install
+	${INSTALL_DATA_DIR} ${PREFIX}/share/doc/openssl
+	${INSTALL_DATA} ${WRKSRC}/doc/* ${PREFIX}/share/doc/openssl
+	${INSTALL_DATA_DIR} ${PREFIX}/certs ${PREFIX}/private
+	@if [ ! -f ${PREFIX}/etc/openssl.cnf ]; then \
+		${CP} -p ${PREFIX}/etc/openssl.cnf.example ${PREFIX}/etc/openssl.cnf; \
+	fi
+
+.include  "../../mk/bsd.pkg.mk"
+
+test: all
+	@cd ${WRKSRC}/test && ${SETENV} LD_LIBRARY_PATH=${WRKSRC} ${MAKE} tests
+	@${ECHO} "*** Tests successful. ***"
diff --git a/security/openssl/files/makelib b/security/openssl/files/makelib
new file mode 100755
index 00000000000..d76343bc09b
--- /dev/null
+++ b/security/openssl/files/makelib
@@ -0,0 +1,14 @@
+#!/bin/csh -f
+#	$NetBSD: makelib,v 1.1.1.1 1999/04/30 15:19:13 tv Exp $
+
+# simplistic library builder
+# usage: makelib outfile.so.x.y infile...
+
+echo __ELF__ | $CC -E - | grep -q __ELF__
+if ($status == 0) then
+	ld -Bshareable -Bforcearchive -o $* |& sed /RRS/d || exit 1
+else
+	ld -shared -soname $1:r --whole-archive -o $* || exit 1
+	ln -sf $1 $1:r
+	ln -sf $1 $1:r:r
+endif
diff --git a/security/openssl/files/md5 b/security/openssl/files/md5
new file mode 100644
index 00000000000..c03252c3bc8
--- /dev/null
+++ b/security/openssl/files/md5
@@ -0,0 +1,4 @@
+$NetBSD: md5,v 1.1.1.1 1999/04/30 15:19:13 tv Exp $
+
+MD5 (openssl-0.9.2b.tar.gz) = e78a6b30b443cd0d118b376a4dfe4745
+MD5 (openssl-0.9.2b-rsaoaep.patch) = 7336290517c4b3f8e74c462affff1c6b
diff --git a/security/openssl/patches/patch-aa b/security/openssl/patches/patch-aa
new file mode 100644
index 00000000000..fb86a3cca39
--- /dev/null
+++ b/security/openssl/patches/patch-aa
@@ -0,0 +1,37 @@
+$NetBSD: patch-aa,v 1.1.1.1 1999/04/30 15:19:13 tv Exp $
+
+--- config.orig	Sun Jan 17 09:20:20 1999
++++ config	Tue Apr 27 10:22:07 1999
+@@ -137,12 +137,16 @@
+ 	echo "${MACHINE}-whatever-freebsd"; exit 0
+ 	;;
+ 
+-    NetBSD:*:*:*486*)
+-	echo "i486-whatever-netbsd"; exit 0
++    NetBSD:*:*:i386)
++	if echo __ELF__ | cc -E - | grep -q __ELF__; then
++	    echo "i386-whatever-netbsd"; exit 0
++	else
++	    echo "i386elf-whatever-netbsd"; exit 0
++	fi
+ 	;;
+ 
+     NetBSD:*)
+-	echo "${MACHINE}-whatever-netbsd"; exit 0
++	echo "`sysctl -n hw.machine_arch`-whatever-netbsd"; exit 0
+ 	;;
+ 
+     OpenBSD:*)
+@@ -310,9 +314,9 @@
+   *-*-sunos4) OUT="sunos-$CC" ;;
+   *-freebsd3) OUT="FreeBSD-elf" ;;
+   *-freebsd) OUT="FreeBSD" ;;
+-  *86*-*-netbsd) OUT="NetBSD-x86" ;;
+-  sun3*-*-netbsd) OUT="NetBSD-m68" ;;
+-  *-*-netbsd) OUT="NetBSD-sparc" ;;
++  i386elf-*-netbsd) OUT="NetBSD-i386elf" ;;
++  mips-*-netbsd) OUT="NetBSD-mipsel" ;;
++  *-netbsd) OUT="NetBSD-`sysctl -n hw.machine_arch`" ;;
+   *86*-*-openbsd) OUT="OpenBSD-x86" ;;
+   alpha*-*-openbsd) OUT="OpenBSD-alpha" ;;
+   pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
diff --git a/security/openssl/patches/patch-ab b/security/openssl/patches/patch-ab
new file mode 100644
index 00000000000..1b3668dc0b1
--- /dev/null
+++ b/security/openssl/patches/patch-ab
@@ -0,0 +1,44 @@
+$NetBSD: patch-ab,v 1.1.1.1 1999/04/30 15:19:13 tv Exp $
+
+--- Configure.orig	Fri Mar 12 15:31:13 1999
++++ Configure	Tue Apr 27 13:35:42 1999
+@@ -153,9 +153,6 @@
+ "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+ "linux-mips",    "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+ -Wuninitialized:::BN_LLONG:",
+-"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+-"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
+-"NetBSD-x86",	"gcc:-DTERMIOS -D_ANSI_SOURCE -O3 -fomit-frame-pointer -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:",
+ #"FreeBSD",   "gcc:-DTERMIOS -DL_ENDIAN -D_ANSI_SOURCE -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+ "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
+ "FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
+@@ -172,6 +169,20 @@
+ "aix-cc",   "cc:-O -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
+ "aix-gcc",  "gcc:-O2 -DAIX -DB_ENDIAN::BN_LLONG RC4_CHAR:::",
+ 
++# NetBSD
++"NetBSD-alpha", "gcc:-DTERMIOS -O3 -Wall::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:::",
++"NetBSD-arm32", "gcc:-DTERMIOS -O3 -Wall -DL_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
++"NetBSD-i386", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DBN_ASM::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm",
++"NetBSD-i386elf", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DBN_ASM::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm",
++"NetBSD-m68k", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
++"NetBSD-mipseb", "gcc:-DTERMIOS -O3 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
++"NetBSD-mipsel", "gcc:-DTERMIOS -O3 -Wall -DL_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
++"NetBSD-ns32k", "gcc:-DTERMIOS -O3 -Wall -DL_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
++"NetBSD-powerpc", "gcc:-DTERMIOS -O3 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
++"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
++"NetBSD-sparc64", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC1:::",
++"NetBSD-vax", "gcc:-DTERMIOS -O3 -Wall -DL_ENDIAN::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::",
++
+ #
+ # Cray T90 (SDSC)
+ # It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
+@@ -288,7 +299,7 @@
+ 		{ $no_asm=1; }
+ 	elsif ($_ =~ /^-/)
+ 		{
+-		if ($_ =~ /^-[lL](.*)$/)
++		if ($_ =~ /^-([lLR]|Wl,)(.*)$/)
+ 			{
+ 			$libs.=$_." ";
+ 			}
diff --git a/security/openssl/patches/patch-ac b/security/openssl/patches/patch-ac
new file mode 100644
index 00000000000..3921245b1a0
--- /dev/null
+++ b/security/openssl/patches/patch-ac
@@ -0,0 +1,14 @@
+$NetBSD: patch-ac,v 1.1.1.1 1999/04/30 15:19:13 tv Exp $
+
+--- crypto/bn/Makefile.ssl.orig	Wed Dec 23 03:21:12 1998
++++ crypto/bn/Makefile.ssl	Tue Mar 16 10:30:01 1999
+@@ -81,6 +81,9 @@
+ # a.out
+ asm/bn86-out.o: asm/bn86unix.cpp
+ 	$(CPP) -DOUT asm/bn86unix.cpp | as -o asm/bn86-out.o
++# alpha
++asm/alpha.o: asm/alpha.s
++	as asm/alpha.s -o asm/alpha.o
+ 
+ asm/co86-out.o: asm/co86unix.cpp
+ 	$(CPP) -DOUT asm/co86unix.cpp | as -o asm/co86-out.o
diff --git a/security/openssl/patches/patch-ad b/security/openssl/patches/patch-ad
new file mode 100644
index 00000000000..ab4dfe26d31
--- /dev/null
+++ b/security/openssl/patches/patch-ad
@@ -0,0 +1,13 @@
+$NetBSD: patch-ad,v 1.1.1.1 1999/04/30 15:19:13 tv Exp $
+
+--- Makefile.org.orig	Tue Apr 27 14:34:38 1999
++++ Makefile.org	Tue Apr 27 14:34:53 1999
+@@ -126,7 +126,7 @@
+ #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+ #RMD160_ASM_OBJ= asm/rm86bsdi.o       # bsdi
+ 
+-DIRS=   crypto ssl rsaref apps test tools
++DIRS=   rsaref crypto ssl apps test tools
+ # dirs in crypto to build
+ SDIRS=  \
+ 	md2 md5 sha mdc2 hmac ripemd \
diff --git a/security/openssl/patches/patch-ae b/security/openssl/patches/patch-ae
new file mode 100644
index 00000000000..ddb90821561
--- /dev/null
+++ b/security/openssl/patches/patch-ae
@@ -0,0 +1,12 @@
+$NetBSD: patch-ae,v 1.1.1.1 1999/04/30 15:19:13 tv Exp $
+
+--- crypto/Makefile.ssl.orig	Tue Apr 27 14:35:41 1999
++++ crypto/Makefile.ssl	Tue Apr 27 14:37:46 1999
+@@ -48,6 +48,7 @@
+ 	@(cd ..; $(MAKE) DIRS=$(DIR) all)
+ 
+ all: date.h lib subdirs
++	cd .. && csh ${MAKELIB} libcrypto.so.1.0 libcrypto.a libRSAglue.a
+ 
+ date.h: ../Makefile.ssl
+ 	echo "#define DATE \"`date`\"" >date.h
diff --git a/security/openssl/patches/patch-af b/security/openssl/patches/patch-af
new file mode 100644
index 00000000000..84e43ee686f
--- /dev/null
+++ b/security/openssl/patches/patch-af
@@ -0,0 +1,12 @@
+$NetBSD: patch-af,v 1.1.1.1 1999/04/30 15:19:13 tv Exp $
+
+--- ssl/Makefile.ssl.orig	Tue Apr 27 14:38:06 1999
++++ ssl/Makefile.ssl	Tue Apr 27 14:38:21 1999
+@@ -52,6 +52,7 @@
+ 	(cd ..; $(MAKE) DIRS=$(DIR) all)
+ 
+ all:	lib
++	cd .. && csh ${MAKELIB} libssl.so.1.0 libssl.a
+ 
+ lib:	$(LIBOBJ)
+ 	$(AR) $(LIB) $(LIBOBJ)
diff --git a/security/openssl/patches/patch-ag b/security/openssl/patches/patch-ag
new file mode 100644
index 00000000000..c16b74ae570
--- /dev/null
+++ b/security/openssl/patches/patch-ag
@@ -0,0 +1,13 @@
+$NetBSD: patch-ag,v 1.1.1.1 1999/04/30 15:19:13 tv Exp $
+
+--- apps/Makefile.ssl.orig	Tue Apr 27 14:38:49 1999
++++ apps/Makefile.ssl	Tue Apr 27 14:39:13 1999
+@@ -16,7 +16,7 @@
+ PEX_LIBS=
+ EX_LIBS= 
+ 
+-CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
++CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG:N*PIC)
+ 
+ GENERAL=Makefile
+ 
diff --git a/security/openssl/patches/patch-ah b/security/openssl/patches/patch-ah
new file mode 100644
index 00000000000..202475da9bd
--- /dev/null
+++ b/security/openssl/patches/patch-ah
@@ -0,0 +1,13 @@
+$NetBSD: patch-ah,v 1.1.1.1 1999/04/30 15:19:13 tv Exp $
+
+--- test/Makefile.ssl.orig	Tue Apr 27 14:39:30 1999
++++ test/Makefile.ssl	Tue Apr 27 14:39:44 1999
+@@ -15,7 +15,7 @@
+ PEX_LIBS=
+ EX_LIBS= #-lnsl -lsocket
+ 
+-CFLAGS= $(INCLUDES) $(CFLAG)
++CFLAGS= $(INCLUDES) $(CFLAG:N*PIC)
+ 
+ GENERAL=Makefile.ssl
+ 
diff --git a/security/openssl/patches/patch-ai b/security/openssl/patches/patch-ai
new file mode 100644
index 00000000000..361ee9c6d80
--- /dev/null
+++ b/security/openssl/patches/patch-ai
@@ -0,0 +1,13 @@
+$NetBSD: patch-ai,v 1.1.1.1 1999/04/30 15:19:13 tv Exp $
+
+--- apps/ca.c.orig	Fri Apr 30 10:51:58 1999
++++ apps/ca.c	Fri Apr 30 10:52:06 1999
+@@ -83,7 +83,7 @@
+ #define PROG ca_main
+ 
+ #define BASE_SECTION	"ca"
+-#define CONFIG_FILE "lib/openssl.cnf"
++#define CONFIG_FILE "etc/openssl.cnf"
+ 
+ #define ENV_DEFAULT_CA		"default_ca"
+ 
diff --git a/security/openssl/pkg/COMMENT b/security/openssl/pkg/COMMENT
new file mode 100644
index 00000000000..3815662b9b0
--- /dev/null
+++ b/security/openssl/pkg/COMMENT
@@ -0,0 +1 @@
+Secure Socket Layer and cryptographic library
diff --git a/security/openssl/pkg/DESCR b/security/openssl/pkg/DESCR
new file mode 100644
index 00000000000..0163ae5d917
--- /dev/null
+++ b/security/openssl/pkg/DESCR
@@ -0,0 +1,25 @@
+OpenSSL is a descendant of SSLeay, the SSL library by Eric A. Young,
+actively maintained by Ralf Engelschall.
+
+The package includes
+libssl.so:
+	My implementation of SSLv2, SSLv3 and the required code to support
+	both SSLv2 and SSLv3 in the one server.
+libcrypto.so:
+	General encryption and X509 stuff needed by SSL but not
+	actually logically part of it.  It includes routines for the following:
+  Ciphers
+	libdes - My libdes DES encryption.
+	RC4, RC2, Blowfish, IDEA encryption
+  Digests
+	MD5 and MD2 message digest algorithms, fast implementations,
+	SHA (SHA-0) and SHA-1 message digest algorithms,
+	MDC2 message digest.  A DES based hash that is polular on smart cards.
+  Public Key
+	RSA encryption/decryption/generation.
+	DSA encryption/decryption/generation.
+	Diffie-Hellman key-exchange/key generation.
+		 There is no limit on the number of bits.
+  X509v3 certificates
+	X509 encoding/decoding into/from binary ASN1 and a PEM.
+	Program to generate RSA and DSA certificate requests and certificates.
diff --git a/security/openssl/pkg/MESSAGE b/security/openssl/pkg/MESSAGE
new file mode 100644
index 00000000000..9f9cc875f75
--- /dev/null
+++ b/security/openssl/pkg/MESSAGE
@@ -0,0 +1,11 @@
+===========================================================================
+$NetBSD: MESSAGE,v 1.1.1.1 1999/04/30 15:19:13 tv Exp $
+
+If upgrading from SSLeay, you will need to copy your ssleay.cnf (used
+for creating certificate requests with "ca") into PREFIX/etc/openssl.cnf.
+
+If installing from scratch, you may want to take a look at
+PREFIX/etc/openssl.cnf.example, copy it to PREFIX/etc/openssl.cnf, and
+customize it.
+
+===========================================================================
diff --git a/security/openssl/pkg/PLIST b/security/openssl/pkg/PLIST
new file mode 100644
index 00000000000..07ddd8debdd
--- /dev/null
+++ b/security/openssl/pkg/PLIST
@@ -0,0 +1,145 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 1999/04/30 15:19:13 tv Exp $
+bin/CA.pl
+bin/CA.sh
+bin/asn1parse
+bin/base64
+bin/bf
+bin/bf-cbc
+bin/bf-cfb
+bin/bf-ecb
+bin/bf-ofb
+bin/c_hash
+bin/c_info
+bin/c_issuer
+bin/c_name
+bin/c_rehash
+bin/ca
+bin/cast
+bin/cast-cbc
+bin/cast5-cbc
+bin/cast5-cfb
+bin/cast5-ecb
+bin/cast5-ofb
+bin/ciphers
+bin/crl
+bin/crl2pkcs7
+bin/der_chop
+bin/des
+bin/des-cbc
+bin/des-cfb
+bin/des-ecb
+bin/des-ede
+bin/des-ede-cbc
+bin/des-ede-cfb
+bin/des-ede-ofb
+bin/des-ede3
+bin/des-ede3-cbc
+bin/des-ede3-cfb
+bin/des-ede3-ofb
+bin/des-ofb
+bin/des3
+bin/desx
+bin/dgst
+bin/dh
+bin/dsa
+bin/dsaparam
+bin/enc
+bin/errstr
+bin/gendh
+bin/gendsa
+bin/genrsa
+bin/idea
+bin/idea-cbc
+bin/idea-cfb
+bin/idea-ecb
+bin/idea-ofb
+bin/md2
+bin/mdc2
+bin/nseq
+bin/openssl
+bin/pkcs7
+bin/rc2
+bin/rc2-cbc
+bin/rc2-cfb
+bin/rc2-ecb
+bin/rc2-ofb
+bin/rc4
+bin/rc5
+bin/rc5-cbc
+bin/rc5-cfb
+bin/rc5-ecb
+bin/rc5-ofb
+bin/req
+bin/rmd160
+bin/rsa
+bin/s_client
+bin/s_server
+bin/s_time
+bin/sess_id
+bin/sha
+bin/sha1
+bin/ssleay
+bin/verify
+bin/x509
+etc/openssl.cnf.example
+@exec if [ -f %D/etc/openssl.cnf ]; then : ; else cp -p %D/%F %D/etc/openssl.cnf; fi
+include/openssl/asn1.h
+include/openssl/asn1_mac.h
+include/openssl/bio.h
+include/openssl/blowfish.h
+include/openssl/bn.h
+include/openssl/buffer.h
+include/openssl/cast.h
+include/openssl/comp.h
+include/openssl/conf.h
+include/openssl/cryptall.h
+include/openssl/crypto.h
+include/openssl/des.h
+include/openssl/dh.h
+include/openssl/dsa.h
+include/openssl/err.h
+include/openssl/evp.h
+include/openssl/hmac.h
+include/openssl/idea.h
+include/openssl/lhash.h
+include/openssl/md2.h
+include/openssl/md5.h
+include/openssl/mdc2.h
+include/openssl/objects.h
+include/openssl/opensslv.h
+include/openssl/pem.h
+include/openssl/pem2.h
+include/openssl/pkcs7.h
+include/openssl/rand.h
+include/openssl/rc2.h
+include/openssl/rc4.h
+include/openssl/rc5.h
+include/openssl/ripemd.h
+include/openssl/rsa.h
+include/openssl/sha.h
+include/openssl/ssl.h
+include/openssl/ssl2.h
+include/openssl/ssl23.h
+include/openssl/ssl3.h
+include/openssl/stack.h
+include/openssl/tls1.h
+include/openssl/tmdiff.h
+include/openssl/txt_db.h
+include/openssl/x509.h
+include/openssl/x509_vfy.h
+include/openssl/x509v3.h
+lib/libcrypto.so.1.0
+lib/libssl.so.1.0
+share/doc/openssl/README
+share/doc/openssl/crypto.pod
+share/doc/openssl/openssl.pod
+share/doc/openssl/openssl.txt
+share/doc/openssl/openssl_button.gif
+share/doc/openssl/openssl_button.html
+share/doc/openssl/ssl.pod
+share/doc/openssl/ssleay.txt
+@exec mkdir -p %D/certs %D/private
+@dirrm certs
+@dirrm include/openssl
+@dirrm private
+@dirrm share/doc/openssl