diff options
| author | jlam <jlam> | 2001-04-29 20:36:47 +0000 |
|---|---|---|
| committer | jlam <jlam> | 2001-04-29 20:36:47 +0000 |
| commit | bb0c95a85bc2a204298798ce93f61172a4bd0cfd (patch) | |
| tree | 8b1283c230735c5e068a614b987b2414ebebf8d1 /www/ap-ssl | |
| parent | 0bb95820dcaed841544011cf993881122b435a66 (diff) | |
| download | pkgsrc-bb0c95a85bc2a204298798ce93f61172a4bd0cfd.tar.gz | |
Update ap-ssl to 2.8.2. Relevant changes from version 2.8.1:
*) Moved the Shared Memory Cyclic Buffer (SHMCB) session cache
variant from "experimental" state to "production" by removing the
`#ifdef SSL_EXPERIMENTAL_SHMCB ...#endif' wrappers. This means
that now `SSLSessionCache shmcb:...' is unconditionally available.
*) Made the mutex handling more robust by retrying the
semaphore-based operations in interrupt situations
(errno == EINTR).
*) Also log the OpenSSL error message if the RSA temporary
key(s) cannot be generated.
*) Fixed mod_ssl Auth handler: it now returns DECLINED instead of
OK if authentication is passed successfully to allow other modules
(usually mod_auth) to still deny the request.
*) Fixed certificate DN handling under EBCDIC platforms.
Diffstat (limited to 'www/ap-ssl')
| -rw-r--r-- | www/ap-ssl/Makefile | 62 | ||||
| -rw-r--r-- | www/ap-ssl/distinfo | 8 | ||||
| -rw-r--r-- | www/ap-ssl/files/README.mkcert | 8 | ||||
| -rw-r--r-- | www/ap-ssl/patches/patch-ab | 4 | ||||
| -rw-r--r-- | www/ap-ssl/pkg/DEINSTALL | 80 | ||||
| -rw-r--r-- | www/ap-ssl/pkg/INSTALL | 69 | ||||
| -rw-r--r-- | www/ap-ssl/pkg/PLIST | 48 |
7 files changed, 232 insertions, 47 deletions
diff --git a/www/ap-ssl/Makefile b/www/ap-ssl/Makefile index 2255070379e..13409bde212 100644 --- a/www/ap-ssl/Makefile +++ b/www/ap-ssl/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.32 2001/03/27 03:20:22 hubertf Exp $ +# $NetBSD: Makefile,v 1.33 2001/04/29 20:36:47 jlam Exp $ -DISTNAME= mod_ssl-2.8.1-1.3.19 -PKGNAME= ap-ssl-2.8.1 +DISTNAME= mod_ssl-2.8.2-1.3.19 +PKGNAME= ap-ssl-2.8.2 CATEGORIES= www security MASTER_SITES= http://www.modssl.org/source/ @@ -11,7 +11,7 @@ COMMENT= SSL/TLS protocols module for Apache DEPENDS+= apache-1.3.19:../../www/apache # For "apxs": -BUILD_DEPENDS+= perl-5.*:../../lang/perl5 +BUILD_DEPENDS+= perl>=${PERL5_REQD}:../../lang/perl5 CONFLICTS= apache-1.3.[0-9] apache-*modssl-* apache6-* @@ -23,23 +23,51 @@ USE_SSL= # defined CONFIGURE_ARGS+= --with-apxs=${PREFIX}/sbin/apxs CONFIGURE_ARGS+= --with-ssl=${SSLBASE} +APACHE_SYSCONFDIR?= ${LOCALBASE}/etc/httpd +SAMPLECONFDIR= ${PREFIX}/share/examples/mod_ssl + +DEINSTALL_FILE= ${WRKDIR}/DEINSTALL +INSTALL_FILE= ${WRKDIR}/INSTALL + post-extract: cd ${WRKSRC}/pkg.contrib; ${MV} -f loadcacert.cgi loadcacert.cgi.in cd ${WRKSRC}/pkg.sslsup; ${MV} -f mkcert.sh mkcert.sh.in post-build: - cd ${WRKSRC}; ${SED} -e "s|^#!/.*|#!${PERL5}|g" \ - pkg.contrib/loadcacert.cgi.in > pkg.contrib/loadcacert.cgi - cd ${WRKSRC}; ${SED} -e "s|@PREFIX@|${PREFIX}|g" \ - pkg.sslsup/mkcert.sh.in > pkg.sslsup/mkcert.sh + ${SED} -e "s|^#!/.*|#!${PERL5}|g" \ + ${WRKSRC}/pkg.contrib/loadcacert.cgi.in \ + > ${WRKSRC}/pkg.contrib/loadcacert.cgi + ${SED} -e "s|@APACHE_SYSCONFDIR@|${APACHE_SYSCONFDIR}|g" \ + ${WRKSRC}/pkg.sslsup/mkcert.sh.in \ + > ${WRKSRC}/pkg.sslsup/mkcert.sh -post-install: +pre-install: + ${SED} -e "s|@CAT@|${CAT}|g" \ + -e "s|@RM@|${RM}|g" \ + -e "s|@APACHE_SYSCONFDIR@|${APACHE_SYSCONFDIR}|g" \ + ${PKGDIR}/DEINSTALL > ${DEINSTALL_FILE} + ${SED} -e "s|@CAT@|${CAT}|g" \ + -e "s|@CHMOD@|${CHMOD}|g" \ + -e "s|@CP@|${CP}|g" \ + -e "s|@MKDIR@|${MKDIR}|g" \ + -e "s|@APACHE_SYSCONFDIR@|${APACHE_SYSCONFDIR}|g" \ + ${PKGDIR}/INSTALL > ${INSTALL_FILE} ${SED} -e "s|@PREFIX@|${PREFIX}|g" \ + -e "s|@APACHE_SYSCONFDIR@|${APACHE_SYSCONFDIR}|g" \ ${FILESDIR}/README.mkcert > ${WRKDIR}/README.mkcert +post-install: + ${INSTALL_DATA_DIR} ${SAMPLECONFDIR} + ${INSTALL_DATA_DIR} ${SAMPLECONFDIR}/ssl.crl + ${INSTALL_DATA_DIR} ${SAMPLECONFDIR}/ssl.crt + ${INSTALL_DATA_DIR} ${SAMPLECONFDIR}/ssl.csr + ${INSTALL_DATA_DIR} ${SAMPLECONFDIR}/ssl.key + ${INSTALL_DATA_DIR} ${SAMPLECONFDIR}/ssl.prm + cd ${PREFIX}/lib/httpd; ${MV} -f libssl.so mod_ssl.so - cd ${WRKSRC}/pkg.sslsup; ${INSTALL_SCRIPT} mkcert.sh ${PREFIX}/sbin - ${INSTALL_DATA} ${FILESDIR}/apache_start.conf ${PREFIX}/etc/httpd + cd ${WRKSRC}/pkg.sslsup; ${INSTALL_SCRIPT} mkcert.sh \ + ${PREFIX}/sbin/mkcert + ${INSTALL_DATA} ${FILESDIR}/apache_start.conf ${SAMPLECONFDIR} ${INSTALL_DATA_DIR} ${PREFIX}/share/httpd/htdocs/manual/mod/mod_ssl cd ${WRKSRC}/pkg.ssldoc; ${INSTALL_DATA} *.html *.gif *.jpg \ @@ -52,14 +80,16 @@ post-install: cd ${WRKSRC}/pkg.sslcfg; ${RM} -f server.* cd ${WRKSRC}/pkg.sslcfg; ${INSTALL_DATA} README.CRL *.crl \ - ${PREFIX}/etc/httpd/ssl.crl + ${SAMPLECONFDIR}/ssl.crl cd ${WRKSRC}/pkg.sslcfg; ${INSTALL_DATA} README.CRT *.crt \ - ${PREFIX}/etc/httpd/ssl.crt + ${SAMPLECONFDIR}/ssl.crt cd ${WRKSRC}/pkg.sslcfg; ${INSTALL_DATA} README.CSR \ - ${PREFIX}/etc/httpd/ssl.csr + ${SAMPLECONFDIR}/ssl.csr cd ${WRKSRC}/pkg.sslcfg; ${INSTALL_DATA} README.KEY *.key \ - ${PREFIX}/etc/httpd/ssl.key + ${SAMPLECONFDIR}/ssl.key cd ${WRKSRC}/pkg.sslcfg; ${INSTALL_DATA} README.PRM *.prm \ - ${PREFIX}/etc/httpd/ssl.prm + ${SAMPLECONFDIR}/ssl.prm + + PKG_PREFIX=${PREFIX} ${SH} ${INSTALL_FILE} ${PKGNAME} POST-INSTALL .include "../../mk/bsd.pkg.mk" diff --git a/www/ap-ssl/distinfo b/www/ap-ssl/distinfo index 1ca99266408..1218c3f58e1 100644 --- a/www/ap-ssl/distinfo +++ b/www/ap-ssl/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.2 2001/04/20 12:02:33 skrll Exp $ +$NetBSD: distinfo,v 1.3 2001/04/29 20:36:47 jlam Exp $ -SHA1 (mod_ssl-2.8.1-1.3.19.tar.gz) = 3d93a88015fc3cf108923fd4085c28de617afcab -Size (mod_ssl-2.8.1-1.3.19.tar.gz) = 749778 bytes +SHA1 (mod_ssl-2.8.2-1.3.19.tar.gz) = 8827a0f54a219d59915cc6520507704bbefa35b2 +Size (mod_ssl-2.8.2-1.3.19.tar.gz) = 750091 bytes SHA1 (patch-aa) = 8022bcf24c95e1855ae8165e596f5c407f2cc0d9 -SHA1 (patch-ab) = c3fce083017fb3ce83bfa8638c14184cf63e5e0a +SHA1 (patch-ab) = b8dab2869b05c520b075ecc16ce407beeab5920e diff --git a/www/ap-ssl/files/README.mkcert b/www/ap-ssl/files/README.mkcert index d2179db0391..8c2f009e95d 100644 --- a/www/ap-ssl/files/README.mkcert +++ b/www/ap-ssl/files/README.mkcert @@ -1,15 +1,15 @@ -$NetBSD: README.mkcert,v 1.1 2000/09/12 14:05:16 jlam Exp $ +$NetBSD: README.mkcert,v 1.2 2001/04/29 20:36:47 jlam Exp $ If you don't already have them, you will need to generate SSL certificates and keys for your server before Apache will start with mod_ssl support. You can do this with: - @PREFIX@/sbin/mkcert.sh -t custom -a RSA + @PREFIX@/sbin/mkcert -t custom -a RSA If you already have an existing server certificate and key, you will need to run: - @PREFIX@/sbin/mkcert.sh -t existing -c /path/to/cert -k /path/to/key + @PREFIX@/sbin/mkcert -t existing -c /path/to/cert -k /path/to/key to generate new certificates from your existing ones. For a more detailed, step-by-step description of how to generate SSL certificates, point your @@ -20,4 +20,4 @@ browser at: After generating your SSL certificates, you should update the certificate hashes with: - cd @PREFIX@/etc/httpd/ssl.crt; make -f Makefile.crt update + cd @APACHE_SYSCONFDIR@/ssl.crt; make -f Makefile.crt update diff --git a/www/ap-ssl/patches/patch-ab b/www/ap-ssl/patches/patch-ab index 04811d675d2..b07a0f14052 100644 --- a/www/ap-ssl/patches/patch-ab +++ b/www/ap-ssl/patches/patch-ab @@ -1,4 +1,4 @@ -$NetBSD: patch-ab,v 1.1 2000/09/12 14:05:16 jlam Exp $ +$NetBSD: patch-ab,v 1.2 2001/04/29 20:36:48 jlam Exp $ --- pkg.sslsup/mkcert.sh.in.orig Sun Apr 16 05:21:24 2000 +++ pkg.sslsup/mkcert.sh.in @@ -67,7 +67,7 @@ $NetBSD: patch-ab,v 1.1 2000/09/12 14:05:16 jlam Exp $ +done + +openssl="openssl" -+confdir=@PREFIX@/etc/httpd ++confdir=@APACHE_SYSCONFDIR@ + # configuration -# WE ARE CALLED FROM THE PARENT DIR! diff --git a/www/ap-ssl/pkg/DEINSTALL b/www/ap-ssl/pkg/DEINSTALL new file mode 100644 index 00000000000..dd98806fed8 --- /dev/null +++ b/www/ap-ssl/pkg/DEINSTALL @@ -0,0 +1,80 @@ +#!/bin/sh +# +# $NetBSD: DEINSTALL,v 1.1 2001/04/29 20:36:48 jlam Exp $ + +PKGNAME=$1 +STAGE=$2 + +CAT="@CAT@" +RM="@RM@" + +SERVERROOT="@APACHE_SYSCONFDIR@" +SAMPLECONFDIR=${PKG_PREFIX}/share/examples/mod_ssl +CONFDIR=${SERVERROOT} +CONFFILES="apache_start.conf" +NONCONFFILES=" ssl.crl/Makefile.crl \ + ssl.crl/README.CRL \ + ssl.crt/Makefile.crt \ + ssl.crt/README.CRT \ + ssl.crt/ca-bundle.crt \ + ssl.csr/README.CSR \ + ssl.key/README.KEY \ + ssl.prm/README.PRM" + +case ${STAGE} in +DEINSTALL) + # Remove configuration files if they don't differ from the default + # config file. + # + for file in ${CONFFILES} ${NONCONFFILES} + do + FILE=${CONFDIR}/${file} + SAMPLEFILE=${SAMPLECONFDIR}/${file} + if diff -q ${FILE} ${SAMPLEFILE} >/dev/null + then + ${RM} -f ${FILE} + fi + done + ;; + +POST-DEINSTALL) + modified_files='' + for file in ${CONFFILES} ${NONCONFFILES} + do + FILE=${CONFDIR}/${file} + if [ -f ${FILE} ] + then + modified_files="${modified_files} ${FILE}" + fi + done + + if [ -n "${modified_files}" -o -n "${existing_dirs}" ] + then + ${CAT} << EOF +=========================================================================== +If you won't be using ${PKGNAME} any longer, you may want to remove: +EOF + if [ -n "${modified_files}" ] + then + ${CAT} << EOF + + * the following files: + +EOF + for file in ${modified_files} + do + echo " ${file}" + done + fi + ${CAT} << EOF +=========================================================================== +EOF + fi + ;; + +*) + echo "Unexpected argument: ${STAGE}" + exit 1 + ;; +esac +exit 0 diff --git a/www/ap-ssl/pkg/INSTALL b/www/ap-ssl/pkg/INSTALL new file mode 100644 index 00000000000..59910682357 --- /dev/null +++ b/www/ap-ssl/pkg/INSTALL @@ -0,0 +1,69 @@ +#!/bin/sh +# +# $NetBSD: INSTALL,v 1.1 2001/04/29 20:36:48 jlam Exp $ + +PKGNAME=$1 +STAGE=$2 + +CAT="@CAT@" +CHMOD="@CHMOD@" +CP="@CP@" +MKDIR="@MKDIR@" + +SERVERROOT="@APACHE_SYSCONFDIR@" +SAMPLECONFDIR=${PKG_PREFIX}/share/examples/mod_ssl +CONFDIR=${SERVERROOT} +CONFFILES="apache_start.conf" +NONCONFFILES=" ssl.crl/Makefile.crl \ + ssl.crl/README.CRL \ + ssl.crt/Makefile.crt \ + ssl.crt/README.CRT \ + ssl.crt/ca-bundle.crt \ + ssl.csr/README.CSR \ + ssl.key/README.KEY \ + ssl.prm/README.PRM" + +case ${STAGE} in +PRE-INSTALL) + ;; + +POST-INSTALL) + # ${SERVERROOT} (${CONFDIR}) is already set up by apache/pkg/INSTALL, + # so we don't need to create those directories here. + + echo "Installing configuration files:" + for file in ${CONFFILES} ${NONCONFFILES} + do + FILE=${CONFDIR}/${file} + SAMPLEFILE=${SAMPLECONFDIR}/${file} + if [ -f ${FILE} ] + then + echo " ${FILE} already exists" + else + echo " ${FILE}" + ${CP} ${SAMPLEFILE} ${FILE} + ${CHMOD} 644 ${FILE} + fi + done + ${CAT} << EOF + +=========================================================================== +Some files you might need to customize include the following: + +EOF + for file in ${CONFFILES} + do + FILE=${CONFDIR}/${file} + echo " ${FILE}" + done + ${CAT} << EOF +=========================================================================== +EOF + ;; + +*) + echo "Unexpected argument: ${STAGE}" + exit 1 + ;; +esac +exit 0 diff --git a/www/ap-ssl/pkg/PLIST b/www/ap-ssl/pkg/PLIST index d13c2b7c97f..7e609d9b6bf 100644 --- a/www/ap-ssl/pkg/PLIST +++ b/www/ap-ssl/pkg/PLIST @@ -1,26 +1,26 @@ -@comment $NetBSD: PLIST,v 1.9 2001/02/02 16:41:23 jlam Exp $ -etc/httpd/apache_start.conf -etc/httpd/ssl.crl/Makefile.crl -etc/httpd/ssl.crl/README.CRL -etc/httpd/ssl.crt/Makefile.crt -etc/httpd/ssl.crt/README.CRT -etc/httpd/ssl.crt/ca-bundle.crt -etc/httpd/ssl.crt/snakeoil-ca-dsa.crt -etc/httpd/ssl.crt/snakeoil-ca-rsa.crt -etc/httpd/ssl.crt/snakeoil-dsa.crt -etc/httpd/ssl.crt/snakeoil-rsa.crt -etc/httpd/ssl.csr/README.CSR -etc/httpd/ssl.key/README.KEY -etc/httpd/ssl.key/snakeoil-ca-dsa.key -etc/httpd/ssl.key/snakeoil-ca-rsa.key -etc/httpd/ssl.key/snakeoil-dsa.key -etc/httpd/ssl.key/snakeoil-rsa.key -etc/httpd/ssl.prm/README.PRM -etc/httpd/ssl.prm/snakeoil-ca-dsa.prm -etc/httpd/ssl.prm/snakeoil-dsa.prm +@comment $NetBSD: PLIST,v 1.10 2001/04/29 20:36:48 jlam Exp $ lib/httpd/mod_ssl.so -sbin/mkcert.sh +sbin/mkcert share/doc/mod_ssl/README.mkcert +share/examples/mod_ssl/apache_start.conf +share/examples/mod_ssl/ssl.crl/Makefile.crl +share/examples/mod_ssl/ssl.crl/README.CRL +share/examples/mod_ssl/ssl.crt/Makefile.crt +share/examples/mod_ssl/ssl.crt/README.CRT +share/examples/mod_ssl/ssl.crt/ca-bundle.crt +share/examples/mod_ssl/ssl.crt/snakeoil-ca-dsa.crt +share/examples/mod_ssl/ssl.crt/snakeoil-ca-rsa.crt +share/examples/mod_ssl/ssl.crt/snakeoil-dsa.crt +share/examples/mod_ssl/ssl.crt/snakeoil-rsa.crt +share/examples/mod_ssl/ssl.csr/README.CSR +share/examples/mod_ssl/ssl.key/README.KEY +share/examples/mod_ssl/ssl.key/snakeoil-ca-dsa.key +share/examples/mod_ssl/ssl.key/snakeoil-ca-rsa.key +share/examples/mod_ssl/ssl.key/snakeoil-dsa.key +share/examples/mod_ssl/ssl.key/snakeoil-rsa.key +share/examples/mod_ssl/ssl.prm/README.PRM +share/examples/mod_ssl/ssl.prm/snakeoil-ca-dsa.prm +share/examples/mod_ssl/ssl.prm/snakeoil-dsa.prm share/httpd/htdocs/manual/mod/mod_ssl/apache_pb.gif share/httpd/htdocs/manual/mod/mod_ssl/feather.jpg share/httpd/htdocs/manual/mod/mod_ssl/index.html @@ -76,4 +76,10 @@ share/mod_ssl/loadcacert.cgi share/mod_ssl/sign.sh @dirrm share/mod_ssl @dirrm share/httpd/htdocs/manual/mod/mod_ssl +@dirrm share/examples/mod_ssl/ssl.prm +@dirrm share/examples/mod_ssl/ssl.key +@dirrm share/examples/mod_ssl/ssl.csr +@dirrm share/examples/mod_ssl/ssl.crt +@dirrm share/examples/mod_ssl/ssl.crl +@dirrm share/examples/mod_ssl @dirrm share/doc/mod_ssl |