summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authormjl <mjl@pkgsrc.org>2002-01-19 03:19:12 +0000
committermjl <mjl@pkgsrc.org>2002-01-19 03:19:12 +0000
commitb632bed3a2485a47e8c54ec277d1961800a0608c (patch)
treed61899ab76e3743312aee24e13c184986ea93159 /security
parentdf549909dd1c7a3610cf0060aa422a5a6e6ae752 (diff)
downloadpkgsrc-b632bed3a2485a47e8c54ec277d1961800a0608c.tar.gz
Update p5-Crypt-SSLeay to 0.35
+ Set local $SIG{PIPE} = \&die before $ssl->connect() to capture the "broken pipe" error associated with connecting to a computer that is not running a SSL web server + Documented differences / conflicts between LWP proxy support and Crypt::SSLeay which seems to be a source of confusion for users. + Added Net::SSL::get_peer_verify call so the warning header from LWP that says: Client-SSL-Warning: Peer certificate not verified can be suppressed when HTTPS_CA_FILE & HTTPS_CA_DIR environment variables are set to invoke peer certificate verification. + $ENV{HTTPS_DEBUG} activates Crypt::SSLeay specific debugging, so one can debug from LWP:: calls without using ./net_ssl_test script - removed exit from Makefile.PL + Streamlined *CA* patches so only in $CTX->set_verify() which gets called every time now. + Throw error instead of return undef in Net::SSL->connect() because we loose the errors otherwise. - Turn SSL_MODE_AUTO_RETRY on so clients can survive changes in SSLVerifyClient changes in the modssl connection + Integrated patches from Gamid Isayev for CA peer verification. - Client certs weren't working correctly, setup certs earlier in connection now, also create new CTX per request, so cert settings don't remain sticky from one request to the next. + update ./net_ssl_test to do smart parsing of host, where host can now be of the form http://www.nodeworks.com:443/ - local $@ in Net::SSL::DESTROY so we don't kill real errors - return undef in Net::SSL::connect() instead of die() for better LWP support & error handling. + alarm() on Unix platforms around ssl ctx connect, which can hang for process for way too long when trying to connect to dead https SSL servers. Fixes PR/15053 by Shell Hung.
Diffstat (limited to 'security')
-rw-r--r--security/p5-SSLeay/Makefile12
-rw-r--r--security/p5-SSLeay/distinfo8
-rw-r--r--security/p5-SSLeay/patches/patch-aa22
3 files changed, 22 insertions, 20 deletions
diff --git a/security/p5-SSLeay/Makefile b/security/p5-SSLeay/Makefile
index ad04d0485da..589a03ab92b 100644
--- a/security/p5-SSLeay/Makefile
+++ b/security/p5-SSLeay/Makefile
@@ -1,13 +1,13 @@
-# $NetBSD: Makefile,v 1.3 2001/11/26 06:50:18 jlam Exp $
+# $NetBSD: Makefile,v 1.4 2002/01/19 03:19:12 mjl Exp $
#
-DISTNAME= Crypt-SSLeay-0.22
+DISTNAME= Crypt-SSLeay-0.35
PKGNAME= p5-${DISTNAME}
SVR4_PKGNAME= p5csl
CATEGORIES= security perl5 www
MASTER_SITES= ${MASTER_SITE_PERL_CPAN:=Crypt/}
-MAINTAINER= damon@brodiefamily.org
+MAINTAINER= shell@shellhung.org
COMMENT= Crypt::SSLeay - OpenSSL glue that provides LWP https support
DEPENDS+= p5-libwww>=5.48:../../www/p5-libwww
@@ -15,9 +15,11 @@ DEPENDS+= p5-libwww>=5.48:../../www/p5-libwww
USE_BUILDLINK_ONLY= YES
PERL5_PACKLIST= ${PERL5_SITEARCH}/auto/Crypt/SSLeay/.packlist
-do-configure:
- @cd ${WRKSRC} && ${SED} "s|@SSLBASE@|${BUILDLINK_DIR}|" Makefile.PL \
+post-patch:
+ @cd ${WRKSRC} && ${SED} "s|%%SSLBASE%%|${BUILDLINK_DIR}|" Makefile.PL \
> Makefile.PL.tmp && ${MV} Makefile.PL.tmp Makefile.PL
+
+do-configure:
@cd ${WRKSRC}; ${SETENV} ${MAKE_ENV} ${PERL5} Makefile.PL
.include "../../lang/perl5/buildlink.mk"
diff --git a/security/p5-SSLeay/distinfo b/security/p5-SSLeay/distinfo
index e0ba4b4a81f..282e974af4e 100644
--- a/security/p5-SSLeay/distinfo
+++ b/security/p5-SSLeay/distinfo
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.2 2001/04/19 15:40:36 agc Exp $
+$NetBSD: distinfo,v 1.3 2002/01/19 03:19:13 mjl Exp $
-SHA1 (Crypt-SSLeay-0.22.tar.gz) = 036620791d4783a326de201991afaa3c80e91f89
-Size (Crypt-SSLeay-0.22.tar.gz) = 16667 bytes
-SHA1 (patch-aa) = b06750bcbde0c8836a9908ba4732b7614dc52f53
+SHA1 (Crypt-SSLeay-0.35.tar.gz) = f2c742ed159b3e0fb02f144ba06d27ecc201f39a
+Size (Crypt-SSLeay-0.35.tar.gz) = 20336 bytes
+SHA1 (patch-aa) = 0edc4fcf6a87b20688912df587b1145055763ed3
diff --git a/security/p5-SSLeay/patches/patch-aa b/security/p5-SSLeay/patches/patch-aa
index cb38da4fcf2..893ac6c9d43 100644
--- a/security/p5-SSLeay/patches/patch-aa
+++ b/security/p5-SSLeay/patches/patch-aa
@@ -1,22 +1,22 @@
-$NetBSD: patch-aa,v 1.1.1.1 2001/03/10 14:16:52 wiz Exp $
+$NetBSD: patch-aa,v 1.2 2002/01/19 03:19:13 mjl Exp $
---- Makefile.PL.orig Sat Nov 25 18:22:32 2000
+--- Makefile.PL.orig Fri Aug 17 06:03:38 2001
+++ Makefile.PL
-@@ -8,7 +8,7 @@
+@@ -13,7 +13,7 @@
chdir($currdir) || die("can't change to $currdir: $!");
# FIND POSSIBLE SSL INSTALLATIONS
-my @POSSIBLE_SSL_DIRS = qw(/usr/local/openssl /usr/local/ssl /local/ssl /opt/ssl /usr/local /local /usr);
-+my @POSSIBLE_SSL_DIRS = qw(@SSLBASE@);
++my @POSSIBLE_SSL_DIRS = qw(%%SSLBASE%%);
my @CANDIDATE;
my $open_ssl = 0;
my $dir;
-@@ -38,7 +38,7 @@
- unless($CANDIDATE[0][0]) {
- print "No OpenSSL installation found, usually in $POSSIBLE_SSL_DIRS[0]\n";
+@@ -47,7 +47,7 @@
+ unless($CANDIDATE[0][0]) {
+ print "No OpenSSL installation found, usually in $POSSIBLE_SSL_DIRS[0]\n";
+ }
+- $SSL_DIR = prompt "Which OpenSSL build path do you want to link against?", $CANDIDATE[0][0];
++ $SSL_DIR = $CANDIDATE[0][0];
}
-- $SSL_DIR = prompt "Which OpenSSL build path do you want to link against?", $CANDIDATE[0][0];
-+ $SSL_DIR = $CANDIDATE[0][0];
}
- my $candidate = &Candidate($SSL_DIR);
- unless($candidate) {
+